This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter briefly referred to as "data") within our online offering and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). With regard to the terminology used, such as "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
EURO-FRIWA GmbH
Gattingerstr. 20
97076 Würzburg
Telephone: +49 (0)931 6 19 05-0
Fax: +49 (0)931 6 19 05-90
E-Mail: eurofriwa@eurofriwa.de
Internet: [www.eurofriwa.de](https://www.eurofriwa.de)
Place of business: Würzburg
Würzburg District Court, HRB 7847
VAT Identification Number: DE 225917007
Managing Directors: Volker Dürrbeck
Chairman of the Supervisory Board: Alfred Schlembach
datenschutzbeauftragter@eurofriwa.de
- Stock data (e.g., names, addresses).
- Contact data (e.g., email, phone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Visitors and users of the online offering (hereinafter referred to collectively as "users").
- Provision of the online offering, its functions and content.
- Answering contact requests and communication with users.
- Security measures.
- Reach measurement/Marketing
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); a natural person shall be considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or series of operations performed on personal data, whether or not by automated means. The term is broad and covers practically all types of data handling.
"Pseudonymisation" the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that such personal data is not attributed to an identified or identifiable natural person.
"Profiling" any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
In accordance with Article 13 of the GDPR, we shall inform you of the legal basis for our data processing operations. If the legal basis is not mentioned in the privacy statement, the following shall apply: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR, the legal basis for processing to perform our services and to implement contractual measures as well as to respond to requests is Article 6(1)(b) of the GDPR, the legal basis for processing to fulfil our legal obligations is Article 6(1)(c) of the GDPR, and the legal basis for processing to protect our legitimate interests is Article 6(1)(f) of the GDPR. Where the vital interests of the data subject or another natural person require processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
In accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the variable risk of probability and severity to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
The measures include in particular the protection of the confidentiality, integrity and availability of data through the control of physical access to the data as well as access to, input, transmission, security of availability and separation thereof. Furthermore, we have established procedures to ensure the exercise of the rights of data subjects, the deletion of data and the response to threats to data. In addition, we take into account the protection of personal data from the outset of the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and data protection by default (Article 25 of the GDPR).
If we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal authorisation (e.g. if a transmission of data to third parties, such as to payment service providers, is required in accordance with Article 6(1)(b) of the GDPR to fulfil a contract), you have given your consent, a legal obligation requires it or on the basis of our legitimate interests (e.g. when engaging contractors, web hosts, etc.).
If we engage third parties to process data on the basis of a so-called "data processing agreement", this is done in accordance with Article 28 of the GDPR.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using services from third parties or the disclosure or transfer of data to third parties, this is only done if it is necessary to fulfil our (pre-)contractual obligations, on the basis of your consent, by virtue of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have data processed in a third country if there are special conditions in accordance with Articles 44 et seq. of the GDPR. This means that processing is carried out, for example, on the basis of special guarantees, such as an officially recognised determination of a level of data protection equivalent to that of the EU (e.g. for the USA via the "Privacy Shield") or compliance with officially recognised special contractual obligations (the so-called "Standard Contractual Clauses").
You have the right to request confirmation that data concerning you is being processed and to obtain information about such data as well as further information and a copy of the data in accordance with Article 15 of the GDPR.
You have the right, in accordance with Article 16 of the GDPR, to request the completion of data concerning you or the correction of inaccurate data concerning you.
You have the right, in accordance with Article 17 of the GDPR, to request the immediate deletion of data concerning you or, alternatively, in accordance with Article 18 of the GDPR, to request a restriction of the processing of your data.
You have the right to request the data concerning you that you have provided to us in accordance with Article 20 of the GDPR and to demand their transmission to other controllers.
Furthermore, in accordance with Article 77 of the GDPR, you have the right to lodge a complaint with the competent supervisory authority.
You have the right to withdraw consent you have given in accordance with Article 7(3) of the GDPR with effect for the future
You can object at any time to the further processing of data concerning you in accordance with Article 21 of the GDPR. The objection can in particular be made against processing for the purposes of direct marketing.
