AUMA Riester GmbH & Co. KG
Introduction
We are pleased that you visit our website. AUMA Riester GmbH & Co. KG (hereinafter "AUMA“, "we“ or "our“) attaches great importance to the security of the user data and the respect of data protection regulations. We would like to inform you with the follow on the processing of your personal data by our website.
Controller and data protection officer
Controller:
AUMA Riester GmbH & Co.KG, Aumastr. 1, 79379 Muellheim
Phone: +49 7631 809 1250
Data protection officer:
Terminology
The terminology used in this privacy policy are to be understood as legally defined in Art. 4 GDPR.
Notes on data processing
Automated data processing (log files etc.)
You may visit our website without actively disclosing personal data. However, we will automatically store access data (server log files) whenever you access the website. This includes, for example, the name of your internet service provider, the operating system used, the website from which you have accessed our website, date and duration of your visit or the name of the requested file, as well as - for security reasons e.g. to detect attacks to our website, the IP address of the computer used for a period of 14 days. This data is exclusively evaluated to improve our service portfolio and but will not allow to identify you personally. The data is not merged with other data sources. Art. 6(1) point f) GDPR serves as legal basis for data processing. Data will be used and processed for the following purposes: 1. Provision of the website, 2. Improvement of our websites and 3. Prevention and detection of errors/malfunctions as well as misuse of the website. Processing is done in the legitimate interests of ensuring functionality and fault-free and safe operation of the website and adapting the website to the requirements of the users.
Use of cookies (general information, functions, opt-out links, etc.)
To improve the user experience and enable the use of certain functions, our website uses so called cookies. The use of cookies serves our legitimate interest of creating a most pleasant used experience and is based on Art. 6(1) point f) GDPR. Cookies are standard internet technology for saving and retrieving login and other use information for all website users. Cookies are small text files stored on your end device. They enable us among others to store user settings allowing website display in customized for your device. Some of the cookies we use will be deleted when terminating the browser session, i.e. once the browser is closed (so called session cookies). Other cookies will remain on your end device and will enable us or our partner company to remember your browser on your next visit (so called persistent cookies).
You may adjust your browser settings so that you will be informed about the setting of cookies and will either be prompted to accept them or you may block cookies in certain cases or generally. Furthermore, cookies may be deleted at a later date to remove data stored by the website on your computer. Deactivation of cookies (so-called opt out) might impair some functionalities of our website.
Data subject category:
Website users, users of online services
Opt out:
Legal basis:
Consent (Art. 6(1) point a) GDPR); legitimate interest (Art. 6(1) point f) GDPR).
The respective valid legal basis is specified for respective tool.
Legitimate interests:
Saving of opt-in preferences, representation of the website, ensuring of the functionality of the website, maintenance of user status for the complete website, recognition of the new website visitor, user-friendly online service, ensured chat function
Online marketing
To continuously increase awareness and reach of online services, we process personal data within the framework of online marketing, in particular with regard to potential interests and for measuring the efficiency of our marketing activities.
For measuring the efficiency of our marketing activities and identification of potential interests, relevant information is stored using cookies or similar technologies. Data stored in cookies may included viewed contents, visited web representations, settings and used functions and systems. However, for the described purposes, no non-obfuscated personal data of the users is processed. The data will be anonymised so that the actual identity of the user is neither known to us nor to the provider of the tool used. The anonymised data is often stored in user profiles.
Should user profiles be stored, the data can be read, amended and completed on the server of the online marketing technology when using other online services relying on the same online marketing technology.
The success of our advertisements can be determined on the basis of summarised data supplied by the online marketing technology provider (so called conversion tracking). Within the framework of the conversion tracking activities, we can identify whether a marketing activity has initiated a purchase decision of the visitor of our online service. The evaluation analyses the success of our online marketing.
Data subject category:
Website users, users of online services, interested parties, communication partners, business partners and contracting parties
Data category:
Usage data (e.g. websites visited, interest in contents, access times), meta and communication data (e.g. device information, IP addresses), geolocation data, contact data, content data
Purposes of processing:
Marketing (to some extent interest-based and activity-related), conversion tracking, target group segmentation, click tracking, marketing strategy development and increase of campaigning efficiency
Legal basis:
Consent (Art. 6(1) point a) GDPR); legitimate interests (Art. 6(1) point f) GDPR)
Legitimate interests:
Optimisation and further development of the website, profit increase, customer loyalty and acquisition
Google Tag Manager
Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy:
Opt-out-link:
Legal basis:
Legitimate interest (Art. 6(1) point f) GDPR)
Legitimate interests:
Coordination of different tools, management, simple usability and representation
Google Analytics
Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy:
Opt-out-link:
Legal basis:
Consent (Art. 6(1) point a) GDPR)
Visable Website Leads
Service used:
Visable GmbH, ABC-Straße 21, 20354 Hamburg, Germany
Privacy policy:
Legal basis:
Legitimate interest (Art. 6(1) point f) GDPR)
Legitimate interests:
Customer relations and acquisitions, B2B, increase in profits, efficient organisation of B2B sales activities
Social media
We manage online presence on social networks and career platforms to exchange information with registered users and get into contact with these users.
