Privacy Information according to Art. 13 GDPR
Name and address of the data controller:
The responsible entity within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
ASSKEA GmbH
Haßlocher Straße 9
99189 Gebesee
Germany
Phone: +49 36 201 57 97 0
Fax: +49 36 201 57 97 33
Email:
The data protection officer of the data controller is:
ad hoc datenschutz GmbH
Im Bresselsholze 12
07819 Triptis
Germany
Phone: 0365 527 862 30
Fax: 0365 527 862 59
Email:
General Information on Data Processing
Legal Basis for the Processing of Personal Data
In accordance with Article 13 of the GDPR, we inform you about the legal bases of our data processing activities. If the legal basis is not specifically mentioned in the privacy notice, the following applies:
The legal basis for obtaining consent is Article 6(1)(a) in conjunction with Article 7 of the GDPR. The legal basis for processing to fulfill our services, perform contractual measures, and respond to inquiries is Article 6(1)(b) of the GDPR. The legal basis for processing to fulfill our legal obligations is Article 6(1)(c) of the GDPR. If processing your data is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override that interest, Article 6(1)(f) of the GDPR serves as the legal basis. In cases where vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
Data Deletion and Storage Duration
According to the GDPR, data storage is only permissible for as long as it is necessary and appropriate for the pre-defined, clear, and legitimate purpose (the principle of storage limitation and data minimization)1. We adhere to these principles by storing your personal data only for the duration required to achieve the specified purposes or as mandated by legal retention periods. Once the purpose no longer applies or the retention periods expire, the relevant data is promptly deleted..
External Links
This website may contain links to third-party websites or other websites under our responsibility. If you follow a link to one of the websites outside our responsibility, please note that these websites have their own privacy information. We do not assume any responsibility or liability for these external websites and their privacy notices. Therefore, before using these websites, please check whether you agree with their privacy statements.
External links are either set apart from the rest of the text in color or are underlined. Your cursor will indicate external links when you hover over such a link. Only when you click on an external link will your personal data be transferred to the target of the link. In particular, the operator of the other website will receive your IP address, the time at which you clicked the link, the page on which you clicked the link, as well as other information that you can find in the privacy notices of the respective provider.
Please also note that individual links may lead to data transmission outside the European Economic Area. As a result, foreign authorities may gain access to your data. You may not have legal remedies against such data access. If you do not want your personal data to be transferred to the link target or to be subject to access by foreign authorities, please do not click on any links.
Rights of the data subject
As a data subject under the GDPR, you have several rights that you can exercise. These rights, as outlined by the GDPR, include: the Right to Information (Article 15), the Right to Rectification (Article 16), the Right to Erasure (Article 17), the Right to Restriction of Processing (Article 18), the Right to Object (Article 21), the Right to Lodge a Complaint with a Supervisory Authority and the Right to Data Portability (Article 20).
Right to Withdraw and Revoke Consent:
Certain data processing activities can only be carried out with your explicit consent. You have the right to withdraw your consent at any time. However, the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Object:
If the processing is based on Article 6(1)(e) or (f) of the GDPR, you, as the data subject, have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you. This right also applies to profiling based on these provisions according to Article 4(4) of the GDPR. If we cannot demonstrate a legitimate interest in processing that overrides your interests, rights, and freedoms, or if the processing is for the establishment, exercise, or defense of legal claims, we will cease processing your data following the objection.
If the processing of personal data is for direct marketing purposes, you also have the right to object at any time. The same applies to profiling that is related to such direct marketing. In these cases, we will no longer process personal data once you raise an objection.
Right to lodge a complaint with a supervisory authority:
If you believe that the processing of personal data relating to you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, particularly in the Member State of your residence, place of work or the place of the alleged infringement.
Right to data portability:
If your data is processed automatically on the basis of consent or for the performance of a contract, you have the right to receive that data in a structured, commonly used, and machine-readable format. Furthermore, you have the right to request the transfer and provision of the data to another controller, insofar as this is technically feasible.
Right to information, correction and deletion:
You have the right to obtain information about your processed personal data concerning the purpose of the data processing, the categories, the recipients, as well as the duration of storage. If you have any questions on this topic or other issues related to personal data, you can naturally contact us via the contact options provided in the legal notice.
