ATB Nordenham

Menu

Privacy Policy

Data protection declaration
Information on the EU General Data Protection Regulation

Data protection information
according to the EU General Data Protection Regulation – Status: 08/2024

General

We take the protection of your personal data very seriously. Your privacy is an important concern for us.

The following provisions serve to inform you about the processing of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR). In particular, taking into account the information obligations under Art. 12 to 14 GDPR, as well as to provide information about the rights of those affected under the GDPR in accordance with Art. 15 to 22 and Art. 34 GDPR.

Information about the responsible body

Responsible for the processing of your personal data is

ATB Nordenham GmbH
Helgoländer Damm 75
26954 Nordenham

Tel: +49 4731 365 0
Fax: +49 4731 365 159
E-mail:
info@atb-nordenham.de

Information about us as the responsible body and our contact details can be found in the Imprint

Contact details of the data protection officer

We have appointed a data protection officer for our company. You can reach him at info@daschug.de or by post (see imprint)

Purpose of data collection

The purpose of data collection is to optimize the website, analyze errors, tailor it to your individual needs, offer contact and, if necessary, sell goods and services.

General information on data processing

We generally only collect and use our users’ personal data to the extent that this is necessary to provide a functional website and our content and services or to the extent that you, as a user, provide this data to us by entering it voluntarily. The collection and use of personal data by you, as a user, usually only takes place after consent or to establish and carry out a legal transaction. An exception applies in cases where obtaining prior consent is not possible or disproportionate for actual reasons and the processing of the data is permitted by another legal provision.

Legal basis for processing your data:

  • If we obtain consent from the data subject for processing personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
  • When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
  • If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

Legitimate interests may be in particular:

  • answering inquiries;
  • carrying out direct marketing measures;
  • providing services and/or information intended for you;
  • processing and transferring personal data for internal or administrative purposes;
  • operating and managing our website;
  • providing technical support to users;
  • preventing and detecting fraud and criminal offenses;
  • protecting against payment defaults when obtaining credit information for inquiries about deliveries and services; and/or
  • ensuring network and data security, insofar as these interests are in line with applicable law and with the rights and freedom of the user;
  • achieving efficiency gains by bundling services in individual group companies (in particular marketing, IT, procurement)

Categories of recipients

  • Service providers for optimizing websites, online marketing service providers and tools, service companies for information and communication technology, companies for software and device maintenance, some of which are described in more detail below
  • Social networks and communities
  • Internal recipients according to the “need to know” principle

Usage data/server log files

Every time our website is accessed, our systems automatically record data and information from the computer system of the accessing computer.

The following types of data are collected: browser type, version used, user’s operating system, host name, Internet service provider, user’s IP address, date and time of access, websites from which the user’s system accessed our website or which the user accessed from our website.

The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 lit. f GDPR with the legitimate interests mentioned above.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

The storage in log files takes place to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our information technology systems. The data will not be evaluated for marketing purposes in this context. Our legitimate interest in data processing also lies in these purposes. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended. We also reserve the right to check the files if there is reasonable suspicion of illegal use or a specific attack on the pages based on concrete evidence. In this case, our legitimate interest is processing for the purpose of investigating and prosecuting such attacks and illegal uses.

Use of cookies

We use cookies.

Cookies are data that can be saved and retrieved in the Internet browser when visiting a website or from the Internet browser on the user’s computer system. Cookies can contain a characteristic character string that enables the browser to be uniquely identified when the website or a service integrated into it is accessed again. We use cookies to enable the operation of our website (technically necessary cookies), to make our website more user-friendly (functional cookies), and for marketing and advertising purposes (advertising cookies).

