Privacy policy

1 Notes on the privacy policy

Thank you for your interest in our organisation. Data protection is of particular importance to the management of AS Arbeitsschutz GmbH.
If you wish to make use of certain services of our organisation, such as those available via our website, the processing of personal data may become necessary. You are then a ‘data subject’ within the meaning of the data protection regulations.

When processing personal data, such as the name, address, telephone number or e-mail address of a data subject, we always take into account the provisions of the General Data Protection Regulation and the applicable country-specific data protection provisions.
If there is no legal basis for the processing of personal data, we always obtain the consent of the data subject for the necessary processing.

This privacy policy is intended to provide the public with information about the type, scope, and purpose of the personal data we collect, use, and process. It also informs those concerned of their rights.
AS Arbeitsschutz GmbH maintains various technical and organisational measures to ensure the most comprehensive possible protection of the processed personal data. Nevertheless, the transfer of personal data via the internet can in principle have security gaps, so one hundred percent protection cannot be guaranteed. Therefore, every data subject is free to transfer such data to us by alternative means, such as by telephone.

2  Terms

The terms used below follow the definitions of Article 12 (1) of the General Data Protection Regulation (GDPR) and § 2 of the Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG). The text of the GDPR can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679&from=DE, and the text of the BDSG can be found at https://www.bgbl.de/xaver/bgbl/start.xav?startbk=Bundesanzeiger_BGBl&jumpTo=bgbl117s2097.pdf#__bgbl__%2F%2F*%5B%40attr_id%3D%27bgbl117s2097.pdf%27%5D__1526977991911

 

3  Contact

The controller within the meaning of the General Data Protection Regulation (GDPR) and other provisions relating to data protection is:

3.1  The controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other provisions relating to data protection is:
AS Arbeitsschutz GmbH
Heinrich-Hertz-Str. 11
50181 Bedburg
Germany
Phone: 02272 90600
e-mail: info (at) asgmbh.de
Website: www.asgmbh.de

3.2  The data protection officer

Our data protection officer is:
Volker Beneke (external)
AS Arbeitsschutz GmbH
Heinrich-Hertz-Str. 11
50181 Bedburg
Germany
Phone: 02272 90600
e-mail: datenschutz (at) asgmbh.de

Data subjects can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
If a data subject contacts us via the contact form on the website or by e-mail, we will voluntarily store the information provided to us for processing the request and in case follow-up questions should arise. We store and use further personal data only if the data subject consents or if it is legal without special consent.
With the exception of any information required from authorities and the external data protection officer, this personal data is not passed on to third parties.

3.3  Security of contact

Within the framework of the valid data protection laws and technical capabilities, we do everything we can to ensure the security of the data subject’s personal data. Personal data entered on the website is transferred to us in encrypted form resulting from the SSL (Secure Socket Layer) coding system.
However, we would like to point out that data transfer over the internet (communication by e-mail, for example) may be subject to security gaps. No complete protection of data against access by third parties is possible.
To secure your data, we maintain technical and organisational security measures which we constantly adapt to the state of the art. Furthermore, we do not guarantee that our offer will be available at certain times; disruptions, interruptions, or failures cannot be ruled out. The servers we use are regularly and carefully secured.

4  Legal basis for the processing of personal data

If we obtain the consent of the data subject for processing personal data, Article 6 (1) letter (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6 (1) letter (b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6 (1) letter (c) of the GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) letter (d) of the GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests and fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) letter (f) of the GDPR serves as the legal basis for processing.

5  Data erasure and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if doing so has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

6  Data protection for applications and application procedures

We collect and process personal data from applicants for the purpose of handling the application procedure. Processing may also be carried out electronically. This is particularly likely if an applicant submits the relevant application documents to us by electronic means, such as by e-mail or via a web form on the website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be deleted automatically two months after notification of the rejection decision, provided that no other legitimate interests on our part prevent deletion. An example of such interests is duties of proof in a procedure according to the General Equal Treatment Act (Allgemeinen Gleichbehandlungsgesetz, or AGG).

7  Notes regarding the use of this website

7.1  Collection of general data and information

We collect information about the data subject when he or she uses this website. We automatically collect information about the data subject’s usage behaviour and interaction with us and register data about his or her IT system (computer or mobile device). We collect, store, and use data about every access to our online offer (so-called server log files). The access data includes name and URL of the accessed file, date and time of access, transferred data volume, notification of successful access (HTTP response code), browser type and browser version, operating system, referrer URL (that is, the previously visited page), IP address, and the requesting provider.
We use this log data without reference to the data subject or other profiling for statistical evaluations for the purpose of operation, security, and optimisation of our online offer, but also for anonymous recording of the number of visitors to our website (traffic), the extent and type of use of our website and services, and for billing purposes in order to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalised and location-based content, analyse traffic, troubleshoot and correct errors, and improve our services. We reserve the right to check the log data subsequently if there is a justified suspicion of unlawful use based on concrete evidence. We store IP addresses in the log files for a limited period of time when doing so is necessary for security purposes or for the provision or billing of a service, such as when the data subject uses one of our offers. We store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website.

