Data Privacy Statement

General

Protecting your personal data during its collection, processing, and use while you visit our website is an important matter to us. We handle your personal data confidentially and according to the legal data protection regulations as well as according to this data privacy statement.

Responsible party

Responsible
ATESTEO GmbH & Co.KG
Konrad-Zuse-Str.3
52477 Alsdorf
Tel: +49 2404 9870-0
Fax: +49 2404 9870-159
info@atesteo.com

If you have any questions about the processing of your personal data, please contact our data protection coordinator:
Michaela Ritter
E-Mail: michaela.ritter@atesteo.com

Personally liable partner

IHO Holding GmbH & Co. KG, Herzogenaurach
Register court: Fürth Local Court (Amtsgericht Fürth), HRA 2681

Personally liable partner

IHO Management GmbH, Herzogenaurach
Register Court: Fürth Local Court (Amtsgericht Fürth), HRB 12191
Board of Directors: Maria-Elisabeth Schaeffler-Thumann, Georg F.W. Schaeffler, Klaus Rosenfeld, Dr. Alexandra Zech

Represented by the managing partner

ATESTEO Management GmbH, Herzogenaurach
Register Court: Fürth Local Court (Amtsgericht Fürth), HRB 13140
Board of Directors: Tim Willers, Dr. Josef Görgens, Dr. Lei Kan

Legal Information

Company headquarters: Alsdorf
Register court: Aachen Local Court (Amtsgericht Aachen), HRA 9222
Value added tax identification number: DE121677156
Responsible according to the German media law §6 MDStV: Tim Willers, Dr. Josef Görgens, Dr. Lei Kan

Data privacy supervisor

David Zinzius
Optiqum GmbH, Siegburger Straße 223, 50679 Köln
Phone: +49 221 82 95 91 0
dsb@atesteo.com

Visiting the Homepage

You can visit our homepage without registering yourself or providing personal details.

Log Files

With every access of a user on our website and with each access of a file, data concerning these events are automatically collected and stored in a log file. In detail, the following data are stored about each access:

  • Name of the accessed file.
  • Date and time of the access.
  • Amount of data transferred.
  • Notification of whether the access was successful.
  • Description of the type of web browser used.
  • Requested domain.

The recorded data will not be pooled together with other data sources, in particular data which permits an association with a particular person.

The data is evaluated for statistical purposes in order to optimize our internet presence and our offers. The legal basis for the temporary storage of data and “server log files” is Article 6 Section 1 Letter f of the General Data Protection Regulation. The storage in log files takes place in order to ensure the functionality of the website. The data are deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

Cookies

Our website uses cookies. Cookies are small text files that make it possible to save specific information related to the user on the terminal device of the user while the user uses the website. Cookies enable us to determine, in particular, the frequency of use and the number of users of web pages, to analyze website activity behaviours, and to design our offering in a more customer-friendly manner. The basis of law for this is Article 6 Section 1 Letter f of the General Data Protection Regulation.

Most of the cookies we use are so-called “session cookies.” These cookies are automatically deleted at the end of your visit. Other cookies remain saved on your terminal device until you delete them. These cookies enable us to recognize your browser the next time you visit our website.

If you do not wish that we recognize information about your computer, please configure your browser so that it deletes cookies from your computer’s hard drive, blocks all cookies, or warns you before a cookie is saved. However, in those cases, not all functions of this website may be available to you.

If you leave our website through a link or through clicking possible banner advertising, and reach the site of a third party, it can happen that the addressee of the clicked-on target site sets cookies. We are not legally responsible for these cookies. Please refer to the data privacy policies of those third parties concerning the use of such cookies and the information recorded in them through our advertising partners.

