Privacy Policy
By clicking “Accept,” you consent to the storage of cookies on your device to improve navigation on the website, analyze website usage, and support our marketing activities. For more information, please see our Privacy Policy.
declineAccept

Privacy

At ERC, we hold our products to the highest standards possible. We apply the same standard to our obligation to protect your privacy and keeping you informed.

Table of Contents
Connect with us
This is also a heading
This is a heading

pursuant to Art. 13 General Data Protection Regulation (GDPR)

This Privacy Policy informs you pursuant to Art. 13 of the General Data Protection Regulation (GDPR) about the processing of personal data in connection with your use of the website https://www.erc-system.com (hereinafter "Website") by eRC-System GmbH as the data controller.

"Personal data" within the meaning of Art. 4 No. 1 GDPR means any information relating to an identified or identifiable natural person (data subject), such as name, address, telephone number, date of birth, email address or IP address. Information that cannot be attributed to a specific person, for example as a result of anonymisation, does not constitute personal data.

1. Controller and Data Protection Officer

1.1 Controller

The controller responsible for the processing of personal data on the Website within the meaning of the General Data Protection Regulation (GDPR) is:

eRC-System GmbH
Einsteinstraße 32
85521 Ottobrunn
Germany

represented by its Managing Director:
Dr.-Ing. David Löbl

For data protection enquiries or to exercise your rights as a data subject, please contact: info@erc-system.com

1.2 Data Protection Officer

You may contact our Data Protection Officer at any time regarding all questions relating to data protection and the exercise of your rights:

Swen Müller
Phone: +49 89 6088 2120
Email: muellers@iabg.de

2. Data Processing on Our Website

2.1 Provision of the Website

Purpose of processing: We process your data in order to:

  • ensure the reliable operation of the Website
  • provide user-friendly access to our Website
  • guarantee IT security

Recipient: Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA (provision and operation of a web-based platform)

Data processed:

  • IP address of the requesting device
  • Method (e.g. GET, POST), date and time of the request
  • Address of the accessed website and path of the requested file
  • Previously accessed/requested website/file, if applicable (HTTP referrer)
  • Information about the browser and operating system used
  • Version of the HTTP protocol, HTTP status code, size of the delivered file
  • Request information such as language, content type, content encoding, character sets

Legal basis: Art. 6(1)(f) GDPR. The processing of the aforementioned data is necessary to provide the Website and to ensure its secure and user-friendly operation.

Storage period: The collected data is deleted as soon as it is no longer required for the operation of the Website, but no later than after 30 days, provided no statutory retention obligations exist.

Further information: https://webflow.com/legal/eu-privacy-policy

2.2 Content Delivery Network

Purpose: Accelerating website loading times and protecting against DDoS attacks through the use of a Content Delivery Network (CDN).

Recipient: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA

Data processed:

  • Accessed webpage
  • Browser type used
  • Operating system
  • Referrer URL
  • IP address
  • Requesting provider

Legal basis: Legitimate interests pursuant to Art. 6(1)(f) GDPR (website security and performance).

Storage period: Data is generally transferred to a Cloudflare server in the USA and stored only for as long as necessary for the purpose stated above.

International data transfer: For the use of Cloudflare, data is transferred to the USA on the basis of the EU–U.S. Data Privacy Framework (Art. 45 GDPR). Cloudflare is certified under the Framework and thus provides an adequate level of data protection.

Further information: https://www.cloudflare.com/privacypolicy/

2.3 Video and Script Delivery

Purpose: To deliver video and script content efficiently and reliably on the Website, including optimized loading times and stable playback via a content delivery network (CDN).

Recipient: BunnyWay d.o.o. (bunny.net), Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia.

Data processed:

  • Accessed video/script
  • IP address
  • Browser type used
  • Operating system
  • Referrer URL
  • Date and time of access
  • Technical connection data strictly required for video delivery (e.g. request headers, streaming segments)

Legal basis: Legitimate interests pursuant to Art. 6(1)(f) GDPR (provision of video content, ensuring performance, stability, and protection against misuse).

