1. Information on the collection of personal data and designation of the service provider
(2) For details of the service provider and controller as defined in data protection law, please refer to the company and contact details provided in the Legal Notice section of our website. Our address also serves as the contact address for our appointed data protection officer.
2. Collection of personal data during informational use
(1) The term “personal data” refers to information that can be used to identify a person, e.g. their name and e-mail address, but also their Internet surfing behaviour. If you use our website purely for informational purposes, i.e. if you do not log into or register for the website or provide us with information by any other means, we shall collect no personal data except for the data your browser transfers to us in order to enable you to visit the website (“log files”; legal basis: Art. 6 (1) 1 f) DS-GVO). Log files are a technical necessity that allow us to transmit the website you are visiting to your computer so that you can view it. They are deleted within 7 days of your visit to the website. The log files contain the following data:
• Your IP address
• The date and time of your request
• The time difference between Greenwich Mean Time (GMT) and your time zone
• The content of your request (the specific page you have visited)
• Your access status/HTTP status code
• The quantity of data transferred
• The website from which the request was sent
• Your browser
• Your operating system and interface
• The language and version of your browser software
(2) The log files are used for statistical analysis and in order to improve the website (legal basis: Art. 6 (1) 1 f) GDPR). This allows us to detect possible errors, such as faulty links, for example. One of the items of data recorded in conjunction with your visit to our website is your IP address. In certain circumstances, it may be possible to use an IP address to identify a user of a website. However, we do not conduct analysis of the IP addresses collected in accordance with Paragraph (1) for this purpose. We analyse IP addresses exclusively on a statistical basis and in anonymised form.
3. Data processing during and for the purposes of initiating contact
(1) This website does not constitute an offer for consumers to conclude a contract with us, either via the website itself or using other digital means. The term “consumer” refers to any natural person who enters into a legal transaction for purposes that are predominantly outside their own trade, business or profession. As an agency, we provide this website not only for purely informational use, but also to provide a variety of services that may be of interest or use to you as an entrepreneur. In order to use these services, you will generally be required to provide additional personal data, which we will use to provide the service in question. Where you have the option of voluntarily providing us with additional information, this shall be marked clearly.
4. Use of our free-of-charge services; forwarding of data
(1) If you use our free-of-charge services and want to order something, you will be required to provide the personal data we need to process your order so that the contract can be concluded. Mandatory information that is required for the processing of contracts is marked explicitly; all other information is provided on a voluntary basis. We shall process the data you provide for the purposes of processing your order (legal basis: Art. 6 (1) 1 b) GDPR). Once the contract has been processed, the address, payment and order data you have provided shall be saved for the duration of the legal retention periods, particularly those pertaining to tax and commercial law (legal basis: Art. 6 (1) 1 c) GDPR); thereafter they shall be erased unless you have consented to them being saved for a longer period or additional purpose, or the further processing of this data is necessary for the assertion, exercising or defence of legal claims or the initiation of commercial contact. We shall review the latter at the end of the third calendar year starting from the calendar year in which the data is first saved.
(2) Where necessary for the processing of your order, we shall pass your data on to our principal house back, logistics service providers, and payment service providers selected by you (legal basis: Art. 6 (1) 1 b) GDPR). Our service providers are only permitted to process or use your data for the necessary purpose for which it is transferred to said service providers. You can access this data at any time. We use technical and organisational measures to ensure that data protection regulations are observed whenever data is transferred to external service providers. We may also pass on personal data for debt collection purposes (legal basis: Art. 6 (1) 1 f) GDPR).
(3) Where we provide services or products in advance in conjunction with an order, e.g. in case of payment in instalments or purchase on account, we may contract a service provider such as a financial credit agency to check your identity and credit rating (legal basis: Art. 6 (1) 1 f) GDPR).
