DATA PRIVACY STATEMENT
We, as the operator of this website, take the protection of your data seriously (when we speak of website, this also includes its sub-sites). Your data will be treated confidentially and in line with the statutory provisions, in particular the European GDPR (General Data Protection Regulation) and the Bundesdatenschutzgesetz (BDSG) [German Federal Data Protection Act].
When you access this website and use features contained herein, your personal data will be processed in a variety of ways. “Personal data” is any information relating to an identified or identifiable natural person. The term “processing” denotes any process carried out with or without the aid of automated procedures, or any series of such processes, in connection with personal data, such as collecting, recording, organising, arranging, storing, adapting or altering, retrieving, requesting, using, disclosing by means of transfer, dissemination or any other form of provision, collating or linking, restricting, erasing or destroying (Article 4 (2) GDPR).
Please note that, generally, data transfers over the Internet may be affected by security gaps. It may not be possible to reliably close these gaps to prevent attacks by third parties. This also particularly applies to communication by email. Nevertheless, we shall continuously use security technologies conforming to the respective customary state of the technological art that can be reasonably expected of us.
By means of the following Data Privacy Statement, we would like to inform you of what personal data we process for what purpose, and of what rights you and we are entitled to in respect of this processing. The wording of the German original shall prevail.
- Name and Address of the Controller Responsible for the Processing
The controller within the meaning of the GDPR, and other legal provisions that focus on the responsibility for data protection in the Member States of the European Union, is:
phone: +49 89 45 22 59-30
fax: +49 89 45 22 59-29
The internal data protection officer at achtQuark GmbH is Mr Alexander Fallier, who can be contacted at the aforementioned address or at
phone: +49 89 45 22 59-30
- Period for Which Your Personal Data will be Stored / Point in Time when Your Personal Data will be Erased
In principle, we shall process your data – in particular in the form of retention/storage – only as long as this is necessary within the scope of the legal bases specified for the respective purpose of the processing. Insofar as we do not provide any specific details regarding the period for which your data will be stored or regarding the point in time when your data will be erased, this will be determined on a case-by-case basis.
In this respect, contractual and statutory requirements concerning retention and documentation will be taken into account. Corresponding periods / time limits may be contractually agreed upon or may ensue from, inter alia, the Handelsgesetzbuch (HGB) [German Commercial Code] or the Abgabenordnung (AO) [Tax Code]; in this respect, they are already 10 years or longer. Such periods / time limits are justified on the grounds set out in Article 6 (1), sentence 1, a), b) and/or c) in conjunction with Article 17 (3) b) and/or c) GDPR, Section 35 (3) BDSG (new version).
Furthermore, compliance with retention and documentation requirements may be in our legitimate interest, unless your interests worthy of protection outweigh this. Therefore, it may be in our legitimate interest to retain and store personal data, including personal data embodied in documents, photographs and records, for example, in order to preserve evidence until the expiration of limitation periods in case of legal disputes for example. Limitation periods may be shorter or longer depending upon the subject-matter of the claim and may even last up to 30 years. The legal basis in this connection ensues from Article 6 (1), sentence 1, f) in conjunction with Article 17 (3), letter e) GDPR. We refrain from specifically stating all issues relevant to the statute of limitation, as this would limit the transparency of this Data Privacy Statement.
Finally, we may, in accordance with Section 35 (1) BDSG, refrain from erasing personal data if, in the case of non-automated data processing, erasure is impossible, or is possible only at a disproportionately high expense, owing to the particular manner of storage, and your interest in erasure is to be regarded as minor. 2In this case, instead of erasure, processing will be restricted in accordance with Article 18 GDPR. 3This will not apply if your personal data has been processed unlawfully.
- Accessing our Website
When you access our website, and during your visit to our website, essentially the following general data will be collected and temporarily stored in our servers’ log files:
- types and versions of the browser used by you;
- the operating system via which you access our website;
- any Internet sites from which our website is accessed (also called “referrer URLs”);
- the IP address (Internet protocol address) via which our sites are accessed;
- the date and time of access;
- the name of your Internet provider via which you access the Internet (access provider);
- Internet sites accessed by you via our website.
This data is processed for technical purposes in our legitimate interest, in particular for the lasting and secure functionality of the connection, for purposes of customer service in order to optimise the user-friendliness of our system and for purposes of verification documentation, for the possible prosecution of criminal offences or pursuit of claims under civil law and for averting attacks on our system. In our view, there is no reason to assume that you have an overriding interest, worthy of protection, in not having your data processed by us for the purpose specified here, particularly since you voluntarily decide to visit our website.