Data of users in social networks is to some extent used for market research and consequently advertising campaigns. User profiles can be created on the basis of the user activities, e.g. indicating their interests, to provide customised adverts for special interest target groups. To this end, cookies are stored on a regular basis on the end devices of the user, some of them irrespective of whether you have been registered as user of the social network or not.
Depending on the location of the headquarters of the social network, user data may be processed outside the European Union or outside the European Economic Area. This may present a risk to users as the enforcement of their rights might be difficult.
Data subject category:
registered users and non-registered users of the social network
Data category:
Master data (e.g. name, address), contact data (e.g. e-mail address, phone number), content data (e.g. texts, photos, videos), usage data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP address)
Purposes of processing:
Enhancement of reach, networking
Legal basis:
Legitimate interests (Art. 6(1) point f) GDPR), consent (Art. 6(1) point a) GDPR)
Legitimate interests:
Interaction and communication using social media presence, profit increase, insights on target groups
Instagram
Service used:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy:
Opt-out-link:
Facebook
Service used:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy:
Opt-out-link:
LinkedIn
Service used:
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Privacy policy:
Opt-out-link:
Twitter
Service used:
Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland
Privacy policy:
Opt-out-link:
YouTube
Service used:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy:
Opt-out-link:
Xing
Service used:
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
Privacy policy:
Plug-ins and embedded content of third parties
Our online presence and services included functions and contents by third parties. For example, videos, representations, buttons or contributions (hereinafter contents) can be embedded.
To be able to show the visitors of our online presence the respective content, the respective third party provider processes among others the IP address of the user to send the contents to the browser for display. Without this processing, embedding of third-party content is not possible.
For some functions, further information such as pixel tags or web beacons are collected by which the third-party provider gains information on the usage of the content or the user traffic on our online presence, technical information on the browser or the operating system of the users, the access time or on referring websites. The data collected is stored in cookies on the end device of the user. To protect the personal data of visitors of our online services, we have taken safety precautions to prevent automatic transfer of this data. The data will only be transferred once you click either the buttons or the third-party content. For this, we use the Shariff solution by Heise.
Information on the implementation of Shariff depending on the CMS system used can be found at:
Data subject category:
User of the plug-in
Data category:
Usage data (e.g. websites visited, interests, access data), meta and communication data (e.g. device information, IP address), contact data (e.g. e-mail address, phone number), master data (e.g. name, address)
Purposes of processing:
Customisation of our online presence, increase in reach of advertisements in social media, sharing of contributions and contents, interest- and activity-based marketing, cross-device tracking
Legal basis:
Consent (Art. 6(1) point a) GDPR)
Google Maps
Service used:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy policy:
Opt-out-link:
Legal basis:
Consent (Art. 6(1) point a) GDPR)
YouTube
Service used:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy policy:
Opt-out-link:
Legal basis:
Consent (Art. 6(1) point a) GDPR)
Contact
With our online services, we provide the opportunity to directly contact us or to obtain information on various contact options.
In case of a contact, we will process the data of the inquiring person to the extent necessary for responding or processing the request. Depending on how we have been contacted, the data to be processed may vary.
Data subject category:
Inquiring person
Data category:
Master data (e.g. name, address), contact data (e.g. e-mail address, phone number), content data (e.g. texts, photos, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address)
Purposes of processing:
Processing of inquiries
Legal basis:
Consent (Art. 6(1) point a) GDPR), performance or development of a contract (Art. 6(1) point b) GDPR)
Registration
We provide the option of registering as user on our website. Within the framework of the registration, we gather the data required for providing a user account and the respective functions from interested users.
In order to protect the usage the internal area, we collect the IP addresses and the time of access, to prevent misuse of the user account and unauthorised usage. The data will not be disclosed to third parties unless this is required to pursue our claims or demanded by legal requirement.
