Privacy policy

We are delighted that you have chosen to visit the ecoSPECS GmbH website. Protecting your personal data is very important to us. We would like to use this privacy policy to inform you about how we handle your personal data when you visit our websites and we would also like to inform you about your rights.

It is generally possible to use our websites without providing any personal data. However, if a data subject wishes to use particular services provided by our company via our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we generally obtain the data subject’s consent.

We treat your personal data, for example your name, address, e-mail address or telephone number, confidentially and in accordance with the statutory General Data Protection Regulation and country-specific data protection regulations that apply to us.

1. Who is responsible for data processing on this website?


Hermann-Volz-Straße 56
88400 Biberach an der Riss
Phone: +49 7351-577 34 45

are the controller for the collection, processing and storage of your personal data in accordance with the General Data Protection Regulation. We have implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as thoroughly as possible. Nevertheless, there is the generally possibility of there being security gaps in web-based data transmission, meaning absolute protection cannot be guaranteed. For this reason, each data subject is free to also send personal data to us via alternative means, for example by telephone.

2. Who can you contact if you have questions about data processing?

We have appointed a data protection officer for our company. Any data subject can contact our data protection officer at any time with any questions concerning data processing, your rights or the privacy policy:

Data protection
Hermann-Volz-Straße 56
88400 Biberach an der Riss
Phone: +49 7351-577 34 45

3. Definitions

Our privacy policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be legible and understandable for the general public, as well as our employees, customers and business partners. To ensure this, we would like to first explain the terminology used.

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

c) Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

g) Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

h) Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

i) Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

j) Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. External hosting

This website is hosted by an external service provider (hoster). Personal data collected on this website is stored on the hoster’s servers. This may particularly include your IP addresses (anonymised), contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.

The hoster is used for the purpose of fulfilling a contract with our potential and existing customers (Article 6 [1] [b] of the GDPR) and in the interest of providing our online offering securely, quickly and efficiently via a professional provider (Article 6 [1] [f] of the GDPR).

Our hoster will only process your data to the extent required to fulfil its performance obligations and follow our instructions with regard to this data. We have a contract for processing in place with our hoster in order to guarantee processing in a way that complies with data protection.

5. Data collection on this website

a) Cookies

The web pages partly use ‘cookies’. Cookies are not harmful for your computer and do not contain viruses. By using cookies, we can provide users of this website with more user-friendly services that would otherwise be impossible. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are ‘session cookies’. They are automatically deleted at the end of your visit. Other cookies remain on your end device until you delete them. These cookies allow us to recognise your browser on your next visit.

You can change your browser settings so that you are notified when cookies are used and so that only allow cookies in specific cases, do not accept cookies for certain cases or in general and enable the automatic deletion of cookies when you close the browser. If you disable cookies, the functionality of this website may be restricted.

Cookies which are required for the electronic communication process or to provide certain functions you have requested (e.g. shopping basket function), are stored on the basis of Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in saving cookies to provide its services in a way that is free from technical errors and functions optimally. If corresponding consent has been requested (e.g. consent to saving cookies), processing is carried out exclusively on the basis of Article 6 (1) (a) of the GDPR. Consent can be revoked at any time.

If other cookies (e.g. cookies for analysing your surfing behaviour) are saved, these are treated separately in this privacy policy.

b) Cookie consent with Borlabs cookie

Our website uses cookie consent technology from Borlabs – Benjamin A. Bornschein to obtain your consent to saving certain cookies in your browser and to document these in accordance with data protection regulations. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter ‘Borlabs’).

When you access our website, a Borlabs cookie is saved in your browser, which saves any consent you have given or the withdrawal of such consent. This data is not shared with the provider of Borlabs.

The data collected will be stored until you request that we erase it or until you delete the Borlabs cookie yourself or until the purpose for which the data is stored no longer applies. Mandatory statutory retention periods remain unaffected. Details relating to data processing by Borlabs can be found here.

Borlabs cookie consent technology is used to obtain consent required by law for the use of cookies. The legal basis for this is Article 6 (1) (c) of the GDPR.

c) Server log files

The provider of the sites automatically collects and stores information in ‘server log files’, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP adress

This data is not merged with other data sources.

