Data protection declaration by Alcotec GmbH, Pregelstrasse 20, D-58256 Ennepetal,
Phone.: +49 2333 861940, eMail: info@alcotec.net

We very much appreciate your interest in our company. Data protection is of particular importance to the management of Alcotec GmbH. It is fundamentally possible to use the Alcotec GmbH website without providing any personal information. However, if a person wishes to make use of specific services of our company via our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, data subjects must generally consent to the processing of their data.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the applicable country-specific data protection regulations. In this privacy policy, our company would like to inform the public about the type, scope and purpose of the personal data that we collect, use and process. Moreover, this privacy policy will also inform affected persons of their rights.

Alcotec GmbH, as the data controller, has implemented numerous technical and organisational measures in order to ensure that all personal data processed via this website are protected as completely as possible. Nevertheless, internet-based data transmission is in principle subject to security vulnerabilities, and so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

1. Definition of terms
The privacy policy is based on the terms used by the European guideline and regulation provider when the General Data Protection Regulation (GDPR) was issued. Our privacy policy is intended to be easy to read and understand, both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

In this privacy policy, we use the following terms, among others:

a) Personal data
Personal data are any information that relates to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered to be identifiable who can be identified, directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

b) Data subject
The data subject is any identified or identifiable natural person whose personal data are processed by the data controller.

c) Processing
Processing is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organisation, ordering, storage, adaptation or modification, reading, querying, the use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

e) Profiling
Profiling is any type of automated processing of personal data that consists of using these personal data to evaluate certain personal aspects that relate to a natural person, in particular to assess aspects relating to work performance, economic situation, to analyse or predict health, personal preferences, interests, reliability, behaviour, whereabouts or change of location of this natural person.

f) Pseudonymisation
Pseudonymisation is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organisational measures that ensure that the personal data are not assigned to an identified or identifiable natural person.

g) Data controller or body responsible
The data controller or body responsible for the processing is the natural or legal person, public authority, agency or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the member states, the data controller or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states.

h) Data Processor
The data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.

i) Recipient
The recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether this is a third party or not. Authorities that may receive personal data as part of a specific investigation under Union law or the law of the member states are not considered recipients.

j) Third party
A third party is a natural or legal person, authority, institution or other body apart from the data subject, the responsible body, the processor and the persons under the direct responsibility of the person responsible or the processor who are authorised to process the personal data.

k) Consent
Consent is any declaration of intent voluntarily given by the data subject in an informed manner and unequivocally in the form of a declaration or other unequivocal affirmative action with which the data subject indicates that they consent to processing the personal data concerning them.

2. Name and address of the data processor
The name and address of the data processor within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions with a data protection character is:

Alcotec GmbH
Pregelstrasse 20
58256 Ennepetal
Germany

Phone.: +49 2333 861940
eMail: info@alcotec.net
Website: www.alcotec.net

3. Collection of general data and information
The Alcotec GmBH website collects a series of general data and information each time the website is accessed by a data subject or an automated system. These general data and information are stored in the server's log files. We may record (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-pages which are accessed via an accessing system on our website, (5) the date and time the website was accessed, (6) an Internet Protocol address (IP address), (7) the Internet service providers of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks on our IT systems.

When using these general data and information, Alcotec GmBH does not draw any conclusions about the person concerned. Rather, this information is required to (1) correctly deliver the contents of our website, (2) optimise the contents of our website and the advertising for it, (3) ensure the permanent functionality of our IT systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. The anonymously collected data and information are therefore statistically evaluated by Alcotec GmBH with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

4.
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or insofar as this is provided for by the European issuer of directives and regulations or another legislator in laws or regulations to which the data controller is subject.

If the storage purpose is not applicable, or if a storage period prescribed by the European issuer of directives and regulations or another competent legislator expires, the personal data shall be blocked as a matter of course or erased in accordance with legal requirements.

