DATA PROTECTION AT A GLANCE
Based on the information obligation specified in Article 13 of the General Data Protection Regulation, we would like to give you some transparent information on how your data is processed. The following remarks provide a straightforward overview of the data we collect and the purposes for which we use it.
Personal data is defined as all data with which you can be personally identified.
Please refer to the data protection declaration below this text for detailed information. This tells you about the way in which we process data from almost all groups of persons, e.g. customers, applicants, suppliers, business partners, and also visitors to our website. For purposes of transparency, we have divided this detailed data protection declaration into the following sections:
• General information and mandatory statements
• Information about data processing on this website
• Information about processing personal data for our own business purposes
General information about data processing on this website
The providers of this website take the protection of your personal data very seriously. We treat your personal data strictly confidentially and in compliance with the statutory data protection regulations and this data protection declaration. When you use this website, various types of personal data are collected. This data protection declaration explains which data we collect and what we use it for. It also describes how this happens and for what purpose. Please note that data transmission through the internet (e.g. when communicating by e-mail) may be at risk from security gaps. It is impossible to protect data fully from third-party access.
How do we collect your data on this website?
One way in which we collect your data is when you give it to us. This may for example be data entered in a contact form. Other data is captured automatically by our IT systems when you visit the website. This data is mainly technical (e.g. web browser, operating system, time at which you accessed the website). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Some data is collected to ensure that the website runs smoothly. Other data can be used to analyse user behaviour.
SSL and TLS encryption
This website uses SSL and TLS encryption on security grounds and to afford protection when sending confidential content, e.g. orders or enquiries, to us as the website provider. You can recognize an encrypted connection from the fact that the address line of the browser changes from 'http://' to 'https://' and from the lock symbol in your browser title bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Analytical tools and tools from external providers
When you visit our website, your browsing behaviour can be subjected to statistical evaluation. This is mainly effected with cookies and so-called analysis programs. Your browsing behaviour is usually analysed anonymously; your browsing activities cannot be traced back to you. You can object to this analysis or prevent it by refraining from using certain tools. You will find more detailed information in the following data protection declaration.You are entitled to object to the analysis of your data. This data protection declaration provides information on the ways in which you can do this.
DETAILED DATA PROTECTION DECLARATION
GENERAL INFORMATION AND MANDATORY STATEMENTS
Data controller responsible for processing
The data controller responsible for data processing in general and on this website is:
ALBERTO GmbH & Co. KG
Rheydter Strasse 19-31
41065 Mönchengladbach, Germany
Tel. +49 (0) 2161 8192-0
Fax: +49 (0) 2161 206810
The controller is the natural or legal person who determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses etc.) alone or jointly with others.
Data protection officer prescribed by law
We have appointed a data protection officer for our company.
DPN Datenschutz GmbH & Co. KG
What are your rights with regard to data processing?
Withdrawal of your consent to data processing
Many data processing measures can only be implemented with your express consent. If you have already given your consent, you can withdraw this at any time. For this, it is sufficient if you send an informal message to us by e-mail at email@example.com. The lawfulness of the data processing that occurred before you withdrew your consent is not affected by your withdrawal.
Information about your data
You have the right to obtain information about that of your personal data processed by us together with a copy of the data in question. The information provided comprises the purposes for which your data is being processed, the data categories, the data recipients or recipient categories and, if possible, the period for which your data will be stored or the criteria for determining this storage period.
Rectification, erasure, restriction
You are also entitled to request the rectification of any incorrect data and the erasure of any data that has been stored unlawfully. If – on whatever grounds – your data cannot be erased, you have the right to restrict the processing of your data or to block it.
Right to object
If your data is being processed as defined in Art. 6 no. 1 f) GDPR (pursuit of legitimate interests), you are entitled to object to this processing of your data at any time. If you choose to exercise this right, we will no longer process your personal data unless we are able to provide compelling reasons to do so that outweigh your legitimate interests, or unless your data has to be processed in order to assert, exercise, or defend legal claims.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract transferred to you or to a third party in a standard, machine-readable format. If you request the direct transfer of your data to another controller, this will only take place insofar as it is technically feasible.
In order to exercise your rights, please contact our data protection officer at
Right to complain to the competent supervisory authority
You are entitled to file a complaint with the supervisory authority. The supervisory authority responsible for data protection matters is the Data Protection Commissioner of the state of North Rhine-Westphalia.
State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia
40213 Düsseldorf, Germany
Telephone: +49 (0) 211 38424-0
Fax: +49 (0) 211 38424-10
INFORMATION ABOUT DATA PROCESSING ON THIS WEBSITE
Your personal data can only be accessed by those of our staff who are responsible for the technical administration, maintenance, and further development of our website. If you contact us, your personal data will also be accessed by staff who are responsible for handling the respective procedure. We also engage external IT service providers to maintain our IT systems; these may also gain access to your personal data during the course of their activities. The same applies to the hosting provider.
