Data Protection Statement
The following statement provides you as the “person concerned” with an overview of our processing of your personal data and your rights as set forth in data protection legislation. In principle, the use of our website is possible without providing personal data. However, if you wish to take advantage of special services from our company via our website, it may be necessary for us to process personal data. If we need to process personal data and if no legal basis exists for this type of processing, then we will usually obtain your consent.
The processing of personal data, for example your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the applicable country-specific data protection regulations which apply to “Atbas GmbH & Co. KG”. The purpose of this data protection statement is to inform you of the scope and purpose of the data obtained, used and processed by us.
As the data controller, we have implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as securely as possible. Nevertheless, web-based data transfers may still be subject to vulnerabilities; therefore, absolute protection cannot be guaranteed. For this reason, you are also free to submit personal data to us by alternative means, for example by telephone or post.
2. Data controller
The data controller in accordance with GDPR is:
Atbas GmbH & Co. KG
Freiberger Str. 69-71, 01159 Dresden, Germany
Telephone: +49 351 404 252 40
Fax: +49 351 404 252 49
Director of the responsible department:
3. Data Protection Officer
The Data Protection Officer may be contacted as follows:
Telephone: +49 351 404 252 40
E-mail: Data Protection Officer
You are welcome to send any questions or suggestions relating to data protection directly to our Data Protection Officer at any time.
4. Definition of terms
This data protection statement is based on the concepts used by the European regulatory body when issuing the General Data Protection Regulation (GDPR). Our data protection statement shall be easy to read and comprehensible, both for our customers and business partners and for the general public. To ensure this, we wish to first explain the concepts used.
In this data protection statement, we use the following terms, amongst others:
- Personal data
Personal data is any information which relates to an identified or identifiable natural person. A natural person is considered to be identifiable if he/she can be directly or indirectly identified, in particular via allocation to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more specific characteristics which are the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
- Person concerned
The person concerned is any identified or identifiable natural person whose personal data is being processed by the data controller (our company).
Processing is any procedure carried out with or without the help of automatic methods, or any series of such procedures, in conjunction with personal data, such as obtaining, recording, organisation, ordering, storage, adaptation or alteration, reading out, querying, usage, disclosure via transfer, dissemination or any other form of provision, reconciliation or linking, restriction, deletion or destruction.
- Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
Profiling is any type of automated processing of personal data, which consists of using this personal data in order to evaluate specific personal aspects which relate to a natural person, in particular, in order to analyse or predict aspects relating to this natural person’s performance at work, economic position, health, personal preferences, interests, reliability, behaviour, location or change of location.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific person concerned without drawing upon additional information, insofar as this additional information is stored separately and technical and organisational measures are in place which guarantee that the personal data is not allocated to an identified or identifiable natural person.
The processor is a natural or legal person, authority, institution or other body, which processes personal data on behalf of the controller.
The recipient is a natural or legal person, authority, institution or other body, to whom personal data is disclosed, irrespective of whether this data relates to a third party. However, authorities who may potentially receive personal data within the context of a specific inquiry in accordance with European Union law or the law of the member states do not count as recipients.
- Third party
A third party is a natural or legal person, authority, institution or other body other than the person concerned, the controller, the processor and the persons directly authorised by the controller or the processor to process the personal data.
Consent is any agreement given for the specific instance by the person concerned in an informed manner and incontrovertibly, in the form of a declaration or any other unambiguously confirmatory action, with which the person concerned makes it understood that he/she agrees to the processing of the personal data relating to him/herself.
5. Legal basis of the processing
Our company uses GDPR Art. 6 para. 1(a) as the basis for processing procedures, during which we obtain consent for processing for a specific purpose.
If the personal data is to be processed for the fulfilment of a contract, in which you are one of the contractual parties, such as in the case of the processing procedures necessary for the delivery of goods or the performance of any other service or return service, then the processing is carried out on the basis of GDPR Art. 6 para. 1(b). The same applies to processing procedures which are required for the conduct of pre-contractual measures, such as in the case of enquiries about our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfilment of our obligations with respect to taxation, then this processing is based on GDPR Art. 6 para. 1(c).
In rare instances, the processing of personal data may become necessary in order to protect the vital interests of the person concerned or of other natural persons. For example, this would be the case if a visitor to our company was injured and, as a result, his name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. The processing would then be on the basis of GDPR Art. 6 para. 1 (d).