5. The rights of the data subject
a)
Every data subject shall have the right granted by the European issuer of directives and regulations to demand confirmation from the data controller of whether personal data concerning them is being processed. If a person concerned wishes to exercise this right to confirmation, they can contact an employee of the data controller at any time.

b) Right to information
Every person affected by the processing of personal data has the right, granted by the European legislator of directives and regulations, to receive free information about the personal data stored about him and a copy of this information from the data controller at any time. Furthermore, the European legislator of directives and regulations has granted the data subject access to the following information:
- the processing purposes
- the categories of personal data that are processed
- the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular for recipients in third countries or international organisations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right to correct or delete them related personal data or restriction of processing by the person responsible or a right to object to this processing
- the existence of a right of appeal to a supervisory authority
- if the personal data is not collected from the person concerned: All available information about the origin of the data - the existence of automated decision-making including profiling in accordance with Article 22 para.1 and 4, GDPR and - at least in such cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

Furthermore the data subject has a right to information as to whether their personal data has been transferred to a third party or to an international organisation. If this is the case, then the data subject has the right to obtain information about the security guarantees made in connection with the transfer.

If a data subject wishes to exercise this right to information, they can contact an employee of the data controller at any time.

c) Right to correction
Every data subject has the right granted by the European legislator of directives and regulations to request the immediate correction of incorrect personal data concerning them. Furthermore, taking into account the purposes of the processing, data subjects have the right to request that incomplete personal data be completed, including by means of a supplementary declaration. If a data subject wishes to exercise this right to rectification, they can contact an employee of the controller at any time.

d) Right to erasure (right to be forgotten)
Every data subject has the right granted by the European legislator of directives and regulations to demand that the data controller delete the personal data concerning them immediately, provided one of the following applies and insofar as the processing is not necessary:
- The personal data were collected or otherwise processed for purposes for which it is no longer necessary.
- the data subject withdraws their consent to the processing in accordance with Art. 6 para. (1) (a) GDPR or art. 9 para. (2) (a) GDPR and there is no other legal basis for the processing
- the data subject objects to the processing pursuant to Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for processing, or the data subject is entitled to submit an objection pursuant to Art. 21 para. (2) GDPR.
- the personal data have been unlawfully processed.
- the personal data must be deleted in compliance with the obligations under European Union or Member State law to which the data controller is subject.
- the personal data have been collected in relation to services offered by an information collection company according to Art. 8 para. (1) of the GDPR.

If one of the above-mentioned reasons applies and a data subject wishes to have their stored personal data deleted, he/she may contact an employee of the data controller at any time. The employee shall arrange for the deletion request to be complied with without delay.

If the personal data has been made public by Alcotec GmbH and our company is responsible pursuant to Art. 17 para. 1 GDPR for the deletion of personal data, Alcotec GmbH shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform other data processors who process the published personal data that the data subject has requested the deletion of all links to these personal data or of copies or replications of these personal data from these other data processors, insofar as the processing is not necessary. The Alcotec GmbH employee shall arrange whatever is necessary in individual cases.



e) The Right to Restriction of processing
Every data subject has the right, granted by the European legislator of directives and regulations, to require the controller to restrict processing if one of the following conditions is met:
- The correctness of the personal data is disputed by the data subject, for a period that enables the data controller to check the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of its use instead;
- The controller no longer needs the personal data for the purposes of the processing, however it is required to by the data subject for the establishment, exercise or defence of legal claims.
- The data subject has objected to the processing pursuant to Article 21 para. (1) of the GDPR and it has not yet been determined whether the data controller’s legitimate reasons outweigh those of the data subject.

If any one of the above mentioned conditions is fulfilled and a data subject wishes to request the restriction of personal data stored by the company, they can contact an employee of the data controller at any time. The Alcotec GmbH employee shall arrange for the processing to be restricted.

f) Right to data portability
Every data subject has the right granted by the European legislator of directives and regulations to receive the personal data relating to them that the person concerned has provided to a responsible party, in a structured, common and machine-readable format. They also have the right to transmit this data to another party without hindrance from the data controller to whom the personal data was originally provided, provided that the processing is based on the consent provided for in art. 6 para. (1) (a) GDPR or art. 9 para. 2 a GDPR or on a contract in accordance with art. 6 para. (1) (b) GDPR and processing is carried out by means of automated procedures, except where such processing is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.

