Personal data is any information that relates to an identified or identifiable natural person. This includes, for example, your name, your address and communication data or your e-mail address.
Processing means any process or series of operations performed with or without the aid of automated processes in connection with personal data such as collection, recording, organisation, ordering, storage, adaptation or modification, reading, querying, use, disclosure by submission, dissemination or other form of provision, matching or linking, restriction, deletion or destruction.
Affected person is any identified or identifiable natural person whose personal data is processed by the controller.
The person responsible or "person responsible for processing" is the natural or legal person, public authority, body or other authority that, alone or in concert with others, decides on the purposes and means of processing personal data.
User includes all categories of persons affected by data processing. They include our business partners and other visitors to our website.
For the terms used, we also refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR). The terms used, such as "users" are to be understood as gender-neutral.
1. Name and address of the responsible personAZO GmbH & Co. KG
Rosenberger Straße 28
Tel. +49 6291/92-0
Fax +49 6291/92 95 00
Representative of the responsible person is the managing director Rainer Zimmermann
You can contact our data protection officer by e-mail to firstname.lastname@example.org or using our postal address and addressing it to "the data protection officer".
2. Data protection officer
3. Processing of personal data
3.1. Visit our website
3.1.1. Scope of data processingWhen you visit our website, your browser also transmits certain data to our web server for technical reasons. This includes the following data (so-called server log files):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the requirement (specific page)
- Operating system and its access status / HTTP status code
- Transmitted data volume
- Website that receives the request ("Referrer URL")
- Browser, language and version of the browser software
3.1.2. Purpose of data processingThe storage of this data in log files is necessary to ensure the functionality of the website. They help us to optimise the website and to ensure the security of our information technology systems.
3.1.3. Legal basis of processingWe collect this data on the basis of our legitimate interest within the meaning of Article 6 para. 1 lit. f GDPR to be able to view our website and to ensure its security.
3.1.4. Period of data retentionInformation in the log files are stored for security reasons (e.g. to investigate abuse or fraudulent activities) for a maximum of thirty days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from deletion until final clarification of the incident.
3.1.5. Right of objection and removalThe collection of data for the provision of the website and its storage in log files is essential for operation for technical reasons. There is consequently no right of objection on the part of the user.
3.2. Contact form and e-mail contact
3.2.1. Scope of data processingThere is a contact form available on our website, which you are welcome to use to contact us electronically. If you would like to use this option, first select the desired subsidiary and type of inquiry (e.g. General, After Sales, Personnel / Administration). This will ensure that our responsible in-house departments will receive your message.
The data entered in the form is transmitted to us and processed. These include the choice of subsidiary, type of request, title, name, e-mail address, company and the message text.
Alternatively, you can send us an e-mail to the e-mail address email@example.com.
You also have the option of contacting your contact person by e-mail. In this case, the personal data transmitted with your e-mail will be stored.
The data is used to process the conversation and the request.
3.2.2. Purpose of data processingThe processing of the personal data from the form serves us only to process the contact. When making contact by e-mail, this also includes the required legitimate interest in processing the data. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
3.2.3. Legal basis of processingWhen contacting us (via contact form or e-mail), the details of the sender are used to process the contact request in accordance with. Article 6 para. 1 lit. b) GDPR processed.
3.2.4. Period of data retentionThe data will be deleted as soon as it is no longer required for the purpose it was collected. When the particular conversation with the user has ended, the personal data from the input mask of the contact form and data sent by e-mail is deleted. The conversation has ended when it can be inferred from the circumstances that the relevant facts have been clarified and concluded.
3.2.5. Right of objection and removalYou have the possibility at any time to revoke your consent to process your personal data. In such a case, the conversation can not continue. Please direct your revocation to firstname.lastname@example.org. All personal data stored during the course of making contact will be deleted in this case.
3.3. Job applications (career)
3.3.1. Scope of data processingIf you are interested in joining the AZO Group, you can apply online. You will find jobs that we have advertised under the menu item "Career". You can also send us a speculative application.
If you apply to us by e-mail, we will process the data you submit to us to complete the application process.
Your personal data can be seen by the Human Resources Department and the responsible staffing department.
3.3.2. Purpose of data processingWe process personal data in order to reach a decision on whether to establish an employment relationship, in particular for the selection process for suitable candidates and the administrative implementation of the application process.
