back
Home / Privacy policy

Privacy Policy

The responsible person in accordance with data protection laws is
ATH&S GmbH

 

Managing Director:

Mr. Peter Riesen

E-Mail-Address:

Address:

Brönninghauser Str. 26, 33729, Bielefeld

Phone:

 

The data protection officer of ATH&S GmbH is Herr Peter Riesen.

By these data protection regulations, we hereby inform you (hereinafter also referred to as the «User» or «Data Subject») about our general data processing, when visiting our website and when contacting us by email or telephone. We hereby inform you of your rights regarding the processing of your data. Conceptually, «data processing» always means processing of personal data.

1. General instructions on data processing
 
1.1 Categories of personal data
We process the following categories of personal data:
  • Credentials (e.g. names, addresses, responsibilities organization affiliation, etc.);
  • Contact details (e.g. email, phone/fax numbers, etc.);
  • Content data (e.g. text data, image files, video files, etc.);
  • Usage data (e.g. access data);
  • Metadata/communication data (e.g. IP addresses).
1.2 Recipient or categories of recipients of personal data

If, as part of our data processing, we disclose, transfer data or otherwise provide access to data to other persons and companies, such as web hosts, order processors or third parties, we do so legally (for example, if the transfer of data to third parties in accordance with Article 6 of Chapter 1, paragraph b DS-GVO (General Data Protection Regulation) is necessary to fulfill the terms of a contract), if data subjects have expressed their consent to this or it is provided for by a legal obligation.

1.3 Duration of personal data storage

The criterion for the duration of storage of personal data is the corresponding statutory retention period. After this period, we delete relevant data if they are no longer required for target achievements, as well as contract fulfillment or preparation.

1.4 Transfer to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or we do so as part of the use of third-party services, or there is a disclosure or transfer of information to third parties, then this can only take place if required to fulfill our (preliminary) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Provided that there are no legal or contractual obstacles, we process or allow the processing of data in a third country only if there are special conditions in accordance with Article 44 et seq. articles of DS-GVO (General Data Protection Regulation), that is, processing is carried out, for example, on the basis of special guarantees, such as an officially recognized conclusion on the compliance of the level of confidentiality with EU standards, or compliance with officially recognized special contractual obligations (so-called «standard contractual provisions»).

2. Data processing as part of a visit to our website
 
2.1 Log Files
Every time a data subject accesses our website, general data and information are entered and stored in the registration files of our system:
  • date and time of data call (time tag);
  • information about the request and the transmission address (protocol version, HTTP method, referrer, client application identification string (UserAgent));
  • name of the activated file and the amount of data transmitted (requested URL, including the Query string, size in bytes);
  • a message indicating whether the data call was successful (HTTP status code).

When using this general data and information, we do not draw any conclusions about the data subject. Personal evaluation or evaluation of personal data for marketing purposes or for the formation of a profile are not carried out. The IP address is not saved in connection thereof. The legal basis for temporary data storage is Article 6, Chapter 1, paragraph f of DS-GVO (General Data Protection Regulation). The collection of data to enable the use of the site and the storage of data in the registration files are absolutely necessary for smooth operation of our website. Therefore, no objections can be filed on the part of the data subject.

2.2 Malware detection and log data analysis

We collect log data accumulated during operation of our company’s communication equipment and automatically analyze it if it is necessary to detect, trace or eliminate failures or errors in communication devices or to protect against attacks on our information engineering, or to detect and protect against malware.

The legal basis for temporary storage and analysis of data is Article 6, Chapter 1, paragraph f of DS-GVO (General Data Protection Regulation). Data storage and analysis are absolutely necessary to ensure the possibility of using the website and its smooth operation. Therefore, there is no possibility of objection on the part of the person concerned.

The legal basis for the processing of personal data through the use of cookies is Article 6, Chapter 1, paragraph f DS-GVO (General Data Protection Regulation).

2.3 Cookies

Our website uses so-called cookies. Cookies are small text files exchanged between a web browser and a central server. Cookies are stored on the user’s computer and transmitted from it to our website. In your web browser you can use the appropriate settings to restrict the use of cookies or reject them in general. Cookies that have already been saved can be deleted at any time. If cookies are disabled for our website, this may make it impossible to fully browse the website or use it in full.

