Privacy Policy

Data protection information (information obligations according to Art. 13 GDPR)

As we see it, data protection should be transparent, easily understandable, and, above all, fair for all sides. On the one hand, this data protection notice informs you about which personal data we collect and use from you, whether it is disclosed to third parties and, if so, to whom, how long we store the data and what rights you have, should you not agree with our responsible handling of your data. However, if you have any questions, please do not hesitate to contact us using the contact details below.​. 

Definitions: So that we are all using the same assumptions, we want to start with some definitions. This ensures that all parties involved know our assumptions and what we are talking about.​

Personal data: This is all information that relates to an identified or identifiable natural person (hereinafter “data subject”). A natural person is regarded as identifiable who, directly or indirectly, in particular by being assigned to an identifier such as a name, an identifying number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

Data subject: Data subjects are any identified or identifiable natural persons whose personal data is being processed by the data controller.

Processing: Processing is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organisation, classification, storage, adaptation, modification, accessing, querying, use, disclosure through transmission, dissemination or any other form of provision, comparison, or linking, restriction, deletion or destruction.​

Third-party processor: The data controller is a natural or legal person, authority, institution or other body that processes personal data processed on behalf of the data controller.

Restriction of processing: This is understood to mean the marking of stored personal data with the aim of restricting its future processing.​

ProfilingAny type of automated processing of personal data that consists of this personal data being used to determine certain personal aspects that relate or evaluate a natural person, in particular those aspects analysing or predicting work performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts, or movement of this natural person.

Pseudonymisation: This means that data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organisational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person​.

Data controller: Natural or legal person, authority, institution or other body, who alone or jointly with others decides on the purposes and means of processing personal data; If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states.​

Recipient: Any natural or legal person, authority, institution or another body to which personal data is disclosed, regardless of whether it is a third party or not. Authorities who, as part of a specific investigation, may receive personal data under Union law or the law of the member states, but are not considered recipients; the processing of this data by the named authorities takes place in accordance with the applicable data protection regulations in accordance with the purposes of the processing.​

Third party: This is a natural or legal person, authority, institution or other body, apart from the data subject, the data controller, the processor and the persons who are under the direct responsibility of the data controller or the processors authorised to process the personal data.​

Consent: This is any voluntary declaration of intent given by the data subject for the specific situation, in an informed manner and unequivocally in the form of a declaration or other unequivocal affirmative action with which the data subject can be understood indicates that they agrees to the processing of personal data concerning them.​

Name and contact details of the data controller

The data controller responsible for processing the data is

Auer Gruppe GmbH
Bodenseeallee 2
78333 Stockach
T +49 7771 9305-0
M datenschutz@auer-gruppe.de

Data Protection Officer

You can reach our data protection officer as follows:

TÜV SÜD Pluspunkt GmbH
– Herr Arne Westphal –
Workplace Safety, Environmental Protection, Data Protection
Wiesenring 2

04159 Leipzig
m +49 175 899 41-96
M datenschutzbeauftragter@auer-gruppe.de

Collection of personal data when using the site for informational purposes

​If you only use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you want to look at our website, we collect only the following data technically necessary for us to be able to display our website to you and to guarantee its stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):

  • IP address when using the contact form
  • Date and time of the enquiry posted on thecontact form
  • Content of the enquiry
  • Website from which the enquiry was sent

UOur contact form is provided with SSL encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.​

Use of cookies

(1) We use cookies on our website. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a characteristic string of characters and through which certain information flows to the place that sets the cookie. Cookies cannot run programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer more user-friendly and effective overall, i.e. more pleasant for you.​

(2) Cookies can contain data, that make it possible to recognize the device used. In some cases, however, cookies only contain information about certain settings that cannot be related to a person. However, cookies cannot identify a user directly.​ 

(3) A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is again made between:​

