This data protection declaration describes how personal data is processed by the operator of the website and whether and to whom this data is passed on.
Within the framework of this data protection declaration, the rights of those concerned are described, as are the measures taken by the operator to protect the privacy of customers and users.
According to Art. 4 No. 1 DSGVO, personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as first and last name, address, telephone number, e-mail address, but also the IP address. This includes data that is knowingly transmitted by the user himself, for example in the context of contact requests, but also system data such as browser type and version, operating system used, referrer URL and the time of the server request, which are automatically collected and stored by the provider of the website when the user’s browser transmits them.
In this context, processing within the scope of the GDPR always occurs when operations such as collection, recording, organisation, ordering, storage, adaptation, modification, reading out, querying, use, disclosure by transmission, dissemination or another form of provision, comparison or linking, restriction, deletion or destruction are carried out with or without the aid of automated processes.
The data controller is the owner of the company that operates this website. For this website this is:
Altano Group Ltd.
Telephone: +49 2594 9190 500
An external data protection officer has been entrusted with the concerns of data protection and thus the protection of the privacy of the user of the website. This is:
Dipl.-jur. Sebastian Wulf
The legal bases for processing are, on the one hand, the user’s consent to the processing (Art. 6 para. 1 p. 1 a) DSGVO), the necessity to fulfil a contract (Art. 6 para. 1 p. 1 b) DSGVO) and the protection of legitimate interests (Art. 6 para. 1 p. 1 f) DSGVO).
Rights of the user
The rights of the user are based on Chapter 3 of the DSGVO. These are in particular:
- the right to receive information about the origin, recipient and purpose of the stored personal data,
- the right to demand the correction, blocking or deletion of the data,
- the right to lodge a complaint with the competent supervisory authority,
- the right to demand the restriction of personal data, and
- the right to revoke consent once given.
The competent supervisory authority is the State Data Protection Commissioner(s) of the state in which the operator of this website has its registered office. For the operator of this website this is:
State Commissioner for Data Protection and Freedom of Information
PO Box 20 04 44
Fax: +49 211/38424-999
Duration of storage
The duration of the storage of personal data depends on the purpose of the storage of the data:
- Data that is technically necessary for the operation of the website will be deleted as soon as the aforementioned personal data is no longer required to display the website. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object to this aspect. Further storage may take place in individual cases if this is required by law.
- Data transmitted for the purpose of fulfilling a contract will be deleted as soon as it is no longer required for the purpose of its processing. However, there may be additional legal obligations to retain data, for example, obligations to retain data under commercial or tax law in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO). If such retention obligations exist, the data will be deleted at the end of these retention obligations.
- Data transmitted as part of an order process will be deleted as soon as they are no longer required to achieve the purpose of the processing. In addition, there may also be legal obligations to retain this data, for example, obligations to retain data under commercial or tax law in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO). If such retention obligations exist, the data will be deleted at the end of these retention obligations.
A contact form is offered on the website, which can be used for electronic contact. The data entered there will be transmitted to the operator and stored. This data is used exclusively for contact purposes and is not passed on to third parties. Processing is based on the user’s consent. Data entered will be deleted after the purpose has been achieved.
As an alternative to the contact form, the e-mail address shown on the website or other contact options can be used.
In the course of using the website, cookies, small files, are used which are saved by the user’s browser on his or her end device. Some functions of the website cannot be offered without the use of technically necessary cookies. Other cookies enable various analyses. For example, some cookies can recognise the browser used when the website is visited again and transmit various information to the website operator. Cookies are used to facilitate and improve the use of the website. Among other things, cookies can be used to make the website more user-friendly and effective by tracking the use of the website and determining the preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via the browser. Cookies do not cause any damage to the end device. They cannot execute any programmes and cannot contain any viruses. Various types of cookies are used on the website, the type and function of which are explained below:
The website uses so-called temporary cookies or session cookies, which are automatically deleted as soon as the browser is closed. This type of cookie makes it possible to record the so-called session ID. This makes it possible to assign various browser requests to a common session and to recognise the user’s terminal device during subsequent visits to the website.
So-called permanent cookies are also used. Permanent cookies are cookies that are stored in the user’s browser for a longer period of time and can transmit information. The respective storage period differs depending on the cookie. Permanent cookies can be deleted independently via the browser settings.
