Privacy Policy
This policy describes for which purpose we may collect, store and process your personal data and how we use the data during your use of the publicly accessible parts of our website and services (Article 13 und 14 GDPR). The Privacy Policy of the ARDEX Group follows the EU General Data Protection Regulation (GDPR). If you have any questions about the processing of your personal data, please contact the ARDEX GmbH Data Protection Officer under the given contact details at Point 2 and 3.
I. Overview
In the following section we provide information about the scope, our responsibility of the data processing supervised by the data protection officer, and how we keep your data safe.
1. Scope
The data processing of ARDEX can essentially be separated into two categories.
- For the execution of a contract with the ARDEX Group, all required personal data will be processed. If external service providers are associated with the implementation of a contract, your personal data will be transferred as required.
- A visit of our Homepage implies that different information between your terminal device and our servers will be exchanged. Under certain circumstances, we may use your personal information. We will use your personal data for optimizing purposes of our website or for our advertisement services.
The Privacy Policy applies for our following offered services:
- our newsletter service, which is available at www.ardex.de\newsletter ;
- our websites, which are available at www.ardex.de , , www.pandomo.de , http://www.perfektimsystem.de/ , www.echte-teufelskerle.de , www.ardex-campus.de , www.ardex.nl, www.ardex.eu
- our online shop, which is available at https://ardex.smake.com/ ;
- for other offered services of the ARDEX Group (e.g. websites, subdomains, mobile applications, webservices or integration into third party websites).
2. Responsibility
All data processing and their use for certain purposes are within the responsibility of the following entity:
ARDEX GmbH
Friedrich-Ebert-Str. 45
58453 Witten
Telefon: 02302 664 0
E-Mail: info@ardex.de
3. Data Protection Officer
The contact details of our data protection officer are:
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Bredkamp 53a
D-22589 Hamburg
4. Data Security
For the compliance with the required actions of Article 32 GDPR and for offering an appropriate protection level in relation to the risk, we established an Information Security Standard in our company according to VdS 3473.
II. Data Processing in Detail
In the following section of the Privacy Policy we provide information about the processing of personal data within our services. For a better overview we structure the information based on certain functions of our services. During the common usage of our website, various functions and therefore various processes at once or one by one may occur (e.g. Google Analytics as described below).
1. General Information about the Data Processing
The following applies for all the listed processes, unless indicated otherwise:
a. No Obligation for Providing Data
You are not obligated to provide personal data and there is neither a contractual nor statutory obligation.
b. Consequences of Non-Providing Data
In the case of not providing required data (data, which is marked as mandatory information in our services), consequently, we cannot provide the relevant service for you. Otherwise, the non-provision has the consequence that our services cannot be provided in the same form and quality.
c. Consent
In various cases, you will have the option of providing your consent (where applicable for a part of your data) for further processing which is described below. In this case, we inform you separately with the submission of an individual declaration about all modalities, the scope of the consent and about the purposes, which we pursue with these processing steps.
d. Transfer of Personal Data to Third Countries (outside the EU)
If we transfer your data to third countries, e.g. outside of the European Union, then the transfer takes place exclusively in compliance with the legally regulated admissibility requirements.
The admissibility requirements are regulated by Article 44 -49 GDPR.
e. Hosting with External Service Providers
Our data processing takes place to a large extent with the involvement of hosting service providers, who provide storage space and processing capacities in their data centers and also process personal data on our behalf according to our instructions. These service providers process data either exclusively in the EU or we have guaranteed an adequate level of data protection through the EU standard data protection clauses.
f. Transmission to State Authorities
We transfer personal data to state authorities (including law enforcement authorities) if this is necessary to fulfil a legal obligation (Art. 6 para. 1 c) GDPR) or if it is necessary to assert, exercise or defend legal claims (legal basis: Art. 6 para. 1 f) GDPR).
g. Storage Period
We do not store your data longer than we need for processing purposes. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be regularly deleted, unless its temporary storage is still necessary. Reasons for this could include the following:
-
The fulfilment of commercial and tax retention obligations
-
Obtaining evidence of legal disputes within the framework of the statutory statute of limitations
It is also possible for us to continue the storage of your data if you have granted your express consent.
