Data Protection Policy

Obligations to provide information pursuant to Art. 12, 13, ff. GDPR

Section 1 - Information on the collection of personal data

(1) In the following, we would like to inform you about the personal data we collect when you use our website. Personal data is any data that can be related to you personally, for example, name, address, email addresses and user behaviour.

(2) The Controller pursuant to Art. 4 (7) of the European General Data Protection Regulation (GDPR) is:

E. Epple & Co. GmbH 

Hertzstr. 8 

71083 Herrenberg 

Tel: +49 (0) 7032 9771 – 0 

Fax: +49 (0) 7032 9771-50 


(3) You can contact our Data Protection Officer at:

(4) When you contact us by email or by way of a contact form, we store the information provided by you (your email address and, where provided, your name and phone number) in order to reply to your requests. We delete the data collected in this context once it is no longer necessary to store it, or restrict processing in the event that statutory retention obligations apply.

See also Section 4

(5) If we engage the services of contracted service providers for specific functions of our website or would like to use your data for advertising purposes, we shall inform you below in detail of the respective procedures. At the same time, we shall also specify the defined criteria for the storage period.


Section 2 - Your rights

(1) You have the following rights in respect of the personal data relating to you:

  • Right of access
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right to object to the processing
  • Right to data portability.


(2) You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us.

Section 3 - Collection of personal data upon visiting our website

(1) If you use the website for purely informational purposes, i.e. if you do not register or otherwise disclose any information to us, we only collect the personal data that your browser transmits to our server. If you want to browse our website, we collect the following data which is technically essential for us to be able to display our website to you and to guarantee stability and security (legal basis for this is Article 6 (1) f) GDPR)

  • IP address
  • Date and time of request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Contents of the request (precise page)
  • Access status / HTTP status code
  • Volume of data transmitted
  • Website from which the request was made
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are allocated to your browser and stored on your hard drive, and by means of which specific information is relayed to the party setting the cookie (in this case, us). Cookies cannot run programmes or transmit viruses to your computer. Their purpose is to make the website more user-friendly and more efficient as a whole.

(3) Analysis tool

Our website uses the widely used tracking tool "Google Analytics", which Google offers for the analysis and monitoring of websites. The collected user data is used for the purpose of web analysis; this is to optimise the website to make the communication with you more specific to your interests. From a technical perspective, Google Analytics uses cookies for this purpose.

1. Description and scope of data processing

 In Google Analytics, user interactions on our website are primarily recorded and systematically evaluated using cookies.   Google uses this data information to monitor your website activity on websites and provide related services. This information may also be transferred by Google under certain circumstances to third parties if third parties process this data on behalf of Google within the framework stipulated by law. However, Google may not associate your IP address with other data stored by Google. If you wish, you can refuse cookies by setting your browser software (see point 5), but you may not be able to use this website in full. By using this website, you consent to the processing of the data you have determined by Google pursuant to the terms described above. In this context, among other things, please also take the Google Privacy Policy at : into consideration

2. Legal basis for the processing

The legal basis for the processing of users' personal data is Article 6, para. 1 lit. f) GDPR (balance of interests).

3. Purpose of the data processing

The processing of the user's personal data with the help of Google Analytics allows us to analyse the browsing behaviour of our users. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our own website and its user-friendliness.

4. Duration of storage

The data stored by the tracking will be deleted as soon as it is no longer needed for our recording purposes. 

5. Possibility to object

Using a browser add-on to disable Google Analytics Java Scripts

Disable Google Analytics

The user can prevent Google Analytics from using his/her data on our website.
If the user wants to disable Google Analytics, they can download and install the add-on for their own web browser. The Google Analytics opt-out add-on is compatible with popular versions of Chrome, Internet Explorer, Safari, Firefox, and Opera. For the add-on to work, it must be loaded and executed correctly in the browser. Internet Explorer requires the activation of additional third-party cookies.

 Interested users can find further information at the following link: 


Section 4 - Other functions and services of our website

  1. Besides the purely informative use of our website, we also offer various services which you can use if interested. You will usually be asked to provide further personal data in this case, which we will use to provide the respective service and for which the aforementioned principles of data processing apply.
  1. Scope of the processing of personal data
    We process your personal data strictly to the extent necessary to provide our services. At all times, your personal data is processed only with your consent. An exception to this rule applies in those cases where it is not possible to obtain prior consent for practical reasons or where statutory regulations permit your personal data to be processed. 

    b.         Legal bases for the processing of personal data
    Where we obtain your consent for the processing of personal data, Art. 6 (1) a) GDPR provides the legal basis therefor.

    Art. 6 (1) b) GDPR provides the legal basis for the processing of personal data that is necessary to perform a contract between you and us. This shall also apply for processing that is necessary for implementing measures prior to entering into a contract.

    Art. 6 (1) c) GDPR provides the legal basis where the processing of your personal data is necessary for compliance with a legal obligation to which we are subject.

