- ABS-Armaturen GmbH
- Gohfelder Street 2
- 32549 Bad Oeynhausen
- HRB 3417
- Udo Dieme
- 05731 300510
Data Protection Supervisor:
- Dieme Angela
- Gohfelder Street 2
- 32549 Bad Oeynhausen
- 05731 300510
1. Basic Information on Data Processing and Legal Bases
1.2.The terminology used, such as „personal data” or its „processing” refers to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). The personal data of users processed in the context of this online offering includes information data (e.g. customer names and addresses), usage data (e.g. the visited websites of our online offering, interest in our products) and content data (e.g. details entered in the contact form).
1.3. The term „user” covers all categories of data subjects. These include our business partners, customers, interested parties and other visitors to our online offering. The terminology used, such as „users” is to be understood gender-neutral.
1.4. We process personal data of users only in compliance with the relevant data protection regulations. This means that users' data will only be processed in case of legal permission. I.e., especially if the data processing for the provision of our contractual services (e.g. the processing of orders) and online services is required or prescribed by law, the consent of the user is obtained, as well as our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offering within the meaning of Art. 6 para. 1 let. f of the GDPR, in particular in case of audience measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of third-party services.
1.5. We would like to point out that the legal basis of the consents is Art. 6 para. 1 let. a. and Art. 7 of the GDPR, the legal basis for the processing for the performance of our services and the performance of contractual measures is Art. 6 para. 1 let. b. of the GDPR, the legal basis for processing in order to fulfil our legal obligations is Art. 6 para. 1 let. c. of the GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Art. 6 para. 1 let. f. of the GDPR.
2. Security Measures
2.1. We undertake organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
2.2. The security measures include in particular the encrypted transfer of data between your browser and our server.
3. Transfer of Data to Third Parties and Third-Party Providers
3.1. A transfer of data to third parties is carried out only within the scope of legal requirements. We pass on the data of the users to third parties only if this is required for e.g. the purposes of the contract on the basis of Art. 6 para. 1 let. b) of the GDPR or on the basis of legitimate interests in acc. with Art. 6 para. 1 let. f. of the GDPR in the economical and effective operation of our business.
3.2. nsofar as we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organizational measures to protect personal data in accordance with applicable law.
4. Provision of Contractual Services
4.1. We process information data (e.g. names and addresses as well as contact data of users), contractual data (e.g. services delivered, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in acc. with Art. 6 par. 1 let. b. of the GDPR.
5. Establishing Contact
5.1. When contacting us (via contact form or e-mail), the information provided by the user in order to process the contact inquiry and its further handling will be processed acc. to Art. 6 par. 1 let. b) of the GDPR.
5.2. The user details can be stored in our Content Management System ("CMS").
6. Comments and Contributions
6.1. If users leave comments or other contributions, their IP addresses are retained for 7 days based on our legitimate interests within the meaning of Art. 6 para. 1 let. f. of the GDPR.
6.2. This is for our own safety, in case someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In such case we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author.
7. Collection of Access Data and Log Files
7.1. Based on our legitimate interests within the meaning of Art. 6 para. 1 let. f of the GDPR, we collect data about each access to the server on which this service is located (so-called server log files). The access data include name of the viewed website, file, date and time of your visit, volume of data transmitted, notification of successful access, web browser type along with its version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
7.2. The logfile information is retained for security purposes (e.g. to clarify abusive or fraudulent activities) for a maximum period of seven days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the deletion until final clarification of the incident.
8. Cookies & Audience Measurement
8.1. Cookies are information transmitted from our web server or third-party web servers to users' web browsers and retained there for later visit. Cookies are small files or other types of information storage.
8.2. We use „session cookies” that are only stored for the duration of the current visit to our online presence (e.g. to enable the storage of your login status or the shopping cart function and thus the use of our online offering at all). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies cannot save any other data. Session cookies are deleted when you have finished using our online offering and you have e.g. logged out or closed the browser.
8.4. If users do not want cookies to be stored on their computer, they will be asked to disable the option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offering.
8.5. You may object to the usage of cookies that serve audience measurement and promotional purposes through a deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and, in addition, the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
9. Google Analytics
9.2. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3. Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering and to provide us with further services related to the use of this online offering and the internet usage. In this case, from the processed data pseudonymous usage profiles of the users can be created.
We use Google Analytics to display the advertisements displayed within Google's advertising services and its affiliates, but only to those users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in particular topics or products that are determined by the websites visited) that we provide to Google (so-called „Remarketing-” or „Google Analytics Audiences”). With the help of Remarketing Audiences, we also want to make sure that our advertisements are in line with the potential interest of users and are not perceived to be annoying.
9.4. We only use Google Analytics with activated IP anonymisation. This means that the IP addresses of the users will be shortened by Google within member states of the European Union or in other Contracting States of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be sent to a Google server in the USA and shortened there.
9.5. The IP address submitted by the user's browser will not be merged with other data provided by Google. Users can block the storage of cookies by setting their browser software accordingly; users may also block the collection of data generated by the cookie and related to its use of the online offering as well as the processing of such data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
9.6. Further information information about data usage by Google, setting and appeal possibilities you will find on Google websites: https://www.google.com/intl/en/policies/privacy/partners („Usage of data by Google during your usage of websites or apps of our partners”), http://www.google.com/policies/technologies/ads („Data usage for advertising purposes”), http://www.google.com/settings/ads („Managing information used by Google to show you advertisements”).
10. Google Re/Marketing Services
10.1. Based on our legitimate interests (such as interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 para. 1 let. f. of the GDPR), we use the marketing and remarketing services (in short „Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, („Google”).