Finally, processing procedures could be on the basis of GDPR Art. 6 para. 1(f). Processing procedures are carried out on this basis if they are not covered by any of the legal bases previously described, and if the processing is required for the protection of a legitimate interest of our company or a third party, insofar as this is not overridden by the interests, fundamental rights and fundamental freedoms of the person concerned. We are permitted to carry out processing procedures of this type in particular because they have been specifically mentioned by the European legislative body. In this respect, the legislative body has expressed the opinion that a legitimate interest could be assumed if you are a customer of our company (GDPR Recital 47, sentence 2).
6.1 SSL/TLS encryption
Our site uses SSL or TLS encryption to guarantee the security of data processing and to protect transfers of confidential content, such as orders, login data or contact enquiries that you send to us in our role as the operator. You can recognise an encrypted connection by the fact that the browser address line starts with “https://” rather than “http://”, and that the browser line displays a padlock symbol.
When the SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
6.2 Data recorded during your visit to our website
If you use our website solely for informational purposes, i.e. if you do not register or transfer any other information to us, we only collect the data which your browser transfers to our server (in so-called “server logfiles”). Our website records a certain amount of general data and information each time a page is visited by you or by an automated system. This general data and information is stored in the server logfiles. Data and information stored may include
- type and version of the browser used,
- operating system used by the system accessing the website,
- the webpage from which the system accessing the website reaches our website (the so-called referrer),
- the sub-webpages activated on our website by the system accessing the website,
- the date and time our website is accessed,
- an Internet Protocol address (IP address),
- the Internet service provider of the system accessing the website.
When using this general data and information, we do not draw any conclusions relating to your person. This information is used
- to deliver the content of our website correctly,
- to optimise the content of our website and the advertising for it,
- to guarantee the long-term functionality of our IT systems and our website technology,
- to provide law enforcement authorities with necessary information in the case of a cyber-attack.
The data and information obtained is therefore evaluated by us for statistical purposes and to improve data protection and data security within our company, with the ultimate aim of ensuring optimal protection for the personal data processed by us. The data from the server logfiles is stored separately from all personal data submitted by a person concerned.
The legal basis for the data processing is GDPR Art. 6 para. 1 clause 1(f). Our legitimate interest is derived from the above purposes for obtaining data.
7. Transfer of data to third parties
Your personal data will not be transmitted to third parties for any purposes other than the following.
We only transmit your personal data to third parties when:
- you have given your express consent to this in accordance with GDPR Art. 6 para. 1 clause 1(a),
- the transfer is permissible according to GDPR Art. 6 para. 1 clause 1(f) for the protection of our own legitimate interests, and no grounds exist to assume that you have an overriding interest in the non-transfer of your data which is worthy of protection,
- in the case where there is a legal obligation for the transfer according to GDPR Art. 6 para. 1 clause 1 (c) and
- this is legally permissible and according to GDPR Art. 6 para. 1 clause 1(b) is necessary for the conduct of contractual relationships with you.
8.1 General information relating to cookies
The cookie stores information which is generated in connection with the specific device used. However, this does not mean that we thereby obtain direct knowledge of your identity.
We also use temporary cookies in order to optimise our user-friendliness; these are saved on your device for a specific defined period of time. If you visit our site again to use our services, we automatically recognise that you have previously visited us, and you do not need to re-enter information or re-select settings from your previous visit.
The data processed by cookies is required for the stated purpose of the protection of our legitimate interests and those of third parties, in accordance with GDPR Art. 6 para. 1 clause 1(f).
Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer or that a warning always appears before a new cookie is placed. Nevertheless, if you fully deactivate cookies, you may not be able to use the full functionality of our website.
9. Contents of our website
9.1 Making contact/contact form
Personal data is obtained when you make contact with us (e.g. via the contact form or e-mail). The data we obtain in the case of a contact form can be seen in the respective contact form. This data is only stored and used for the purpose of making contact or for dealing with your enquiry, and for the associated technical administration. The legal basis for the processing of the data is our legitimate interest in dealing with your enquiry, in accordance with GDPR Art. 6 para. 1(f). If you have made contact with the purpose of concluding a contract, then the additional basis for the processing is GDPR Art. 6 para. 1(b). Your data will be deleted once your enquiry has been fully dealt with; this is the case when it may be assumed from the circumstances that the matter concerned has been conclusively clarified and insofar as no legal retention requirements apply.