We will not transfer your data to any country outside the EU. Otherwise, we only transfer your data if we are obliged to do so officially or by law, and/or if this is necessary in the context of your website use.
3. How long is your personal data stored for?
Your personal data is deleted after you withdraw your consent to processing or when your personal data is no longer required to fulfil the purpose which the processing was intended to accomplish. Cookies are deleted after the session ends.
4. Automated decision-making and profile generation
We will not use your data for the purpose of automated decision-making. Neither will we use your personal data to generate profiles. Please note that we ourselves do not use identification software or evaluate biometric data.
5. Why do we collect your personal data?
We need your personal data to facilitate website use. You can choose to refrain from giving us your personal data or send us incomplete information. However, this may mean that you are unable to use part or all of our website, or that you are unable to enter a prize draw or competition.
6. Data collection on our website
Some of the pages on our website use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our website more use-friendly, efficient, and secure. Cookies are small text files that are sent to your computer and stored by your browser. Most of the cookies we use are so-called “session cookies”. They are deleted automatically after you leave the website. Other cookies are stored on your terminal device until you delete them (so-called permanent cookies). These cookies enable us to recognise your browser when you next visit our website. You can configure your browser in such a way that you are informed whenever cookies are sent and only permit them to be stored in individual cases. Alternatively, you can prevent the acceptance of cookies in certain cases or in general, or ensure that cookies are deleted automatically when you close your browser. Deactivating cookies may impair the functioning of this website. Cookies required to implement electronic communication processes are stored on the basis of Art. 6 1 f) GDPR. The website provider has a legitimate interest in storing cookies, i.e. to ensure that its services can be optimally rendered with no technical errors. The storage of other types of cookie (e.g. cookies for analysing your browsing behaviour) is explained in another part of this data protection declaration.
Server log files/log data
The website provider collects and stores information in so-called server log files which your browser sends to us automatically. This information comprises the following:
• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of server query
• IP address
This data is not amalgamated with other data sources. This form of data processing is based on Art. 6 no. 1 b) GDPR, which permits the processing of data to execute a contract or to implement measures prior to the conclusion of a contract. We are unable to assign this data to individual, identifiable persons without additional information, e.g. information about the subscriber supplied by an internet provider; this data is not usually available to us unless there is a specific reason, e.g. a suspected violation of the law.
We only collect, process, and use personal data relating to the use of our website (usage data) insofar as this is necessary to facilitate or invoice use of the service. The customer data collected is erased once the order is executed or after the business relationship is ended. Statutory retention periods are not affected.
If you would like to receive our newsletter, we need an e-mail address from you; you can send this to us by registering for the newsletter. We will verify your e-mail address using the double opt-in procedure. Only after you have confirmed our first opt-in e-mail will we send you our regular newsletter. Other data is not collected, or only collected if given to us on a voluntary basis. We use this data solely for the purpose of sending the newsletter; it is processed solely on the basis of your consent as specified in Article 6 no. 1 a) GDPR. You can withdraw your consent to receiving the newsletter at any time, for example by clicking on the “Unsubscribe” link in any newsletter or by sending an e-mail to firstname.lastname@example.org. The lawfulness of the data processing transactions that have already been implemented is not affected by your withdrawal. We will store your data until you unsubscribe from our newsletter. After you unsubscribe from the newsletter, we will delete your data from the newsletter mailing list. This will not affect any data that we have stored for other purposes (e.g. e-mail addresses in your customer account).
Webfonts by myfonts.com
Our website uses fonts provided by MyFonts Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA. Due to the license terms, a page-view tracking is performed by counting the number of visits to our website for statistical purposes and transmitting them to MyFonts. Further information on data protection at MyFonts can be found at the following link: https://www.myfonts.com/info/terms-and-conditions.
Social media: Facebook, Instagram, Twitter, Pinterest, YouTube
We do not use plug-ins from these social networks. The logos of the above-named providers that you see on our website are merely links to our public company pages. We do not collect any data whatsoever through these links.
We maintain online presences on social media and platforms, so we can communicate with the customers, interested parties and users who are active there and inform them of our services. The processing of the user’s personal data is done on the basis of our justified interest in effectively informing the users and communicating with the users according to Art. 6(1) lit. f. GDPR. If the user’s consent to data processing is requested by the respective providers (i.e. declaring their consent, e.g. by ticking a check box or confirming with a button), the legal basis for the processing is Art. 6(1) lit. a., Art. 7 GDPR.