3.3.3. Rechtsgrundlage der VerarbeitungLegal basis is § 26 (1) BDSG-new
3.3.4 Legal basis of processing
If the application results in an employment relationship, we process this data to initiate an employment relationship. This data will then be maintained in our human resource management system.
If the application does not result in an employment relationship, this data is deleted 3 months after completing the application process in accordance with period of limitation set out by the AGG, unless the applicant has a given consent under Article 6 (1) (a) GDPR and Art. 7 GDPR for longer-term retention of his personal data in order to be considered for new job offers if necessary.
3.3.5. Right of objection and removalThe information you provide to us can be replaced or deleted at any time upon request. To do this, please send an e-mail to the responsible Human Resources Department where you have applied. In the case of the AZO Group this is email@example.com.
This does not apply if you have applied for a specific position with us in an ongoing application process. In this case, we will store the information you provide for this position until the statutory periods of legal action expire (in particular § 15 AGG).
3.4. Spare parts inquiries and spare parts orders
3.4.1. Scope of data processingYou have the option of requesting or ordering spare parts electronically using a form. In this case, we process the following data from the input screen: customer address, customer number, contact person, telephone, fax number, e-mail address, company name, order number, AZO order number of the system, billing address, delivery address, item, article number, description, quantity, article remark, remarks, shipping method.
3.4.2. Purpose of data processingWe process this data to be able to supply you with the desired or requested spare parts.
3.4.3. Legal basis of processingWe process this data to complete a contract. The legal basis for this is Article 6 para. 1 lit. b) DS-GMO
3.4.4. Period of data retentionThe data stored with us is deleted as soon as it is no longer required for its purpose and its deletion does not conflict with any statutory retention periods. Retention periods are necessary for commercial and tax reasons. According to legal requirements, retention is for 6 years in accordance with § 257 (1) HGB (commercial letters, accounting documents) and for 10 years in accordance with § 147 (1) AO (e.g. accounting documents, commercial and business letters, documents relevant for taxation).
3.4.5. Right of objection and removalThe data processed in connection with an order are subject to commercial and tax retention requirements. There is consequently no right of objection on the part of the user.
3.5. Appointment agreement
3.5.1. Scope of data processingWith many of the trade fairs we attend, you have the possibility to make an appointment with one of our employees online beforehand. To do this, we process the following data: industry, first name, last name, company, street, zip code, city, e-mail address, telephone number, day of your visit.
3.5.2. Purpose of data processingWe process this data in order to coordinate and reach an agreement regarding an appointment at our booth.
3.5.3. Legal basis of processingThe legal basis for the processing of the data transmitted during the course of an appointment is Article 6 (1) lit. f GDPR. If the appointment is aimed at pre-contractual measures, then the additional legal basis for processing this data is Article 6 para. 1 lit. b GDPR.
3.5.4. Period of data retentionThe data stored with us is deleted as soon as it is no longer required for its purpose and the appointment has taken place.
3.5.5. Right of objection and removalYou have the opportunity to revoke your personal data at any time. In such a case, the appointment can not be made. A revocation should be addressed to firstname.lastname@example.org. All personal data stored during the course of making contact will be deleted in this case.
- Transient cookies are automatically deleted when you close the browser. These include in particular so-called session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. When you return to our website, your computer can be recognised. The session cookies are deleted when you log out or close the browser.
3.6.3. Legal basis of data processingDThe legal basis for the processing of personal data using the technically necessary cookies is Article 6 para. 1 lit. f GDPR.
3.6.4. Period of data retentionSession cookies are deleted as soon as the browser is closed.
Please note, however, that in this case you may not be able to use all functions of our website.
3.7. Google Analytics
3.7.1. Scope of data processingWe use Google Analytics, a web analytics service provided by Google Irleand Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
The information collected by Google about your use of this website (e.g. the pages of our site you visited) will be transmitted to a server at Google in the USA, stored there, analysed and the result made available to us in anonymous form.
On our website we use the IP anonymisation offered by Google. Your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
Google is certified in EU-US Privacy Shield to provide data privacy levels at Google in the US.
3.7.2. Purpose of data processingGoogle uses this information on our behalf to evaluate the use of our website and to compile reports on the activities within our website. This allows us to enhance your online experience and increase the usability of our website.
3.7.3. Legal basis of processingFor the above-mentioned purposes, we have a legitimate interest in the data processed by Google Analytics. The legal basis is Article 6 para. 1 lit. f GDPR.