Furthermore, in exercising their right to data portability pursuant to Art. 20 para. (1) GDPR, the data subject has the right to have the personal data transmitted directly from one data controller to another data controller, insofar as this is technically feasible and if this does not affect the rights and freedoms of other persons.

To assert the right to data portability, the person concerned can contact an employee of Alcotec GmBH at any time.

g) Right of objection
Every data subject has the right granted by the European legislator of directives and regulations to object at any time to the processing of personal data relating to them based on Art. 6 para. (1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

Alcotec GmbH shall no longer process personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If Alcotec GmbH processes personal data in order to carry out direct advertising, the data subject has the right to object at any time to the processing of the personal data for the purpose of such advertising. This also applies to any profiling connected with such direct advertising. If the data subject objects to Alcotec GmbH processing data for direct advertising purposes, Alcotec GmbH shall no longer process the personal data for these purposes.

In addition, the data subject has the right, for reasons arising from his/her particular situation, to object to Alcotec GmbH processing personal data concerning him/her for scientific or historical research purposes or for statistical purposes in accordance with art. 89 para. 1 of the General Data Protection Regulation, unless such processing is necessary for the performance of a task in the public interest.

To exercise the right of objection, the person concerned may directly contact any employee of the company or any other employee. The data subject is also free, in connection with the use of information society services, regardless of Directive 2002/58 / EC, to exercise their right of objection by means of automated procedures in which technical specifications are used.

h)
Automated decisions in individual cases including profiling Every data subject has the right, granted by the European legislator of directives and regulations, not to be subjected to a decision based solely on the basis of automated processing - including profiling - which has legal effect on them or significantly affects them in a similar manner, provided the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is admissible on the basis of Union or Member State law to which the data controller is subject and these legal provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or (3) with the express consent of the data subject.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller or (2) is made with the express consent of the data subject, the company shall take appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a data controller, to state their own position and to challenge the decision.

If the data subject wishes to assert rights with regard to automated decisions, he or she can contact an employee of the controller at any time.

i) Right to revoke consent under data protection law
Any data subject has the right granted by the European directive and regulation giver to revoke consent to the processing of personal data at any time.

If the data subject wishes to exercise the right to revoke consent, they may contact an employee of the data controller at any time.

6. Legal basis for processing
Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations in which we obtain consent for a particular processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case for example with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6(I)(b) GDPR. The same applies to such processes as are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on art. 6(I)(c) GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured at our company and their name, age, health insurance data or other vital information had to be passed on to a doctor, a hospital or other third parties. Then the processing would be based on art. 6 (I)(d) GDPR. Ultimately, processing operations could be based on art. 6 (I)(f)GDPR. Processing operations which are not covered by any of the aforementioned legal bases rest on this legal basis if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not take priority. We are permitted to carry out such processing procedures because they have been specifically mentioned by the European legislator. In this respect, they took the view that a legitimate interest could be assumed if the data subject is a customer of the data controller (recital 47 (2), GDPR).

7. Legitimate interests in the processing pursued by the data controller or a third party
If the processing of personal data is based on Article 6(I)(f) GDPR, our legitimate interest is in conducting our business activities for the benefit of all our employees and our shareholders.

8. Duration of the storage of personal data
The criterion for the duration of the storage of personal data is the respective statutory retention period. One this has lapsed, the corresponding data shall be routinely deleted if it is no longer required to fulfil the contract or to initiate a contract.

9. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We hereby draw your attention to the fact that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it may sometimes be necessary for a data subject to provide us with personal data that we subsequently have to process. For example, the data subject is obliged to provide us with personal data when our company concludes a contract with them. Failure to provide personal data would mean the contract with the data subject could not be concluded. Before the data subject provides personal data, they must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contractually or is required to conclude the contract, whether there is an obligation to provide the personal data, and of the consequences of not providing the personal data.

10. Existence of automated decision-making
As a responsible company, we do not use automatic decision-making or profiling

This Privacy Policy has been generated by the Privacy Policy Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which operates in Hamburg as the External Data Protection Officer, in cooperation with the Cologne-based IT and data protection lawyer Christian Solmecke.

We use cookies to optimize our website and to offer you the best possible online experience. By clicking on ”Alle erlauben“ (Allow all) you agree to this. You can find further information in our data protection declaration.