Analytical cookies are also used to monitor anonymised user behaviour on the website.
In addition, advertising cookies are used to track user behaviour for advertising and targeted marketing purposes.
Social media cookies allow the website to connect to the user’s social networks and share website content within the user’s networks.
Tracking and analysis tools
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called “cookies”. These are text files that are stored on the user’s computer and enable an analysis of the use of the website. The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored on the basis of Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
The IP anonymisation function is activated on this website. This means that the user’s IP address is shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by the browser as part of Google Analytics will not be merged with other Google data.
Objection to data collection
The user can prevent the collection of data by Google Analytics by clicking on the following link. An opt-out cookie will be set, which will prevent the collection of data during future visits to this website: Deactivate Google Analytics.
Plugins and tools
The website uses the map service Google Maps via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Furthermore, material from the OpenStreetMap service in Cambridge, UK is also integrated via an iframe or by retrieving the map images from the provider’s server. To our knowledge, the user data is used by OpenStreetMap exclusively for the purpose of displaying the map functions and temporarily storing the selected settings. This data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually executed within the framework of the settings of their mobile devices).
In order to use the functions of the map services, it is necessary to store the IP address of the user. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
The use of map services is in the interest of an appealing presentation of our online offers and an easy location of the places indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
Data transfer to third parties
The website operators only pass on users’ personal data to third parties if:
Express consent has been given in accordance with Art. 6 para. 1 lit. a) DSGVO.
This is legally permissible and necessary according to Art. 6 para. 1 lit. a) DS-GVO for the fulfilment of a contractual relationship with the users or the implementation of pre-contractual measures.
According to Art. 6 para. 1 lit. c) DS-GVO, there is a legal obligation for the transfer to state authorities, such as tax authorities, social insurance carriers, health insurance companies, supervisory authorities and law enforcement agencies.
The disclosure according to Art. 6 para. 1 lit. f) DS-GVO is necessary for the protection of legitimate business interests, as well as for the assertion, exercise or defence of legal claims and there is no reason to assume that the user has an overriding interest worthy of protection in the non-disclosure of the data.
If, in accordance with Art. 28 DS-GVO, external service providers (so-called order processors) are used for processing, who have been obliged to handle the data with care.
Service providers are used in the following areas:
When transferring data to external bodies in third countries, i.e. outside the EU or EEA, it is ensured that these bodies treat the users’ personal data with the same care as within the EU or EEA.
Personal data will only be transferred to third countries where the EU Commission has confirmed an adequate level of protection or where the careful handling of personal data is ensured by contractual agreements or other appropriate safeguards.
I.1 Data transmission to Creditreform
When contracts are concluded and in certain cases where there is a justified interest, the creditworthiness of existing customers is also checked. For this purpose, we cooperate with Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, from which we receive the data required for this purpose. On behalf of Creditreform Boniversum, the following information is provided in advance in accordance with Art. 14 EU-DSGVO:
Creditreform Boniversum GmbH is a consumer credit agency. It operates a database in which creditworthiness information on private individuals is stored. On this basis, Creditreform Boniversum provides creditworthiness information to its customers. Clients include, for example, credit institutions, leasing companies, insurance companies, telecommunication companies, receivables management companies, mail-order, wholesale and retail companies as well as other companies that supply goods or services. Within the framework of the legal provisions, part of the data available in the information database is also used to supply other company databases, including for use for address trading purposes. In the Creditreform Boniversum database, information is stored in particular on the name, address, date of birth, e-mail address (if applicable), payment history and shareholdings of individuals. The purpose of processing the stored data is to provide information on the creditworthiness of the person inquired about. The legal basis for the processing is Art. 6 para. 1f EU-DSGVO. Accordingly, information about this data may only be provided if a customer credibly demonstrates a legitimate interest in knowing this information. If data is transferred to countries outside the EU, this is done on the basis of the so-called “standard contractual clauses”, which can be accessed at the following link:
The data is stored as long as its knowledge is necessary for the fulfilment of the purpose of the storage. As a rule, knowledge is necessary for an initial storage period of three years. After expiry, it is checked whether storage is still necessary, otherwise the data is deleted on the exact day. In the event that a case is settled, the data will be deleted on a daily basis three years after settlement. Pursuant to section 882e of the Code of Civil Procedure (ZPO), entries in the debtors’ register are deleted on a daily basis after three years have elapsed since the date of the entry order.