10.2. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
10.3. Google Marketing Services allow us to better target advertisements for and on our website so that we present the users only ads that potentially match their interests. For example, if a user sees advertisements for products he/she has been interested in on other websites, this is called „remarketing”. For these purposes, when visiting our and other websites with activated Google Marketing Services function, a Google code is implemented and so-called (Re)marketing tags (invisible graphics or codes, also known as „web beacons”) are integrated into the website. With their help, a small file with an individual cookie is saved on the user’s device (instead of cookies, comparable technologies can also be used). The cookies can be integrated by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file is noted which web pages the user visited, in what content he is interested and what offers he has clicked, as well as technical information about the browser and operating system, referring web pages, time of visit and other information on the use of the online offering. The IP address of the users is also recorded, whereby in the context of Google Analytics we announce that the IP address is shortened within member states of the European Union or other parties to the Agreement on the European Economic Area and only in exceptional cases completely transferred to a Google server in the USA and shortened there. The IP address will not be merged with data of the user within other offers from Google. The aforementioned information may also be linked by Google with such information from other sources. Subsequently, if the user visits other websites, they can be displayed according to his interests with advertisements tailored to his/her specific needs.
10.4. The data of the users in the context of the Google marketing services are processed pseudonymously. This means that Google does not store and process e.g. the name or e-mail address of the users, but processes the relevant cookie-related data within pseudonymous user profiles. In other words, Google does not manage and display advertisements for a specifically identified person, but for the cookie owner, regardless of who the cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymisation. The information collected about users by Google Marketing Services is transmitted to Google and stored on Google's servers in the USA.
Among the Google marketing services we use is i.a. the online advertising program „Google AdWords”. In the case of Google AdWords, each AdWords client receives a different „conversion cookie”. Cookies cannot be tracked through AdWords advertisers' websites. The information collected through the cookie is used to generate conversion statistics for AdWords clients who have decided for conversion tracking. The AdWords clients will see the total number of users who clicked on their advertisement and were redirected to a conversion tracking tag page. But they do not receive information that allow for the personal identification of users.
10.6. If you wish to opt-out to interest-related advertising through Google Marketing Services, you can use Google's setting and opt-out options: http://www.google.com/ads/preferences.
11. Facebook Social Plugins
11.1. Based on our legitimate interests (such as interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 let. f. of the GDPR) we use social plugins („plugins”) of the social network facebook.com, which are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland („Facebook”). The plugins can represent interaction elements or content (such as videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white „f” on blue tile, the terms „Like” or a „thumbs up” sign) or are marked with the additional „Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
11.2. Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
11.3. When a user views a feature of this online offering that includes such a plugin, his/her device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the device of the user and incorporated by it into the online offering. In this case, from the processed data usage profiles of the users can be created. We therefore have no influence on the volume of data that Facebook collects by means of this plugin and informs users accordingly to our knowledge.
11.4. By integrating the plugins, Facebook receives the information that a user has visited the corresponding page of the online offering. If the user is logged in to Facebook, Facebook can assign the visit to his/her Facebook account. If users interact with the plugins, for example, press the Like button or leave a comment, a relevant information is transmitted from their device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save his/her IP address. According to Facebook, in Germany only an anonymised IP address is stored.
11.6. If a user is a Facebook member and does not want Facebook to collect data about him via this online offering and link it to his/her member data stored on Facebook, he must log out of Facebook and delete his cookies before using our online offering. Further settings and objections regarding the usage of data for marketing purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform independent, that means they are adopted for all devices, such as desktop computers or mobile devices.
12. Integration of Services and Contents of Third Parties
12.1. Within our online offering we use content or service offers provided by third parties based on our legitimate interests (such as interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 para. 1 let. f. of the GDPR) to integrate e.g. videos and fonts in their content and services (hereinafter uniformly referred to as the „content”). This always assumes that the third-party providers of this content use the IP addresses of the users, since they do not provide the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. The third-party providers may also use so-called pixel tags (invisible graphics, also referred to as „web beacons”) for statistical or marketing purposes. The „pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include i.a. technical information about the browser and operating system, referring web sites, time of visit and information from other sources regarding the use of our online offering.
12.2. The following presentation provides an overview of third-party providers as well as their contents and links to their privacy policies, which contain further information on the processing of data and, partially already mentioned here, contain opt-out possibilities (so-called opt-out):
13. Rights of Users
13.1. Users shall have the right, upon request, to receive information free of charge about their personal data that we have retained.
13.2. In addition, the users shall have the right to correct inaccurate data, restrict the processing and delete their personal data, where appropriate, assert their rights to data portability and, in the event of unlawful processing, file a complaint to the competent Supervisory Authority.
13.3. Similarly, users can revoke consent, generally with future implications.
14. Deletion of Data
14.1. The data retained by us are deleted as soon as they are no longer necessary for their purpose and the deletion does not conflict with any statutory retention requirements. If the users' data are not deleted because they are required for other and legally permitted purposes, their processing will be restricted. This means the data is blocked and not processed for other purposes. This applies, for example for data of users which must be kept for commercial or tax reasons.
14.2. According to legal requirements, the retention takes place for 6 years in accordance with § 257 para. 1 of the HGB (German Commercial Code – trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with § 147 para. 1 of the AO (Regulation of Taxation – books, records, management reports, accounting records, trade and business letters, tax documents, etc.).
15. Right of Objection
Users may object to the future processing of their personal data in accordance with legal requirements at all times. The objection may in particular be made against processing for direct marketing purposes.
Udo Dieme – Managing Director –