10. Newsletter distribution
10.1 Newsletter distribution to existing customers
When you have provided your e-mail address to us when purchasing goods or services, then we reserve the right to regularly send you offers via e-mail relating to goods or services from our range similar to those already purchased. We do not need to obtain separate permission from you for this, in accordance with the German Act Against Unfair Competition § 7 para. 3. In this respect, data processing is undertaken solely on the basis of our legitimate interest in personalised direct advertising in accordance with GDPR Art. 6 para. 1(f). If you have disallowed the use of your e-mail address for this purpose, then we will not distribute these e-mails to you. You are entitled to withdraw your consent for the use of your e-mail address for the advertising purpose described above at any time with future effect, by informing the controller named at the start. You will only incur transmission charges at basic tariffs when doing so. Following receipt of your withdrawal of consent, the use of your e-mail address for advertising purposes will immediately cease.
This website uses CleverReach to distribute newsletters. The service provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a newsletter distribution organisation and analysis service. The data submitted by you for the purpose of receiving a newsletter (e.g. e-mail address) is stored on the servers of CleverReach in Germany or Ireland.
By distributing e-mails via CleverReach, we are able to analyse the behaviour of our newsletter recipients. Amongst other things, this includes analysis of how many recipients have opened the newsletter e-mail and how often specific links in the newsletter are clicked on. So-called conversion tracking is also used to analyse whether a pre-defined action (e.g. purchase of a product on our website) is carried out following clicking on the newsletter link. For further information on data analysis by CleverReach newsletters, please see: https://www.cleverreach.com/en/features/reporting-tracking/.
The data processing takes place on the basis of your consent (GDPR Art. 6 para. 1(a)). You may withdraw this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already undertaken is not affected by your cancellation.
If you do not wish CleverReach to undertake any analysis, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter e-mail. Furthermore, you can also unsubscribe from the newsletter directly from our website.
The data you have submitted to us for the purpose of receiving the newsletter is stored by us until you deregister from the newsletter, and is deleted from our servers and from the servers of CleverReach when you have unsubscribed from the newsletter. Data stored with us for other purposes (e.g. e-mail addresses for the member area) is unaffected by this.
For further details, please see the CleverReach data protection policy at: https://www.cleverreach.com/en/privacy-policy/.
11. Our activities on social networks
To enable us to communicate with you and inform you about our services via social networks as well, we maintain a presence on such networks with our own pages.
We are not the original provider (controller) of these pages, but rather use these solely within the framework of the options offered by the relevant service provider.
We would therefore advise you as a precaution that your data may be processed outside the European Union or the European Economic Area. Use of these pages may therefore pose data protection risks for you, since it may be difficult to guarantee your rights, e.g. to information, deletion, withdrawal of consent, etc., and processing in social networks is frequently undertaken by the service provider directly for advertising purposes or for the analysis of user behaviour, and we are unable to influence this. If usage profiles are stored by the service provider, cookies are frequently used in the process or your user behaviour is directly associated with your own social network member profile (if you have logged into it).
The personal data processing operations are undertaken in accordance with GDPR Art. 6 para. 1(f) on the basis of our legitimate interest and the legitimate interest of the respective service provider, in order to be able to communicate with you promptly about our services. If you are required by the respective service provider to supply consent as a user to the processing of your data, then the legal basis relates to GDPR Art. 6 para. 1(a) in conjunction with GDOR Art. 7.
Since we have no access to the databases of the service providers, we would advise you that you should assert your rights (e.g. to information, rectification, deletion, etc.) directly with the respective service provider. We have supplied further information relating to the processing of your data and your options to withdraw or cancel consent (to opt out) below, under the name of the respective social network service provider used by us:
Data processing controller for Europe:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Data protection statement (Data policy):
Opt-out and advertising settings:
Facebook is a participating organisation in the EU-U.S. Privacy Shield Framework:
Data processing controller for Germany:
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Data protection statement:
Information for XING members:
12. Web analysis
12.1 Google Analytics
On our website, we use Google Analytics, a web analysis service from Google Inc. (https://www.google.de/en/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”). Pseudonymised usage profiles are created and cookies used (see subpara. 4) in connection with this. The information generated by the cookie regarding your usage of this website, such as
- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the computer accessing our website (IP address),
- time of the server enquiry,
is transmitted to a Google server in the USA and stored there. The information is used to evaluate usage of the website, to compile reports on website activity and to provide other services related to website usage and Internet usage for the purposes of market research and needs-based design of this website. This information is also transmitted to third parties where applicable, insofar as this is prescribed by law or insofar as third parties are processing this data on our behalf. Under no circumstances will your IP address be associated with other data by Google. The IP addresses are anonymised, making an association impossible (IP masking).
