1. Information concerning the collection of personal data
1. Personal data
Information concerning the collection of personal data while our website is being used is set forth below. Personal data are all data that are relatable to you personally, such as your name, postal address, e-mail addresses, and user behaviour.
2. Controller within the meaning of GDPR
The controller pursuant to Art. 4 (7) EU General Data Protection Regulation (GDPR) is the limited liability company Allround Team GmbH, Widdersdorfer Str. 190, 50825 Cologne, Germany, Tel.: +49 221 995550-0, Fax: +49 221 995550-79, E-mail: info@allround-team.com, www.allround-team.com (see also our Legal notice). You can contact our data protection official by e-mailing datenschutzbeauftragter@allround-team.com or at our postal address for the attention of “Datenschutzbeauftragter”.
3. When you contact us
When you contact us by e-mail or by completing a contact form, we store the information you give us (your e-mail address and, if applicable, your name and telephone number) in order to answer your questions. We erase the data arising in this connection once they no longer need to be stored, or restrict the processing of same if statutory retention obligations exist.
4. External service providers
In case we engage service providers for individual aspects of our offering or wish to use your data for advertising purposes, details about the relevant processes are provided below. We also indicate the defined criteria governing the storage period.
5. SSL bzw. TLS encryption
This site uses SSL and/or TLS encryption for security reasons and to safeguard the transmission of confidential content, such as purchase orders and inquiries, that you send to us in our capacity as the site operator. The address in the browser address bar changes from http:// to https:// and the browser displays a closed padlock symbol when data are being transmitted in an encrypted format.
2.General information concerning data processing
1. Extent of processing of personal data
We process our users’ personal data as a general rule only to the extent required to provide a functioning website and our content and services. Our users’ personal data are processed as a rule only after the user concerned has granted consent. An exception applies in cases in which prior consent cannot be obtained for factual reasons and the processing of the data is admissible pursuant to statutory provisions.
2. Legal basis for the processing of personal data
If we obtain the consent of the data subject to our conducting of processing operations on personal data, the legal basis is provided by Art. 6 (1) Point a EU General Data Protection Regulation (GDPR). When the processing of personal data is required for the performance of a contract to which the data subject is a party, the legal basis is provided by Art. 6 (1) Point b GDPR. This applies likewise to processing operations required for the implementation of pre-contractual measures. If the processing of personal data is required for compliance with a legal obligation to which our enterprise is subject, the legal basis is provided by Art. 6 (1) Point c GDPR. In case the processing of personal data is made necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis is provided by Art. 6 (1) Point d GDPR. If the processing is necessary for the protection of a legitimate interest pursued by our enterprise or by a third party, and such interest is not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for the processing is provided by Art. 6 (1) Point f GDPR.
3. Data erasure and storage duration
The personal data of the data subject are erased or blocked as soon as the purpose of storage ceases to exist. Storage can additionally take place if envisaged by the European regulators or national legislators in Union regulations, laws or other provisions to which the controller is subject. The data are also blocked or erased if a storage time-limit specified by the forenamed rules expires, unless it is necessary for the data to remain stored for the purposes of concluding or performing a contract.
4. Data transmission upon conclusion of a contract for services and digital content
We transmit personal data to third parties only if necessary within the framework of contract execution, for example to the financial institution mandated to process payments. No other transmission of the data shall take place unless you have explicitly consented to same. Your data will not be passed to third parties without explicit consent, such as for advertising purposes. The basis for data processing is provided by Art. 6 (1) Point b GDPR, which allows the processing of data for the performance of a contract or the taking of steps prior to entering into a contract.
3. Provision of the website and creation of log files
1. Description and extent of data processing
Each time our website is visited, our system automatically collects data and information from the computer system initiating the visit. The following data are collected on these occasions:
Information about the browser type and the version being used
The user’s operating system
The user’s internet service provider
The user’s IP address
Date and time of access
Websites from which the user’s system accesses our website
Websites accessed by the user’s system from our website
The data are also stored in our system’s log files, but this does not apply to the users’ IP addresses or other data that allow the data to be attributed to a user.
These data are not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of the data is provided by Art. 6 (1) Point f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary in order to allow the website to be delivered to the user’s computer. For this purpose the user’s IP address has to be stored for the duration of the session. Our legitimate interest in data processing pursuant to Art. 6 (1) Point f GDPR also lies within these purposes.
4. Duration of storage
The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the data collected for the purpose of provisioning the website, this condition is satisfied once the session concerned has ended.
5. Ability to object and remove
The collection of data for provisioning the website and the storage of data in log files are essential for the purpose of operating the website. The user is therefore unable to object to these practices.
4. Use of cookies
a) Description and extent of data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored in the user’s operating system. This cookie contains a distinctive character string that allows the browser to be unmistakably identified when the website is visited again. We use cookies in order to enhance the user-friendliness of our website. Some elements of our website require that the browser initiating the visit can be identified even after another page has been visited. In this context the following data are stored and transmitted in the cookies: 1. Language settings. When visiting our website, the user is informed about the use of cookies for analytical purposes, and the user’s consent is obtained for the processing of the personal data used in this connection. Attention is also drawn to this data protection policy in this connection.
b) Legal basis for data processing
The legal basis for the processing of personal data entailing the use of technically necessary cookies is provided by Art. 6 (1) Point f GDPR. The legal basis for the processing of personal data entailing the use of cookies for analytical purposes, in cases in which the user has granted consent relating thereto, is provided by Art. 6 (1) Point a GDPR.
c) Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be provided without the use of cookies. For such functions, the browser must be identifiable even after another page has been visited. The user data collected by technically necessary cookies are not used to create user profiles. Our legitimate interest in the processing of personal data pursuant to Art. 6 (1) Point f GDPR also lies within these purposes.
