1. DATA PROTECTION AT A GLANCE

General notes
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is all data that can be used to identify you personally. Please refer to our Data Privacy Statement under this text for more details on the subject of data protection.

COLLECTION OF DATA ON OUR WEBSITE

Who is responsible for collecting data on this website?
The website operator processes data on this website. You can find its contact data in the imprint for this website.

How do we collect your data?
Your data is collected if you disclose it to us. That may be data you enter in a contact form, for example. Other data is automatically recorded by our IT systems when you visit the website. That is mainly technical data (such as the web browser, operating system or time you called the site). This data is collected automatically as soon as you enter our website.

What do we use your data for?
Some of the data is collected to ensure we can provide the website without errors. Other data may be used to analyse your user behaviour.

What are your rights as regards your data?
You have the right – at any time and free of charge – to obtain information on the origin and recipients of personal data concerning you and the purpose for which it is stored. You also have the right to demand that your data be rectified, blocked or erased. If you have further questions on the subject of data protection, you can contact us at any time under the address stated in the imprint. You also have a right to lodge complaints with the responsible supervisory authority.

Analytics tools and tools of third parties
Your browsing behaviour is analysed statistically when you visit our website. That is mainly done using cookies and analytics programs. Your browsing behaviour is usually analysed anonymously and cannot be traced back to you. You can object to such analysis or prevent it by not using certain tools. You can find details of that in the following Data Privacy Statement.


2. GENERAL NOTES AND OBLIGATORY INFORMATION

Data protection
The operators of this website take protection of your personal data very seriously. We treat your personal data confidentially and handle it in accordance with statutory data protection regulations and this Data Privacy Statement. Various items of personal data are collected when you use this website. Personal data is data that can be used to identify you personally. This Data Privacy Statement explains what data we collect and what we use it for. It also explains how and for what purpose we do that. We would like to point out that the transmission of data via the Internet (e.g. when communicating via e-mail) can pose security risks. It is impossible to ensure absolute protection of data against unauthorised access by third parties.

Controller
The controller responsible for processing data on this website is:

Altendorf GmbH
Wettinerallee 43/45
32429 Minden, Germany
Telephone: +49 571 9550-0
E-mail: info@altendorf.de

The “controller” is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (such as names, e-mail addresses or the like).

Data protection officer required by law
We have appointed a data protection officer for our company:

Altendorf GmbH
Mr. Andreas Durnio
Wettinerallee 43/45
32429 Minden, Germany
Telephone: +49 571 9550-0
E-mail: datenschutz@altendorf.de

Withdrawal of your consent to processing of your data
Many data processing operations are only possible with your explicit consent. You can withdraw any consent you have given at any time. To do so, simply send an e-mail to that effect to us; no special form is required. Your withdrawal of consent will not affect the lawfulness of processing based on your consent before you withdrew it.

RIGHT TO OBJECT TO COLLECTION OF DATA IN SPECIAL CASES AND TO DIRECT MARKETING (Article 21 GDPR)

You have the right at any time to object, on grounds relating to your particular situation, to processing of your personal data when that processing is based on Article 6 (1) point (e) or (f) GDPR, including profiling based on those provisions. Please refer to this Data Privacy Statement for the respective legal ground on which processing is based. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims (objection in accordance with Article 21 (1) GDPR).

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing. If you object, your personal data will then no longer be used for direct marketing purposes (objection in accordance with Article 21 (2) GDPR).

Right to lodge complaints with the responsible supervisory authority
If the GDPR has been violated, data subjects have the right to lodge complaints with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Right to data portability
You have the right to receive data that we process automatically on the basis of your consent or to perform a contract, or to have it transferred to a third party, in a commonly used and machine-readable format. If you ask for your data to be transferred directly to another controller, we only do so if that is technically feasible.

SSL and TLS encryption
This site uses SSL and TLS encryption for reasons of security and to protect the transmission of confidential content, such as orders or inquiries, that you send us as the site operator. You can tell that a connection is encrypted by the fact that your browser’s address bar changes from “http://” to “https://” and if the padlock icon is displayed in the bar. If SSL or TLS encryption is enabled, the data you send cannot be read by third parties.