You can prevent the installation of cookies by setting your browser software appropriately; however, we would advise you that in this case you may not be able to use the full functionality of this website.
We use Google Analytics in the interest of the needs-based design and optimisation of our website. This constitutes a legitimate interest in the sense of GDPR Art. 6 para. 1(f).
You may furthermore prevent the recording of the data generated by the cookie relating to your use of the website (incl. your IP address) and the processing of this data by Google, by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en-GB).
As an alternative to browser add-ons, in particular for browsers on mobile devices, you can also prevent recording by Google Analytics by clicking on the following link: Disable Google Analytics. This sets an opt-out cookie that prevents your data from being collected in future when you visit this website. The opt-out cookie applies only in this browser and only for our website, and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
For further information on data protection in relation to Google Analytics, please see Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=enGB).
13. Plug-ins and other services
13.1 Google Maps
On our website, we use Google Maps (API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for the presentation of interactive maps, in order to display geographical information visually. You can use this service, for example, to view our location, making it easier for you to travel to us.
As soon as you open the sub-pages into which the Google Map is incorporated, information on your usage of our website (e.g. your IP address) is transmitted to Google servers in the USA and stored there. This happens regardless of whether Google has provided a user account through which you have logged in, or whether a user account exists. If you are logged into Google, your data is directly associated with your account. If you do not want any association with your Google profile, you will need to log out of your Google user account. Google stores your data (even for users who have not logged in) as usage profiles and evaluates these. This type of evaluation is undertaken in particular in accordance with GDPR Art. 6 para. 1(f) on the basis of the legitimate interests of Google in the display of personalised advertising, in market research and/or in the needs-based design of its website. You have a right to withdraw consent to the creation of this user profile; to exercise this right, you must contact Google.
Google LLC, which is based in the USA, is certified for “Privacy Shield”, the US-European data protection agreement, which guarantees compliance with the level of data protection applicable within the EU.
We use Google Maps in the interest of providing an attractive presentation of our website and making it easy to find the locations mentioned by us on our website. This constitutes a legitimate interest within the meaning of GDPR Art. 6 para. 1(f).
13.2 Google reCAPTCHA
On this website, we also use the reCAPTCHA function from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This function primarily serves to distinguish whether an entry has been made by a natural person or improperly by machine or automated processing. The service also encompasses the transmission of the IP address and, where applicable, additional data required by Google for the reCAPTCHA service. This takes place in accordance with GDPR Art. 6 para 1(f) on the basis of our legitimate interest in establishing the individual intentionality of actions on the Internet and in preventing improper usage and spam.
Google LLC, which is based in the USA, is certified for “Privacy Shield”, the US-European data protection agreement, which guarantees compliance with the level of data protection applicable within the EU.
Detailed information on Google reCAPTCHA and the Google data protection statement may be viewed at: https://policies.google.com/privacy?hl=enGB
14. Routine storage, deletion and blocking of personal data
We only process and store your personal data for the period of time required to achieve the purpose for which it has been stored or insofar as is prescribed by the legislation to which our company is subject.
If the purpose of storage no longer applies, or if a prescribed storage deadline has expired, the personal data is routinely blocked or deleted according to the legal regulations.
15. Duration of storage of personal data
The criteria for the duration of storage of personal data is the respective legal retention period. Following expiry of this deadline, the corresponding data is routinely deleted, insofar as they are no longer required for the fulfilment or initiation of a contract.
16. Currency and amendment of the data protection statement
This data protection statement is currently valid and is dated May 2018.
It may become necessary to amend this data protection statement due to further development of our website and other products and services, or based on amendments to legal requirements or the requirements of the authorities. You may download and print out the currently valid data protection statement at any time from the website at “https://www.atbas.de/datenschutz/”.