  • Technical Cookies: hese are absolutely necessary in order to move around the website, to use basic functions and to guarantee the security of the website. They neither collect information about you for marketing purposes, nor do they save which websites you have visited.
  • Performance Cookies: These collect information about how you use our website, which pages you visit and whether there are errors that occur during your use of the website usage. They do not collect any information that could identify you – all information collected is anonymous and is only used to improve our website and to find out what interests our users.​
  • Advertising Cookies / Targeting Cookies:These are used to provide website users with interest-based advertising on the website or to offer offers from third parties and to measure the effectiveness of these offerings. Advertising and targeting cookies are stored for a maximum of 13 months
  • Sharing Cookies: These are used to improve the interactivity of our website with other services (e.g. social networks). Sharing cookies are stored for a maximum of 13 months.​

(4) Every use of cookies that is not technically necessary represents data processing that is only permitted with your express and active consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we only pass on your personal data processed by cookies to third parties if you have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.​

(5) Further information about which cookies we use and how to manage your cookie settings and deactivate certain types of tracking can be found in our Cookie Policy.

Use of functions on our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do this, you usually have to provide additional personal data that we use to provide the respective service. If additional voluntary information is possible, this is marked accordingly.​

((2) When you contact us by e-mail or using the contact form, we will save your e-mail address and if you provide thisyour name and telephone number in order to answer your questions (legal basis is Art. 6 Para. 1 S. 1 lit. b GDPR).​

Disclosing data to third parties

(1) We will only pass on your personal data to third parties if we participate in campaigns, competitions, bookings or conclude contracts together with a third party provider. this case, you will be informed separately about the transfer to third parties before your data is passed on.

(2) In some cases, we use external service providers to process your data These were carefully selected by us and commissioned in writing. They are bound by our instructions and are regularly checked by us. The service providers will not pass this data on to third parties. If these service providers are based in the USA, we will inform you of this in connection with the respective functions. This data processing also takes place in accordance with the applicable legal situation​. We would like to point out that in the USA there is currently no adequate level of data protection and there is also no adequacy decision by the EU Commission. We also point out that due to the CLOUD Act and other regulations (e.g. intelligence collection powers according to Section 702 FISA and Executive Order 12 333), US authorities can access this data and you do not have the rights of data subjects in the USA, as is the case within the EU.​<

Use of Google Maps

(1) On this website we use the offer of Google Maps, provided you have given us your consent (Art. 6 Para. 1 a GDPR). This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function.​

(2) When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under point (3) of this declaration will be transmitted. This happens regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged into Google, your data will be assigned directly to your account. If you do not want the assignment to your profile on Google, you must log out before activating the button. Google stores your data as a user profile and uses it for advertising, market research and / or needs-based design of its website. Such an evaluation takes place in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you can exercise your right to object. You must address this to Google.

(3) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information about your rights and the settings you can make to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA. We would like to point out that there is currently no adequate level of data protection in the USA and that there is no adequacy decision by the EU Commission. We also point out that due to the CLOUD Act and other regulations (e.g. intelligence collection powers according to Section 702 FISA and Executive Order 12 333) US authorities can access this data and you are not entitled to the rights of data subjects in the USA, as is the case within the EU.

Use of Google Analytics

(1) This website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to record your use of the website in order to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage.​

(2) The IP address transmitted by your browser as part of Google Analytics is not saved other data from Google.​

(3) You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functionsin full. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by using the browser plug-in available under the following link. download and install www.tools.google.com/dlpage/gaoptout?hl=de.

(4) This website uses Google Analytics the extension “_anonymizeIp ()”. As a result, IP addresses are further processed in abbreviated form, which means that personal references can be excluded. If the data collected about you is personal, this is excluded immediately and the personal data is deleted immediately.​