2.3.1 Yandex Marketing Cookies

On our website, we use Yandex software to collect, process and interpret data in an Internet application. The service provider is the Russian company Yandex LLC, 16 Lva Tolstogo Str., Moscow, Russia. This software transmits the data received about you to Russia as well. The European Court considers that there is currently no adequate level of protection for the transfer of data to Russia. Yandex uses the so-called standard contractual provisions as the basis for data processing (see Art. 46 Chapters 2 and 3 of DS-GVO (General Data Protection Regulation). These are standard templates provided by the European Commission, which are designed to ensure that the protection of your data complies with European standards, even in Russia. For more information on this issue, please read the Yandex Privacy Policy at https://yandex.com/company/privacy

2.3.2 Google Marketing Cookies

We use Google technologies on our website (Google Island Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland) as an independent responsible person. Thanks to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the volume and further use of the data collected by Google using its tool, and therefore we inform you according to our level of knowledge: that is, Google receives information that you have visited one or another part of our website. If you are registered in any of the Google services, then Google can link the visit to your account. Even if you are not registered with Google or have not logged in there with your data, there is a possibility that the provider will find out and save your IP address. Google processes, inter alia, IP address, cookie identifiers (IDs), pixel identifiers (IDs), device information, browser information, location information, usage data, user behavior and User Agent (User Agent) when using our website. At the same time, your data is stored on servers within the EU and is not transferred to third parties outside the Google network. Data transfer to a third country in accordance with DS-GVO (General Data Protection Regulation), for example in the USA, may, if necessary, be carried out within the Google network. The transfer of your data to servers in the USA is carried out on the basis of standard EU contractual provisions. For more information about data processing, please read Google’s Privacy Policy: policies.google.com/privacy .

2.4 Hosting

The hosting services we use are designed to provide the following services: infrastructure and platform support services, computing capabilities, disk space and database services, security services and also maintenance services that we use to operate our website. At the same time, we or our third-party service provider process credentials, contact data, content data, contract data, usage data, metadata and communication data of users of our website based on our legitimate interests in the effective and reliable provision of this Internet service platform in accordance with Article 6, Chapter 1, Clause f of DS-GVO (General Data Protection Regulation) together with Article 28 DS-GVO (conclusion of contracts for data processing by third-party service providers).

3. Data processing in the process of establishing communication
 
3.1 Establishing communication by e-mail

You can contact us at the email address published on our website.

If you use this communication method, the data specified in your message (for example, first name, last name, address), but at least the email address and the information contained in the email, may be stored together with the personal data that you provide for the purposes of contacting and processing your requests. In addition, our system collects the following data:
  • IP address of the computer from which the request is being sent;
  • Date and time of email sending.

The legal basis for processing personal data within the framework of the messages sent to us by e-mail is Article 6, Chapter 1, paragraph b or f of DS-GVO (General Data Protection Regulation).

3.2 Establishing communication by regular mail/fax

If you send us an email or fax, the data that you transmit (for example, first name, last name, address) and the information specified in the email or fax are stored together with the personal data that you provide for the purposes of contacting and processing your requests.

The legal basis for the processing of personal data within the framework of messages sent to us by email and fax is Article 6, Chapter 1, paragraph b or f of the DS-GVO (General Data Protection Regulation).

3.3 Contacting us via our contact form

If you send us requests using the contact form, your data from the request form, including the contact details that you provided there, is stored with us for the purposes of processing the request and in case there are any clarifications. We do not share this data with third parties without your consent. The legal basis for the processing of personal data obtained as a result of sending us letters and telefaxes is Article 6, Chapter 1, paragraph b or f of DS-GVO (General Data Protection Regulation).

4. Your Rights
 

As a data subject, you have the following rights in connection with the processing of your personal data:

4.1 Right to receive information
(1) The data subject has the right to request confirmation from the responsible person whether the personal data concerning him are being processed; if so, they have the right to receive a statement about such personal data and the following information: a) processing purposes; b) categories of personal data that are being processed; c) recipients or categories of recipients to whom personal data has been disclosed or is still being disclosed, especially those from third countries or international organizations; d) if possible, the planned period of storage of personal data or otherwise — the criteria for determining this period; e) the right to correct or delete your personal data, or to restrict their processing by the responsible person or to object to such processing; f) the right to file a complaint with a supervisory authority; g) if personal data is not collected from the data subject itself, then all available information about the origin of the data; h) availability of automated decision-making, incl. regarding data profiling, in accordance with Art. 22, Chapter 1 and Chapter 4 of the DS–GVO (General Data Protection Regulation), and – at least in these cases — reliable information about the logic involved, as well as the scale and the expected consequences of such processing for the data subject. (2) If personal data is transferred to a third country or an international organization, the data subject has the right to be informed of the relevant guarantees in accordance with Article 46 of the DS-GVO (General Data Protection Regulation) related to the transfer.
4.2 The right to rectification

The data subject has the right to immediately demand from the responsible person the rectification of any incorrect personal data related to the data subject. Taking into account the purpose of processing, the data subject has the right to request additional completion of incomplete personal data, including by means of an additional application.