Technical cookies: Some elements of our website require that the browser accessing the website can be identified even after changing pages. The purpose of their use is to enable the website to function in the first place. Examples of technically necessary cookies are the provision of a shopping cart or registration as a registered user. The processing is therefore carried out on the basis of
Art. 6 Para. 1 lit. b or f GDPR
Functional cookies: There may be functions that are not absolutely technically necessary for the operation of our website, but which make it considerably easier to use, such as adopting language settings or font sizes, remembering search terms, etc.. The processing is also carried out on the basis of
Art. 6 Para. 1 lit. b or f  GDPR
Advertising cookies: We also use cookies on some of our websites that enable an analysis of the surfing behavior of users. In this way, for example: search terms entered into search engines, frequency of page views, use of website functions, and information about the operating system and browser, etc. are transmitted. The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the user who accessed the website. The data is not stored together with other personal data of the users. The legal basis for the processing of personal data using cookies for analysis purposes is, if the user has given his consent to this – e.g. by selecting a cookie opt-in banner – Art. 6 Para. 1 lit. a GDPR, otherwise Art. 6 Para. 1 lit. f GDPR in conjunction with EC 47. If third-party services are integrated, the processing by them is governed by their respective data protection provisions, which are mentioned and/or linked below.

General statements about web beacons / tracking pixels

Web beacons are invisible graphics the size of a pixel. These are used by partner companies, in particular for the purpose of tracking a user across various web pages to create a profile for use in advertising tailored to the user (targeting). A pixel embedded in the web page is loaded from the partner’s server when the web page is accessed. The partner thus receives your IP address, as well as information about your browser and its version, as well as browser plug-ins used (browser fingerprint), your operating system and your network operator. The information for advertising cookies applies accordingly to the integration of external services using web beacons / tracking pixels or other scripts.

Content external providers

On our website we use active JavaScript content and fonts, which may also come from external providers such as Google. When you visit our website, these providers may receive information about your visit to our website, for example by transmitting your IP address. You can prevent this transmission by installing a JavaScript blocker such as the browser plug-in ‘NoScript’ or by deactivating JavaScript in your browser. However, this can lead to functional restrictions. Some of our websites incorporate third-party content within the offering, such as videos from YouTube, maps from Google Maps, images, text and multimedia files, RSS feeds or other services from other websites. This always requires that your IP address is transmitted to the providers of this content. We cannot make any statement about how your data is used by these providers and have no influence on further processing. In particular, not about whether the data is used for other purposes, such as profiling. Please refer to the relevant data protection information of the respective third-party providers. You can protect yourself against further tracking by tracking pixels from these providers by deactivating the acceptance of third-party cookies in your browser settings. The legal basis for the transmission of personal data when integrating third-party providers is A rt. 6 (1) lit. a GDPR if the user has given their consent to this – e.g. by selecting a cookie opt-in banner – otherwise Art. 6 (1) lit. f GDPR in conjunction with EC 47.

Contact form and email contact

There is a contact form on our website that can be used to make electronic contact. If a user makes use of this option, the data entered in the input mask is transmitted to us and saved. This data is: name, address, email address, telephone number, etc. Not all of it has to be mandatory. When the message is sent, the following data is also saved: the IP address, date and time. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. Alternatively, you can contact us using the email address provided. In this case, the user’s personal data transmitted with the email will be saved. The data will not be passed on to third parties in this context. The data will only be used to process the conversation.

The legal basis for the processing is:

For receiving the data based on sending the contact form as consent in accordance with Art. 6 Para. 1 lit. a in conjunction with Art. 5 (expected processing) GDPR or alternatively based on the legitimate interest in answering your contact request in accordance with Art. 6 Para. 1 lit. f GDPR

For processing data that is transmitted in the course of sending an email, Art. 6 Para. 1 lit. f GDPR with the legitimate interests mentioned above.