7.2  Links/forwarding to third-party websites

As content providers, we are responsible for ‘our own content’, which we make available for use in accordance with § 7 Paragraph 1 of the German Telemedia Act and in accordance with general laws.
Cross-references (‘links’) to the ‘external’ contents made available by other providers are to be distinguished from our own content.
When the link was first created, we checked the external content to see whether it might trigger civil or criminal liability.
We check the links to external contents regularly, but do not constantly for check for changes. If we discover or are informed by third parties that a link provided triggers civil or criminal liability, we will delete the link.

8  Rights of the data subject

The data subject may exercise the following rights by contacting the above address in person or by post, clearly identifying himself or herself.

8.1  Right of access

The data subject may request that we verify whether we are processing personal data concerning him/her. If such processing is ongoing, the data subject may request the following information from us:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom the personal data concerning them have been or are still being disclosed;
  4. the planned duration of the storage of personal data concerning them or, if it is not possible to provide specific information, the criteria for determining the storage period;
  5. the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22 Para. (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The data subject has the right to request information as to whether personal data concerning him/her are being transferred to a third country or to an international organisation. In this context, the data subject may request to be informed of the appropriate safeguards in accordance with Article 46 of the GDPR in connection with the transfer.

8.2  Right to rectification

The data subject has a right to rectification and/or completion from us if the personal data processed concerning him/her are incorrect or incomplete. We are responsible for rectifying the data without undue delay.

8.3  Right to erasure

The data subject shall have the right to obtain from us the erasure of personal data concerning him or her without undue delay and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. The data subject withdraws consent on which the processing is based according to of Article 6 (1) letter (a) of the GDPR, or of Article 9 (2) letter (a) of the GDPR, and where there is no other legal basis for the processing.
  3. The data subject objects to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) of the GDPR.
  4. The personal data have been unlawfully processed.
  5. The personal data must be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
  6. The personal data have been collected in relation to the offer of information society services referred to in Article 8 Para. (1) GDPR.

Where we have made the personal data public and are obliged pursuant to Article 17 (1) of the GDPR to erase the personal data, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers who are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

8.4  Right to restriction of processing

The data subject may request that the processing of personal data concerning him/her be restricted under the following conditions:

  1. if the data subject contests the accuracy of the personal data concerning him or her for a period that enables us to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. we no longer need the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise, or defence of legal claims, or
  4. if the data subject has filed an objection to the processing pursuant to Article 21 (1) of the GDPR and it is not yet clear whether our justified reasons outweigh their reasons.

Where the processing of personal data affecting the data subject has been restricted, such data shall, with the exception of storage, be processed only with his or her consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the processing has been restricted in accordance with the above conditions, we will inform the data subject before the restriction is lifted.

8.5  Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where

  1. the processing is based on consent pursuant to point (a) of Article 6 Para. (1) GDPR or point (a) of Article 9 Para. (2) GDPR or on a contract pursuant to point (b) of Article 6 Para. (1) GDPR and
  2. the processing is carried out by automated means.

In exercising his or her right to data portability pursuant to Paragraph 1, the data subject shall have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

8.6  Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 Para. (1) GDPR, including profiling based on those provisions. We will then no longer process the personal data unless we can provide compelling legitimate grounds for the processing which outweigh the interests, rights, and freedoms of the data subject, or the processing serves to establish, exercise, or defend legal claims.

8.7  Automated decisions including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This is not the case if the decision

  1. is necessary for the conclusion or performance of a contract between the data subject and us,
  2. is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
  3. is based on the data subject's explicit consent.

8.8  Right to revoke data-protection-related consent

The data subject has the right to revoke his/her consent to the processing of personal data at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent up to the time of revocation.

8.9  Right to lodge a complaint with a supervisory authority

The data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work, or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her is unlawful.

9  Presence of automated decision-making

There is no automated decision-making based on the collected personal data.

