Privacy Policy
Privacy Policy

This policy describes for which purpose we may collect, store and process your personal data and how we use the data during your use of the publicly accessible parts of our website and services (Article 13 und 14 GDPR). The Privacy Policy of ARDEX follows the EU General Data Protection Regulation (GDPR). If you have any questions about the processing of your personal data, please contact the ARDEX GmbH Data Protection Officer under the given contact details at Point 2 and 3.

I. Overview

In the following section we provide information about the scope, our responsibility of the data processing supervised by the data protection officer, and how we keep your data safe.

1. Scope

The data processing of ARDEX can essentially be separated into two categories. 

-  For the execution of a contract with the ARDEX, all required personal data will be processed. If external service providers are associated with the implementation of a contract, your personal data will be transferred as required.

-  A visit of our Homepage implies that different information between your terminal device and our servers will be exchanged. Under certain circumstances, we may use your personal information. We will use your personal data for optimizing purposes of our website or for our advertisement services.

The Privacy Policy applies for our following offered services:

- our newsletter service, which is available at www.ardex.de\newsletter ;

- our websites, which are available at www.ardex.de , , www.pandomo.de , http://www.perfektimsystem.de/ , www.echte-teufelskerle.de , www.ardex-campus.de , www.ardex.nl, www.ardex.eu 

- our online shop, which is available at https://ardex.smake.com/ ;

- for other offered services of ARDEX (e.g. websites, subdomains, mobile applications, webservices or integration into third party websites).

2. Responsibility
 

All data processing and their use for certain purposes are within the responsibility of the following entity:

ARDEX GmbH
Friedrich-Ebert-Str. 45
Witten 58453
Telefon: 02302 664 0
E-Mail: info(at)ardex.de

 

3. Data Protection Officer
 

The contact details of our data protection officer are:

www.dsextern.de/anfragen

DS EXTERN GmbH

Dipl.-Kfm. Marc Althaus

Bredkamp 53a 

D-22589 Hamburg

4. Data Security

For the compliance with the required actions of Article 32 GDPR and for offering an appropriate protection level in relation to the risk, we established an Information Security Standard in our company according to VdS 3473.

II. Data Processing in Detail

In the following section of the Privacy Policy we provide information about the processing of personal data within our services. For a better overview we structure the information based on certain functions of our services. During the common usage of our website, various functions and therefore various processes at once or one by one may occur (e.g. Google Analytics as described below).

1. General Information about the Data Processing

The following applies for all the listed processes, unless indicated otherwise:

a. No Obligation for Providing Data

You are not obligated to provide personal data and there is neither a contractual nor statutory obligation.

b. Consequences of Non-Providing Data

In the case of not providing required data (data, which is marked as mandatory information in our services), consequently, we cannot provide the relevant service for you. Otherwise, the non-provision has the consequence that our services cannot be provided in the same form and quality.

c. Consent

In various cases, you will have the option of providing your consent (where applicable for a part of your data) for further processing which is described below. In this case, we inform you separately with the submission of an individual declaration about all modalities, the scope of the consent and about the purposes, which we pursue with these processing steps.

d. Transfer of Personal Data to Third Countries (outside the EU)

If we transfer your data to third countries, e.g. outside of the European Union, then the transfer takes place exclusively in compliance with the legally regulated admissibility requirements.

The admissibility requirements are regulated by Article 44 -49 GDPR.

e. Hosting with External Service Providers

Our data processing takes place to a large extent with the involvement of hosting service providers, who provide storage space and processing capacities in their data centers and also process personal data on our behalf according to our instructions. These service providers process data either exclusively in the EU or we have guaranteed an adequate level of data protection through the EU standard data protection clauses.

f. Transmission to State Authorities

We transfer personal data to state authorities (including law enforcement authorities) if this is necessary to fulfil a legal obligation (Art. 6 para. 1 c) GDPR) or if it is necessary to assert, exercise or defend legal claims (legal basis: Art. 6 para. 1 f) GDPR).

g. Storage Period

We do not store your data longer than we need for processing purposes. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be regularly deleted, unless its temporary storage is still necessary. Reasons for this could include the following:

  • The fulfilment of commercial and tax retention obligations

  • Obtaining evidence of legal disputes within the framework of the statutory statute of limitations

It is also possible for us to continue the storage of your data if you have granted your express consent.

h. Categories of Data

o Account data: Login/user identification and password
o Personal master data: Title, Title/Gender, First name, Last name, Date of birth
o Address data: Street, house number, address supplements (if applicable), postcode, city, country
o Contact details: Telephone number(s), fax number(s), e-mail address(es)
o Credentials: Information about the service through which you have registered; dates and technical information on registration, confirmation and cancellation; data provided by you during registration
o Ordering data: Ordered products, prices, payment and delivery information
o Payment data: Account data, credit card data, data about other payment services such as Paypal
o Access data: Date and time of the visit of our service; the site from which the accessing system came to our site; pages called up during use; data for session identification (session ID); in addition, the following information of the accessing computer system: Internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information.
o Application data: Curriculum vitae, certificates, proofs, work samples, certificates, pictures
o Data according to Article 9 GDPR: Data revealing racial and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data or data relating to a natural person's sex life or sexual orientation.