The term "cookies" refers to small files stored on users' computers. Different information can be stored within the cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offering. Temporary cookies, also known as "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offering and closes their browser. For example, the contents of a shopping cart in an online shop or a login status can be stored in such a cookie. Cookies referred to as "permanent" or "persistent" remain stored after the browser is closed. For example, the login status can be stored if users visit the site again after several days. Likewise, the interests of users can be stored in such a cookie and used for reach measurement or marketing purposes. "Third-party cookies" are cookies offered by providers other than the person responsible for operating the online offering (otherwise, if it is only their own cookies, one speaks of "first-party cookies").
We may use temporary and permanent cookies and inform you about this within our privacy policy.
If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. The exclusion of cookies may result in functional limitations of this online offering.
A general objection to the use of cookies used for online marketing purposes can be declared via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that in this case not all functions of this online offering may be available.
Data processed by us is deleted or its processing is restricted in accordance with Articles 17 and 18 of the GDPR. Unless otherwise expressly stated in this privacy statement, data stored by us is deleted once it is no longer required for its intended purpose and deletion is not contrary to any legal storage obligations. If data is not deleted because it is required for other legally permissible purposes, its processing is restricted. This means that the data is blocked and is not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.
In accordance with statutory provisions in Germany, storage takes place in particular for 10 years in accordance with §§ 147 (1) AO, 257 (1) no. 1 and 4, (4) HGB (books, records, management reports, accounting documents, commercial records, documents relevant for taxation, etc.) and 6 years in accordance with § 257 (1) no. 2 and 3, (4) HGB (business correspondence).
In accordance with statutory provisions in Austria, storage takes place in particular for 7 years in accordance with § 132 (1) BAO (accounting records, receipts/invoices, accounts, receipts, business documents, statement of income and expenses, etc.), for 22 years in connection with real property and for 10 years for documents relating to electronic services, telecommunications, radio and television services provided to non-taxable persons in EU Member States for which the mini one-stop shop (MOSS) is used.
We process data in the context of administrative tasks as well as the organisation of our operations, financial accounting and compliance with our legal obligations, such as archiving. To this end, we process the same data that we process as part of the provision of our contractual services. The legal basis for processing is Article 6(1)(c) of the GDPR, Article 6(1)(f) of the GDPR. Customers, prospects, business partners and website visitors are affected by the processing. The purpose and our interest in processing lies in administration, financial accounting, office organisation and archiving of data, i.e. tasks that serve to maintain our business operations, exercise our duties and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.
We disclose or transmit data in this regard to the tax authorities, advisors, such as tax advisors or auditors, as well as other billing authorities and payment service providers.
Furthermore, on the basis of our business interests, we store information about suppliers, organisers and other business partners, for example for the purpose of future contact. We generally store this information, which is primarily business-related, permanently.
When you contact us (e.g. via a contact form, email, phone or via social media), your information is processed to handle your contact request and process it in accordance with Article 6(1)(b) (within the scope of contractual/pre-contractual relationships), Article 6(1)(f) (other requests) of the GDPR. Your information may be stored in a Customer Relationship Management System ("CRM System") or comparable request organisation.
We delete requests once they are no longer required. We check the necessity every two years; statutory archiving obligations also apply.
The hosting services we use are intended to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email sending, security services and technical maintenance services that we use to operate this online offering.
In this regard, we, or our hosting provider, process stock data, contact data, content data, contract data, usage data, meta and communication data of customers, prospects and visitors to this online offering on the basis of our legitimate interests in efficient and secure provision of this online offering in accordance with Article 6(1)(f) of the GDPR in conjunction with Article 28 of the GDPR (conclusion of a data processing agreement).
Created with Data Protection Generator by RA Dr. Thomas Schwenke
On our online catalogue at katalog.eurofriwa.de, we integrate an interactive map in the "Locations" section that uses map material from the OpenStreetMap (OSM) service. The provider of this service is the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.
The map is only loaded when you actively click the shopping cart button in the catalogue. Only when the location overview is opened is a connection established to the OpenStreetMap Foundation servers. In this process, technically necessary data is transmitted to the OpenStreetMap Foundation, in particular:
– Your IP address
– Technical details of your browser (user agent)
– The URL from which the map was called (referrer)
– The requested map tiles
We ourselves do not collect, store or process any personal data through the map integration. The scope of processing by the OpenStreetMap Foundation is determined by their privacy notices, which are available at wiki.osmfoundation.org/wiki/Privacy_Policy.