h. Categories of Data
o Account data: Login/user identification and password
o Personal master data: Title, Title/Gender, First name, Last name, Date of birth
o Address data: Street, house number, address supplements (if applicable), postcode, city, country
o Contact details: Telephone number(s), fax number(s), e-mail address(es)
o Credentials: Information about the service through which you have registered; dates and technical information on registration, confirmation and cancellation; data provided by you during registration
o Ordering data: Ordered products, prices, payment and delivery information
o Payment data: Account data, credit card data, data about other payment services such as Paypal
o Access data: Date and time of the visit of our service; the site from which the accessing system came to our site; pages called up during use; data for session identification (session ID); in addition, the following information of the accessing computer system: Internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information.
o Application data: Curriculum vitae, certificates, proofs, work samples, certificates, pictures
o Data according to Article 9 GDPR: Data revealing racial and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data or data relating to a natural person's sex life or sexual orientation.
2. Visit of our Website/Application
This section describes how we process your personal data when you access our services. We would like to point out that the transmission of access data to external content providers (see b.) is unavoidable due to the technical functioning of information transfer on the Internet.
a. Information about processing
Data category
Access data
Purpose
Establishment of connection, presentation of the contents of the service, detection of attacks on our site based on unusual activities, error diagnosis
Legal basis
Art. 6 Para. 1 f) GDPR
Possibly justified interest
proper functioning of the services, security of data and business processes, prevention of misuse, prevention of damage through interference in information systems
Storage period
7 days
b. Recipient of personal data
Recipient category
External content providers who provide content (e.g. images, videos, embedded postings from social networks, advertising banners, fonts, update information) that is required to display the service
Data concerned
Access data
Legal basis of the transmission
Order processing (Article 28 GDPR)
If applicable, legitimate interest
proper functioning of the services, (accelerated) presentation of content
Recipient category
Tracking tool: Google Analytics with the extension "anonymizeIp()" (the IP is masked, so that no more direct conclusions on the user are possible)
Data concerned
Access data
Recipient category
IT security service provider
Data concerned
Access data
Legal basis of the transmission
Order processing (Article 28 GDPR)
If applicable, legitimate interest
Prevention of attacks by exploiting security vulnerabilities / weak points
c. Facebook Fanpage
We operate the URL de-de.facebook.com/ardexDE/ a Facebook Fanpage, through which you can communicate with us. The processing takes place on the legal basis of Art. 26 GDPR (Joint Controllers).
For all processing under the URL de-de.facebook.com/ardexDE/ the privacy policy of Facebook Inc., which you can find here, is relevant: www.facebook.com/privacy/explanation
Exception: If you provide us with personal data such as your name, e-mail address or similar data via the communication channels provided by Facebook so that we, for example, answer a request from you, we will also process this request in our systems. This data is stored for 30 days.
In addition to Facebook, recipients of your data may also be service providers that we use to ensure a fast and efficient response to your inquiries.
3. Newsletter
In the following, we describe how we handle personal data related to the subscription to our newsletter:
a. Information about processing
Data category
E-mail address
Purpose
Verification of registration (double opt- in procedure), sending newsletter
Legal basis
Art. 6 Para. 1 b) GDPR
Storage period
Duration of newsletter subscription, consent can be revoked at any time
Data category
Personal master data
Purpose
Personalisation of the newslette
Legal basis
Art. 6 Para. 1 b) GDPR
Storage period
Duration of newsletter subscription, consent can be revoked at any time
Data category
Registration data
Purpose
Traceability of successful newsletter registration/confirmation/deregistration
Legal basis
Art. 6 Para. 1 b), f) GDPR
Possibly justified interest
Proof of newsletter registration
/confirmation/deregistration
Storage period
Duration of newsletter subscription, consent can be revoked at any time
Data category
Usage data newsletter
Purpose
Design of the newsletter in accordance with interest
Legal basis
Art. 6 Para. 1 f) GDPR
Possibly justified interest
Improvement of our service, advertising purposes
Storage period
Duration of newsletter subscription, consent can be revoked at any time
b. Recipent of personal data
Recipent
Service provider for newsletter
Data concerned
All data mentioned under a.
