Company: ALANOD GMBH & CO.KG
Address: Egerstraße 12
58256 Ennepetal, Germany
German CRN: HRA 4567
Managing Directors: Oliver Storbeck (CEO)
Telephone: +49 2333 986-500
Contact Data Protection Officer:
Confidential to the data protection officer
Address: Egerstraße 12
58256 Ennepetal, Germany
1. Nature of Data processed:
• Contact Details (i.e. email, telephone numbers)
• User Information (what websites were visited, shown interest in particular contents, time spent online)
2. Processing of special categories of personal data (Article 9, Paragraph 1 GDPR)
• No special categories of data will be processed.
3. Persons affected by the processing of personal data:
• Customers / Interested parties / Suppliers
• Interested parties and users of the Website
In the following, the parties concerned will generally be termed as “users”.
4. Purpose of personal data processing:
• Provision of online services, its content and function
• Provision of contractual services, customer support and customer relation management
• Processing of customer inquiries
• Marketing, Advertising and Market Research
5. Relevant Legal Regulations:
We hereby inform you of the legal basis for our collection of personal data from a data subject, as laid out in Article 13, EUDATAP. If the legal background should not be mentioned in the EUDATAP, then the following regulations apply: the legal basis for the obtaining of consent is Article 6 §1 (a), and Article 7, EUDATAP, the legal basis for the processing and compliance of our performance and implementation of contractual measures as well as processing of queries is Article 6 §1 (b), EUDATAP, the legal basis for processing and compliance of our legal responsibilities is Article 6 §1(c), EUDATAP and the legal basis for the processing and protection of our justified interests is Article 6 §1 (f), EUDATAP. In case the vital interests of the affected person, or another natural person that requires the processing of personalised data, Article 6 §1 (d), EUDATAP refers.
6. EUDATAP Changes and Updates
7. Security of Processing
Subject to the below provisions of Article 32, EUDATAP, we will implement the appropriate technical and organisational measures to secure an adequate level of security, appropriate to the risk, under consideration of the state of the art, the costs of implementation, the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. These measures include in particular the guarantee of confidentiality, integrity and availability of data through physical data control; furthermore data access, data input, data transfer, the securing of data availability as well as data separation are an integral part of these measures. Furthermore, we have implemented procedures which guarantee the observation of the rights of the user affected, data deletion and measures in the event of data compromise. Additionally, we already consider the protection of personal data during the process of development and/or selection of hardware and software; additionally procedures which comply with the principle of a data protection by design and safeguard privacy through default settings. (Article 25 EUDATAP)
One of the safety measures include specifically encrypted data transfer between your browser and our server.
8. Cooperation with processors and third parties
Provided that, as part of our data handling, personal data will be disclosed, transmitted or made accessible to other persons or enterprises (processors or Third Parties), then this will only be executed (for example when the transfer of personal data to a third party, such as a payment service provider is required to execute a contract) in compliance with Article 6, par. 1b EUDATAP on the lawfulness of processing; the same applies when you have given your consent, a legal obligation so provides, or our justified interests this require (for example in the event of the employment of contractors or webhosters, etc.)
9. Personal data transfer to third countries
In case we should process personal data in a third country, (i.e. outside the European Union (EU)) or the European Economic Area (EEA)) or should this be done while employing the services of third parties or during the disclosure or transfer of personal data to third parties, then this will only take place under the basis of our (pre-) contractual obligations, on the basis of your consent, or on the basis of legal obligations or our legitimate interests. Subject to legal or contractual authorisation, we will process or have third party processing personal data in a third country under the condition that the prerequisites as stipulated in Article 44, EUDATA are given. I.e. personal data processing takes place on the basis of specialised guarantees, such as the officially acknowledged confirmation of a data security standard comparable to the EU ( for example for the US through the `Privacy Shield`, or the observation of officially acknowledged special contractual obligations (or so-called ‘standard contractual clauses’).
