Privacy Policy

“Personal data” (pursuant to Art. 4 No. 1 GDPR, usually referred to just as "data" below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.

 

Per Art. 4 No. 2 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

 

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

 

Our privacy policy is structured as follows:

I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing

 

I. Information about us as controllers of your data
The party responsible for this website (the "controller") for purposes of data protection law is:

 

Alroko GmbH & Co KG 
Borsteler Chaussee 55
22453 Hamburg
Germany

 

Telephone: +49 40 530045-0
Fax: +49 40 530045-45
E-Mail: mail@alroko.de

 

The controller's data protection officer is:

 

- Data Protection Officer -
Alroko GmbH & Co KG 
Borsteler Chaussee 55
22453 Hamburg
Germany

 

Telephone: +49 40 530045-0
Fax: +49 40 530045-45
E-Mail: privacy@alroko.de

 

II. The rights of users and data subjects
With regard to the data processing to be described in more detail below, users and data subjects have the right

 

  • to confirm of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
  • to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
  • to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
  • to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
  • to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

 

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients or categories of recipients.

 

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller's future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

 

III. Information about the data processing
Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.

 

Server data


For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.

 

The data thus collected will be temporarily stored, but not in association with any other of your data.

 

The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.

 

The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

 

Order processing


The data you submit when ordering goods and/or services from us will have to be processed in order to fulfill your order. Please note that orders cannot be processed without providing this data.

 

The legal basis for this processing is Art. 6 Para. 1 lit. b) GDPR.

 

After your order has been completed and/or the business relationship has ended, your personal data will be deleted, but only after the retention periods required by tax and commercial law.

 

In order to process your order, we will share your data with e.g. the shipping company and/or warehousing company responsible for delivery to the extent required to deliver your order, the manufacturer to the extent required for manufacturing and possibly delivering them and/or with the payment service provider to the extent required to process your payment

 

The legal basis for the transfer of this data is Art. 6 Para. 1 lit. b) GDPR.

 

Data will possibly be transferred to recipients in a third country. This happens, depending on recipient and purpose, either based on an adequacy decision pursuant to Art. 45 Para. 1 & 3 GDPR, or based on appropriate safeguards (e.g. EU-standard data protection clauses 2004/915/EC) pursuant to Art. 46 Para. 2 lit c DSGVO, or pursuant to Art. 49 Para. 1 lit b & c GDPR, in cases where no adequacy decision or appropriate safeguards exist, but where the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request, or where the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person.

 

Credit checks and scores


If you accept any offer we make for you to pay for goods or services on account, we reserve the right to run a credit check with a credit bureau (such as Creditreform, Schufa, Bürgel, or infoscore) to obtain credit information determined on the basis of mathematical-statistical methods. For this purpose, any data you provide that is relevant to the contract, such as your name and address, will be forwarded to the credit bureau. We then use the information obtained about the statistical probability of default to decide whether we will offer you payment on account.

 

The legal basis for such processing is our legitimate interest to avoid default on our account per Art. 6 Para.1 lit. f) GDPR.

 

Contact


If you contact us via e-mail or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.

 

The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.

 

Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.

 

Online job applications / publication of job advertisements


We offer you the opportunity to apply for jobs with our company via our website. In the case of these digital applications, we collect your application data electronically in order to process your application.

 

The legal basis for this processing is §26 Para. 1 S. 1 BDSG in conjunction with Art. 88 Para. 1 GDPR.

 

If you are hired as a result of the application process, we will store the data you provide during the application process in your personnel file for the purpose of the usual organizational and administrative process, naturally in compliance with further legal obligations.

 

The legal basis for this processing is §26 Para. 1 S. 1 BDSG in conjunction with Art. 88 Para. 1 GDPR.

 

If we do not hire you, we will automatically delete the data submitted to us six months after the final decision is made. We will not delete the data, however, if we must store the data for legal reasons such as evidence pursuant to German equal treatment law (AGG) of applicants, until any legal action is concluded.

 

In this case, the legal basis is Art. 6 Para. 1 lit. f) GDPR and §24 Para. 1 No. 2 BDSG. Our legitimate interest lies in any legal defense we may have to mount .

 

If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, the data will be processed further on the basis of your consent. The legal basis is then Art. 6 Para. 1 lit. a) GDPR. You may withdraw your consent at any time with future effect per Art. 7 Para. 3 GDPR with future effect.

 

Miscellaneous


In case our company needs to process personal data to fulfill legal obligations, e.g. to comply with tax laws, the legal basis is Art. 6 Para. 1 lit. c) GDPR.

 

In rare cases it might be necessary to process personal data to protect vital interests of the data subject or another natural person. For example if a visitor to our offices is injured and we need to submit his name, his age, his health insurance data or other vital information to a doctor, a hospital or another third party. In such cases the legal basis is Art. 6 Para. 1 lit. d) GDPR.

 

Finally, data processing might be based on Art. 6 Para. 1 lit. f) GDPR. This legal basis can be used in case no other legal basis is applicable, and when processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing has specifically been mentioned as possible by the European legislator. Such legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client. (Recital 47 GDPR).

 

Created based on the Model Data Protection Statement by Anwaltskanzlei Weiß & Partner.

 

Last revision 08.06.2018