If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with the user has ended and there is no reason for further storage. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. There may be retention periods under commercial and tax law. The user has the option of revoking his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

Newsletter

On our website, you have the option of subscribing to a free newsletter with advertising content. Our newsletters contain information about our service offerings, promotions, events, competitions, job offers, contributions/articles. However, messages without advertising information that are sent as part of our contractual or other business relationship are not considered newsletters. This includes, for example, the sending of service emails with technical information and queries about orders, events, competition notifications or similar messages. When you register for the newsletter, the data from the input mask is sent to us. In addition, the IP address of the computer accessing the newsletter and the time of access are recorded. Your consent is obtained for the processing of the data during the registration process and reference is made to this data protection declaration. If you purchase goods on our website via our online shop and provide your email address, we reserve the right to send you newsletters with direct advertising for our own similar goods. In connection with data processing for the sending of newsletters, no data is passed on to third parties. The data is used exclusively for sending the newsletter. The legal basis for the processing of data after the user has registered for the newsletter is, if the user has given their consent, Art. 6 (1) lit. a GDPR and for sending the newsletter as a result of the sale of goods in accordance with Section 7 (3) UWG or Art. 6 (1) l it. f. (Sending based on our legitimate business interest).

The collection of the user’s email address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used. The subscription to the newsletter can be canceled by the affected user at any time. For this purpose, there is a corresponding link in every newsletter. This also means that the consent for the newsletter to be sent is revoked.

A statistical analysis of reading behavior only takes place to the extent that it can be determined whether the recipients have opened the newsletter and clicked on the links. However, this is a function that we only use to check user activities and to be able to make corresponding optimizations. For this purpose, the newsletter contains a so-called “web beacon”, a pixel-sized file that is retrieved from our server when the newsletter is opened. This web beacon can be personalized, so that personal data is collected. Clicks are tracked via personalized links to the respective website. If personalized data is collected, the legal basis is Art. 6 Para. 1 lit. a GDPR.

Data collection during registration and registered use

Some of our websites require or offer registration. The data collected in this process is used for the purposes of using the respective websites and services, unless otherwise described and explicitly consented to during registration. The data collected is derived from the input mask during registration; the processing is based on Art. 6 Para. 1 lit. b GDPR. All other data that you can enter at a later date to complete your profile is optional and voluntary and is based on the legal basis of Art. 6 Para. 1 lit. a GDPR. After registration, we may inform you about relevant circumstances related to our offer for which you have registered using the email address you have provided.

Data in user-generated content

If you write comments or posts, upload files to our servers, publish images or use other services, your IP address and – if you are logged in – your user data will be stored for our security. Due to the large amount of illegal content that is posted on the Internet every day, we reserve the right to use this information to defend ourselves in legal disputes or for criminal prosecution, i.e. to pass it on to defendants, law enforcement authorities and courts. The legal basis for the content provided is Art. 6 Para. 1 lit. a and/or b GDPR, and for all other data collected in this process, Art. 6 Para. 1 lit. f GDPR.

Comment subscriptions

On some of our websites you can subscribe to follow-up comments. If you are not logged in, you will receive a confirmation email as part of a so-called double opt-in process to check whether you are the rightful owner of the specified mailbox. You can unsubscribe from the notification at any time. Instructions on how to do this are included in each of the emails. Registered users do not have to go through the double opt-in process, as this takes place during registration. The legal basis for sending newsletters applies.

Credit reports

Furthermore, we reserve the right, in the case of orders or assignments, to pass on personal data to third parties for credit checks if this is necessary to protect our legitimate interests. Only the data required to calculate creditworthiness using a mathematical-statistical procedure by the credit agency will be transmitted. We need credit reports in order to be able to decide on the establishment and implementation of a contractual relationship while safeguarding our legitimate interests.

Data transmission via the Internet

Data transmission over the Internet is always subject to certain risks. No special encryption of the data is used, in particular messages from the contact form on our website and messages in the service chat are sent unencrypted. Please keep this in mind when transmitting data. If you would like to communicate with us using encrypted email, this is possible using SMIME encryption. Please let us know if you would like to encrypt it, as we regularly send unencrypted messages due to the currently low market penetration of email encryption methods.