Right to restriction of processing:
You have the right to request the restriction of processing of your personal data at any time. To do this, you must meet one of the following conditions:
- If you contest the accuracy of the personal data, you have the right to request a restriction of processing for the duration of the verification of accuracy.
- If the processing is unlawful, you can request the restriction of use of the data as an alternative to deletion.
- If we no longer need your personal data for processing purposes, but you require the data for the assertion, exercise, or defense of legal claims, you can request the restriction of processing as an alternative to deletion.
- If you object to the processing according to Art. 21(1) GDPR, a balance will be struck between your interests and ours. Until this assessment is made, you have the right to request the restriction of processing.
A restriction of processing means that the personal data, apart from storage, may only be processed with your consent or for the assertion, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of significant public interest of the Union or a Member State.
Provision of the website (web host)
When you visit our website, we automatically collect and store information in so-called server log files. This information is automatically transmitted to our server or the server of our hosting company by your browser.
This includes:
- IP address of the visitor’s end device
- Device used
- Hostname of the accessing computer
- Operating system of the visitor
- Browser type and version
- Name of the retrieved file
- Time of the server request
- Amount of data
- Information on whether the retrieval of data was successful
These data are not merged with other data sources.
Instead of operating this website on our own server, we can also have it operated on the server of an external service provider (hosting company). The personal data collected by this website will then be stored on the servers of the hosting company. In addition to the data mentioned above, the web host stores for us, for example, contact requests, contact details, names, website access data, meta and communication data, contract data, and other data generated via a website.
The legal basis for the processing of these data is Art. 6(1)(f) GDPR. Our legitimate interest is the technically error-free presentation and optimization of this website. If the website is accessed to enter into contract negotiations with us or to conclude a contract, the further legal basis is Art. 6(1)(b) GDPR. In the event that we have commissioned a hosting company, there is a contract for order processing with this service provider.
Use of Local Storage Items, Session Storage Items and Cookies
Our website uses Local Storage Items, Session Storage Items, and/or Cookies. Local Storage is a mechanism that allows the storage of data within the browser on your device. These data usually include user preferences, such as the ‘day’ or ‘night mode’ of a website, and remain until you manually delete the data. Session Storage is very similar to Local Storage, whereas the storage duration only lasts during the current session, i.e., until you close the current tab. After that, the Session Storage Items are deleted from your device. Cookies are pieces of information that a web server (server providing web content) places on your device to identify it. They are either temporarily stored for the duration of a session (session cookies) and deleted after your visit to a website ends or permanently (permanent cookies) stored on your device until you delete them yourself or an automatic deletion occurs by your web browser..
These objects can also be stored on your device by third-party companies when you enter our site (Third-Party-Requests). This allows us as operators and you as a visitor to this website to use certain third-party services that are installed on this website. Examples include processing payment services or displaying videos.
These mechanisms have a wide range of applications. They can improve the functionality of a website, control shopping cart functions, increase the security and convenience of using the website, and perform analyses regarding visitor flows and behavior. Depending on the individual functions, they are classified in terms of data protection. If they are necessary for the operation of the website and for providing certain functions (shopping cart function) or are used to optimize the website (e.g., cookies for measuring visitor behavior), then their use is based on Article 6(1)(f) of the GDPR. As website operators, we have a legitimate interest in storing Local Storage Items, Session Storage Items, and Cookies for the technically error-free and optimized provision of our services. In all other cases, the storage of Local Storage Items, Session Storage Items, and Cookies only occurs after your explicit consent (Article 6(1)(a) of the GDPR).
To the extent that Local Storage Items, Session Storage, or Cookies are used by third-party companies or for analysis purposes, we will inform you separately within the scope of this privacy notice. Your required consent will be obtained and can be revoked at any time.
Use of external services
We use external services on our website. External services are services provided by third parties that are implemented on our website. This can be for various reasons, such as embedding videos or for the security of the website. When using these services, personal data is also transferred to the respective providers of these external services. If we do not have a legitimate interest in using these services, we obtain your revocable consent as a visitor to our website before use (Art. 6(1)(a) GDPR).
Consent Management
To comply with data protection requirements, we have implemented a consent management tool on our website. This tool is used to obtain the necessary consents for setting cookies or using external services. The consents are stored.
The processing is necessary for compliance with a legal obligation to which the controller (website operator) is subject. Therefore, Article 6(1)© of the GDPR is cited as the legal basis for the processing.