Google Analytics

Section 3 Sentence 1 of the GDPR. Google Analytics uses so-called “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address that is anonymized) will be, as a rule, transmitted to and stored by Google on servers in the United States of America. Please be advised that on this website, Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure anonymized collecting of IP addresses (so-called IP masking). Through the anonymization, Google shortens IP addresses within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, which is why no conclusions about your identity are possible. Only in exceptional cases is the full IP address transmitted to a Google server in the United States of America and shortened there. Google complies with the data protection policies of the “EU-US Privacy Shield” framework and is certified accordingly, so that an appropriate level of data protection is guaranteed. Google processes the collected information to analyze the use of our website, create reports for us on website activities and use, and to provide us with further services regarding website use. The IP address transmitted by your browser in the context of Google Analytics will not be combined with other data from Google.

You may refuse the installation of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

If you do not consent with the processing of data about you by using this website, then you can download a browser add-on from this link: https://tools.google.com/dlpage/gaoptout?hl=de (German language) or http://tools.google.com/dlpage/gaoptout?hl=en (English language) that gives you the chance to configure Google Analytics such that no more information about the website visit will be sent to Google Analytics.

More information on Google data protection may be found at

https://policies.google.com/privacy?hl=en

Google Maps

I consent to my personal data being processed by ATESTEO for the purposes of displaying map tiles, geocoding addresses and calculating and displaying directions.

I consent to my personal data provided via map API calls being processed by the API provider for the purposes of geocoding (converting addresses to coordinates), reverse geocoding, and generating directions.

Some WP Google Maps visual components use third-party libraries that are loaded over the network. Currently, these include Google Maps, Open Street Map, jQuery DataTables, and FontAwesome. When resources are loaded over a network, the third-party server receives your IP address and user agent string, among other information. Please read the privacy policies of the respective libraries to learn how this data is used and how you can exercise your rights under GDPR regulations.

WP Google Maps uses jQuery DataTables to display sortable and searchable tables, such as in the expanded marker list and on the map edit page. jQuery DataTables uses a cookie in certain circumstances to store and later retrieve the “state” of a particular table – i.e., the search term, sort column and order, and current page. This data is stored locally and remains until it is manually deleted. The libraries used by WP Google Maps do not transmit this information.

Google’s terms and conditions can be found here and here. Please also read Google’s Privacy Policy. We do not transmit any personal data or information that could uniquely identify your device to the API provider.

When this notice is displayed instead of a map, if you agree to this notice, a cookie is stored that records your agreement so that you will not be prompted again.

WP Statistics

On our website, we use the WordPress analysis plug-in “WP Statistics” (https://wp-statistics.com). This analysis tool collects statistics on the general use of our website through anonymised data.

The legal basis is Article 6 Paragraph 1 Letter (f) of the General Data Protection Regulation (GDPR). Our legitimate interest lies in optimising and commercially operating our website. No user profile is created and no cookies are set or needed. You can obtain more information by reading the data protection policy of WP Statistics:

https://wp-statistics.com/privacy-and-policy.

YouTube

Our website uses an embedded YouTube Player for the display and playback of videos. The operator of the video platform YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you view a page on our website containing an embedded YouTube Player, a connection to the servers of YouTube/Google is established. In the process, your IP address along with the URL of the retrieved video is transmitted to the server. If you are logged into Google, YouTube/Google can assign this information to you and process it in your personal profile.

If you do not wish Google to collect data about you and link it to your personal profile, you must log out of Google before visiting our website. Further information about the collection and use of your data by YouTube can be found in YouTube’s data protection statement at

https://policies.google.com/privacy?hl=de&gl=en

Social Media

We have linked social media logos of LinkedIn, XING, and YouTube (hereinafter “Providers”) on our website, which are intended to forward to our profiles stored with the Providers and enable you to follow us there. This takes place on the basis of our legitimate interests in effective information for users and communication with users in accordance with Art. 6 Section 1 letter f of the General Data Protection Regulation.

  • LinkedIn is a service of Linkedln Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
  • XING is a service of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
  • YouTube is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
  • Instagram is a service of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Central Harbour, Dublin 2, Ireland.