According to a judgement of the ECJ on 05.06.2018, we must inform you comprehensively about data processing that is done via and through the Facebook page (and other social media, where applicable). As we currently do not have sufficient information, we refer you here to the privacy guideline and the opt-out option of the respective social network. Requests for information and asserting of claims by data subjects can only be made with the respective providers, as only these have access to the users’ data.
For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the following information provided by the provider. Also, in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively at the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information.
This website uses the Google Maps service through an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The functions of Google Maps can only be used if your IP address has been stored. This information is usually sent to a Google server in the USA and stored there. The provider of this website has no influence on this data transfer. Google Maps is used in the interest of presenting our online products and services in an appealing manner and of making us easy to find at the locations specified on the website. This constitutes a legitimate interest within the meaning of Art. 6 no. 1 f) GDPR. More information about Google’s treatment of user data is provided in Google’s data protection declaration: https://www.google.de/intl/de/policies/privacy/
Matomo (formerly Piwik)
If you do not agree to the storage and analysis of the data collected during your visit, you can withdraw your consent to the storage and utilisation of your data by mouse-click below. In this case, a so-called opt-out cookie will be stored on your browser; this means that Matomo will not collect any session data. Please note that the complete deletion of your cookies will also result in the deletion of the opt-out cookie, in which case you may need to reactivate it.
INFORMATION ON PROCESSING PERSONAL DATA FOR OUR OWN BUSINESS PURPOSES
1. Purposes of data processing and legal bases
We collect and process your personal data for the following purposes:
We collect and process applicant data for the purpose of implementing application procedures insofar as this is necessary for deciding on the establishment of an employment relationship with us. In this context, the legal basis is Art. 88 GDPR in conjunction with section 26 par. 1 and par. 8 s. 2 BDSG (Federal Data Protection Act). When we employ applicants, section 26 par. 1 BDSG permits us to continue processing the personal data already received insofar as this is necessary for the purposes of the employment relationship. Based on Art. 6 no. 1 f) GDPR, we store the data of rejected applicants in text form for up to 6 months after the rejection was received in order to defend ourselves in the event of legal claims in connection with the application procedure. Our legitimate interest in this instance is to be able to provide evidence in the event of legal proceedings pursuant to the General Act on Equal Treatment (AGG). Data is only stored on other grounds with the applicant’s express consent.
Processing personal data
• Processing is necessary to implement measures prior to the conclusion of a contract, to conclude a sales contract, or to enter into a business relationship. This form of processing is based on Article 6 no. 1 b) GDPR. You can revoke your consent to the storage of your data at any time; if so, we will erase your data unless the retention periods specified by law dictate otherwise.
• Personal data is also processed for executing contracts and providing services for regular clients. This form of processing is based on Article 6 no. 1 b) GDPR, which permits the processing of data to execute a contract or implement measures prior to the conclusion of a contract. The data is erased once the business relationship ends insofar as no statutory retention periods apply. These may for example be imposed by fiscal legislation and may encompass up to ten years.
• We also process personal data for campaigns and competitions. This form of processing is based on your consent as per Article 6 no. 1 a) GDPR. After the competition closes, all the data you sent us in order to participate in the competition is erased insofar as no statutory or contractual retention obligations indicate otherwise.
• We can also use the addresses of our regular customers to send postal advertising such as brochures, catalogues and similar; this form of processing is based on Article 6 no. 1 f) GDPR. Our legitimate interest in this instance is the facilitation of personal direct advertising. You are entitled to revoke your consent to the use of your data for direct advertising purposes at any time.
• We use the e-mail addresses of our regular customers, i.e. those who are already in a business relationship with us, to send offers, reminders about items in shopping baskets and similar. This form of processing is based on Article 6 no. 1 f) GDPR in conjunction with section 7 par. 3 UWG (Act Against Unfair Competition). In this instance, our legitimate interest lies in sending simple, reasonably priced advertising to our regular customers and improving their shopping experience, naturally in compliance with the stringent requirements in section 7 par. 3 UWG, which permits the use of e-mail addresses belonging to regular customers under certain conditions. You are entitled to revoke your consent to the use of your data for these purposes at any time.
2. Data transfer
We may transfer your personal data to other companies insofar as this is permissible or necessary as per the purposes and legal basis specified. Furthermore, personal data is processed on our behalf by external service providers – particularly in the information technology and data processing sector – on the basis of contract data processing agreements as per Art. 28 GDPR. Under no circumstances will your data ever be sent outside the EU.
3. Data storage
Your personal data will only be stored for as long as knowledge of your data is required for the purpose of the contractual relationship or the purpose for which it was collected, or for as long as statutory or contractual retention provisions oblige us to do so. Statutory retention periods are based on social and fiscal legislation, among others, and may encompass up to ten years in the case of tax-relevant documents and receipts.
This data protection declaration is regularly updated to accommodate changing circumstances or changes in the law.