o XXX

2. Visit of our Website/Application

This section describes how we process your personal data when you access our services. We would like to point out that the transmission of access data to external content providers (see b.) is unavoidable due to the technical functioning of information transfer on the Internet.

a. Information about processing

Data category
Access data

Purpose
Establishment of connection, presentation of the contents of the service, detection of attacks on our site based on unusual activities, error diagnosis

Legal basis
Art. 6 Para. 1 f) GDPR

Possibly justified interest
proper functioning of the services, security of data and business processes, prevention of misuse, prevention of damage through interference in information systems

Storage period
7 days

b. Recipient of personal data

Recipient category
External content providers who provide content (e.g. images, videos, embedded postings from social networks, advertising banners, fonts, update information) that is required to display the service

Data concerned
Access data

Legal basis of the transmission
Order processing (Article 28 GDPR)

If applicable, legitimate interest
proper functioning of the services, (accelerated) presentation of content

Recipient category
Tracking tool: Google Analytics with the extension "anonymizeIp()" (the IP is masked, so that no more direct conclusions on the user are possible)

Data concerned
Access data

Recipient category
IT security service provider

Data concerned
Access data

Legal basis of the transmission
Order processing (Article 28 GDPR)

If applicable, legitimate interest
Prevention of attacks by exploiting security vulnerabilities / weak points

3. Newsletter

In the following, we describe how we handle personal data related to the subscription to our newsletter:

a. Information about processing

Data category
E-mail address

Purpose
Verification of registration (double opt- in procedure), sending newsletter

Legal basis
Art. 6 Para. 1 b) GDPR

Storage period
Duration of newsletter subscription, consent can be revoked at any time

Data category
Personal master data

Purpose
Personalisation of the newslette

Legal basis
Art. 6 Para. 1 b) GDPR

Storage period
Duration of newsletter subscription, consent can be revoked at any time

Data category
Registration data

Purpose
Traceability of successful newsletter registration/confirmation/deregistration

Legal basis
Art. 6 Para. 1 b), f) GDPR

Possibly justified interest
Proof of newsletter registration
/confirmation/deregistration

Storage period
Duration of newsletter subscription, consent can be revoked at any time

Data category
Usage data newsletter

Purpose
Design of the newsletter in accordance with interest

Legal basis
Art. 6 Para. 1 f) GDPR

Possibly justified interest
Improvement of our service, advertising purposes

Storage period
Duration of newsletter subscription, consent can be revoked at any time

b. Recipent of personal data

Recipent
Service provider for newsletter

Data concerned
All data mentioned under a.

Legal basis of the transfer
Order proccessing (Art. 28 GDPR)

Possibly legimate interest
Sending of the newsletter/storage and processing of the order data

Recipent

ARDEX GmbH

Data concerned

All data mentioned under a.

Legal basis of the transfer
Order proccessing (Art. 28 GDPR)

Possibly legimate interest
Advertising purposes and individualized newsletters

4. Application

We process your personal data in the following manner in an ongoing application process (applications received from candidates (m/f) or through the provision of application documents by personnel consultants and others):

a. Information about processing

Data category
Address data, contact data

Purpose
Identification, Establishment of Contact, Communication for Contract Initiation

Legal basis
Art. 6 Para. 1 b) GDPR

Storage period
If application does not lead to an employment: 6 months, as far as no consent for further storage is available.

Data category
Identification, contact, age verification

Legal basis
Art. 6 Para. 1 b) GDPR

Storage period
6 months, regualtion as before

Data category
Application data

Purpose
Selection of applicants

Legal basis
Art. 6 Para. 1 b) GDPR

Storage period6 months, regualtion as before

5. Customer Support

How we process your personal data when you contact our customer service, can be found here:

a. Information about processing

Data category
Address data, contact data

Purpose
Processing of customer enquiries and user complaints

Legal basis
Art. 6 Para. 1 b) GDPR

Possibly justified interest
Customer loyalty, improvement of our service

Storage period
Processing of request

b. Recipent of personal data

Recipent
Service provider / Tools

6. Training

The following information describes how your personal data is processed when you register for our training courses:

a. Information about processing

Data category
Personal master data, contact data

Purpose
Processing of customer enquiries, sending of seminar programme/certificate

Legal basis
Art. 6 Para. 1 b), f) GDPR

Possibly justified interest
Customer loyalty, improvement of our service, issue of ARDEX certificates

Storage period
Duration of customer relationship, consent can be revoked at any time

Data category
Contents of the seminar questionnaires/evaluations

Purpose
Processing of customer feedback

Legal basis
Art. 6 Para. 1 b), f) GDPR

Possibly justified interest
Improvement of our service

Storage period
Duration of customer relationship, consent can be revoked at any time

b. Recipent of personal data

Recipent
ARDEX GmbH

Data concerned
All data mentioned under a.