This data is collected on the basis of Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in presenting and optimising its website in a way that is free from technical errors. For this purpose, server log files must be collected.

Server log files are currently stored for a maximum of 2 months and are then erased. The data is stored for security reasons in order to trace and prevent unauthorised access to the web server and improper use of the web pages and to secure our information technology systems.

d) Contact details

Based on legal regulations, our website contains information that allows you to get in touch our company quickly and electronically and to directly communicate with us, which also includes a general address for ‘electronic mail’ (e-mail address).

If you contact us by e-mail or telephone, the personal data you provide (e.g. name, e-mail address, etc.) will be stored and processed by us for the purpose of processing your request. Your data will not be shared without your consent.

This data is processed on the basis of Article 6 (1) (b) of the GDPR, provided that your enquiry relates to the fulfilment of a contract or is required to implement pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of any enquiries sent to us (Article 6 [1] [f] of the GDPR) or your consent (Article 6 [1] [f] of the GDPR), provided that this consent has been requested.

We will keep any data you have transmitted to us until you request that we erase it, until you withdraw your consent to storage or until the purpose for which the data was stored ceases to apply (e.g. after you enquiry has been processed). Mandatory legal provisions – with particular reference to retention periods – remain unaffected.

e) Application via web form from Microsoft Forms

We have expanded our use of Microsoft 365, and in particular Microsoft Forms, in order to achieve a smooth and productive collaboration with employees and customers.

If you are using our web form for the application process, we will collect personal data via Microsoft Forms. This includes, in particular, your contact details such as your first and last name, telephone number and e-mail address.

Microsoft Forms is an online service from Microsoft Ireland Operations, Ltd. To fill out the web form, you will leave our website via a link. This website uses cookies and the data collected are stored in Microsoft´s cloud servers. Further information on Microsoft Forms can be found here:

We cannot guarantee that in particular case in addition to the data collected with the web form, further personal data may be transmitted to Microsoft and processed there, the processing of which we have not commissioned, such as the applicant’s IP address and location data. Further information on the processing of personal data by Microsoft can be found at

You can find more information about the handling of your personal data during the application process in our privacy policy under ‘7. Data protection for applications and the application process’.

6. Note on data transfer to the USA

Among other things, our website includes tools from companies based in the USA. If these tools are active, your personal data may be transferred to the US servers of these companies. We would like to point out that the USA is not a safe third country in terms of EU data protection law. US companies are obliged to release personal data to security authorities without you as the affected party being able to take legal action against this. Therefore, it cannot be excluded that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.

7. Obligation to provide personal data

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also arise from contractual regulations (e.g. information about the contractual partner).

Sometimes, to conclude a contract, it may be necessary for a data subject to provide us with personal data, which must then be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them.

Failure to provide personal data would make it impossible to conclude the contract with the data subject.

8. Data protection for applications and the application process

If a data subject sends us an application, we process the associated personal data (e.g. contact and communication details, application documents, etc.) to the extent required to make a decision with respect to establishing an employment relationship. The legal basis for this is Section 26 of the new Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) under German law (initiation of an employment relationship), Article 6 (1) (b) of the GDPR (general initiation of contracts) and, if consent has been given, Article 6 (1) (a) of the GDPR. Consent can be withdrawn at any time. Within our company, personal data will only be shared with persons who are involved in processing the application.

If the application is successful, the submitted data will be stored in our data processing systems on the basis of Section 26 of the New Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and Article 6 (1) (b) of the GDPR for the purpose of the employment relationship.

We use Microsoft 365 and Microsoft Teams to conduct our usual office communications and for online meetings and/or video conferencing, including virtual interviews with potential employees. Microsoft 365 and Microsoft Teams are a service of Microsoft Ireland Operations, Ltd.

When using Microsoft Teams, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in the ‘online meeting’. The following personal data are subject of the processing: user details such as display name, e-mail address, profile picture (optional), preferred language, meeting metadata: e.g. date, time, meeting ID, phone number, location, text, audio and video data. You may have the option to use the chat function in an online meeting. In this case, the text entries you make are processed in order to display them in the online meeting.