3.7.4. Period of data retentionSessions and campaigns end after a certain amount of time. By default, sessions will end after 30 minutes of no activity and campaigns after six months. Campaign timeout can be a maximum of two years.
3.7.5. Right of objection and removalThe IP address transmitted by your browser will not be merged with other data provided by Google. You can prevent the storage of cookies by a corresponding setting in your browser software, as described above in the section "Cookies". You may also prevent Google from collecting the data generated by the cookie and your use of our website as well as the processing of this data by Google by downloading and installing the available Google browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=de.
If you want to prevent the future collection of your data by Google Analytics when visiting our website on various devices (especially mobile devices such as smartphones and tablets), you must opt-out on all the systems you use.
Does this click button work or is it still being worked on
3.8. Google AdWords
3.8.1. Scope of data processingWe use Google AdWords to advertise our offers on external websites with the help of advertising materials (so-called Google Adwords). These advertising materials are supplied by Google via so-called "ad servers". To do this, we use ad server cookies that measure certain performance metrics such as ads or user clicks. If you access our website through a Google ad, Google AdWords will store a cookie on your PC. We have described above what cookies are and how they can be deleted. These cookies allow Google to recognise your Internet browser. If a user visits certain pages of an AdWords customer's website and the cookie stored on their computer has not expired, Google and the customer will be able to detect that the user clicked on the ad and was redirected to that page. Each AdWords customer is assigned a different cookie. Cookies cannot be tracked via the websites of AdWords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We receive only statistical evaluations from Google. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information.
Based on the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no control over the scope and the further use of the data, which is collected by the use of this tool by Google and therefore inform you according to our knowledge level: By incorporating AdWords Conversion, Google receives the information indicating that you have retrieved a particular part of our website or have clicked on an ad of ours. If you are registered with a service provided by Google, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find and store your IP address.
3.8.2. Purpose of data processingWe can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. We are interested in showing you ads that are interesting to you, in making our website more interesting to you and in achieving a fair calculation of advertising costs.
3.8.3. Legal basis of processingThe processing of data is done in our legitimate interest to design purposeful advertising. The legal basis is Article 6 para. 1 lit. f) GDPR.
3.8.4. Period of data retentionThese cookies usually lose their validity after 30 days and are not intended to identify you personally. This cookie will typically store the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant to post-view conversions), and opt-out information (mark that the user does not wish to be contacted) as analysis values.
3.8.5. Right of objection and removalYou can prevent participation in the tracking procedure in different ways: a) by making a corresponding setting in your browser software, in particular, by suppressing third-party cookies, so that you do not receive ads from third-party providers; b) through deactivation of cookies for conversion tracking by setting your browser so that cookies from the domain "www.googleadservices.com" are blocked, https://www.google.de/settings/ads, although this setting is deleted when you delete your cookies; c) through deactivation of interest-based ads of the provider that are a part of the self-regulating campaign "About Ads" via the link http://www.aboutads.info/choices, although this setting is deleted when you delete your cookies; d) through permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome via the link http://www.google.com/settings/ads/plugin .
For more information about privacy at Google, see: http://www.google.com/intl/en/policies/privacy and https://services.google.com/sitestats/de.htm l. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
3.9. Google Remarketing
3.9.1. Scope of data processingIn addition to AdWords Conversion, we use the Google Remarketing ("Google Marketing Services") of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, ("Google").
This is a process we would like to use to contact you again. This application allows you to see our ads after visiting our website as you continue to use the Internet. This is done by means of cookies stored in your browser that Google uses to record and evaluate your usage behaviour when visiting various websites. We have described above what cookies are and how they can be deleted. These cookies can be used to analyse user behaviour when visiting our website and then use it for targeted product recommendations and interest-based advertising.
This is how Google determines your previous visit to our website. According to Google, the data collected during the remarketing is not combined with your personal data, which may be stored by Google. In particular, pseudonymisation is used in remarketing according to Google.
For these purposes, when Google and our other websites accessing Google Marketing Services are directly accessed by Google, a code will be executed by Google and so-called (re)marketing tags (invisible graphics or code, also called "Web Beacons ") are incorporated into the website. With their help, an individual cookie is stored on the device, that is a small file (instead of cookies, comparable technologies can also be used). This file notes which web pages the user visited, what content he is interested in and what offers he has clicked on, as well as technical information about the browser and operating system, referring web pages, visiting time and other information on the use of the online offer. The IP address of the users is also recorded, although in the context of Google Analytics we disclose that the IP address is shortened within member states of the European Union or other contracting states of the Agreement in the European Economic Area and only in exceptional cases transmitted to one Google server in the US and shortened there. The IP address will not be merged with the data of the user from other offers from Google. The above-mentioned information may also be linked by Google with such information from other sources. If you visit a Google Network website after visiting our website, you may be presented with advertisements containing content from our website.