10  Other website functions and tools

10.1  Newsletter

10.1.1 Subscription to our newsletter
On our website, users are given the opportunity to subscribe to our organisation's newsletter. The personal data transmitted to us when subscribing to the newsletter is determined by the input mask used for this purpose.
AS Arbeitsschutz GmbH informs its customers and business partners at regular intervals by means of a newsletter about offers from the organisation. The our organisation’s newsletter can be received by the data subject only if (1) the data subject has a valid e-mail address and (2) the data subject registers for newsletter dispatch. For legal reasons, a confirmation e-mail in the double opt-in procedure is sent to the e-mail address entered by the data subject before the newsletter is sent the first time. This confirmation e-mail serves to verify that the owner of the e-mail address has authorised the receipt of the newsletter as the data subject.
During subscription to the newsletter, we also store the IP address of the computer system used by the data subject at the time of subscription assigned by the internet service provider (ISP) and the date and time of subscription. These data must be collected if we are to trace the (potential) misuse of the e-mail address of a data subject at a later time and therefore serves to protect us legally.
The personal data collected during subscription for the newsletter will be used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter may be informed by e-mail if such notification is necessary for the operation of the newsletter service or for subscription, as could be the case if there are changes to the newsletter offer or the technical conditions. The personal data collected in the context of the newsletter service will not be passed on to third parties. The data subject can cancel the subscription to our newsletter at any time. The consent to the storage of personal data which the data subject has given us for newsletter dispatch can be revoked at any time. A link allowing consent revocation is included in each newsletter. It is also possible to unsubscribe directly from the newsletter at any time on our website or to inform us by other means of you desire to do so.

10.1.2 Newsletter tracking
The AS Arbeitsschutz GmbH newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format to enable log file recording and analysis. They allow statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, AS Arbeitsschutz GmbH can recognise whether and when an e-mail was opened by a data subject and what links in the e-mail were called by the data subject.
We collect such personal data collected via the tracking pixels contained in the newsletters and stored and evaluate them in order to optimise newsletter dispatch and to adapt the content of future newsletters even better to the interests of the data subject. This personal data will not be passed on to third parties. Data subjects are entitled to revoke the separate declaration of consent given via the double opt-in procedure at any time. After revocation, we will delete this personal data will be deleted. AS Arbeitsschutz GmbH automatically interprets unsubscribing the newsletter as a revocation.

10.2  Analysis tools

10.2.1 Google Analytics (with anonymisation function)
We have integrated the Google Analytics component (with anonymisation function) into our website. Google Analytics is a web analysis service. Web analysis is the collection and evaluation of data on the behaviour of visitors to websites. A web analysis service collects, among other things, data on what website a data subject came to a website from (the so-called referrer), which subpages of the website were accessed, and how often and for how long a subpage was viewed. Web analysis is used primarily to optimise a website and conduct cost-benefit analysis of internet advertising.
The operating company for the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
We use the addition ‘_gat._anonymizeIp’ for web analysis via Google Analytics. By means of this addition, Google shortens and anonymises the IP address of the internet connection of the data subject when he or she accesses our website from a European Union member state or from another state that is party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Among the uses Google makes of the data and information collected are evaluating the use of our website to compile online reports for us that show the activities on our website and providing other services in connection with the use of our website.
Google Analytics sets a cookie on the IT system of the data subject. Setting the cookie allows Google to analyse the use of our website. Each time the data subject visits one of the individual pages of our website into which a Google Analytics component has been integrated, the relevant Google Analytics component automatically causes the internet browser on the data subject's IT system to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which allows Google, among other things, to trace the origin of visitors and clicks and subsequently issue commission statements.
Cookies are used to store personal information, such as access time, the location from which access came, and the frequency of visits to our website by the data subject. Whenever you visit our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose personal data collected via the technical process to third parties.
The data subject can prevent the setting of cookies by our website at any time, as described above, by adjusting the settings of the internet browser used and thus permanently objecting to the setting of cookies. Such a setting of the internet browser used would also prevent Google from placing a cookie on the IT system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
Furthermore, it is possible for the data subject to object to and prevent the collection of data generated by Google Analytics relating to a use of our website and the processing of this data by Google. The data subject must download and install a browser add-on from this link: https://tools.google.com/dlpage/gaoptout . This browser add-on informs Google Analytics via JavaScript that no data or information about visits to websites may be transmitted to Google Analytics. Google considers the installation of the browser add-on to be an objection. If the data subject’s IT system is deleted, formatted, or reinstalled at a later time, he or she must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their control, it is possible to reinstall or reactivate the browser add-on.
Further information about the valid Google data protection provisions can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.