Storage period: Data is processed only for the duration necessary to deliver the video content and to ensure technical security. Server log data is stored for a limited period and is subsequently deleted or anonymized.

International data transfer: Bunny.net operates a globally distributed content delivery network (CDN). Data is primarily processed on servers within the European Union. Where processing outside the EU cannot be excluded for technical reasons, appropriate safeguards pursuant to Art. 46 GDPR (in particular Standard Contractual Clauses) are in place to ensure an adequate level of data protection.

2.4 Cookies and Similar Technologies

This Website uses technically necessary cookies and similar technologies required for the proper and secure operation of the Website.

Legal basis: Technically necessary tools are used on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR or for the performance of a contract pursuant to Art. 6(1)(b) GDPR. The storage of or access to information on your device is in these cases strictly necessary pursuant to Section 25(2) TDDDG.

Cookie Overview

Name Service Purpose Storage Duration Category
_cfuvid Cloudflare Allows Cloudflare to distinguish individual users behind the same IP address in order to apply user-specific rate limits / WAF rules. Session Technically necessary
Iridium-cc Iridium Works Stores the user’s tracking consent decision. Unlimited Technically necessary

2.5 Contact Forms (Webflow Forms)

Purpose: Receiving and processing enquiries and other messages submitted through forms embedded on the Website.

Form submissions are handled by Webflow's built-in forms feature and stored in the Webflow project.

Recipient: Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA (operator of the website platform and forms feature). Submissions may additionally be forwarded to email addresses configured by the controller.

Data processed:

  • All information you voluntarily enter into the form (e.g. name, email address, telephone number, company, message content)
  • IP address of the submitting device
  • Date and time of submission
  • Browser type and version, operating system

Legal basis: Art. 6(1)(b) GDPR where the form serves to initiate or perform a contract (e.g. enquiry about our services). Otherwise Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries and communicating with you), or Art. 6(1)(a) GDPR where you have given your consent (e.g. contact form).

Storage period: Form submissions are stored for as long as necessary to handle your enquiry and any resulting communication, and will subsequently be deleted, unless statutory retention obligations apply.

International data transfer: Webflow, Inc. is based in the USA. Data is transferred on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR); Webflow is certified under the Framework. Where applicable, transfers are additionally safeguarded by standard contractual clauses pursuant to Art. 46(2)(c) GDPR.

Further information: https://webflow.com/legal/eu-privacy-policy

2.6 Public Library CDN (jsDelivr)

Purpose: Loading publicly available JavaScript libraries, fonts, and other static open-source assets via the jsDelivr content delivery network (cdn.jsdelivr.net) to ensure fast and reliable delivery of these resources on the Website.

Recipient: Volentio JSD Limited, a company registered in England and Wales (operator of the jsDelivr CDN service). jsDelivr currently engages the following sub-processors to deliver traffic under cdn.jsdelivr.net, which also receive the IP address and request metadata: Cloudflare, Inc. (USA), Fastly, Inc. (USA), Gcore (Luxembourg) and Bunny.net (limited to legacy bootstrapcdn.com endpoints). This list may change from time to time; the current list is published at https://www.jsdelivr.com/sub-processors.

Data processed:

  • IP address of the requesting device
  • Requested resource (URL, limited to the cdn.jsdelivr.net domain)
  • Browser type and version
  • Referrer data (limited to domain)
  • Date and time of the request
  • Unique device identifiers and other diagnostic data

Legal basis: Legitimate interests pursuant to Art. 6(1)(f) GDPR (efficient and reliable delivery of publicly available libraries and assets, ensuring website performance and stability).

Storage period: Data is processed only for the duration necessary to deliver the requested resources. Server log data is stored for a limited period and is subsequently deleted or anonymized.