(5) If you have given your consent, we use Google Analytics to analyze the use of our website and to be able to regularly improve it. Using the statistics obtained, we can improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is your consent per Article 49, para. 1, Sentence 1, Letter a GDPR, insofar as the data processing takes place in the USA, or Article 6 para. 1 lit a GDPR, insofar as the data processing is carried out by Google in Ireland. In principle, data processing takes place in Ireland, but Google reserves the right to process the data in the USA as well. In this respect, we would like to point out that there is currently no adequate level of data protection in the USA and that there is no adequacy decision by the EU Commission. We also point out that due to the CLOUD Act and other regulations (e.g. intelligence service collection authorityaccording to Section 702 FISA and Executive Order 12 333) US authorities can access this data and you do not have the rights of data subjects in the USA, as is the case within the EU.​

(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms and conditions:www.google.com/analytics/terms/de.html, Data protection: www.google.com/intl/de/analytics/learn/privacy.html, and privacy policy: www.google.de/intl/de/policies/privacy.

(7) This website also uses Google Analytics for a cross-device analysis of visitor flows that are transmitted via a User ID is carried out. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.​

Google Webfonts

(1) This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font will be used by your computer.​

(2) Further information on Google web fonts can be found at www.developers.google.com und in Google’s privacy policy: www.google.com/intl/de/policies/privacy. Google also processes your personal data in the USA. We would like to point out that there is currently no adequate level of data protection in the USA and that there is no adequacy decision by the EU Commission. We also point out that due to the CLOUD Act and other regulations (e.g. intelligence collection powers according to Section 702 FISA and Executive Order 12 333) US authorities can access this data and you are not entitled to the rights of data subjects in the USA, as is the case within the EU.​

Integration of YouTube Videos

(1) We have integrated YouTube videos into our online offering, which are stored on YouTube and can be played directly from our website. These are all integrated in the “extended data protection mode”, which means that no data about you as a user will be transmitted to YouTube f you do not play the videos. Only when you play the videos will the data mentioned in para. (2) be transmitted. We have no influence on this data transfer.​

(2)When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under point (3) of this declaration will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want the assignment to your profile on YouTube, you must log out before activating the button. YouTube saves your data as a user profile and uses it for advertising, market research and / or needs-based design of its website. Such an evaluation takes place in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right..

(3) Further information on the purpose and scope of data collection and its processing by YouTube can be found in the data protection declaration. There you will also find further information on your rights and setting options for protection of your privacy:https://www.google.de/intl/de/policies/privacy. We would like to point out that there is currently no adequate level of data protection in the USA and that there is no adequacy decision by the EU Commission. We also point out that due to the CLOUD Act and other regulations (e.g. intelligence collection powers according to Section 702 FISA and Executive Order 12 333) US authorities can access this data and you are not entitled to the rights of data subjects in the USA, as is the case within the EU.

Recipients or categories of recipients

If we pass your personal data on to third parties, you will be explicitly informed of this in the description of the respective data processing (e.g. when using our contact form). Of course, we also use external service providers for the technical and organizational processing, with whom we have concluded corresponding order processing agreements within the meaning of Art. 28 GDPR. These are, for example, service providers for web hosting, sending emails, maintaining and servicing our IT systems, etc​.

Storage period

Your data will be stored for as long as it is absolutely necessary to achieve the respective purpose, but no longer than as long as any statutory provisions require us to do so (e.g. under commercial law we are obliged to keep business letters, which can also include e-mails, for ten years)​.

If the purpose of storage is no longer applicable or a storage period prescribed by the aforementioned regulations expires, the personal data will be routinely blocked or deleted.​

Your Rights

In this section, we would like to provide you with comprehensive information about your rights.​n.

Right to information

You have the right to request information from us at any time as to whether we are processing personal data relating to you. If this is the case, you have the right to information regarding the information specified in Art. 15 para. 1 clause 2 GDPR.​

You have the right to request information about whether the personal data relating to you is in a third country or an international one Organization. In this context, you can request to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transmission.​

Right to correction

Furthermore, according to Art. 16 GDPR, you have the right to demand that we correct the incorrect personal data concerning you without delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data – including by means of a supplementary declaration.

Right to erasure ("right to be forgotten")

You also have the right to request that we delete personal data relating to you immediately. We are obliged to comply with this request and to delete personal data, unless we are legally obliged or authorized to further process your data. For details, please refer to Art. 17 GDPR.