Data transfer

If you provide us with personal data, it will only be passed on to third parties if this is necessary to process the contractual relationship or if another legal reason legitimizes this transfer. However, we provide certain services with the assistance of service providers. We have carefully selected these service providers and taken appropriate measures to protect your personal data.

Storage periods

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.

Use of service providers

Some of the aforementioned processes or services are carried out by carefully selected and commissioned service providers. We only transmit or receive personal data from these service providers on the basis of a processing contract. If the headquarters of a service provider is outside the European Union or the European Economic Area, a transfer to a third country takes place. Data protection agreements in accordance with the legal requirements are contractually agreed with these service providers in order to establish an appropriate level of data protection and corresponding guarantees are agreed.

Information on your rights

You have the right to
  • request confirmation from us as to whether we are processing personal data concerning you; if this is the case, you have the right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
  • to request the release of the data concerning you in the restrictions of Art. 20 GDPR in a common electronic, machine-readable data format. This also includes
  • the release (if possible) to another person responsible named directly by you.
  • to request that we correct your data if it is incorrect, inaccurate and/or incomplete. Correction also includes completion by means of declarations or notification.
  • to request that we delete personal data concerning you immediately if one of the reasons listed in detail in Art. 17 GDPR applies.
  • Unfortunately, we are not allowed to delete data that is subject to a statutory retention period. If you no longer want us to contact you by newsletter or other means, we will save your relevant contact details on a blocking list.
  • to revoke any consent you have given with effect for the future without this causing you any disadvantages.
  • to request that we restrict processing if one of the conditions listed in Art. 18 GDPR applies.
  • to object to the processing of personal data concerning you at any time for reasons arising from your very particular situation.
  • We will then no longer process the personal data unless we can demonstrate compelling legitimate reasons that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR). without prejudice to any other administrative or judicial remedy and if you believe that the processing of personal data concerning you violates the GDPR, you can complain to our data protection officer:
      • info@daschug.de or by post (see imprint)
      • to a supervisory authority in the member state of your residence, place of work or place of the alleged violation.

Deletion of your data

Unless otherwise provided in the more detailed data protection declarations, we delete your personal data when the contractual relationship with you has ended, you have made use of your right to deletion, all mutual claims have been fulfilled and there are no other statutory retention periods or legal justifications for storage. Commercial retention periods for financially relevant data are usually up to 10 years. We can also store data for as long as necessary to protect ourselves against claims that could be made against us. These periods can be up to 30 years.

The definition

For the purposes of this general information, the following terms shall apply:
  • Personal data – all information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples are contact details, communication data, billing data.
  • Responsible person – the natural or legal person, authority, agency or other body which, alone or jointly with others, decides on the purposes and means of processing personal data; if the purposes and means of such processing are specified by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Recipient – ​​a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party.
  • Employees – employees, including temporary workers in relation to the user, employees for their vocational training, participants in services for participation in working life as well as in assessments of professional suitability or work trials (rehabilitation candidates), employees in recognized workshops for disabled people, volunteers who provide a service in accordance with the Youth Volunteer Service Act or the Federal Volunteer Service Act, persons who are to be regarded as employees due to their economic dependence. These also include those who work from home and those who are treated as such, federal civil servants, federal judges, soldiers and those doing community service. As well as applicants for an employment relationship and persons whose employment relationship has ended.
  • Third party – a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorised to process the personal data.
  • Profiling – any form of automated processing of personal data consisting of the use of those personal data to evaluate certain personal aspects relating to a natural person. In particular, to analyse or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person.
  • Restriction of processing – the marking of stored personal data with the aim of restricting its future processing.

Changes to the privacy policy

We reserve the right to change our privacy policy if necessary and to publish it here. Please check this page regularly. The updated policy will come into effect upon publication, subject to applicable law. If we have already collected data about you that is affected by the change and/or is subject to a legal obligation to provide information, we will also inform you about significant changes to our privacy policy.