    Art. 6 (1) f) GDPR provides the legal basis where processing is necessary to safeguard our legitimate interests or those of a third party, and where such interests are not outweighed by your interests or fundamental rights and freedoms. 

    c.         Data erasure and data storage period
    Your personal data shall be erased or blocked where there is no longer any reason to store such. Data may be stored beyond this period where stipulated by the European or national legislative authorities in Union regulations, laws or other provisions to which we are subject. Data shall also be blocked or erased where a storage period dictated by the aforementioned standards expires, unless it is necessary to continue to store the data for the purpose of entering into or fulfilling a contract.
  2. Contact form, enquiry form and email contact 


a) Description and scope of data processing 

A contact form, which can be used to contact us electronically, is available on our website. If the user makes use of this option, the data entered on the entry form is transmitted to us and stored by us. This data is: 

  • Name 
  • Telephone number 
  • Email address 
  • Your enquiry 

The provision of further information, such as your fax number, address, or date of birth (e.g. to verify your age where necessary) is voluntary and is used to facilitate contact with you. There shall be no negative consequences if you do not provide this information. Failure to provide such information can, however, make the subsequent communication more difficult or even delay it. 

Alternatively, you may contact us using the email address provided. In such cases, the user’s personal data transmitted in the email is stored. 

b) Legal basis for the processing of data 

When we are contacted (via the contact form, by email, phone or on social media), the user’s details are processed in order to handle the request pursuant to Art. 6 (1) b) GDPR. 


c) Purpose of data processing 

We process the personal data entered on the entry form solely for the purpose of processing your request. If contact is made by email, this also constitutes the required legitimate interest in the processing of the data. 

The purpose of the other personal data processed during the transmission of the contact form is to prevent misuse of the contact form and to ensure the safety of our IT systems. 


d) Storage period/criteria for determining the storage period 

The data shall be erased as soon as it is no longer required to achieve the purpose for which it was collected. With regard to the data entered on the entry form of the contact form and the data transmitted to us by email, this shall apply when the conversation with the user is finished. The conversation is finished when circumstances would suggest that the issue in question has been conclusively resolved. If the request relates to the conclusion of a contract, your data may be stored for a longer period pursuant to Art. 6 (1) b) GDPR, where this is necessary for performing the contract and complying with statutory retention requirements.


  1. We occasionally use external service providers for the processing of your data. These have been carefully selected and commissioned by us, are bound to our instructions and are regularly monitored.

Section 5 - Objection to, or withdrawal of consent for, the processing of your data

(1) If you have given your consent for the processing of your data, you may withdraw this consent at any time. Withdrawing your consent affects the permissibility of the processing of your personal data after you have notified us of your decision to do so.

(2) Insofar as we have based the processing of your personal data on a weighing up of interests, you may file an objection against the processing. This is the case where, in particular, processing is unnecessary for performing a contract with you, as outlined byus in the following description of the respective function. If you choose to exercise your right to object, please state the reasons why we should not process your personal data as we have been doing so far. If your objection is justified, we shall examine the situation and shall either cease processing your data, or adapt the manner in which we do so, or state our compelling legitimate reasons that require us to continue processing your data.

(3) You may, of course, object at any time to the processing of your personal data for the purposes of advertising and data analysis. You can inform us of your objection to the use of your data for advertising purposes using the following contact details:

E. Epple & Co. GmbH 

Hertzstr. 8 

71083 Herrenberg 

Tel: +49 (0) 7032 9771 – 0 

Fax: +49 (0) 7032 9771-50 

Section 6 - Services provided by third-parties

Your personal data shall only be disclosed to others for the purposes listed below. We shall only forward your personal data to third parties where:

  • you have explicitly given your consent pursuant to Art. 6 (1) a) GDPR,
  • disclosure is required pursuant to Art. 6 (1) f) GDPR in order to establish, exercise or defend legal claims and there is no reason to believe that you have an overriding legitimate interest in your data not being disclosed,
  • there is a legal duty to disclose the information pursuant to Art. 6 (1) c) GDPR; and
  • it is permitted by law and necessary for conducting contractual relationships with you pursuant to Art. 6 (1) b) GDPR.


Section 7 - Data security


During your visit to our website, we use the common SSL (secure socket layer) method in connection with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. If the padlock symbol in the bottom status bar of your browser is closed, this tells you if an individual page of our website is being transmitted in encrypted form.
We make use of appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss or destruction and against unauthorised access by third parties. Our security measures are continually improved in line with technological advances.


Section 8 - Validity of and changes to this Data Protection Policy


This Data Protection Policy is currently valid and was last updated in November 2018. 

It may be necessary to make changes to this Data Protection Policy following further development of our website and offers made on it or due to legislative or administrative changes.

If you have any questions about our Data Protection Policy, please contact our Data Protection Officer: Mr Achim Barth at

Data Protection Policy for Business Partners and Customers

Data Protection Information for Job Applicants Pursuant to Art. 13 GDPR