The legal basis for the aforementioned processing of your data ensues from Article 6 (1), sentence 1, f) GDPR.
The anonymous data in the server log files will be stored separately from all personal data provided by you yourself.
When you visit our website and its sub-sites, cookies and analysis tools used by us will also be applied. In this respect, we refer to the statements below under Section 7 Cookies).
- “Mail to” Feature
We provide on our website a “mail to” feature for your use. This enables you to contact us via our website in order to, for example, ask us questions also about circumstances relating to contractual relations existing between us, or to make suggestions. If you make use of this option, we shall store your email address and possibly your name in order to enable communication. When you use this contact feature, you will be free to provide other personal data (such as your name, residential address or telecommunication numbers). If you provide such data, we shall process from this your name, residential address and telecommunication numbers.
Insofar as you add attachments to your emails, these will, along with any personal data contained therein, also be stored.
The provision of your personal data in the above context will take place on a voluntary basis and at your instigation for the purpose of communication with us. As the processing by us will be based on our overriding, legitimate interest in customer-orientated communication, this processing is permissible under Article 6 (1), sentence 1, f) GDPR. Depending upon the content of the communication, Article 6 (1), sentence 1, b) GDPR may also come into consideration as a legal basis, for example if the communication serves contractual – or pre-contractual or post-contractual – measures.
The point in time when your data will be erased will depend upon the content of the communication and cannot be specified in advance. However, insofar as no retention or documentation requirements or overriding legitimate interests on our part exist, the data will be erased after the communication has ended.
- Contact by Telephone, Telefax and Email
Via our website, we provide telephone and fax numbers and email addresses through which you can likewise contact us. Insofar as personal data is communicated to us in a telephone conversation or in a telefax or email, this data will be processed.
If you ring us, we shall collect your name and further details, such as residential address, email address and telephone number as well as the date and time of the call and the reason for the call, insofar as this is necessary for effectively handling your matter. We shall collect this data by asking you personally to provide this data.
When you ring us, we shall assume that the call relates to the initiation of a contractual relationship or to measures concerning an existing contractual relationship or concerning post-contractual duties ensuing therefrom. In this respect, Article 6 (1), sentence 1, b) serves as the legal basis for the processing.
Telefaxes that we receive will be processed with the inclusion of your personal data contained therein, insofar as this is necessary for effectively processing the matter expressed in the telefax.
If the telefax is sent to us regarding the initiation of a contractual relationship or regarding measures relating to an existing contractual relationship or to post-contractual duties ensuing therefrom, Article 6 (1), sentence 1, b) serves as the legal basis for the processing. Moreover, the processing will take place in our overriding interest for purposes of verification documentation in case statutory claims are asserted. We have no reason to assume here that your interests worthy of protection outweigh our legitimate interests in the processing of your data. In this respect, Article 6 (1), sentence 1, f) GDPR applies as the legal basis.
Emails that we receive will also be processed with the inclusion of your personal data contained therein or in attachments to the email, insofar as this is necessary for effectively processing the matter expressed in the email.
If the email is sent to us regarding the initiation of a contractual relationship or regarding measures relating to an existing contractual relationship or to post-contractual duties ensuing therefrom, Article 6 (1), sentence 1, b) serves as the legal basis for the processing. Moreover, the processing will take place in our overriding interest for purposes of verification documentation in case statutory claims are asserted. We have no reason to assume here that your interests worthy of protection outweigh our legitimate interests in the processing of your data. In this respect, Article 6 (1), sentence 1, f) GDPR applies as the legal basis
We use so-called cookies when our website is used. Cookies are text files stored on your computer system. Generally, cookies serve technical purposes for making it easier to use our Internet sites. Some cookies may be technically necessary for making it possible to carry out features of our website in the first place. When cookies are used, only data that does not allow the drawing of any direct conclusions about your identity will be processed.
Our legitimate interest in the processing ensues from the aforementioned purposes. Hereto too, we have no reason to assume that your interests worthy of protection outweigh our legitimate interests in the processing of your data by means of cookies. Therefore, the legal basis for the storage of the data gained by means of cookies is Article 6 (1), sentence 1, f) GDPR.
You can prevent cookies from working. To do so, you have to go to your browser’s settings and activate the corresponding blocking and/or erasure features. If certain cookies are blocked, it may no longer be possible to use our website.
- Passing-On of Data
Insofar as we pass on your data to third parties in cases not specified, this will only take place if
- we have received your express consent in accordance with Article 6 (1), sentence 1, a) GDPR,
- the passing-on of your data is necessary under Article 6 (1), sentence 1, f) GDPR in our legitimate interest for attending to legal claims, and there is no reason for assuming that you have an overriding interest, worthy of protection, in not having your data passed on,
- there is a statutory obligation to pass on your personal data under Article 6 (1), sentence 1, c) GDPR, and
- this is, under Article 6 (1), sentence 1, b) GDPR, necessary for handling contractual relations with you.