Possibly legimate interest
Improvement of our range of seminars, issue of certificates

7. Online Shop

The following information describes how your personal data is processed when you use our online shop:

a. Information about processing

Data category
Personal master data, contact data

Purpose
Processing of purchases of advertising material

Legal basis
Art. 6 Para. 1 b), f) GDPR

Possibly justified interest
Sale/purchase of advertising material

Storage period
Duration of customer relationship, consent can be revoked at any time

8. Tracking

Here we describe how your personal data is processed using tracking technologies to analyse and optimise our services, and for advertising purposes.

The description of the tracking procedures also includes information on how you can prevent, or object, to the processing of your personal data. Please note that the so-called "Opt-out", i.e. the refusal of processing, is usually stored via cookies. If you use our services via a new terminal device or in another browser, or if you have deleted the cookies set by your browser, you must change to opt out again.

The shown tracking procedures process personal data only in a pseudonymous form. A connection with a concrete, identified natural person, i.e. a merger of the data with information about a pseudonym, does not take place.

a. Tracking to analyse and optimise our services and their use, to measure the success of advertising campaigns and to optimise the display of advertisements

(1) Purposes of processing

The analysis of user behavior via tracking helps us to check the effectiveness of our services, to optimize and adapt them to the needs of our users and to correct errors. In addition, it helps us to statistically determine characteristic values about the use of our services (range, usage intensity, user surfing behaviour) based on uniform standard procedures and thus to obtain comparable values.

Tracking to measure the success of advertising campaigns serves to optimize our ads for the future and to enable marketers and advertisers to optimize their ads. The purpose of optimizing the displayed advertisement by tracking is to show users advertising tailored to their interests, to increase the success of advertising and thus also advertising revenues.

(2) Legal basis of the processing
Services that allow the identification of specific users require explicit consent of the user according to the GDPR.

(3) The used tracking procedures in detail

Description of service
Google Analytics

Functioning
Web analytics

Possibility of preventing processing (opt- out)
tools.google.com/dlpage/gaoptout?hl=de

Data transmission to non-EU countries
No

If you wish to opt-out of interest-based advertising, you can also visit www.youronlinechoices.com/de/, click on "Preference Management" and follow the instructions to completely or individually prevent the use of data for interest-based advertising by the service providers listed there. However, you will still receive advertising that is not interest-based.

9. Social Media-Plugins

This website may contain plugins from social networks such as: Facebook, Google+, Twitter or Pinterest, which are operated by third parties and which messages can be sent to the corresponding social network by using buttons in order to evaluate, recommend or share content, for example. In this way we pursue the purpose and legitimate interest of increasing the popularity of our services. We configure our services so that data transmission does not take place until you change to opt in. The legal basis for data transmission in this case is Art. 6 I f) GDPR. The respective provider is responsible for processing the transmitted data in compliance with data protection regulations.

Description oft the service
Facebook

Provider
Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA

Data protection information of the provider
https://de-de.facebook.com/about/privacy/

Description oft the service
Google+

Provider
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data protection information of the provider
https://www.google.com/+/policy/pagesterm.html

Description oft the service
Twitter

Provider
Twitter Inc., 539 Bryant Street, Suite 402, San Francisco, CA 94107, USA

Data protection information of the provider
twitter.com/de/privacy

Description oft the service
Pinterest

Provider
Pinterest Inc., 635 High Street, Palo Alto, CA, USA

Data protection information of the provider
http://about.pinterest.com/privacy/

III. Your Rights
1. Right of Objection

If we process your personal data for direct marketing purposes, you have the right to object at any time against the processing of your personal data and against the use of your personal data for advertising purposes. This also applies to profiling, insofar as it is associated with such direct marketing.

You also have the right to object at any time again against the prospective processing of your personal data when particular reasons exist in accordance with Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

You can execute your right of objection free of charge. You can contact us via the contact details listed under I.2.

2. Right to Information

You have the right to know whether we process personal data concerning you, what personal data this may be, and further information in accordance with Art. 15 GDPR.

3. Right of Rectification

You have the right to request us to correct any incorrect personal data concerning you (Art. 16 GDPR). Considering the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

4. Right to Cancellation ("right to be forgotten")

You have the right to request us to delete personal data relating to you without delay, provided that one of the reasons stated in Art. 17 para. 1 GDPR applies and the processing is not necessary for one of the purposes regulated in Art. 17 para. 3 DGDPR.

5. Right to Limitation of Processing

You are entitled to demand a restriction on the processing of your personal data if one of the conditions laid down in Article 18, paragraph 1, letters a) to d) applies.

6. Right to Data Transferability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another responsible person without any hindrance by us or to arrange for direct transmission by us, if this is technically possible. This should always apply if the basis of data processing is consent or a contract and the data is processed automatically. This does not apply to data stored in paper form only.

7. Right of Revocation in Case of Consent

If the processing is based on your consent, you have the right to revoke the consent at any time. The legality of the processing based on the consent until the revocation is not affected by this.

 

8. Right of Appeal

You have a right of appeal to a supervisory authority.