Access to, information on, blocking, erasure and rectification of data
Under prevailing statutory provisions, you have the right – at any time and free of charge – to have access to and obtain information on the personal data we store concerning you, its origin and recipients, and the purpose for which it is processed. You also have a right to demand that your data be rectified, blocked or erased, if applicable. If you have further questions on the subject of personal data, you can contact us at any time under the address stated in the imprint.

Right to restriction of processing
You have the right to demand a restriction on the processing of your data. You can contact us at any time in this regard under the address stated in the imprint. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data we have stored, we usually need time to examine that. You have the right to demand a restriction on processing of your personal data for the period of the examination.
  • If your personal data has been or is being processed unlawfully, you can demand a restriction on processing of the data instead of its erasure.
  • If we no longer need your personal data, but you need it to establish, exercise or defend legal claims, you have the right to demand a restriction on processing of your personal data instead of its erasure.
  • If you have objected in accordance with Article 21 (1) GDPR, your interests must be weighed against ours. You have the right to demand a restriction on processing of your personal data pending verification of whether your interests override ours.

Where processing of your personal data has been restricted, the data may – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

 


3. COLLECTION OF DATA ON OUR WEBSITE

Cookies
Some of our Internet pages use cookies. Cookies do not cause any damage on your computer system and do not contain any viruses. Cookies help make our offer more user-friendly, more efficient and more secure. Cookies are small text files that are placed on your computer system and are stored by your browser. Most of the cookies we use are what are termed session cookies. They are automatically deleted when your visit is over. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser when you visit our website again. You can configure your browser to notify you when cookies are placed on your system and to permit cookies only on a case-by-case basis, to prevent acceptance of cookies for specific cases or in general and to enable automatic deletion of cookies when you close the browser. If you disable cookies, the features of this website may be restricted. Cookies required for electronic communication or to provide certain features you wish (such as a shopping cart) are stored on the basis of Article 6 (1) point (f) GDPR. The website operator has legitimate interests in storing cookies to ensure that its services are provided optimally and without technical errors. If other cookies (such as to analyse your browsing behaviour) are stored, they are dealt with separately in this Data Privacy Statement.

Server log files
The provider of the website automatically collects and stores information in server log files that your browser automatically sends to us. That information comprises:
•    The type of browser you use and its version
•    The operating system you use
•    The referrer URL
•    The host name of the computer system accessing our website
•    The time of the server request
•    Your IP address

This data is not combined with data from other sources. The data is collected on the basis of Article 6 (1) point (f) GDPR. The website operator has legitimate interests in ensuring that its website is presented without technical errors and in optimising it, and the server log files are required for that purpose.

Contact form
When you send inquiries to us using a contact form, your information from the inquiry form, including the contact data you state in it, is stored by us to deal with your inquiry and for the event that we need to contact you with any questions. We do not pass on this data without your consent. The data you enter in the contact form is therefore processed solely on the basis of your consent (Article 6 (1) point (a) GDPR). You can withdraw this consent at any time. To do so, simply send an e-mail to that effect to us; no special form is required for that. Your withdrawal of consent will not affect the lawfulness of data processing operations based on your consent before you withdrew it. We retain the data you entered in the contact form until you ask us to erase it, withdraw your consent to storage of it, or the purpose for which the data was stored no longer exists (e.g. we have dealt with your inquiry). Mandatory statutory provisions – in particular retention periods – remain unaffected by that.

Inquiries by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, we store and process your inquiry, including all resultant personal data (name, inquiry), for the purpose of dealing with your request. We do not pass on this data without your consent. This data is processed on the basis of Article 6 (1) point (b) GDPR if your inquiry is related to the performance of a contract or steps prior to entering into a contract. In all other cases, processing is based on your consent (Article 6 (1) point (a) GDPR) and/or on our legitimate interests (Article 6 (1) point (f) GDPR), since we have a legitimate interest in effectively handling inquiries addressed to us. We retain the data you sent us as part of a contact inquiry until you ask us to erase it, withdraw your consent to storage of it, or the purpose for which the data was stored no longer exists (e.g. we have dealt with your inquiry). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected by that.