(4) We hereby expressly inform you that we are authorised, in individual cases and by decree of the responsible body, to provide information on data if such action is required for the purposes of criminal prosecution; the prevention of danger by German state police authorities; the fulfilment of the legal tasks of the German state and federal authorities for the protection of the constitution, the German Federal Intelligence Service (Bundesnachrichtendienst) or the German Military Counterintelligence Service (Militärischer Abschirmdienst), or in order to enforce intellectual property rights (legal basis: Art. 6 (1) 1 c) GDPR).
5. Right to object
(1) You can object at any time to the processing of your personal data for advertising purposes (legal basis: Art. 6 (1) 1 f) and Rec. (47) GDPR), with effect for the future. This also applies to the related evaluation of specific characteristics, such as takes place during data analysis. No specific formal structure is required for an objection; it can be declared by clicking a link in a newsletter or by contacting us directly using the contact details provided in the Legal Notice section of our website, for example.
(2) Furthermore, you also have the right to object, for reasons pertaining to your specific situation, to the processing of your data for other purposes based on a legitimate interest (Art. 6 (1) 1 f) DS-GVO). This may apply in particular if the processing is not necessary in order for us to fulfil our contract with you. When exercising such a right, we ask you to provide the reasons for your objection to this processing of your personal data. If your objection is justified, we will review your circumstances and either cease or adapt the data processing activities in question, or demonstrate to you our compelling legitimate grounds for continuing said processing activities.
6. Data security
(1) We implement measures in line with the latest technological developments in order to prevent your data from becoming lost, destroyed, forged, manipulated or subject to unauthorised access. Any of your data that is collected and recorded by us will be saved on specially protected servers. These are equipped with special technical and organisational measures to safeguard against the loss, destruction, access, modification or distribution of your data. Only a small number of authorised persons are able to access your data. These persons are responsible for the technical, commercial or editorial supervision of the servers. All of our employees have signed confidentiality agreements.
(2) This website uses the following types of cookies:
• Transient cookies (temporary use)
• Persistent cookies (use for a limited time period)
• Third-party cookies (used by third parties in accordance with separate information)
(3) Transient cookies (legal basis: Art. 6 (1) 1 f) GDPR) are deleted automatically when you close your browser. In particular, session cookies are a type of transient cookie. These save your session ID, which is used to assign various requests made by your browser to the joint session. This allows the website to recognise your computer again the next time you visit. The session cookies are deleted when you close your browser.
(4) Persistent cookies are used exclusively in conjunction with the web analytics services we use (legal basis: Art. 6 (1) 1 f) GDPR), and are only used for as long as required for the agreed purpose; they have a maximum lifespan of two years. You can delete the cookies from your computer’s hard drive at any time using the privacy functions in your browser. Such action may restrict the functions and user-friendliness of the website.
8. Further information on the GDPR
(2) The controller responsible for the processing of your personal data is Albert GmbH & Co. KG
Büssingstraße 38-40, 32257 Bünde, Germany. For more contact details, please refer to the Legal Notice section of our website.
(4) You can request from us information on the data we have saved pertaining to you, and have the right to the rectification of inaccurate data, the right to restriction of processing, and the right to erasure, providing such actions are not in contravention of our obligation to retention. No right to erasure shall apply where the further processing of the data is required for the assertion, exercising or defence of legal claims, such as compliance with an objection to advertising. With regard to the personal data you have given us via means such as an input screen or a contact form, based on your consent, or for the performance of a contract that exists between us, you have the right to data portability in a structured, commonly used and machine-readable format.
(5) Insofar as the processing of your data is based on your consent (legal basis: Art. 6 (1) 1 a) GDPR), you have the right to withdraw said consent at any time without affecting the lawfulness of any processing conducted prior to this withdrawal. Legally established permissions shall remain unaffected by any withdrawal of consent.
(6) You have the right to lodge a complaint with a supervisory authority for data protection, e.g. by the State Officer for Data Protection and Freedom of Information who is responsible for us, who can be contacted at: Landesbeauftragter für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestr. 2 - 4, 40213 Düsseldorf, Germany, firstname.lastname@example.org.
Date: May 2018