Who we are

With over 30 years of experience, we offers complimentary software, training and consulting to help companies to strengthen their quality. Our website is available on https://ellistat.com.

We are responsible for the collection, processing and use of your personal data in accordance with the law.

We are committed to the responsible handling of your personal data. We therefore consider it a matter of course to comply with the legal requirements of the General Data Protection Regulation of the European Union (GDPR).

In the following we would like to inform you how we treat your personal data.

Please note that the following information may be checked and changed from time to time. We therefore recommend that you consult this Privacy Policy on a regular basis.

Data processing on the website

Scope and purpose of the collection, processing and use of personal data

When you visit our website

When you visit our website, our servers temporarily store each access in a log file.

The following data is collected and stored, without any action on your part, until it is automatically deleted after twelve months at the latest:

  • the IP address of the requesting computer,
  • date and time of access,
  • name and URL of the data retrieved,
  • the website from which our domain was accessed,
  • the operating system of your computer and the browser used, and
  • the name of your Internet access provider.

This data is collected and processed for the purpose of allowing the use of our website (establishing a connection), ensuring system security and stability in the long term and allowing our Internet offering to be optimized, as well as for internal statistical purposes. The aforementioned information is not linked to or stored with personal data.

Only in the event of an attack on the website’s network infrastructure or in case of a suspicion of unauthorized or abusive use of the website, the IP address will be evaluated for clarification and defense purposes and, if necessary, used for identification purposes in criminal proceedings and for civil and criminal proceedings against the users concerned.

The purposes described above, constitute our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

When using the contact form

If you contact us using the contact form on the website, we collect the following information from you:

  • Name*
  • Email address*

The fields marked with * are mandatory.

We use this data to answer your questions or provide the services you require and, if necessary, to contact you. The processing of your contact request is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (contact details see below).

When using the form to buy a license

If you use the appropriate form to request the activation of a test account, we collect the following data:

  • Company name*
  • First name and surname*
  • Street, town/city, postcode*
  • Country*
  • Telephone number*
  • E-mail address*
  • Language*
  • Comment

The fields marked with * are mandatory.

We use this data to open and activate the license you have requested and to contact you by telephone if necessary. The telephone number is never used for marketing purposes. The processing of your request to open a test account is our legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (contact details see below), but you will then no longer have access to the test account.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select « Remember Me », your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Disclosure of data to third parties

We will only pass on your personal data if you have given your express consent, if there is a legal obligation to do so, or if it is necessary for the enforcement of our rights, in particular to assert claims arising out of the contractual relationship.

In addition, we will pass on your data to third parties as far as it is necessary for the use of the website and the execution of the contract, namely the provision of the services you require and the analysis of your user behaviour. The use of the data forwarded for this purpose by third parties is strictly limited to the stated purposes.


For the purposes of needs-based design and the continuous optimisation of our pages, we use the web analysis service Google Analytics. In this respect, pseudonymised user profiles are created and small text files (‘cookies’) stored on your computer and used. Information generated by the cookie about your use of this website, such as

  • the browser type/version
  • the operating system used
  • the referrer URL (previous page visited)
  • the host name of the accessing computer (IP address)
  • the time of the server request
  • the device

is sent to servers of Google Inc., a company of the holding company Alphabet Inc., in the US and stored there. As part of this, before this data is sent within the member states of the European Union or other states that are party to the agreement on the European Economic Area and Switzerland, the IP address is truncated through this website’s IP anonymisation (‘anonymizeIP’). The anonymised IP address transmitted by your browser in the context of Google Analytics is not consolidated with other data from Google. The entire IP address is sent to a Google server in the US and truncated there only in exceptional cases. In these case, we ensure by contractual means that Google Inc. observes a sufficient level of privacy protection.

The information is used to analyse use of the website, to compile reports about website activities and to provide us with further services relating to website and internet use for the purposes of market research and needs-based design for these websites. This information is also forwarded to third parties where this is required by law or if third parties have been commissioned to process this data. Under the terms of Google Inc., under no circumstances will the IP address be used in connection with other data relating to the user.

Users can prevent Google’s collection of the data generated by the cookie that relates to a user’s use of the website (including their IP address) and Google’s processing of this data by downloading and installing the browser plug-in available via the following link:


As an alternative to the browser plug-in, users can prevent data collection by Google Analytics on the website in future by clicking on this link. By doing so, an opt-out cookie is stored on the user’s end device. To delete user cookies (see ‘Cookies’ above), the link must be clicked again.

In order to manage cookies and pixels for tracking tools and other tools, we also use Google Tag Manager. The Tag Manager tool itself is a cookie-free domain and does not collect any personal data. Instead, the tool triggers other tags that may in turn collect data. If you have performed a deactivation at domain or cookie level, this remains in place for all tracking tags implemented using Google Tag Manager.