In order to enable the display of video and the playback of audio, data from the microphone of your end device and from a video camera of the end device are processed during the meeting. You can turn off or mute the camera or microphone by yourself at any time via the Microsoft Teams apps.

Please note that we cannot have any effect on the Microsoft’s data processing. To the extent that Microsoft Teams processes personal data in connection with Microsoft’s legitimate business transaction, Microsoft is the independent data controller for such use and, as such, is responsible for compliance with all applicable laws and obligations of a data controller. For more information about the purpose and scope of data collection and processing by Microsoft Teams, please see Microsoft’s privacy policy at and Microsoft Teams at There you will also find further information about your rights. Microsoft also processes your personal data in the USA.

If we are unable to make the data subject a job offer, or if the data subject rejects the job offer or withdraws the application, we reserve the right to retain the submitted data for up to 3 months from the end of the application procedure (rejection or withdrawal of the application) on the basis of our legitimate interests (Article 6 [1] [f] of the GDPR). The data is then erased and the physical application documents destroyed. Storage particularly serves as evidence in the event of a legal dispute. If it is clear that the data will be required after the 3-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be erased once the purpose for further storage ceases to apply.

A longer storage period of up to 6 months may also apply if the data subject has given their consent (Article 6 [1] [a] of the GDPR) or if legal retention requirements prevent erasure.

9. SSL or TLS encryption

This website uses SSL and TLS encryption for security reasons and in order to protect confidential content, such as enquiries sent to us as the site operator. You can tell that the connection is encrypted if the browser address changes from ‘http://’ to ‘https://’ and a padlock symbol is shown in the browser’s address bar.

If the SSL or TLS encryption is enabled, the data that you transmit to us cannot be read by third parties.

10. Analysis tools

a) Google Analytics

Provided that you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses ‘cookies’. As described above, cookies are text files that are saved on your computer and allow your use of the website to be analysed. Information collected by the cookie about your use of this website is generally sent to a Google server in the USA and saved there.

We use Google Signals. This allows Google Analytics to collect additional information about users who have personalized ads enabled (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of “events”. Events can be:

  • Page views
  • First visit to the website
  • Start of session
  • Your “click path”, interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • clicks on external links
  • internal search queries
  • interaction with videos
  • file downloads
  • seen/clicked ads
  • language settings

Also recorded:

  • Your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e. g. language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/advertising medium you came to this website)

Google Analytics cookies are saved and this analysis tool used on the basis of Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise its website and advertising. If corresponding consent has been requested (e.g. consent to saving cookies), processing is carried out exclusively on the basis of Article 6 (1) (a) of the GDPR. Consent can be revoked at any time.

You can prevent cookies from being saved by changing your browser settings. Please note that in this case, you may be unable to use all of this website’s functions properly. You can also prevent the data generated by the cookie relating to your use of the website (including your IP address) from being captured and processed by Google by downloading and installing the browser plug-in available via the following link.

You can find more information on how Google Analytics handles user data in Google’s privacy policy.

We have concluded a contract with Google for processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month. Details can be found here.

b) Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool with the help of which we can integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records the IP address, which may also be transmitted to Google’s parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a DSGVO; the consent can be revoked at any time.

11. Google Web Fonts

This page uses ‘web fonts’, which are provided by Google, to uniformly display fonts. Google Fonts are installed locally. No connection is established with Google servers.

12. External linking

a) Links to other websites

Our website contains links to external websites of third parties and we have no influence on their content. Therefore, we cannot assume any liability for this external content. The respective provider or operator of the websites is always responsible for the contents of the linked websites. After clicking on the integrated text/image link, you will be redirected to the website of the respective provider. User information is only transmitted to the respective provider after it has been forwarded.

Please note the privacy policies of third parties to whose websites the links lead.

b) Social media links

Our website contains links to our online presence on Facebook, Instagram, XING and LinkedIn. These links are not social plugins. (Social plugins are buttons that allow the operator providing the corresponding site to collect information about the users of our website as soon as they access our website).