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
3.9.2. Purpose of data processingOn our behalf, Google uses this information to redirect former visitors of our site to our site and target them with interest-based advertising.
3.9.3. Legal basis of processingWe use information on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Article 6 (1) lit. DGPR)
3.9.4. Period of data retentionSessions and campaigns end after a certain amount of time. By default, sessions will end after 30 minutes of no activity and campaigns after six months. Campaign timeout can be a maximum of two years.
If you wish to opt-out of interest-based advertising from Google Marketing Services, you can take advantage of Google's recruitment and opt-out options: http://www.google.com/ads/preferences.
We take technical, contractual and organisational measures to secure the processing of data according to the state of the art. In this way, we ensure that the provisions of the Data Protection Act, in particular the General Data Protection Regulation, are complied with and the data processed by us is protected against destruction, loss, alteration and unauthorised access. One of these security measures is the encrypted transfer of data between your browser and our servers. Please note that SSL encryption is only activated for transmissions made over the Internet if the key symbol appears in the lower menu bar of your browser window and the address begins with https://. Secure Socket Layer (SSL) protects data transmission against third-party data piracy using encryption technology. If this option is not available, you may choose not to send certain data over the Internet.
4. Data security
All information that you submit to us will be stored and processed on our servers in the Federal Republic of Germany.
Data is only transferred to third parties within the scope of legal requirements. We only pass on user data to third parties if, for example, on the basis of Article 6 para. 1 lit. b) GDPR, this is required for contract purposes or based on legitimate interests in accordance with Art. 6 para. 1 lit. f. GDPR on the economical and effective running of our business operations.
5. Disclosure of data to third parties and third party providers
In the context of order processing according to Article 28 GDPR, we employ subcontractors to provide our services, in particular, for the operation, maintenance and hosting of IT systems. We have taken appropriate legal precautions and appropriate technical and organisational measures to protect personal data in accordance with the applicable laws.
6. Social media plug-ins and external servicesWe include external services or content on our website. This is done on the basis of our legitimate interests in optimising and improving our online offering. The legal basis for the use of the plug-ins is Article 6 para. 1 sentence 1 lit. f DS-GMO.
We use the following social media plug-ins: Facebook, Twitter, Xing, LinkedIn, Youtube, and Instagram. We use the so-called two-click solution. In other words, when you visit our site, no personal data is initially passed on to the providers of the plug-ins. The provider of the plug-in can be identified by the marking on the box above its initial letter or logo.
We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and activate it, the plug-in provider receives the information that you have accessed the particular website of our online service.
When using such a service or the display of third party content, communication data such as date, time and IP address are exchanged between you and the respective provider for technical reasons. Specifically, this is your IP address which is required to display content in your browser.
We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing, the retention periods. We also have no information on how to delete the data collected by the plug-in provider.
The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or tailor-made website design. Such an evaluation is carried out in particular (also for non-logged-in users) for displaying needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, however, you must contact the respective plug-in provider to exercise this right.
Since the plug-in provider carries out the data collection, in particular via cookies, we recommend that you delete all cookies before clicking on the greyed-out box using the security settings in your browser. We have described above how cookies can be deleted.
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged into the plug-in provider, your data collected from us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend logging out regularly after using a social network, but especially before activating the button, as this is how to prevent the plug-in provider from assigning data to your profile.
The following list provides an overview of third-party providers as well as their contents and links to their privacy statements, which contain further notes on the processing of data and how to object.
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; Further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy . Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy,
- Instagram LLC, represented by Kevin Systrom and Mike Krieger, 1601 Willow Rd, Menlo Park, California 94025, USA; https://help.instagram.com/519522125107875?helpref=page_content
If we process personal data from you, you are the person affected by the General Data Protection Regulation (GDPR) and you have the following rights of the personal data concerning you:
7. Your rights
- Right to be informed (Article 15 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to restrict processing (Article 18 GDPR),
- Right to data portability (Article 20 GDPR)
- Right to object to processing (Article 21 GDPR)