Right to restrict processing

You have the right to demand that we restrict processing, provided that the legal requirements according to § 18 GDPR are met.

The right to notification

According to Art. 19 GDPR, if you have asserted the right to correction, deletion or restriction of processing, we are obliged to notify all recipients to whom the personal data relating to you have been disclosed of this correction or deletion of the data or restriction of processing unless this proves impossible or involves disproportionate effort.​

ou have the right to be informed about these recipients by us.​<

Right to data portability

If your data is processed by us with your consent or on the basis of a contract, you have the right to receive your personal data in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another person responsible, provided that the legal requirements according to Art. 20 GDPR.​

Right to object

Right to object based on your particular situation

You have the right to object at any time for reasons that arise from your particular situation against the processing of your personal data, which is based on Art. 6 para. 1 lit. e or f GDPR. This also applies to profiling based on these provisions.

We will no longer process the personal data relating to you, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to object to the processing of data for direct marketing purposes​

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising to insert; this applies to profiling insofar as it is related to such direct mail.​

If you object to processing for direct mail purposes, the personal data relating to you will no longer be processed for these purposes.​

You have the option of using services in connection with the use of services of the information society – regardless of Directive 2002/58/EC – to exercise your right of objection by means of automated procedures in which technical specifications are used.​

The right to revoke consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.

Automated decision in individual cases, including profiling

​​​You have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effects on you or which significantly affects you in a similar manner. This does not apply if the decision​​​

​​

    ​​

  1. ​​​is necessary for the conclusion or performance of a contract between you and the person responsible, is​​​
  2. ​​

  3. ​​​permissible on the basis of Union or Member State law to which the person responsible is subject, and these legal provisions take appropriate measures to safeguard your rights and freedoms as well Contain your legitimate interests or​​​
  4. ​​

  5. ​​​with your express consent.​​​
  6. ​​

​​

​​​However, these decisions may not be based on special categories of personal data are based on Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests​​​

​​

​​​In the cases mentioned above, the person responsible takes appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to express their own position and to contest the decision.​​​

Right to lodge a complaint

​​​Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is against​​​

​​

​​​The supervisory authority to which the complaint has been lodged will inform the complainant about the status and the results of the complaint including the possibility of a judicial remedy according to Art. 78​​​

​​

​​​​​​

​​

​​​​​​​​
​​
​​
​​​​​​
​​​​​ GDPR​
​​​​​ ​​​​poststelle@lfdi.bwl.deW​​​​​
​​​​​ ​​​​​​www.baden-wuerttemberg.datenschutz.de​​​​​​​
​​

Legal basis of the processing

​​​Unless already mentioned in the individual processing operations under the previous para.s, we will now show the legal bases on which we carry out the data processing.​​​

​​

​​​Insofar as we obtain the consent of the data subject for processing of personal data, Article 6 (para. 1) lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.​​​

​​

​​​When processing personal data that is required to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.​​​

​​

​​​As far as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. para. 1 lit. c GDPR serves as the legal basis.​​​

​​

​​​In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.​​​

​​

​​​If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject prevail If the first interest does not exist, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.​​​

No obligation to provide personal data

​​​We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. For you as a customer there is basically no legal or contractual obligation to provide us with your personal data. However, it may be that we can only provide certain offers to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case within the scope of the products presented by us, you will be informed of this separately.​​​

Changes to our privacy policy

​​​We reserve the right to make changes at any time to ensure that our data protection declaration always complies with the current legal requirements. This also applies in the event that the data protection declaration has to be adapted due to new or revised services.​​​

Um zu gewährleisten, dass unsere Datenschutzerklärung stets den aktuellen gesetzlichen Vorgaben entspricht, behalten wir uns jederzeit Änderungen vor. Das gilt auch für den Fall, dass die Datenschutzerklärung aufgrund neuer oder überarbeiteter Leistungen angepasst werden muss.