International data transfer: jsDelivr operates a globally distributed CDN, and personal data may be transferred to and processed in countries outside the EEA, including jurisdictions that have not been recognised by the European Commission as providing an adequate level of data protection. Such transfers are safeguarded by appropriate measures pursuant to Art. 46 GDPR, in particular the EU Standard Contractual Clauses (governed by German law in accordance with jsDelivr's Data Processing Agreement).

Further information: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net

3. Contact by Email or Phone

Purpose: Processing and responding to your enquiry.

Data processed:

  • Name
  • Email address and/or telephone number
  • Company or organisation, if provided
  • Content of your message or request
  • Communication metadata, such as date and time of the communication, to the extent generated

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in communicating with you). If your enquiry is aimed at concluding or performing a contract, processing is carried out on the basis of Art. 6(1)(b) GDPR.

Storage period: Your data is stored only for as long as necessary to fully process your enquiry, unless statutory retention obligations apply or a longer storage period is required to establish, exercise or defend legal claims.

4. Social Media Presence and Links

Our Website may contain links to our social media profiles. If you click on a social media link, you leave our Website and are redirected to the website or app of the respective platform provider. The respective provider is responsible for the processing of personal data on its platform. We have no influence over the data collected by the platform provider when you access or use the platform.

If you interact with our social media profiles, for example by following our profile, commenting on posts, sending us direct messages, reacting to posts or otherwise communicating with us, we may process the personal data visible to us in this context.

Platforms potentially used:

  • LinkedIn, operated in the EU by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
  • Instagram, operated in the EU by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland

Purpose of processing:

  • corporate communication and public relations
  • responding to messages, comments and enquiries
  • presenting our company, projects and career opportunities
  • analysing reach and interaction with our content, to the extent provided by the platform

Data processed:

  • profile name and public profile information
  • comments, messages, reactions and other interactions
  • communication content
  • metadata provided by the platform
  • aggregated statistics and insights, where provided by the platform

Legal basis: Art. 6(1)(f) GDPR. We have a legitimate interest in communicating with interested persons, applicants, partners and the public, and in presenting our company externally. If communication is aimed at concluding or performing a contract, Art. 6(1)(b) GDPR may also apply. Where a platform asks for consent for certain processing, the legal basis for such processing is generally Art. 6(1)(a) GDPR.

For certain analytics or insights functions, joint controllership with the respective platform provider may exist pursuant to Art. 26 GDPR. Details are provided by the respective platform provider in its privacy information and, where applicable, joint controllership addenda.

Further information:

5. External Links

Our Website contains links to external third-party websites over whose content we have no influence. We therefore cannot accept any liability for these external contents.

The respective provider or operator is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time of linking. No illegal content was apparent at the time of linking.

However, permanent content monitoring of the linked pages is not reasonable without concrete indications of a legal violation. If we become aware of legal violations, we will remove such links immediately.

If you follow an external link, please note that the privacy policy of the respective provider applies and that we have no influence over how these providers process your personal data. We recommend reviewing the privacy policies of the respective third-party websites before using them.

6. International Data Transfers

Personal data is generally processed within the EU/EEA. Transfers to so-called "third countries" take place only in compliance with the requirements of the GDPR and in the presence of appropriate safeguards. Before transferring data to a service provider in a third country, the level of data protection is assessed. A transfer only takes place if sufficient protective mechanisms exist. All service providers must enter into a data processing agreement where required. Additional measures may be required for providers outside the EEA.

Pursuant to Art. 44 et seq. GDPR, a transfer is only permissible if at least one of the following conditions is met:

  • The European Commission has determined that an adequate level of data protection exists.
  • Standard contractual clauses have been concluded with the recipient.
  • Other appropriate safeguards pursuant to Art. 46 GDPR are in place.
  • In certain exceptional cases pursuant to Art. 49 GDPR.

7. Recipients

Personal data collected by us is only disclosed if:

  • You have given us your explicit consent pursuant to Art. 6(1)(a) GDPR;
  • Disclosure is necessary to protect our legitimate interests or to assert, exercise or defend legal claims, and there is no reason to assume that your interests or fundamental rights and freedoms requiring the protection of personal data override these interests (Art. 6(1)(f) GDPR);
  • We are legally obliged to disclose the data (Art. 6(1)(c) GDPR); or
  • Disclosure is lawful and necessary for the performance of a contract with you or to carry out pre-contractual measures at your request (Art. 6(1)(b) GDPR).