Legal basis of the transfer
Order proccessing (Art. 28 GDPR)
Possibly legimate interest
Sending of the newsletter/storage and processing of the order data
Recipent
ARDEX GmbH
Data concerned
All data mentioned under a.
Legal basis of the transfer
Order proccessing (Art. 28 GDPR)
Possibly legimate interest
Advertising purposes and individualized newsletters
4. Application
We process your personal data in the following manner in an ongoing application process (applications received from candidates (m/f) or through the provision of application documents by personnel consultants and others):
a. Information about processing
Data category
Address data, contact data
Purpose
Identification, Establishment of Contact, Communication for Contract Initiation
Legal basis
Art. 6 Para. 1 b) GDPR
Storage period
If application does not lead to an employment: 6 months, as far as no consent for further storage is available.
Data category
Identification, contact, age verification
Legal basis
Art. 6 Para. 1 b) GDPR
Storage period
6 months, regualtion as before
Data category
Application data
Purpose
Selection of applicants
Legal basis
Art. 6 Para. 1 b) GDPR
Storage period6 months, regualtion as before
5. Customer Support
How we process your personal data when you contact our customer service, can be found here:
a. Information about processing
Data category
Address data, contact data
Purpose
Processing of customer enquiries and user complaints
Legal basis
Art. 6 Para. 1 b) GDPR
Possibly justified interest
Customer loyalty, improvement of our service
Storage period
Processing of request
b. Recipent of personal data
Recipent
Service provider / Tools
6. Training
The following information describes how your personal data is processed when you register for our training courses:
a. Information about processing
Data category
Personal master data, contact data
Purpose
Processing of customer enquiries, sending of seminar programme/certificate
Legal basis
Art. 6 Para. 1 b), f) GDPR
Possibly justified interest
Customer loyalty, improvement of our service, issue of ARDEX certificates
Storage period
Duration of customer relationship, consent can be revoked at any time
Data category
Contents of the seminar questionnaires/evaluations
Purpose
Processing of customer feedback
Legal basis
Art. 6 Para. 1 b), f) GDPR
Possibly justified interest
Improvement of our service
Storage period
Duration of customer relationship, consent can be revoked at any time
b. Recipent of personal data
Recipent
ARDEX GmbH
Data concerned
All data mentioned under a.
Possibly legimate interest
Improvement of our range of seminars, issue of certificates
7. Online Shop
The following information describes how your personal data is processed when you use our online shop:
a. Information about processing
Data category
Personal master data, contact data
Purpose
Processing of purchases of advertising material
Legal basis
Art. 6 Para. 1 b), f) GDPR
Possibly justified interest
Sale/purchase of advertising material
Storage period
Duration of customer relationship, consent can be revoked at any time
8. Tracking
Here we describe how your personal data is processed using tracking technologies to analyse and optimise our services, and for advertising purposes.
The description of the tracking procedures also includes information on how you can prevent, or object, to the processing of your personal data. Please note that the so-called "Opt-out", i.e. the refusal of processing, is usually stored via cookies. If you use our services via a new terminal device or in another browser, or if you have deleted the cookies set by your browser, you must change to opt out again.
The shown tracking procedures process personal data only in a pseudonymous form. A connection with a concrete, identified natural person, i.e. a merger of the data with information about a pseudonym, does not take place.
a. Tracking to analyse and optimise our services and their use, to measure the success of advertising campaigns and to optimise the display of advertisements
(1) Purposes of processing
The analysis of user behavior via tracking helps us to check the effectiveness of our services, to optimize and adapt them to the needs of our users and to correct errors. In addition, it helps us to statistically determine characteristic values about the use of our services (range, usage intensity, user surfing behaviour) based on uniform standard procedures and thus to obtain comparable values.
Tracking to measure the success of advertising campaigns serves to optimize our ads for the future and to enable marketers and advertisers to optimize their ads. The purpose of optimizing the displayed advertisement by tracking is to show users advertising tailored to their interests, to increase the success of advertising and thus also advertising revenues.
