Privacy Statement

Privacy Statement

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other EU Member State legislation for the protection of privacy as well as other provisions for the protection of privacy is:

Aximpro Deutschland GmbH
Heckenweg 4, 
83714 Miesbach,
Deutschland

+49 8161 2499100
info@aximpro.com
www.aximpro.com

 

II. Name and address of the data protection officer

The controller’s data protection officer is:

DataCo GmbH
Kivanç Semen
Dachauer Str. 65
80335 München
Deutschland

+49 89 740045840
datenschutz@dataguard.de
www.dataguard.de

 

III. Rights of the data subject

The following list comprises all of the rights of data subjects under the GDPR. There is no requirement to enumerate rights of no relevance to the own website. This being the case, the list can be truncated.

If your personal data are processed, then you are a data subject within the language of GDPR, and you have the following rights vis-à-vis the controller:

1. Right to information

You can request that the controller confirm whether we will process personal data concerning you.

If such processing occurs, you can require the controller to disclose the following information:

1.    the purposes for which the personal data are processed;

2.    the categories of personal data processed;

3.    the recipients or categories of recipients to which the personal data concerning you has been or will be disclosed;

4.    the planned period of storage of the personal data concerning you or, if specific information in this respect is not possible, the criteria used to determine the storage period;

5.    the existence of a right of rectification or erasure of personal data that concern you, of a right to restrict processing by the controller, or of a right to object to such processing;

6.    the existence of a right of appeal to a supervisory authority;

7.    all available information about the origin of the data, if the personal data have not been collected from the data subject;

8.    the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – reliable information about the logic involved and the scope and the desired effects of such processing for the data subject.

You have the right to request information as to whether personal information concerning you will be transmitted to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

2. Right of rectification

You have a right of rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are inaccurate or incomplete. The controller must make the rectification immediately.

3. Right to restrict processing

You may request restriction of the processing of personal data concerning you under the following conditions:

1.    if you dispute the accuracy of the personal data concerning you for a period of time that permits the controller to verify the accuracy of the personal data;

2.    the processing is unlawful and you reject erasure of the personal data and instead request restriction of the use of the personal data;

3.    the controller no longer requires the personal data for purposes of processing, but you require them for the establishment, exercise or defence of legal claims, or

4.    if you have filed an objection to processing in accordance with Art. 21 (1) GDPR, and it has not yet been established whether the controller’s legitimate grounds for processing override your own grounds.

Where processing of the personal data concerning you has been restricted, such data – apart from their storage – may be processed only with your consent or for the establishment, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or on grounds of an important public interest of the European Union or of a Member State.

If processing has been limited in accordance with the above conditions, you will be informed by the controller responsible before the limitation is lifted.

4. Right to erasure

a) Erasure obligation

You can request that the controller erase personal data concerning you without delay, and the controller has the obligation to erase these data wherever one of the following grounds applies:

1.    the personal data about you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

2.    the personal data about you have been collected in relation to the offer of information-society services referred to in Art. 8(1) GDPR.

3.    the personal data about you must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

4.    the personal data applicable to you have been unlawfully processed;

5.    you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR;

6.    you withdraw consent on which the processing is based according to Art. 6 (1) (1) (a) GDPR, or Art. 9 (2) (a) GDPR, and where there is no other legal ground for the processing;

b) Forwarding information to third parties

Where the controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure shall not apply if processing is required

1.    for exercising the right of freedom of expression and information;

2.    for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

3.    for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) GDPR as well as Art. 9 (3) GDPR;

4.    for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

5.    for the establishment, exercise or defence of legal claims.

5. Right to be informed

If you have exercised your right to have the controller rectify, erase or limit processing of personal data, the controller shall have an obligation to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of these data, or of the limitation on processing thereof, unless this proves impossible or involves a disproportionate effort.

You have the right to vis-à-vis the controller to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

1.    the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and

2.    the processing is carried out by automated means.

In exercising his or her right, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not extend to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (1) (e) or (f) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information-society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to revoke the data-protection declaration of consent

You have the right to revoke your data-protection declaration of consent at any time. Revocation of consent will not affect the legality of processing undertaken on the basis of this consent prior to its revocation.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

1.    is necessary for entering into, or performance of, a contract between you and a data controller,

2.    is authorised by European Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

3.    is based on your explicit consent.

However, these decisions may not be based on specific categories of personal data pursuant to Art.9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect rights and freedoms as well as your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

 

IV. General information on data processing

1. Scope of processing of personal data

We process our users’ personal data only insofar as this is necessary for the provision of an operational website along with our content and services. The processing of our users’ personal data is undertaken periodically and only subject to the user’s consent. An exception applies in those cases in which prior consent cannot be obtained for legal or factual reasons and the processing of these data is permitted by applicable law.

2. Legal basis for the processing of personal data

Where we obtain the consent of the data subject for processing steps, Article 6 (1) (1) (a) of the EU General Data Protection Regulation (GDPR) serves as a legal basis.

Art. 6 (1) (1) (b) GDPR shall form the basis in law for the processing of personal data as required for performance of a contractual agreement to which the data subject is a party. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Art. 6 (1) (1) (c) GDPR shall form the basis in law for the processing of personal data as necessary to fulfil a legal obligation to which our company is subject.

Art. 6 (1) (1) (d) GDPR shall form the basis in law in cases in which the vital interests of the data subject or of another natural person require the processing of personal data.

Art. 6 (1) (1) (f) GDPR shall form the basis in law for cases in which this processing is necessary to the protection of a legitimate interest of our company or of a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the aforementioned interest.

3. Data deletion and storage duration

The data subject’s personal data will be deleted or blocked as soon as the purpose for which they were stored no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data will be blocked or deleted even if a storage deadline prescribed by the above-mentioned standards expires, unless data storage is a necessity for the conclusion or performance of a contract.

 

V. Deployment of the website and creation of log files

1. Description and scope of data processing

With every visit to our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected in this connection: Date and time of access

The data are also stored in the log files of our system. Not affected by this are the user’s IP addresses or other data that enables assignment of the data to a user. These data are not stored together with other personal data of the user.

2. Basis in law for the processing of data

The legal basis for the temporary storage of data and is Art. 6 (1) (1) (f) GDPR.

3. Purpose of data processing

Temporary storage of an IP address by the system is necessary to enable delivery of the website to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session. These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 (1) (1) (f) GDPR.

4. Period of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of data collection for provision of the website, this will be undertaken once the respective session has ended.

5. Option for objection and removal

Collection of data for provision of the website and the storage of data in log files are absolutely necessary for operation of the website. Consequently, there is no option for objection on the part of the user.

 

VI. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser to the user’s computer system. If a user visits a website, a cookie may be stored to the user’s operating system. This cookie contains a distinctive

character string that enables precise identification of the browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the browser accessing the website be identifiable even after a site change.

The following data is stored and transmitted in the cookies:

(1) Language settings
(2) Log-in information

b) Basis in law for the processing of data

The basis in law for the processing of personal data using cookies is Art. 6 (1) (1) (f) GDPR.

c) Purpose of data processing

The purpose for using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. In this case, the browser has to be recognised even after changing the page.

We require cookies for the following applications:

Applying language settings

These purposes also encompass our legitimate interest in the processing of personal data in accordance with Art. 6 (1) (1) (f) GDPR.

d) Period of storage, option for objection and removal

Cookies are stored on the user’s computer, which then transmits them to our website. As a user, you thus have full control of the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can be done automatically as well. If cookies are disabled for our website, it may no longer be possible to make full use of all of the website’s functions.