For the sake of completeness, we note that as part of US legislation, the US authorities are able to take surveillance measures, under which the general storage of all data sent from the European Union to the US is possible. This takes place without distinction, limitation or exception, on the basis of the objective pursued and without objective criteria that would allow it to limit access by US authorities to personal data and its subsequent use to specific, strictly limited purposes that justify access to this data.

For users residing in EU Member States, please note that, from the point of view of the European Union, the US does not have sufficient data protection levels due, inter alia, to the issues mentioned in this section. To the extent that we have explained in this privacy policy that recipients of data (such as Google, Facebook and Twitter) are located in the US, we will either based on a contract or by securing certification of these companies under the EU-US -Privacy Shield ensure that your data is protected at an appropriate level by our partners.

Processing of customer data

We collect information about our customers. Customer data is collected offline. In particular, we record the contact details of the contact persons at these customers.

We collect the following data for each customer:

  • Company name
  • Company address, postcode, town/city
  • First name and surname of the contact person
  • Business telephone number of the contact person
  • E-mail address of the contact person
  • Function and title of the contact person (if available)
  • Contract conditions
  • History of customer relationship
  • E-mail for customer information
  • Groups E-mail for technical notification
  • Desired means of payment
  • Desired currency

The customer data is either stored on paper or in digital form in our CRM system, which runs on our own server.

The data stored in the CRM system is generally used to manage the customer relationship, for the customer history, for billing of operational services, for automated customer information, for alerting customers in the event of technical problems or necessary technical adjustments, and in some cases also for inviting customers to technical occasions or events. The legal basis for the processing of your data for these purposes lies in the fulfilment of a contract according to Art. 6 para. 1 lit. b GDPR.

The data will only be passed on to third parties if it is necessary for the provision of the services requested by the customer.

The customer has the right to object at any time to the delivery of marketing information via newsletter or the delivery of information on special events (see below « Contact »). In spite of such an objection, we are still entitled to send the customer non-commercial information about our services, which are necessary for the use of our services, as well as notifications.


If a customer registers for the newsletter, we process the relevant data for the delivery of the newsletter. We will process the data of the customer for the newsletter dispatch until he revokes his consent. The consent can be revoked at any time. The customer can unsubscribe from the newsletter at any time using the unsubscribe link provided in each newsletter.

We use email marketing services from MailChimp, The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA. The newsletter may therefore contain a web beacon or similar technical means. A web beacon is a 1x1 pixel, invisible graphic that is associated with the user ID of the respective newsletter subscriber. For each newsletter sent there is information on the address file used, the subject and the number of newsletters sent. In addition, you can see which addresses have not yet received the newsletter, to which address was sent and at which addresses the dispatch failed. In addition, there is the opening rate including the information which addresses have opened the newsletter. Finally, the information as to which addresses have unsubscribed. We use this data for statistical purposes and to optimize the newsletter in terms of content and structure. This enables us to better tailor the information and offers in our newsletter to the individual interests of the recipients. To prevent the use of the Web Beacon in the newsletter, the mail program must be set so that no HTML is displayed in messages, if this is not already the case by default:

Right to information, deletion and correction

You have the right to obtain information on the personal data that we store about you on request free of charge. In addition, you have the right to correct inaccurate data and the right to delete your personal data, as long as there is no legal retention duty or act of permission that allows us to process such data.

You also have the right to demand the release of the data you have given us (right to data portability). On request, we will also forward the data to a third party of your choice. You have the right to receive the data in a common file format.

For the aforementioned purposes, you can contact us via the e-mail address contact@ellistat.com. We may, at our discretion, require proof of identity to process your request.

Apart from that you have the right to complain to a data protection authority at any time.

Data retention

We only store personal data for as long as necessary,

  • to use the above-mentioned tracking, advertising and analysis services within the scope of our legitimate interest;
  • in order to carry out the above-mentioned services that you have requested or to which you have given your consent.

Contract data is kept longer by us, as this is required by statutory storage requirements. Retention requirements that oblige us to keep data arise from accounting and tax regulations. According to these regulations, business communications, closed contracts and accounting documents must be kept for up to 10 years. As far as we no longer need this data to carry out the services for you, the data will be blocked. This means that the data may then only be used for accounting and for tax purposes.

Data security

We take reasonable technical and organisational security measures that we deem appropriate in order to protect your stored data from being manipulated, fully or partially lost, or accessed by unauthorised third parties. Our security measures are adapted continually in line with technological developments.

We also take internal data privacy very seriously. Our employees and the service providers commissioned by us are obliged to maintain secrecy and comply with the provisions of data protection law. In addition, they are granted access to personal data only insofar as this is necessary.


If you have any questions about data protection on our website, would like to receive information or request the deletion of your data, please contact us by sending an e-mail to contact@ellistat.com