Possible recipients include:

  • Processors and service providers: External service providers, for example for technical infrastructure, hosting, website operation, form processing, CDN services, maintenance, IT support, security and administration. These recipients are carefully selected and monitored and may only process personal data in accordance with our instructions where they act as processors.
  • Affiliated companies / parent company: Personal data may be disclosed to affiliated companies, including our parent company, where this is necessary for internal administration, IT hosting, IT support, group-wide services, compliance, security or other legitimate operational purposes, and where the legal requirements for such disclosure are met.
  • Public authorities: Authorities and public bodies, such as tax authorities, public prosecutors or courts, to whom we must transmit personal data to fulfil legal obligations or to protect legitimate interests.

8. Data Security and Protective Measures

We implement appropriate technical and organisational measures to ensure the security and confidentiality of your personal data. These measures serve to protect against unauthorised access, manipulation, loss or misuse. Our security measures are regularly reviewed and adapted to technological advances and current industry standards.

Please note that despite extensive protective measures, data transmission over the internet may have security vulnerabilities. In particular, with unencrypted communication (e.g. standard email), there is a risk that data may be accessed by third parties. We have no influence over the actions of external third parties. We therefore recommend using encryption or other protective measures when transmitting sensitive information electronically in order to minimise potential risks.

9. Retention and Deletion/Blocking of Data

Personal data is deleted or blocked as soon as the purpose of storage ceases to apply. Further storage takes place only if provided for by regulations of the European Union or national legislation to which the controller is subject. Data is also deleted or blocked when a statutory retention period expires, unless further storage is necessary for the fulfilment of a contractual relationship or for the establishment, exercise or defence of legal claims.

10. Requirement to Provide Personal Data and Automated Decision-Making

The provision of personal data is generally not required by law or contract for merely visiting our Website. However, the processing of certain technical data, in particular server log data such as the IP address, is technically necessary in order to make the Website available and to ensure its secure operation.

If you contact us by email, phone or via a contact form, you provide the data voluntarily. However, without the information required to process your enquiry, in particular appropriate contact details and the content of your request, we may not be able to respond to your enquiry or provide the requested information.

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR in connection with the Website. In particular, we do not make decisions based solely on automated processing that produce legal effects concerning users or similarly significantly affect them.

11. Data Subject Rights

You have the following rights with regard to your personal data:

a. Right of access (Art. 15 GDPR, §34 BDSG): You may request information about whether and which personal data we process, for what purpose, to whom or to which categories of recipients the data is disclosed, and how long it is stored.

b. Right to rectification (Art. 16 GDPR): You may request the immediate rectification of inaccurate personal data or the completion of incomplete personal data.

c. Right to erasure (Art. 17 GDPR): You may request the deletion of your personal data, in particular where it is no longer necessary, you have withdrawn your consent, or the data has been processed unlawfully.

d. Right to restriction of processing (Art. 18 GDPR): You may request the restriction of the processing of your data, e.g. where the accuracy of the data is contested.

e. Right to data portability (Art. 20 GDPR): You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or to request its transfer to another controller, to the extent that this is technically feasible.

f. Right to withdraw consent (Art. 7(3) GDPR): You may withdraw any consent you have given at any time with effect for the future. The lawfulness of processing carried out prior to the withdrawal remains unaffected.

Right to object (Art. 21 GDPR): You may object at any time, on grounds relating to your particular situation, to the processing of your personal data, in particular in connection with direct marketing or related profiling.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data infringes data protection regulations.

The supervisory authority generally responsible for eRC-System GmbH is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Email: poststelle@lda.bayern.de
Phone: +49 981 180093-0
Website: https://www.lda.bayern.de

As of: June 2026