 

Cookie settings (via Cookiebot)


4. SOCIAL MEDIA

Social media plug-ins
Social media plug-ins (such as from Facebook, Twitter, Google+, Instagram, Pinterest, XING, LinkedIn and Tumblr) are used on our website. You can normally identify the plug-ins from their social media logos. In order to ensure data protection on our website, we use these plug-ins only in conjunction with the “Shariff” solution. This application prevents the plug-ins integrated on our website from transferring data to the respective provider when you enter the site for the first time. A direct connection to the provider’s server is established only if you activate the plug-in in question by clicking on the associated button (i.e. give your consent). As soon as you activate the plug-in, the provider in question is informed that you have visited our site using your IP address. If you are logged into your respective social media account (such as Facebook) at the same time, the provider in question can assign your visit to our website to your user account. Activation of the plug-in constitutes consent within the meaning of Article 6 (1) point (a) GDPR. You can withdraw this consent at any time with future effect.

Facebook plug-in
Facebook plug-ins from the social network Facebook of the provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our website. The Facebook plug-ins can be recognised from the Facebook logo on our site. You can find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/?locale=de_DE. When you visit our pages, a direct connection is established by the plug-in between your browser and the Facebook server. Facebook is thereby informed that you have visited our site under your IP address. While you are logged into your Facebook account, you can link the content of our pages on your Facebook profile. As a result, Facebook can assign your visit to our website to your user account. We point out that we, as the provider of the website, have no knowledge of the content of the transmitted data or how it is used by Facebook. You can find more information on this subject in Facebook’s Data Policy at: https://de-de.facebook.com/privacy/explanation. If you do not want Facebook to be able to assign your visit to our website to your Facebook user account, please log off from your Facebook user account. The Facebook plug-ins are used on the basis of Article 6 (1) point (f) GDPR. The website operator has a legitimate interest in maximising its visibility in social media.

Instagram plug-in
Functions of the service Instagram are integrated on our pages. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can link the content of our pages with your Instagram profile by clicking on the Instagram button. As a result, Instagram can assign your visit to our pages to your user account. We point out that we, as the provider of the website, have no knowledge of the content of the transmitted data or how it is used by Instagram. The Instagram plug-in is used on the basis of Article 6 (1) point (f) GDPR. The website operator has a legitimate interest in maximising its visibility in social media. You can find more information on this subject in Instagram’s Data Policy at: https://instagram.com/about/legal/privacy/.

 


5. ANALYTICS TOOLS AND ADVERTISING

Google Analytics
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies, text files that are stored on your computer and make it possible to analyse how you use the website. The information on your use of this website generated using the cookies is usually transferred to and stored on a server operated by Google in the USA. Storage of the Google Analytics cookies and use of this analytics tool are based on Article 6 (1) point (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its web offer and advertising.

IP anonymisation
We have activated the IP anonymisation feature on this website. As a result, before being transmitted to the USA your IP address is truncated by Google in Member States of the European Union or in other countries that are parties to the Agreement on the European Economic Area. Only in exceptional cases will your full IP address be sent to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate how you utilise the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and Internet usage. Google will not associate the IP address it captures via your browser using Google Analytics with any other data held by Google..

Browser Plugin
You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent recording of the data relating to your use of the website and generated by the cookie (including your IP address) by Google and processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Data processing services
We have concluded a contract for data processing services with Google and fully implement the strict requirements of Germany’s data protection authorities in using Google Analytics.

Demographics function in Google Analytics
This website uses the “Demographics” function of Google Analytics. It enables reports containing information on the age, gender and interests of site visitors to be created. This data comes from interest-based advertising by Google and from visitors’ data of third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time using the display settings in your Google account or generally prevent recording of your data by Google Analytics as described in the section “Objecting to recording of your data.”