For reasons of data protection, we have only implemented a link to our respective profiles at these Providers. This means that no data about you will be sent to the Providers if you do not click on the respective social media logo. However, as soon as you click on the link set by us to our respective profile, you will be redirected to the website of the Provider, which leads to the data being transferred to the respective Provider. We have no influence on this data transfer, which is possibly the transfer of personal data, and no influence on the data collection from and to the Providers. Likewise, we have no knowledge of the individual purposes of these data processing operations or their scope and storage duration. Whether the Providers make deletions, generate or assign profiles, or set anonymizations is also not known to us and is also not within our sphere of influence.

Auxiliary programs, active content

To make this website available, Java applets, Active-X controls, and JavaScript are used. If, for security reasons, you do not wish to utilize these auxiliary programs or this active content, kindly deactivate the appropriate settings of your browser.

Use of Personal Data You Make Available to Us

Personal data such as your name, your address, telephone number, or electronic mail address are not collected unless you provide this data voluntarily.

We call your attention to the fact that transferring data in the Internet (for example, during communication by electronic mail) is subject to security breaches. It is not possible to completely protect such data against access by third parties.

Wir weisen darauf hin, dass die Datenübertragung im Internet (z.B. bei der Kommunikation per E-Mail) Sicherheitslücken aufweisen kann. Ein lückenloser Schutz der Daten vor dem Zugriff durch Dritte ist nicht möglich.

Inquiries and Contracts

Insofar as you have made personal data available to us, we use these solely for the purpose of technically administering the website and fulfilling your wishes and requests, in particular for processing a contract made with you, or for answering your inquiry.

As part of our business relationship, you must provide the personal information necessary to establish and conduct a business relationship and to fulfill the contractual obligations associated therewith. Without this information, we will generally not be able to enter into or perform the contract with you.

Forwarding, selling, or otherwise transferring your personal data to third parties does not occur; excepting that:

  • This is necessary to conclude the contract. Thus it can be necessary, for example, that for product orders, your address and order data are forwarded to our suppliers.
  • This is necessary for billing purposes.
  • You have previously consented to it.

The basis of law for this is Article 6 Section 1 Letter b of the General Data Protection Regulation (performance of the contract) and Article 6 Section 1 Letter a of the General Data Protection Regulation (consent).

Contact form and e-mail dispatch

If you have made inquiries through our contact form, the information from the contact form, including the contact data you have entered into the form, will be saved by us to process your inquiry and in the event of follow-up questions. The basis of law for this is Article 6 Section 1 Letter b of the General Data Protection Regulation (pre-contractual measures and performance of the contract).

Newsletter

Newsletter2Go is used as newsletter software. In the process, your data is transferred to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and from using your data for purposes other than sending newsletters. Newsletter2Go is a certified German newsletter software provider chosen in accordance with the requirements of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act. For more information, please see:

https://www.newsletter2go.co.uk/data-protection/

Data protection measures are always subject to technical innovations. For this reason, we ask you to inform yourself of our data protection measures at regular intervals by consulting our data protection declaration.

The basis of law for this is Article 6 Section 1 Letter f of the General Data Protection Regulation (protection of legitimate interests: verification of the owner of the email address) and Article 6 Section 1 Letter a of the General Data Protection Regulation (consent).

You may revoke at any time, with effect in the future, the issued consent to store the data, the electronic mail address, and their use for sending the newsletter, by using the “unsubscribe” link in the newsletter.

Social plugins (social media, e-mail)

In the ATESTEO Blog you can share our blog articles through social media channels. This takes place on the basis of our legitimate interests in effective information for users and communication with users in accordance with Art. 6 Section 1 letter f of the General Data Protection Regulation. We do not collect any personal data ourselves via the social plugins or through their use. We use the Shariff plugin to prevent data from being transmitted to the service providers of the social media channels without the user’s knowledge. This plugin ensures that, no personal data is initially passed on to the providers of the individual social plugins when visiting our website. Data can only be transferred to the service provider and stored there only once you click on one of the social plugins. With the Shariff solution, we take the data protection interests of our visitors into account as far as is possible according to the current state of the art.