4.3 The right to erasure / right to be forgotten
(1) The data subject has the right to require the responsible person to immediately erase personal data related to the data subject, and the responsible person is obliged to immediately erase personal data if there are the following reasons: a) personal data is no longer required for the purposes for which they were collected or otherwise processed. b) the data subject withdraws the consent on the basis of which the processing was carried out in accordance with Article 6, Chapter 1, paragraph a) or Article 9, Chapter 2, paragraph a) DS-GVO (General Data Protection Regulation), and there are no other legal grounds for such processing. c) the data subject objects to processing in accordance with Article 21, Chapter 1 of the DS-GVO (General Data Protection Regulation), and there are no more valid legal grounds for processing, or the data subject objects to processing in accordance with Article 21, Chapter 2 of the DS-GVO. d) personal data has been processed illegally e) the erasure of personal data is necessary to fulfill legal obligations in accordance with the legislation of the Union or the EU Member States to which the data protection officer is subordinate. f) personal data was collected within the framework of services offered by the information society, in accordance with Article 8, Chapter 1 of the DS-GVO (General Data Protection Regulation). (2) If the responsible person has made personal data public and is obliged to erase them in accordance with Chapter 1, he shall take appropriate measures, taking into account the available technologies and the cost of implementation, including technical measures, to inform the data processing persons who process personal data about the data subject’s requirement to erase all personal data and all links to these personal data or their copies or replications of such personal data. (3) Chapters 1 and 2 are not applicable if data processing is required a) to exercise the right to freedom of speech and information; b) to fulfill a legal obligation requiring the processing of data in accordance with the legislation of the Union or the EU Member States to which the responsible person is subordinate, or to perform a task in the public interest, or if the processing takes place within the exercise of authority vested in the responsible person; c) based on the public interest in the field of public health in accordance with Article 9, Chapter 2 of paragraph h) and paragraph i), as well as Article 9, Chapter 3 of DS-GVO (General Data Protection Regulation); d) for the purposes of archiving in the public interest, scientific or historical research or for statistical purposes in accordance with Article 89, Chapter 1, if the right referred to in Chapter 1 allegedly makes it impossible or seriously affects the achievement of the purposes of this processing, or e) in order to comply with, execute or defend legal requirements.
4.4 The right to restrict processing
(1) The data subject has the right to require the responsible person to restrict processing if one of the following conditions is met: a) the accuracy of personal data is disputed by the subject of personal data, while during such a period of time that allows the responsible person to verify the accuracy of personal data, b) the processing is illegal, and the subject of personal data refuses to delete personal data, and instead requires restrictions on the use of personal data; c) the responsible person no longer needs personal data for processing purposes, but the data subject needs them to assert, exercise or protect their legal rights, or d) the data subject has put forward a request to suspend data processing in accordance with Article 21, Chapter 1 of the DS-GVO (General Data Protection Regulation) for a period until it is established whether the legitimate grounds for objections of the responsible person have priority over the legitimate grounds of the data subject. (2) If the processing of personal data is restricted in accordance with Chapter 1, then these personal data, regardless of their preservation, can be processed only with the consent of the data subject or for compliance, implementation or protection of legal claims, or to protect the rights of another natural or legal person, or for reasons related to important public interests Union or EU Member State.
4.5 The right to data portability
(1) The data subject has the right to receive personal data related to him, which he has provided to the responsible person, in a structured, generally accepted and machine-readable format, and has the right to transfer this data to another responsible person without the intervention of the person to whom this data was provided earlier, provided that a) processing is based on consent in accordance with Article 6, Chapter 1, paragraph a) or Article 9, Chapter 2, paragraph a) DS-GVO (General Data Protection Regulation) or is based on a contract in accordance with Article 6, Chapter 1, paragraph b) DS-GVO and b) processing is carried out using automated processes. (2) When exercising their right to data portability in accordance with Chapter 1, the data subject has the right to request the transfer of personal data directly from one responsible person to another responsible person, to the technically feasible extent. The right under Chapter 1 must not infringe on the rights and freedoms of others. This right does not apply to processing necessary for the performance of tasks for the purposes of public interest, or if the processing takes place within the framework of the exercise of authority entrusted to the responsible person;
4.6 The right to object to processing

The data subject has the right at any time to object to the processing of personal data relating to them, occurring in accordance with Article 6, Chapter 1, paragraph e) or f) of the DS-GVO (General Data Protection Regulation), for reasons arising from his specific situation; this also applies to profiling data based on these provisions. In such a case, the responsible person stops processing personal data, except in cases when he can present valid legal grounds for processing that prevail over the interests, rights and freedoms of the data subject, or when the processing serves to comply with, fulfill or protect legitimate requirements.

Due to the use of information society services and regardless of Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.

4.7 The right to withdraw consent to data processing

The data subject has the right to withdraw their consent to the processing of personal data carried out in accordance with the legislative provision on data protection at any time. The consent withdrawal does not affect the legality of processing performed on the basis of consent prior to its revocation.

4.8 The right to lodge a complaint with a supervisory authority

Any data subject has the right to lodge a complaint with a supervisory authority without prejudice to any other administrative-legal or judicial remedies, in particular in the EU Member State at his place of residence, place of work or place of alleged violation, if the data subject believes that the processing of personal data concerning him violates this Provision.