WebToffee
We use the service WebToffee on our website. The provider of the service is WebToffee, 17 Ryeland Way, Andover, Hampshire, SP11 6GN, United Kingdom.
Since this service is hosted locally on the web server, there is no data transfer to third parties.
Content Management System
A Content Management System enables the creation, editing, organization, and presentation of digital content. We use a Content Management System to create content for our website. This allows us to design a more appealing website
We base this processing on a legitimate interest (Article 6(1)(f) GDPR). Our legitimate interest lies in the technically error-free presentation and optimization of the website.
WordPress
We use the WordPress service on our website. The service provider is Automattic Inc., 60 29th Street #343, San Francisco (CA) 94110, USA.
Since this service is hosted locally on the web server, there is no data transfer to third parties.
Hosting
Hosting refers to the provision of web space and the files located on it by a web host.
This involves the transfer and storage of personal data on the servers of the web host. In particular, the IP addresses, meta and communication data of users, as well as data on website access, are processed. When a website visitor accesses the page, a connection is established to the servers of the web host. This results in the processing of personal data of the website visitor.
We base this processing on a legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest is to present our website and make it available on the internet.
Microsoft-Azure
We use the Microsoft Azure service on our website. The service provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
The use of the service may result in data transfer to a third country (USA). The provider is certified according to the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy information at the following URL: https://privacy.microsoft.com/de-de/privacystatement.
Contact
On our website, there is the possibility to notify us via a contact form. For contacting us through this form, your contact details are particularly required.
The legal basis for this processing refers to the fulfillment of a contract or pre-contractual measures according to Art. 6(1)(b) GDPR. Additionally, there may be a legitimate interest in maintaining business relations or responding to your inquiry for other reasons.
In such cases, the legal basis for processing your data would be Art. 6(1)(f) GDPR.
The data will be deleted once we have conclusively responded to your inquiry and there are no other retention obligations that prevent this.
Telephone contact or e-mail contact
In accordance with legal requirements, we have provided a telephone number and email address on our website. The data transmitted via these means are automatically stored by us in order to process corresponding inquiries or to contact the inquiring person. We do not share this data with third parties without consent.
If contact is made by telephone or via our email address for pre-contractual or contractual purposes, the processing of personal data is based on the legal basis of Art. 6(1)(b) GDPR. For all other contacts initiated by you, the processing of personal data by us is based on our legitimate interest according to Art. 6(1)(f) GDPR..
Handling of applicant data
You have the option to send an application to us (e.g., by mail, online application form, or email). The personal data received through this process will be stored and processed by us for the application procedure.
The basis for processing is Art. 6(1)(b) GDPR as well as Art. 6(1)(a) GDPR, provided that consent has been given. Insofar as German law is applicable, § 26 BDSG is particularly used as the legal basis for processing. You can revoke your consent at any time. The legality of the processing carried out until the revocation remains unaffected.
If the application results in an employment relationship, the collected data will be stored for the processing of the employment relationship based on Art. 6(1)(b) GDPR. If no employment relationship arises, the data will be stored based on Art. 6(1)(f) GDPR for the duration of legal claims, especially due to discrimination in the application process. This is necessary for the defense against possible lawsuits or accusations. If consent has been given, the data will be stored for a longer period based on Art. 6(1)(a) GDPR. You can revoke your consent at any time. The legality of the processing carried out until the revocation remains unaffected.
If no employment relationship arises, the applicant may be included in our applicant pool. All details of the application are stored to contact the respective person for suitable job advertisements.
The storage of data in the applicant pool is exclusively based on the consent given according to Art. 6(1)(a) GDPR. This consent can be revoked at any time, after which the corresponding data will be deleted unless there are legal retention reasons. Deletion occurs automatically at the latest two years after the consent has been given. The legality of the processing carried out until the revocation remains unaffected.
Applicant pool
If the application does not result in an employment relationship, the applicant can be included in our applicant pool. All details of the application will be stored in order to contact the appropriate person for suitable job postings.
The data in the applicant pool is stored only after consent has been given on the basis of Art. 6 Para. 1 lit.a GDPR. This consent can be revoked at any time, after which the corresponding data will be deleted, provided there are no legal retention reasons. Deletion will take place no later than two years after the consent has been given. The legality of the processing carried out until the revocation remains unaffected.
For the original text of our privacy policy in German, please refer to our German website. The German version is the legally binding document.