d) Duration of storage, ability to object and remove
Cookies are stored on the user’s computer and transmitted to our site by this computer. As the user, therefore, you also have complete control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that are already stored can be erased at any time. This operation can also be automated. If cookies for our website are deactivated, it may no longer be possible to use all the functions of the website to the full extent. This website uses the following types of cookies; their scope and method of operation are explained below:
1. Transient cookies (cf. item da)
2. Persistent cookies (cf. item db)
da) Transient cookies are automatically erased when you close the browser. In particular, these include the session cookies. These store a session ID that allows various requests by your browser to be assigned to the joint session. This allows your computer to be recognised when you revisit our website. The session cookies are erased when you log out or close the browser.
db) Persistent cookies are automatically erased after a specified period, which can differ from cookie to cookie. You can erase the cookies at any time in the security settings of your browser.
dc) Cookies are stored on the user’s computer and transmitted to our site by this computer. As the user, therefore, you also have complete control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that are already stored can be erased at any time. This operation can also be automated. If cookies for our website are deactivated, it may no longer be possible to use all the functions of the website to the full extent.
df) We use cookies so that we can identify you when you revisit if you have an account with us. Otherwise, you would have to log in again each time you visit.
5. Contact form and e-mail contact
1. Description and extent of data processing
Our website contains a contact form that can be used to get in touch with us electronically. When a user utilises this function, the data entered in the input mask are transmitted to us and stored. The data consist of compulsory entries, which are name, e-mail address, message, security question (simple arithmetic task, which is not stored and consists entirely of JavaScript); and optional entries, which are company name, subject, and consent to storage of the entries (consent is not stored at present; it is a JavaScript function that activates the SUBMIT button when checked). When the message is sent, the following data are also stored: date and time of registration. During the sending operation, your consent to the data being processed is obtained and attention is drawn to this data protection policy. Contact can also be made by way of the provided e-mail address. In this case, the user’s personal data transmitted with the e-mail are stored. In this connection, the data are not passed to third parties. The data are used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the data processing in cases in which the user has granted consent is provided by Art. 6 (1) Point a GDPR. The legal basis for the processing of the data transmitted in the course of an e-mail being sent is provided by Art. 6 (1) Point f GDPR. If the contact made by e-mail serves the goal of concluding a contract, an additional legal basis for the processing is provided by Art. 6 (1) Point b GDPR.
3. Purpose of data processing
We process the personal data obtained from the input mask solely for the purpose of dealing with the contact. Where contact is made by e-mail, this purpose also provides the necessary legitimate interest in the processing of the data. The other personal data processed during the sending operation serve the purpose of preventing abuse of the contact form and ensuring the security of our information technology systems.
4. Duration of storage
The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. As regards the personal data obtained from the input mask of the contact form and those transmitted by e-mail, this condition is satisfied when the conversation with the user concerned has ended. The conversation is deemed to have ended when the circumstances indicate that the matter concerned has been conclusively resolved. Additional personal data collected during the sending operation are erased not later than after a period of seven days.
5. Ability to object and remove
The user can at any time revoke his/her consent to the processing of the personal data. If the user contacts us, he/she can at any time object to the storage of his/her personal data. Informal notification by e-mail or post/fax to the relevant address specified above (Clause I.) shall suffice for this purpose. The legality of the data processing occurring before the revocation shall remain unaffected by the revocation. In case of an objection to storage, the conversation cannot be continued. In this event, all personal data stored in connection with the contact are erased.
6. Rights of the data subject
If your personal data are being processed you are a data subject within the meaning of the GDPR which gives you the following rights vis-à-vis the controller:
1. Right of access
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, you have the right to obtain from the controller access to the following information:
the purposes of the processing of the personal data;
the categories of personal data which are being processed;
the recipients or categories of recipient to whom the personal data concerning you have been or will be disclosed;
the envisaged period for which the personal data concerning you will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of the data concerning you or restriction of processing by the controller or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from you, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
You have the right to be informed whether the personal data concerning you are transferred to a third country or to an international organisation. In this context, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
2. Right to rectification
You have the right to obtain from the controller the rectification and/or completion of inaccurate or incomplete processed personal data concerning you. The controller must make the rectification without undue delay.
3. Right to restriction of processing
You have the right to obtain from the controller restriction of processing of personal data concerning you where one of the following applies:
you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
Where processing of the data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in line with the above stipulations, you will be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Obligation to erase personal data: You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase such data without undue delay where one of the following grounds applies:
the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
you withdraw consent on which the processing is based according to Article 6(1) Point a, or Article 9(2) Point a GDPR, and where there is no other legal ground for the processing.
you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
the personal data concerning you have been unlawfully processed.
the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
the personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
b) Information provided to third parties: Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase such data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions: The right to erasure does not apply to the extent that processing is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 (2) as well as Article 9 (3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR in so far as the right referred to in (a) above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.
5. Right to notification
If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients, if you request it.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR, and
the processing is carried out by automated means.
In exercising this right, you furthermore have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw declaration of consent to data processing
You have the right to withdraw your declaration of consent to data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
is necessary for entering into, or performance of, a contract between you and the data controller;
is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
is based on your explicit consent.
Such decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority if you consider that our processing of personal data concerning you is unlawful. The supervisory authority having jurisdiction for us is the State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen Helga Block, Kavalleriestraße 2-4, 40213 Düsseldorf, Phone: +49 (0)2 11/384 24-0, Fax: +49 (0)2 11/384 24-10, E-mail: poststelle@ldi.nrw.de
[ga-optout text=”Disable Google Analytics”]
Date of data protection policy: 25 May 2018