Length of time for which the data is stored
Data that is stored by Google at the user and event level and that is linked with cookies, user identifiers (e.g. a user ID) or advertising IDs (such as DoubleClick cookies or Android advertising ID) is anonymised or erased after 14 months. You can find more details at: https://support.google.com/analytics/answer/7667196?hl=en

Objecting to recording of your data
You can prevent Google Analytics from recording your data by clicking on the link below. That sets an opt-out cookie that prevents recording of your data when you visit this website in the future: Disable Google Analytics.
You can find more information on how user data is handled with Google Analytics in the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en


Hotjar
This website uses Hotjar. Hotjar is provided by Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com). The Hotjar tool enables us to analyse user behaviour on our website. It allows us to record your mouse and scrolling movements and clicks, for example, and determine how long you kept your mouse pointer in a particular location. Hotjar uses this information to create what are known as heat maps, which reveal which parts of a website are most popular with visitors. We are able to determine how long you spent on a page and when you left it and can also establish how far you had progressed when you decided to stop entering data in a contact form (the conversion funnel).Hotjar provides a way to obtain direct feedback from website visitors too, a function that helps the website operator to improve its web presence. Hotjar uses cookies. Cookies are small text files that are placed on your computer system and are stored by your browser. They help to make our offer more user-friendly, more efficient and more secure. Cookies allow us to determine if our website has been visited from a particular device, for example, or if the Hotjar functions have been disabled for the relevant browser. Hotjar cookies remain on your device until you delete them.You can configure your browser to notify you when cookies are placed on your system and to permit cookies only on a case-by-case basis, to prevent acceptance of cookies for specific cases or in general and to enable automatic deletion of cookies when you close the browser. If you disable cookies, the features of this website may be restricted.The use of Hotjar and the storage of Hotjar cookies comply with Article 6 (1) point (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its web offer and advertising.

Disabling Hotjar
If you wish to opt out from Hotjar processing your data, click on the link below and follow the instructions there: https://www.hotjar.com/opt-out
Please note that you will need to configure your Hotjar opt-out separately for each browser/device. Further information about Hotjar and the data processed can be found on Hotjar's privacy page here: https://www.hotjar.com/privacy

Contract for data processing services
We have concluded a contract for data processing services with Hotjar in accordance with the requirements of the strict European data protection regulations.

Google AdSense (not personalised)
This website uses Google AdSense, a service for integrating advertising. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use Google AdSense in “non-personalised” mode. Unlike personalised mode, the ads are therefore not based on your earlier user behaviour and no user profile of you is created. Instead, “contextual information” is used to select the advertising. The ads are then selected on the basis of, for example, your location, the content on the current site, or current query terms. You can find more information on the differences between personalised and non-personalised targeting with Google AdSense at: https://support.google.com/adsense/answer/9007336.
Please note that cookies may be stored even if Google AdSense is used in non-personalised mode. According to Google, they are used to combat fraud and abuse. The cookies remain on your device until you delete them.
Google AdSense in non-personalised mode is used on the basis of Article 6 (1) point (f) GDPR. We have a legitimate interest in analysing user behaviour in order to optimise our web offer and advertising.
Google is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the Privacy Shield undertakes to comply with these data protection standards.
You can change your ad settings yourself in your user account. To do that, click on the link below and log in: https://adssettings.google.com/authenticated.

You can find more information on Google’s advertising technologies at:
https://policies.google.com/technologies/ads?hl=en-GB
https://policies.google.com/privacy?hl=en-GB&gl=de/.

Google Analytics Remarketing
Our sites use the functions of Google Analytics Remarketing in conjunction with the cross-device features of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
This function enables the advertising audiences created with Google Analytics Remarketing to be linked to the cross-device features of Google AdWords and Google DoubleClick. As a result, interest-based personalised advertising tailored to you on the basis of your previous user and browsing behaviour on a device (e.g. a smartphone) can also be displayed on another of your devices (such as a tablet or PC).
If you have given your consent to that, Google links your web and app browser history to your Google account to enable that. That means the same personalised advertising can be placed on every device you use to log into your Google account.
To support this feature, Google Analytics records users’ Google-authenticated identifiers, which are temporarily linked to our Google Analytics data in order to define and create audiences for cross-device advertising.
You can object permanently to cross-device remarketing/targeting by disabling personalised advertising in your Google account; to do that, go to: https://www.google.com/settings/ads/onweb/.
The recorded data is combined in your Google account solely on the basis of your consent, which you can give to Google or withdraw (Article 6 (1) point (a) GDPR). Where data is recorded but is not combined in your Google account (for example because you do not have a Google account or you have objected to the data being combined), the basis for data recording is Article 6 (1) point (f) GDPR. The website operator has a legitimate interest in analysing website visitors anonymously for advertising purposes.

