Street, no.: Technologiepark Dieprahm, Carl-Friedrich-Gauß-Str. 30
Postal code, city, country: 47475 Kamp-Lintfort
Commercial Register/No.: HRB 8220
Managing Director: Frank Quinders
Telephone: +49 2842 92737-0
1. Basic information on data processing and legal bases
1.1. This data protection declaration explains the type, scope and purpose of the processing of personal data within our online offer and the websites, functions and content associated with it (hereinafter jointly referred to as "online offer" or "website"). The data protection declaration applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offer is run. 1.2. For the terms used, such as "personal data" or their "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR). 1.3. The personal data of the users processed in the context of this online offer includes inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of clerks, payment information), usage data (e.g. the websites of our online offer visited, interest on our products) and content data (e.g. entries in the contact form). 1.4. The term "user" includes all categories of persons affected by data processing. They include our business partners, customers, interested parties and other visitors to our online offering. The terms used, such as "user" are to be understood as gender-neutral. 1.5. We process personal data of users only in compliance with the relevant data protection regulations. This means that user data will only be processed if there is legal permission. Ie, in particular if data processing is necessary for the provision of our contractual services (e.g. processing orders) and online services, or is required by law, the user has given their consent, as well as due to our legitimate interests (ie interest in analysis, optimization and Economic operation and security of our online offer within the meaning of Article 6 Paragraph 1 lit. f GDPR, in particular when measuring range, creating profiles for advertising and marketing purposes and collecting access data and using the services of third-party providers 1.6. We would like to point out that the legal basis for consent is Art. 6 (1) lit. and Article 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures is Article 6 Paragraph 1 Letter b. GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c). GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6 Paragraph 1 lit. f. GDPR.
2. Security Measures
2.1. We take organizational, contractual and technical security measures according to the state of the art to ensure that the provisions of the data protection laws are observed and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. 2.2. The security measures include, in particular, the encrypted transmission of data between your browser and our server.
3. Transfer of data to third parties and third-party providers
3.1. Data will only be passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary for contractual purposes, for example on the basis of Article 6 Paragraph 1 Letter b) GDPR or on the basis of legitimate interests in accordance with Article 6 Paragraph 1 Letter f. DSGVO in the economical and effective operation of our business. 3.2. If we use subcontractors to provide our services, we take appropriate legal precautions and appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.</ p> 3.3. If content, tools or other means from other providers (hereinafter jointly referred to as “third-party providers”) are used within the scope of this data protection declaration and their registered office is in a third country, it can be assumed that data will be transferred to the countries where the third-party providers are domiciled. Third countries are countries in which the GDPR is not directly applicable law, i.e. basically countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if there is an appropriate level of data protection, user consent or other legal permission.
4. Provision of contractual services
4.1. We process inventory data (e.g. names and addresses as well as contact details of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Article 6 Paragraph 1 lit b. GDPR. 4.2. Users can optionally create a user account, in particular by being able to view their orders. As part of the registration, the required mandatory information is communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention being necessary for commercial or tax reasons in accordance with Article 6 (1) (c) GDPR. It is the user's responsibility to back up their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all of the user's data stored during the contract period. 4.3. As part of the registration and renewed registrations as well as the use of our online services, we save the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6 (1) (c) GDPR. 4.4. We process usage data (e.g. the websites of our online offer visited, interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes in a user profile, for example to show the user product information based on the services they have previously used.< /p>
5.1. When contacting us (via the contact form or e-mail), the information provided by the user will be processed to process the contact request and its processing in accordance with Article 6 (1) (b) GDPR.
6. Collection of access data and log files
6.1. On the basis of our legitimate interests within the meaning of Article 6 (1) (f) GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider . 6.2. Log file information is stored for a maximum of 14 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
7. Cookies & range measurement
8. Google Analytics
8.7. You can find more information on data use by Google, setting and objection options on the Google website:https://www.google.com/intl/de/policies/privacy/partners("Use of data by Google when you use our partners' websites or apps"),< a href="http://www.google.com/policies/technologies/ads" target="_blank" rel="noopener">http://www.google.com/policies/technologies/ads ("Use of data for advertising purposes"),http://www.google.de/settings/ ads("Manage information that Google uses to show you ads").
9. Integration of third-party services and content
9.1. We use content or service offers from third-party providers within our online offer on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit Integrate services such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content perceive the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and can contain, among other things, technical information about the browser and operating system, referring websites, visiting times and other information on the use of our online offer, and can also be linked to such information from other sources.< /p> 9.2. The following presentation offers an overview of third-party providers and their content, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities to object (so-called opt-out):
- If our customers use the payment services of third parties (e.g. PayPal or Sofortüberweisung), the terms and conditions and data protection notices of the respective third party providers, which can be accessed within the respective websites or transaction applications, apply.
- Maps provided by the third-party provider Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.
10. User Rights
10.1. Users have the right to request information free of charge about the personal data that we have stored about them. 10.2. In addition, users have the right to rectification of incorrect data, restriction of processing and deletion of their personal data, if applicable, to assert their rights to data portability and, in the event that unlawful data processing is assumed, to lodge a complaint with the competent supervisory authority.</p > 10.3. Likewise, users can revoke their consent, in principle with effect for the future.
11. Data Protection Officer
The data protection officer is: Dr. Nils Helmke, lawyer, external data protection officer, AGAD Service GmbH, Waldring 43 – 47, 44789 Bochum
12. Deletion of data
12.1. The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements. If user data is not deleted because it is required for other, legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons. 12.2. According to legal requirements, storage is carried out for 6 years in accordance with Section 257 (1) HGB (books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) AO (books, records, management reports, Accounting documents, commercial and business letters, documents relevant to taxation, etc.).
13. Right to object
Users can object to the future processing of their personal data at any time in accordance with legal requirements. The objection can be made in particular against processing for direct advertising purposes.
14. Data protection information for applicants
We process the data that you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our company) and to carry out the application process.
Legal basis for processing Your personal data in this application process is primarily § 26 BDSG in the version valid from May 25th, 2018. After that, the processing of the data that is required in connection with the decision to establish an employment relationship is permitted.
Should the data be required for legal prosecution after the application process has been completed, data processing can be based on the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Article 6 (1) (f) GDPR. Our interest then lies in the assertion or defense of claims.
Applicants' data will be deleted after 6 months in the event of a rejection.
In the event that you have agreed to further storage of your personal data, we will Transfer your data to our applicant pool. The data will be deleted there after two years.
If you have been awarded a position as part of the application process, the data will be transferred from the applicant data system to our personnel information system.
Your applicant data will be deleted after receipt of your application by seen by the HR department. Suitable applications are then forwarded internally to the department heads for the open position. Then the further process is coordinated. In principle, only those people in the company who need it for the proper course of our application process have access to your data.
The data is processed exclusively in data centers in member states of the European Union (EU) and the European Economic Area (EEA) as well as Switzerland .
With regard to your data, you are of course also entitled to the rights specified under § 2 and § 5.
15.1. We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or to changes in the service and data processing. However, this only applies with regard to declarations on data processing. If user consent is required or parts of the data protection declaration contain provisions of the contractual relationship with the user, the changes will only be made with the consent of the user.
Users are asked to inform themselves regularly about the content of the data protection declaration.