Legitimate interests in the sense of Art. 6 para. 1f EU-DSGVO can be: credit decision, business initiation, shareholding, claim, credit assessment, insurance contract, enforcement information.
The user has the right to obtain information from Creditreform Boniversum GmbH about the personal data stored about him/her. If the data stored is incorrect, the user has the right to have it corrected or deleted. If it cannot be determined immediately whether the data is incorrect or correct, the user has a right to block the respective data until clarification. If the data is incomplete, the user may request that it be completed.
If consent has been given for the processing of data stored by Creditreform Boniversum, the user has the right to revoke this consent at any time.
The revocation does not affect the lawfulness of the processing of the data carried out on the basis of consent up to any revocation.
In the event of objections, requests or complaints regarding data protection, the data protection officer of Creditreform Boniversum can be contacted at any time. The data protection officer assures you that he or she will be able to help you quickly and confidentially in all matters relating to data protection. The right to lodge a complaint with the responsible state data protection commissioner remains unaffected.
The data stored by Creditreform Boniversum comes from publicly accessible sources, from debt collection companies and from their customers. In order to describe the creditworthiness, Creditreform Boniversum creates a score value for the data. The score value includes data on age and gender, address data and, in some cases, payment experience data. This data is included in the score calculation with varying weighting. Creditreform Boniversum clients use the score values as an aid in making their own credit decisions.
Right of objection:
The processing of the stored data is carried out for compelling reasons worthy of protection of creditors and credit protection, which regularly outweigh the interests, rights and freedoms of the user or serves the assertion, exercise or defence of legal claims. The user may only object to the processing of his/her data for reasons that arise from a special situation and must be proven. If such special reasons can be proven, the data will no longer be processed.
The responsible party within the meaning of Art. 4 No. 7 EU-DSGVO is Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss. The contact person is the Consumer Service, Tel.: 02131 36845560, Fax: 02131 36845570, E-Mail: email@example.com.
The data protection officer can be contacted at the following address: Creditreform Boniversum GmbH, Data Protection Officer, Hammfelddamm 13, 41460 Neuss, e-mail: firstname.lastname@example.org.
I.2 Data transfer to YouTube
We use the YouTube.com platform to post our own videos and make them publicly accessible. YouTube is the service of a third party not affiliated with us, namely YouTube LLC.
Some of the Internet pages of our website contain links or connections to the YouTube website. In general, we are not responsible for the content of linked websites. However, if you follow a link to YouTube, we would like to point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes.
We also directly embed videos stored on YouTube on some of our Internet pages. With this integration, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only called up by clicking on them separately. This technique is also called “framing”. When you call up a (sub-)page of our website on which YouTube videos are embedded in this form, a connection is established to the YouTube servers and the content is displayed on the website by informing your browser.
YouTube content is only integrated in “extended data protection mode”. YouTube itself provides this mode and thus ensures that YouTube does not initially save any cookies on your device. However, when the relevant pages are called up, the IP address and the other data mentioned in section 4 are transmitted and thus, in particular, information is provided as to which of our Internet pages you have visited. However, this information cannot be attributed to you unless you have logged in to YouTube or another Google service (e.g. Google+) before accessing the page or are permanently logged in.
As soon as you start the playback of an embedded video by clicking on it, YouTube only saves cookies on your device through the extended data protection mode, which do not contain any personally identifiable data, unless you are currently logged in to a Google service. These cookies can be prevented by appropriate browser settings and extensions.
I.3 Data transfer to Softgarden as part of the recruiting tool
For the efficient implementation of application procedures, we use an applicant management system of softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin (contact: email@example.com), which operates the applicant management as a processor within the meaning of Art. 4 No. 8 DSGVO. A contract for order processing in accordance with Art. 28 DSGVO has been concluded with the provider, which ensures compliance with the provisions of data protection law.
We remain your first point of contact for exercising your data protection rights and for handling the application process. You can contact us directly or, if indicated, confidentially contact the data protection officer using the details of the data controller given above.
Cookies are small text files used by websites to make the user experience more efficient.
By law, we may store cookies on your device if they are strictly necessary for the operation of this site. For all other cookie types we need your permission.
This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.
You can change or withdraw your consent at any time from the cookie statement on our site.
Please provide your consent ID and date when you contact us regarding your consent.