10.3  Social Media

10.3.1 Facebook
We have integrated components of Facebook into our website. Facebook is a social network.
A social network is an internet-based social meeting place, an online community that usually enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enable the internet community to provide personal or company-related information. Facebook enables social network users to create private profiles, upload photos, and network via friendship requests, among other things.
The operating company for Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The controller if a data subject lives outside the U.S. or Canada is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time a Facebook component (Facebook plug-in) is integrated into one of the individual pages of our website, the internet browser on the data subject's IT system is automatically prompted by the relevant Facebook component to download a representation of the Facebook component in question from Facebook. An overview of all Facebook plugins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook is informed about which specific subpage of our website is being visited by the data subject.
If the person concerned is logged on to Facebook at the same time, Facebook recognises the specific subpage of our website the data subject visits during each visit to our website and for the entire duration of his or her stay on our website. This information is collected by the Facebook component and related by Facebook to the Facebook account of the data subject. If the data subject clicks one of the Facebook buttons integrated on our website, such as the ‘Like’ button, or the person concerned makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.
The Facebook component informs Facebook that the data subject has visited our website whenever the data subject is logged on to Facebook at the same time he or she is accessing our website, regardless of whether he or she clicks on the Facebook component. If the data subject does not want this information to be transmitted to Facebook, he or she can prevent it from being transmitted by logging out of his or her Facebook account before visiting our website.
The privacy policy published by Facebook, available at https://de-de.facebook.com/about/privacy/, provides information about Facebook's collection, processing, and use of personal data. It also explains what setting options Facebook offers to protect the privacy of the data subject. Various applications are also available to allow suppression of data transmission to Facebook. The data subject can use such applications to suppress data transmission to Facebook.

10.3.2 Google+
We have integrated the Google+ button into our website as a component. Google+ is a so-called social network. A social network is an internet-based social meeting place, an online community that usually enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enable the internet community to provide personal or company-related information. Google+ enables social network users to create private profiles, upload photos, and network via friendship requests, among other things.
The operating company for Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time a Google+ button is integrated into one of the individual pages of our website, the internet browser on the data subject's IT system is automatically prompted by the relevant Google+ button to download a representation of the Google+ button in question from Google. As part of this technical process, Google is informed about which specific subpage of our website is being visited by the data subject. More detailed information about Google+ can be found at https://developers.google.com/+/.
If the data subject is logged on to Google+ at the same time, Google recognises the specific subpage of our website the data subject visits during each visit to our website and for the entire duration of his or her stay on our website. This information is collected by the Google+ button and referenced by Google to the respective Google+ account of the data subject.
If the data subject clicks one of the Google+ buttons integrated into our website and thereby makes a Google+1 recommendation, Google assigns this information to the personal Google+ user account of the data subject and stores this personal data. Google stores the Google+1 recommendation of the data subject and makes it publicly available in accordance with the conditions accepted by the data subject. A Google+1 recommendation given by the data subject on our website will subsequently be stored and processed together with other personal data, such as the name of the Google+1 account used by the data subject and the photo stored in this account in other Google services, such as Google search engine results, the data subject’s Google account, or in other places, such as on websites or in connection with advertisements. Furthermore, Google is able to link the visit to our website with other personal data stored by Google. Google also records this personal information for the purpose of improving or optimising the various services provided by Google.
The Google+ button informs Google that the data subject has visited our website if the data subject is logged in to Google+ during the time as he or she visits our website, regardless of whether or not he or she clicks the Google+ button.
If the data subject does not want personal data to be transmitted to Google, he or she can prevent such transmission by logging out of his or her Google+ account before visiting our website.
Further information about the valid Google data protection provisions can be found at https://www.google.de/intl/de/policies/privacy/. Further information provided by Google about the Google+1 button can be found at https://developers.google.com/+/web/buttons-policy.

10.3.3 YouTube
We have integrated components from YouTube into our website. YouTube is an internet video portal that allows video publishers to post video clips and other users to view, rate, and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes, music videos, trailers, and videos produced by users themselves can be called up via the internet portal.
The operating company for YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time a YouTube component (YouTube video) is integrated into one of the individual pages of our website, the internet browser on the data subject's IT system is automatically prompted by the relevant YouTube component to download a representation of the YouTube component in question from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google are informed which specific subpage of our website is visited by the data subject.
If the data subject is simultaneously logged in to YouTube, YouTube recognises which specific subpage of our website the data subject is visiting by calling up a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to the data subject’s YouTube account.
YouTube and Google receive information via the YouTube component that the data subject has visited our website whenever the data subject is logged on to YouTube at the same time he or she is accessing our website; this happens regardless of whether he or she clicks on a YouTube video. If the data subject does not want this information to be transmitted to YouTube and Google, he or she can prevent it from being transmitted by logging out of his or her YouTube account before visiting our website.
The privacy policy published by YouTube, available at https://www.google.de/intl/de/policies/privacy/, provides information about the collection, processing, and use of personal data by YouTube and Google.

AS Arbeitsschutz GmbH | Heinrich-Hertz-Str. 11 | 50181 Bedburg | Tel.: +49 2272 9060 0 | Fax: +49 2272 9060 90 | Mail: info (at) nitras.de
Toggle Bar