Data subject category:
Registered user
Data category:
Master data (e.g. name, address), contact data (e.g. e-mail address, phone number), content data (e.g. texts, photos, videos), meta and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interests, access times)
Purposes of processing:
Simplification of website functions, performance of contract, customer loyalty
Legal basis:
Consent (Art. 6(1) point a) GDPR)
Data transfer
We are a globally active company with headquarters in Germany. The data of visitors of our online presence will be stored in the central customer database in Germany while observing the valid data protection regulation and will be used throughout the group for internal administration purposes. Processing beyond administrative purposes does not take place.
Legal basis:
Legitimate interests (Art. 6(1) point f) GDPR)
Legitimate interests:
so-called minor corporate privilege, central management and administration within the group to make use of synergy effects, cost savings, increased efficiency
For the performance of contracts or meeting of legal obligations it might be necessary to disclose personal data. Should we not be provide with the required data, it might not be possible to conclude the contract with the data subject.
We transfer data to countries outside the EEA (so-called third countries). This is done for the above-mentioned purposes (transfer within the group and/or to third-party recipients). The transfer shall only be performed to meet our contractual or statutory obligation or on the basis of prior consent by the data subject. Furthermore, this transfer shall place while respecting the valid data protection legislation and in particular Art. 44 et seqq. GDPR, in particular due to adequacy decisions adopted by the European Commission or due to certain safeguards (e.g. standard data protection clauses, etc.).
Storage period
We generally save the data of visitors of our website for the time required to provide our services or if stipulated by the European body issuing directives or regulation or the laws and regulations by any other legislation authority to which we are subject. In all other cases we will delete personal data once the purpose is completed, except for those data we have to store in order to meet legal obligations (e.g. due to fiscal and commercial retention periods, we are obliged to store some documents such as contracts and invoices for a specified period.
Automated decision-making
We refrain from both automated decision-making and profiling.
Legal basis
The binding legal basis is predominantly the GDPR. The regulation is supplemented by national legislation of the Member states and must be applied together with or as supplement to the GDPR.
Consent:
Art. 6(1) point a) GDPR serves as legal basis for processing operations for which we have obtained a consent for a specified processing purpose.
Performance of contract:
Art. 6(1) point b) GDPR serves as legal basis for processing which is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation:
Art. 6(1) point c) GDPR serves as legal basis for processing which is necessary for compliance with a legal obligation.
Vital interests:
Art. 6(1) point d) GDPR serves as legal basis, if processing is necessary in order to protect the vital interests of the data subject or of another natural person.
Public interest:
Art. 6(1) point e) GDPR serves as legal basis for processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Legitimate interest:
Art. 6(1) point f) GDPR serves as legal basis for processing which is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Rights of data subjects
Right of access:
In compliance with Art. 15 GDPR, data subjects shall have the right to obtain from us confirmation as to whether or not personal data concerning him or her are being processed. They may claim access to this information as well as to the information listed in Art. 15(1) GDPR and claim a copy of their data.
Right to rectification:
In compliance with Art. 16 GDPR, data subjects shall have the right to obtain from us rectification of inaccurate personal data concerning him or her and have incomplete personal data completed.
Right to erasure:
In compliance with Art. 17 GDPR, data subjects shall have the right to obtain from us erasure of personal data concerning him or her without undue delay. As an alternative, they shall have the right to obtain from us restriction of processing of personal data concerning him or her in compliance with Art. 18 GDPR.
Right to data portability:
In compliance with Art. 20 GDPR, data subjects shall have the have the right to receive the personal data concerning him or her, which he or she has provided to us and have the right to transmit those data to another controller.
Right to lodge a complaint:
Furthermore, every data subject shall have the right to lodge a complaint with the competent supervisory authority in compliance with Art. 77 GDPR.
Right to object:
Should personal data be processed on the basis of legitimate interests in compliance with Art. 6(1) clause 1 point f) GDPR, data subjects shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her or if the objection against direct marketing. With regard to the latter, data subjects shall have a general right of objection without stating a particular situation to which will be implemented by us.
Withdrawal of consent
Some data processing operations require the explicit consent of the data subjects. They shall be allowed to withdraw their given consent at any time. An informal message or e-mail to dsb@auma.com shall be sufficient. The lawfulness of the data processing performed until the withdrawal of consent shall remain unaffected by the withdrawal of consent.
External links
Our website includes links to the online services of other providers. We hereby notify that we have no impact on the contents of linked websites and the respect of data protection regulations by their providers.
Changes
We reserve the right to change this privacy policy at any time in case of changes of our online services while heeding the valid data protection regulations, to ensure that they meet the statutory requirements.