More information about the Shariff solution can be found on the website of the provider, Heise Medien GmbH & Co. KG:

https://m.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

Vacancies

Your data of an application for employment will be electronically collected and processed by us for the purpose of carrying out the application procedure. If your application is followed by the conclusion of an employment agreement, your transmitted data may be stored by us in your personnel file or for the purpose of the usual organisational and administrative process in compliance with the relevant legal regulations. The data protection regulation permits, in accordance with Section 26 Paragraph 1 Sentence 1 of the new German Federal Data Protection Act (BDSG-new) in connection with Article 88 Section 1 of the General Data Protection Regulation, the collection of data which are necessary for the establishment of the employment relationship. If you voluntarily, beyond what is necessary, tell us things about yourself, this is done within the framework of consent in accordance with Article 6 Section 1 Sentence 1 Letter (a) of the General Data Protection Regulation. Within the framework of processing, your data may be transmitted to persons within our company, and to service providers which are contractually bound and bound to secrecy and which perform partial tasks of data processing.

If your application for employment is rejected, deletion of the data you have submitted to us will automatically be deleted two months after we notify you of the rejection. This does not apply if longer storage is necessary owing to legal requirements (for example, the burden of proof according to the General Equal Treatment Act) or if you have expressly agreed to longer storage in our database of interested parties.

Other Advertising and Customer Relations Management

Without your permission, we use personal data only within the legally permitted scope; that means, for customer relations management and sending advertisements by mail. We do not use your electronic mail address, fax number, or telephone number for advertisements without your express consent. The basis of law for this is Article 6 Section 1 Letter f of the General Data Protection Regulation (protection of legitimate interests).

You can object to the use of your data for the purpose of direct marketing at any time and then will not receive further advertisements from us.

Use of Data by Third Parties

Aside from Google Inc. (see section 2.3.), we use the following service providers that have access to personal data:

  • Naming and Branding Agency, Brand Consultancy: INCREON GmbH, Robert-Bürkle-Straße 3, 85737 Ismaning

Duration of Storage

We delete your data if they are no longer needed after processing an inquiry or termination of the contract. Excluded from this are data which we are not yet allowed to delete due to legal obligation (e.g., documents which are to be retained according to tax law and commercial law) and data which we need to represent legitimate interests; in particular, for asserting claims or for direct marketing.

Your Rights

You have the following rights if the respective legal requirements are met:

  • You have the right to receive information about the personal data saved about you. (Article 15 GDPR).
  • You have the right to request the correction of incorrect information (Article 16 GDPR).
  • You have the right to request the deletion (Article 17) or restriction of processing (Article 18 GDPR) of data which is no longer required. Insofar as statutory retention obligations exist; e.g., for business correspondence under commercial law and tax law or another statutory exception, data will not be deleted, but only their processing will be restricted.
  • You may at any time object to the processing of your data for direct marketing purposes and, for special reasons, also to the further processing of your data (Article 21 GDPR).
  • You have the right to data transferability (Article 20 GDPR); that is, the right to request the data you have provided us in a structured, current, and machine-readable format and to transmit this data to another person responsible without our interference; if necessary, you also have the right to request that we transmit the data directly to another person responsible if this is technically feasible.
  • We do not use fully automated decision making within the meaning of Art. 22 of the General Data Protection Regulation for the establishment and implementation of a contractual or service relationship. Profiling does not take place.

Right of objection: In accordance with Article 21 Section 2 GDPR, you may object to the processing of your data for direct marketing purposes at any time. The processing of your data will then be restricted to other purposes for which it is necessary, and will no longer be processed for direct marketing. Furthermore, you can also object to the additional processing of your data if there is a special reason.

To assert your rights, please contact the address: David Zinzius, Optiqum GmbH, Siegburger Straße 223, 50679 Köln, Phone: +49 221 82 95 91 0,
dsb@atesteo.com

If you believe that the processing of your data violates data protection law, you can complain to a supervisory authority (Article 77 GDPR). The local and responsible supervisory authority for us is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany, Phone: +49 211 38424–0, Fax: +49 211 38424– 10, Email: poststelle@ldi.nrw.de.

This English translation of the German original is a courtesy translation. Only the German version is binding and shall prevail.