10. Rights of access by the persons concerned
10.1. You have the right to obtain confirmation whether or not personal data is being processed and request information concerning this personal data, as well as further information as well as a copy of this data, as stipulated in Article 15, EUDATAP
10.2. You have the right to have incomplete personal data completed or inaccurate personal data rectified, as stipulated in Article 16, EUDATAP
10.3. You have the right to obtain that personal data be erased without undue delay as stipulated in Article 17, EUDATAP; you have the right to request restrictions of personal data processing as stipulated in Article 18, EUDATAP.
10.4. You have the right to obtain that personal data that concerns you and which were provided by you, be preserved, as stipulated in Article 20, EUDATAP, or be transmitted to further controllers.
10.5. As stipulated in Article 77, EUDATAP, you have the right to submit a complaint with a local supervisory authority.
11. Right of Revocation
You have the right to withdraw your given consent at any time as stipulated in Article 7 §3, EUDATAP and this shall not affect the lawfulness on consent before its withdrawal.
12. Right to object
You have the right, at any time, to object to the future processing of personal data, as stipulated in Article 21, EUDATAP. Your right to object can be asserted particularly with regard to the processing of personal data for direct marketing purposes.
13. Cookies and Right to object direct marketing
General objections to the implantation of online marketing cookies, even tracking cookies, are explained on the following American website abaoutads.info/choices/ or European Website youronlinechoices.com. Furthermore, cookies can be blocked in the settings of your browser. Please beware that in this case you might not be able to use all functions on the website.
14. Right to Erasure
14.2. Legal requirements demand the storage of data (Trading books, Inventory, Opening Balance Sheets, Year-End Reports, Business Correspondence, Order Documentation, etc.) for 6 years, as stipulated in the German Commercial Code, §257 (1), while the following documents, such as Books, Notes, Annual Reports, Bookkeeping Documentation, Correspondence, Tax Documents, etc. require a legal storage period of 10 years, as stipulated in §147 (1) of the German Fiscal Code.
15. Contractual Services
15.1. We process inventory data (i.e. names, addresses, contact details), contract details, (i.e. services used by customers, names of contact persons etc.) in order to fulfil our contractual obligations as stipulated in Article 6 §1 (b), EUDATAP. All online mandatory information requests are required for the completion of a business contract.
15.2. Data erasure takes place upon completion of the legally required retention / storage requirements and or similar obligations; the options for data erasure are reviewed every three years. In the event of legally required storage periods, erasure takes place upon the completion of this time period (6 years is the legally required storage period for business documentation while 10 years storage period is required for tax documentation). Data remains in customer accounts until this erasure.
16. First Customer Controller Contact
16.1. As soon as the customer contacts us (per online contact form or email) all data provided by the customer will be processed, as stipulated in Article 6 §1 (b), EUDATAP.
16.2. Customer data will be saved/stored in our Customer Relationship Management (CRM) system or with the help of an equivalent customer management tool.
16.3. We erase all inquiries, provided this data is no longer required. We review these requirements every two years. Customer inquiries are saved in the long-term and customer accounts will provide details concerning erasures. In the event of legally required storage periods, erasure procedures will be executed after the required time period – i.e. 6 years for business documentation and 10 years for tax documentation.
17. Access Data Recording and Log Files
17.1. Based on our legitimate interest as laid out in Article 6 §1 (f), EUDATAP we collect data of every visitor to our website, of every access to our server, where our customer management software, the so-called web server log files, are installed. Access data includes the IP address of the requesting processor, website name, URL data, date and time of access, volume of data transmitted, data identifying the browser software and operating system, website from which our site was accessed, IP address and the name of your internet service provider.
17.2. For security reasons, log file information will be stored for up to 7 days and then erased (i.e. to prevent internet abuse and fraud). Data, used as evidence in a criminal procedure will only be erased after the case has been closed.
18. Online Presence in Social Media
18.1. We are currently online with a Facebook Business Page in order to provide product information and to communicate with customers, prospective buyers and users who are active in social media. Usage of the different networks and platforms is governed by the terms and conditions as well as the privacy policies of the appropriate providers.
19. Cookies and Range Measurement
19.1. Cookies contain information which is transferred from our webserver or the webservers of third parties to the user’s web browser where they are stored and can be later retrieved. Cookies can be small text files or other tools for saving data.