- Your Rights as a Data Subject
The GDPR grants you the following rights in respect of the processing of your personal data (“data”) by us:
You may demand information from us under Article 15 GDPR (1) and (2), in particular information on
- the purposes of the processing;
- the categories of data processed;
- the categories of recipients to whom your data has been, or will be, disclosed;
- if possible, the envisaged period of storage of your data, or, if this is not possible, the criteria used to determine this period;
- the existence of a right to demand that the controller rectify or erase the data concerning you or restrict the processing of this data, or the existence of a right to object to such processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- in cases where the data is not collected from you, all available information concerning the origin of the data;
- the existence or non-existence of automated decision-making, including profiling (“profiling” means any type of automated processing of personal data that involves the use of personal data in order to evaluate certain personal aspects relating to a natural person, in particular in order to analyse or predict aspects regarding the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of this natural person), and, insofar as existent, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you;
- suitable safeguards, as referred to in Article 46 GDPR, relating to the transfer of your data to a third country or to an international organisation.
- You may demand under Article 15 (3) GDPR that we produce one copy of your data and hand it over to you free of charge, insofar as the rights or freedoms of others are not adversely affected by this.
- You may demand under Article 16 GDPR that we rectify, without delay, inaccurate data concerning you. With due regard being given to the purposes of the processing, you will have the right to demand that incomplete data be completed, also by means of a supplementary statement.
- You may demand under Article 17 GDPR that we erase your data insofar as
- your data is no longer needed for the purposes for which it is being processed;
- you revoke your consent given under Article 6 (1) a) or Article 9 (2) a) GDPR, and no other legal basis for the processing of the data applies:
- you lodge an objection to the processing under Article 21 (1) GDPR, and no overriding legitimate reasons for the processing exist, or you lodge an objection to the processing under Article 21 (2) GDPR;
- your data has been processed unlawfully;
and insofar as it is not necessary to process the data
- for exercising the right to freely express an opinion or the right to information;
- for fulfilling a legal obligation that requires processing under Union or Member State law that the controller is subject to, or for performing a task carried out in the public interest or in exercise of official authority vested in the controller;
- for asserting, exercising or defending legal claims.
- You may demand under Article 18 GDPR that the processing of your data be restricted insofar as
- the accuracy of the data is contested by you, in which case processing will be restricted for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful, and you decline to have your data erased and demand instead that use of the data be restricted;
- we no longer need the data for the purposes of the processing, but you need the data for asserting, exercising or defending legal claims, or
- you have lodged an objection to the processing under Article 21 (1) GDPR, as long as it has not yet been established whether our legitimate reasons outweigh yours.
- You may demand under Article 20 GDPR that we make available to you in a structured, commonly used and machine-readable format the data concerning you that you provided to us, and you will have the right to submit this data to another controller without any hindrance by us, insofar as
- the processing is based on consent under Article 6 (1) a) or Article 9 (2) a) or on a contract under Article 6 (1) b), and
- the processing takes place by automated means.
- You will have the right under Article 7 (3) GDPR to revoke at any time in relation to us your consent granted for the processing of your data. Revocation of your consent will not affect the lawfulness of the processing carried out on the basis of your consent up to the time of revocation. Revocation may be declared by emailing: firstname.lastname@example.org
- You will have the right under Article 21 (1) GDPR to at any time object, on grounds relating to your particular situation, to the processing of data concerning you that takes place on the basis of Article 6 (1) f) GDPR; this also applies to any profiling based on these provisions. We shall cease processing the data, unless we can demonstrate that the reasons for the processing are compelling and legitimate and override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
- If your data is processed for the purpose of direct marketing, you will have the right under Article 21 (2) GDPR to at any time object to the processing of your data for the purpose of such marketing; this also applies to profiling insofar as profiling is related to such direct marketing.
- Notwithstanding any legal remedy under administrative law or any judicial remedy, you will have the right under Article 77 GDPR to lodge a complaint with a supervisory authority, in particular in your place of residence, your place of work or the place of the alleged breach, if you are of the opinion that the processing of your data breaches the GDPR.
- Data Security
During your visit to our website, we shall use the so-called SSL (Secure Socket Layer) procedure for the purpose of encrypting the communication. This procedure corresponds to the security standard customary at present. For further protection, we shall continuously use new technological developments in a manner that can be reasonably expected of us.
As of: May 2018