Legal basis: Processing is carried out on the basis of our legitimate interests in an attractive, fast and free presentation of our shareholder locations in accordance with Article 6(1)(f) of the GDPR. If corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent can be withdrawn at any time.
Transfers to third countries: When the map is called up, data is transmitted to OpenStreetMap Foundation servers in the United Kingdom. For the United Kingdom, there is an adequacy decision by the European Commission of 28 June 2021 (Article 45 GDPR). No transfer to a third country with an inadequate level of data protection takes place in this way.
Storage period: We have no influence on the retention period of the data collected by the OpenStreetMap Foundation. For details, please refer to the OpenStreetMap Foundation's privacy statement linked above.
On our online catalogue at katalog.eurofriwa.de, we collect anonymous usage statistics to improve the offering and develop it in line with needs.
What data is collected?
When visiting the catalogue, the following events are recorded anonymously on our web server:
– catalogue pages accessed and time spent
– device category (desktop or mobile device)
– interactions such as zoom, search, download and chapter access
– normalised search terms (without personal reference, technically filtered)
What is explicitly not collected?
We do not store IP addresses, user profiles, cookies or referrers. Identification of individuals is not possible and is not intended.
Local browser storage (localStorage)
To store your display settings (selected design: light/dark) as well as recently visited catalogue pages, only the local browser storage (localStorage) of your device is used. This data is not transmitted to our servers. You can delete the browser storage at any time via your browser settings.
Hosting and storage location: The statistics data is stored on our web server, which is operated on behalf of EURO-FRIWA GmbH by a European hosting service provider as a processor in accordance with Article 28 of the GDPR.
Storage period: The collected statistics data is deleted as soon as it is no longer required for evaluation purposes, or at the latest after 24 months.
Legal basis: Processing is carried out on the basis of our legitimate interests in improving and developing our catalogue offering to meet needs in accordance with Article 6(1)(f) of the GDPR. Since no personal data is collected and identification of individuals is excluded, our legitimate interests outweigh the interests worthy of protection of visitors.
We maintain publicly accessible profiles in social networks. The specific social networks we use are listed below.
Social networks such as Facebook, Google+ etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. "Like" buttons or advertising banners). Visiting our social media presence generally triggers numerous data protection-relevant processing operations. In detail:
If you are logged into your social media account and visit our social media presence, the social media portal operator can assign this visit to your user account. Your personal data may also be collected if you are not logged in or do not have an account with the social media portal concerned. In this case, data collection occurs, for example, via cookies stored on your device or by capturing your IP address.
Using the data collected in this way, the operators of social media portals can create user profiles in which your preferences and interests are recorded. This allows you to see interest-based advertising both inside and outside the relevant social media presence. If you have an account with the social network concerned, interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.
Please note that we cannot trace all processing procedures on social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy statements of the respective social media portals.
Legal basis
Our social media presence is intended to ensure the most comprehensive possible presence on the Internet. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The analysis processes initiated by social networks may be based on different legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Article 6(1)(a) of the GDPR).
Controller and assertion of rights
If you visit one of our social media presences (e.g. Facebook), we are jointly responsible with the social media platform operator for the data processing operations triggered by this visit. You can exercise your rights (access, rectification, erasure, restriction of processing, data portability and complaint) in principle against both us and the operator of the respective social media portal (e.g. against Facebook).
Please note that, despite joint responsibility with social media portal operators, we do not have full influence over the data processing operations of social media portals. Our options are determined primarily by the business policy of the respective provider.
Storage period
Data that we collect directly via the social media presence is deleted by our systems once the purpose of its storage no longer applies, you ask us to delete it, you withdraw your consent to storage or the purpose of data storage ceases. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – are unaffected.
We have no influence on the retention period of your data stored by social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy statement, see below).
We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.
We have concluded an agreement with Facebook on joint processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings independently in your user account. Click on the following link and log in: www.facebook.com/settings.
For details, see Facebook's privacy statement: www.facebook.com/about/privacy/.
We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how Instagram handles your personal data, see Instagram's privacy statement: help.instagram.com/519522125107875.
Source: eRecht24
2026 © EURO-FRIWA GmbH, Würzburg Legal notice|Privacy policy