(2) Legal basis of the processing
Services that allow the identification of specific users require explicit consent of the user according to the GDPR.
(3) The used tracking procedures in detail
Description of service
Google Analytics
Functioning
Web analytics
Possibility of preventing processing (opt- out)
tools.google.com/dlpage/gaoptout?hl=de
Data transmission to non-EU countries
No
If you wish to opt-out of interest-based advertising, you can also visit www.youronlinechoices.com/de/, click on "Preference Management" and follow the instructions to completely or individually prevent the use of data for interest-based advertising by the service providers listed there. However, you will still receive advertising that is not interest-based.
9. Social Media-Plugins
This website may contain plugins from social networks such as: Facebook, Google+, Twitter or Pinterest, which are operated by third parties and which messages can be sent to the corresponding social network by using buttons in order to evaluate, recommend or share content, for example. In this way we pursue the purpose and legitimate interest of increasing the popularity of our services. We configure our services so that data transmission does not take place until you change to opt in. The legal basis for data transmission in this case is Art. 6 I f) GDPR. The respective provider is responsible for processing the transmitted data in compliance with data protection regulations.
Description oft the service
Facebook
Provider
Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA
Data protection information of the provider
https://de-de.facebook.com/about/privacy/
Description oft the service
Google+
Provider
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Data protection information of the provider
https://www.google.com/+/policy/pagesterm.html
Description oft the service
Twitter
Provider
Twitter Inc., 539 Bryant Street, Suite 402, San Francisco, CA 94107, USA
Data protection information of the provider
Description oft the service
Provider
Pinterest Inc., 635 High Street, Palo Alto, CA, USA
Data protection information of the provider
http://about.pinterest.com/privacy/
III. Your Rights
1. Right of Objection
If we process your personal data for direct marketing purposes, you have the right to object at any time against the processing of your personal data and against the use of your personal data for advertising purposes. This also applies to profiling, insofar as it is associated with such direct marketing.
You also have the right to object at any time again against the prospective processing of your personal data when particular reasons exist in accordance with Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
You can execute your right of objection free of charge. You can contact us via the contact details listed under I.2.
2. Right to Information
You have the right to know whether we process personal data concerning you, what personal data this may be, and further information in accordance with Art. 15 GDPR.
3. Right of Rectification
You have the right to request us to correct any incorrect personal data concerning you (Art. 16 GDPR). Considering the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
4. Right to Cancellation ("right to be forgotten")
You have the right to request us to delete personal data relating to you without delay, provided that one of the reasons stated in Art. 17 para. 1 GDPR applies and the processing is not necessary for one of the purposes regulated in Art. 17 para. 3 DGDPR.
5. Right to Limitation of Processing
You are entitled to demand a restriction on the processing of your personal data if one of the conditions laid down in Article 18, paragraph 1, letters a) to d) applies.
6. Right to Data Transferability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another responsible person without any hindrance by us or to arrange for direct transmission by us, if this is technically possible. This should always apply if the basis of data processing is consent or a contract and the data is processed automatically. This does not apply to data stored in paper form only.
7. Right of Revocation in Case of Consent
If the processing is based on your consent, you have the right to revoke the consent at any time. The legality of the processing based on the consent until the revocation is not affected by this.
8. Right of Appeal
You have a right of appeal to a supervisory authority.
IV. woordenlijst
Verwerkers: Een natuurlijke of rechtspersoon, overheidsinstantie, dienst of ander lichaam die persoonsgegevens verwerkt namens de voor de verwerking verantwoordelijke.
Browser: Computerprogramma voor de weergave van websites (bijv. Chrome, Firefox, Safari)
Koekjes: De term "cookie" komt eigenlijk uit de Engelse woordenschat en kan in zijn oorspronkelijke betekenis worden vertaald met "cookie" in de Duitse taal. In verband met het World Wide Web daarentegen beschrijft een cookie een klein tekstbestand dat lokaal op de computer van de gebruiker wordt opgeslagen wanneer een website wordt bezocht. Dit bestand slaat gegevens op over het gedrag van de gebruiker. Als de browser wordt opgeroepen en de betreffende website herhaaldelijk wordt bezocht, wordt de cookie gebruikt en geeft de webserver informatie over het surfgedrag van de gebruiker aan de hand van de opgeslagen gegevens.