19.2. We use “session-cookies”, which will only be stored during their actual current time visiting our website. A session-cookie contains a randomly generated Identification Number, a so-called session-ID. This cookie contains information which website placed the cookie as well the storage time limit. These cookies cannot store any further data. When a user leaves our website, logs out or closes their browser, then these session cookies are erased.
19.3. Included in this privacy statement you will find further information on cookies for the use of pseudonymous range measurement.
19.4. If users do not wish that cookies be installed on their computer, then they should disable cookies in their browser settings. Saved cookies can be deleted in the Options menu of the browser. Blocking cookies might mean that navigation options on our website will be limited.
http:/www.aboutads.info/choices/ – US American website
http:/www.youronlinechoices.com/uk/your-ad-choices/ – European website
20. Google Analytics
20.2. Google has been certified to the US Privacy Shield framework and thus guarantees to adhere to the European data protection regulations.
20.3. Google will use this information on our behalf in order to analyse user behaviour, to issue reports concerning user activities on our website, and will provide further services analysing the usage of our online presence. In this context processed data can be used to generate anonymous user profiles.
20.4. We use Google Analytics in order to safeguard that ads provided by Google and its partners will be only presented to those users who are interested in our online product range and who have shown interest in certain topics or products because certain websites were visited previously. This information will be redirected to Google (so-called Remarketing or “Google-Analytics-Audiences”). Through Remarketing Audiences we want to also guarantee that our ads will only be presented to interested parties rather than appearing annoyingly to non-interested users.
20.5. We use Google Analytics solely with activated IP anonymization. This means that for users in the European Union, or further member states of the EU, their IP addresses are shortened. Only in exceptional cases will the user’s full IP address be transferred to a server in the US and then there shortened.
20.6. The user’s IP address, which has been provided to Google by a browser, will not be linked with other Google data. Users can disable cookies in their browser settings; additionally users can prevent that data reflecting their online behaviour, collected by cookies, can be used by Google by downloading and installing a browser-plugin from the following website: tools.google.com/dlpage/gaoptout.
20.7. Further information on the Google data protection policy is available under the following link: google.com/intl/de/policies/privacy/partners, settings options under the following link: policies.google.com.technologies/ads, and opt out options under the link: adssettings.google.com/authenticated
20.8. We use the Google “AdWords” online marketing service. For this purpose every Google AdWords customer receives a different “conversion-cookie”. Cookies cannot be traced via the website of AdWords customers. The information provided and collected by the cookies help to generate conversion statistics for AdWords customers who have chosen Conversion tracking. AdWords customers learn about the total number of users, who have clicked on their ad and then were directed to a new site which was furnished with a conversion-tracking tag. However, they receive no information which would enable them to personally identify users.
20.10. If you wish to opt out of interest-based ads provided by Google Marketing Services, then the following link will provide help provided by Google: adssettings.google.com/authenticated
21. Integration of Third Party Services and Content
21.1. Based on our justified interests (i.e. interest in analysis, optimisation and profitable use of our online services according to Article 6 §1(f), EUDATAP, we use content and services offers from third parties in order to integrate their content and services (i.e. videos and text (below referred to as “content”)). This requires that third parties involved are presented with the users’ IP address, since without this the content could not be sent to the browser. The IP address is therefore required for the presentation of the content. We strive to only use such content provided by third parties who only use IP addresses for the delivery of content. Furthermore third parties might use so-called pixel tags (invisible graphics, sometimes called “web beacons”) for statistical or marketing purposes. Pixel tags provide information which help to analyse information, such as visitor traffic on the website. The anonymous information can be saved as cookies on the user’s device; they can further include technical information concerning the browser and operating system, referenced websites, time spent as well as further information referring to our online services; this information can then be combined with information from other sources.
• External Fonts from Google, LLC., www.google.com/fonts (“Google Fonts”) The integration of Google Fonts is through a server request at Google (generally in the USA).
Opt out under: adssettings.google.com/authenticated
• External Code of Java Script Frameworks “jQuery” is provided through the third party jQuery Foundation, jquery.org