However, please note that when accessing this other website, information (which may include personal data) about your visit may be collected by the operator of this site.

You can find further information on how to protect your privacy in Facebook’s privacy policy.

You can find further information on how to protect your privacy in Instagram’s privacy policy.

You can find further information on how to protect your privacy in XING’s privacy policy.

You can find further information on how to protect your privacy in LinkedIn’s privacy policy.

c) Google Maps

We have included a button on our website with a link to Google Maps so that you can better determine our location on a map. We have marked this link with a ‘location icon’.

Please note that after clicking the integrated icon link you will be redirected to the website of the other provider (Google), whereby user information is transmitted to this provider.

You can find more information about how this user data is handled in Google’s privacy policy, in Google´s terms of service as well as in Google´s additional terms of service for Google Maps/Google Earth.

13. Objection to advertising e-mails

We hereby expressly prohibit the use of contact details, published as part of our legal notice obligation, to send unsolicited advertisements and informational material. The site operator expressly reserves the right to take legal action in the case of unsolicited advertising, e.g. through spam e-mails.

14. What are your rights?

a) Right of access, right to rectification and erasure

Within the scope of applicable legal provisions, you have the right to request information about the personal data stored about you, its origin and the recipient and purposes of data processing at any time for free, in accordance with Article 15 of the GDPR.

You also have the right to have any of your personal data, which is incorrectly stored, rectified, in accordance with Article 16 of the GDPR.

In accordance with Article 17 of the GDPR, you also have the right to request that your data is erased, provided your request does not conflict with a legal obligation to retain data (e.g. data retention). Data we store will be erased if it is no longer required for its intended purpose and if there are no legal retention periods. If data cannot be erased because it is required for permissible legal purposes, data processing will be restricted. In this case, the data will be suppressed and not processed for other purposes.

If you wish to obtain access to, or rectification, erasure or suppression of personal data stored that concerns you, or if you have questions regarding the collection, processing or use of your personal data, or if you wish to withdraw your consent, please contact our data protection officer.

b) Right to restrict processing

In accordance with Article 18 of the GDPR, you have the right to request that the processing of your personal data is restricted. To do so, you can contact the controller of this website at any time. You have the right to restrict processing in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the period of review, you have the right to request that the processing of your personal data is restricted.
  • If the processing of your personal data was/is unlawful, you can request restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you require it to exercise, defend or assert legal claims, you have the right to request that we restrict the processing of your personal data instead of erasing it.
  • If you have lodged an objection under Article 21 (1) of the GDPR, there must be a balance between your interests and ours. You have the right to request that the processing of your personal data is restricted for as long as the overriding interests are unclear.

If you have restricted the processing of your personal data, such data – with the exception of the storage of such data – may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

c) Right to data portability

In accordance with Article 20 of the GDPR, you have the right to have personal data, which we process automatically on the basis of your consent or to fulfil a contract, made available to you or to a third party in a commonly used, machine-readable format. If you have requested that the data is directly transferred to another controller, this is only done if it is technically feasible.

d) Right to object

You may exercise your right of objection in accordance with Article 21 of the GDPR and object to the processing of your personal data at any time, provided that there are reasons for doing so that are based on your particular situation. This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process personal data relating to you unless we can prove that there are compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if processing serves to assert, exercise or defend legal claims.

If the personal data relating to you is processed for direct marketing, you have the right to object to the processing of the personal data relating to you for such marketing at any time. This also applies to profiling if it relates to such direct marketing. If you exercise your right of objection, your personal data will no longer be used for the purpose of direct marketing. We consider writing to potential applicants who have given us their consent to do so (e.g. for new job offers) to be direct marketing.

e) Right to withdraw your consent to data processing

Many data processing operations are only possible with your express consent. You have the right to withdraw any consent you have already given us at any time in accordance with Article 7 (3) of the GDPR. All you need to do is send an informal e-mail message to the controller of this website. The legality of the data processing carried out up to the point of withdrawal remains unaffected by the withdrawal.

f) Right to lodge a complaint

If the GDPR is violated, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR. You can contact the data protection supervisory authority responsible for your place of residence or your federal state at any time.