Cookies gaan in dit verband niet over cookies, maar over informatie die een website lokaal op de computer van de bezoeker opslaat in een klein tekstbestand. Dit kunnen instellingen zijn die de gebruiker al op een pagina heeft gemaakt, maar ook informatie die de website volledig onafhankelijk van de gebruiker heeft verzameld. Later kunnen deze lokaal opgeslagen tekstbestanden opnieuw worden voorgelezen door dezelfde webserver van waaruit ze zijn gemaakt. De meeste browsers accepteren automatisch cookies. U kunt cookies beheren met behulp van de browserfuncties (meestal onder "Opties" of "Instellingen"). Dit kan de opslag van cookies deactiveren, in individuele gevallen afhankelijk maken van uw toestemming of anderszins beperken. U kunt ook te allen tijde cookies verwijderen.
Derde landen: Land dat niet gebonden is aan de wettelijke vereisten van de EU-richtlijn gegevensbescherming (land buiten de EER)
Persoonlijke gegevens: Alle informatie met betrekking tot een geïdentificeerde of identificeerbare natuurlijke persoon. Een natuurlijke persoon wordt als identificeerbaar beschouwd indien hij direct of indirect kan worden geïdentificeerd, met name aan de hand van een identificatiecode zoals een naam, een identificatienummer, locatiegegevens, een online-identificatiecode of een of meer specifieke kenmerken die de fysieke, fysiologische, genetische, mentale, economische, culturele of sociale identiteit van die natuurlijke persoon uitdrukken.
Pixel: Pixels worden ook wel tracking pixels, web beacons of web bugs genoemd. Dit zijn kleine, onzichtbare afbeeldingen in HTML e-mails of op webpagina's. Wanneer een document wordt geopend, wordt deze kleine afbeelding geladen vanaf een server op het internet, waar de download wordt geregistreerd. Op deze manier kan de serveroperator zien of en wanneer een e-mail is geopend of een website is bezocht. Meestal wordt deze functie gerealiseerd door een klein programma aan te roepen (Javascript). Op deze manier kunnen bepaalde soorten informatie worden herkend en doorgegeven op uw computersysteem, zoals de inhoud van cookies, de tijd en datum van de oproep van de pagina en een beschrijving van de pagina waarop de pixelcode zich bevindt.
Profilering: Elke geautomatiseerde verwerking van persoonsgegevens bestaande uit het gebruik van dergelijke persoonsgegevens om bepaalde persoonlijke aspecten met betrekking tot een natuurlijke persoon te evalueren, in het bijzonder om aspecten met betrekking tot de werkprestaties, economische situatie, gezondheid, persoonlijke voorkeuren, belangen, betrouwbaarheid, gedrag, verblijfplaats of verplaatsing van die natuurlijke persoon te analyseren of te voorspellen.
Diensten: Onze aanbiedingen, waarop deze gegevensbeschermingsverklaring van toepassing is (zie <link typo3>bereik).
Lokalisatie: Het verzamelen van gegevens en de evaluatie ervan met betrekking tot het gedrag van de bezoekers van onze diensten.
Tracking technologieën: Tracking kan zowel plaatsvinden via de activiteitenlogs (logfiles) die op onze webservers zijn opgeslagen, als via het verzamelen van gegevens van uw eindapparaat via pixels, cookies en soortgelijke trackingtechnologieën.
Verwerking: Elke handeling of elk geheel van handelingen die al dan niet met behulp van geautomatiseerde middelen worden verricht met betrekking tot persoonsgegevens, zoals het verzamelen, vastleggen, ordenen, sorteren, opslaan, aanpassen of wijzigen, opvragen, raadplegen, gebruiken, bekendmaken door middel van doorzending, verspreiding of anderszins beschikbaar stellen, samenbrengen, samenbrengen, kwalificeren, wissen of vernietigen.
Witten, Mei 2018