You can find more information and the data privacy provisions in Google’s Privacy Policy at: https://policies.google.com/technologies/ads?hl=en-GB.

Google AdWords and Google conversion tracking
This website uses Google AdWords. AdWords is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use conversion tracking as part of Google AdWords. If you click on an advertisement placed by Google, a cookie for conversion tracking is placed on your device. Cookies are small text files that the web browser stores on the user’s computer. These cookies lose their validity after 30 days and are not used to identify users personally. If the user visits specific pages on this website and if the cookie has not yet expired, Google and we will be able to tell that the user clicked on the ad and was forwarded to this page.
Every Google AdWords customer receives a different cookie. The cookies cannot be tracked via the websites of AdWords customers. The information collected by the conversion cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. Customers are informed about the total number of users who clicked on their ad and were forwarded to a page with a conversion tracking tag. However, they do not obtain any information enabling them to identify users personally. If you do not want to participate in tracking, you can object to its use easily by disabling the Google conversion tracking cookie with the user settings in your web browser. You are then not included in the conversion tracking statistics.
Storage of conversion cookies and use of this tracking tool are based on Article 6 (1) point (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its web offer and advertising.

You can find more information on Google AdWords and Google conversion tracking in Google’s Privacy Policy: https://policies.google.com/privacy?hl=en-GB.
You can make settings in your browser so that you are notified when cookies are placed and to permit cookies only on a case-by-case basis, to prevent acceptance of cookies for specific cases or in general, and to enable automatic deletion of cookies when you close the browser. If you disable cookies, the features of this website may be restricted.

 


6. NEWSLETTER

Newsletter data
If you wish to subscribe to the newsletter offered on the website, we need an e-mail address from you, as well as information to allow us to verify that you are the owner of the specified e-mail address and consent to receiving the newsletter. Further data is not collected or is collected solely on a voluntary basis. We use this data solely to send the requested information and do not disclose it to third parties. The data you enter in the newsletter subscription form is processed solely on the basis of your consent (Article 6 (1) point (a) GDPR). You can withdraw your consent to storage of your data, the e-mail address and use of it to send the newsletter at any time, such as by clicking on the “unsubscribe” link in the newsletter. Your withdrawal of consent will not affect the lawfulness of data processing operations before you withdrew it. We store the data required for you to obtain the newsletter until you cancel your subscription for the newsletter, and then we delete it. Data we have stored for other purposes is not affected by that.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service that can be used to organise and analyse the distribution of newsletters. The data you enter to obtain the newsletter (such as your e-mail address) is stored on CleverReach servers in Germany and Ireland.
Sending out newsletters with CleverReach enables us to analyse the behaviour of newsletter recipients. Among other things, it is possible to analyse how many recipients have opened the newsletter mail and how often which link in the newsletter has been clicked on. Conversion tracking can also be used to analyse whether a predefined action (such as purchase of a product on our website) has been performed after the link in the newsletter has been clicked on. You can obtain more information on data analysis by means of CleverReach newsletters at: https://www.cleverreach.com/en/features/reporting-tracking/.
The data is processed on the basis of your consent (Article 6 (1) point (a) GDPR). You can withdraw this consent at any time by cancelling your subscription to the newsletter. Your withdrawal of consent will not affect the lawfulness of data processing operations before you withdrew it.
If you do not want CleverReach to analyse your actions, you must cancel your subscription to the newsletter. There is a link for this purpose in every newsletter mail. You can also cancel your subscription to the newsletter directly on the website. We store the data required for you to obtain the newsletter until you cancel your subscription for the newsletter, and then we delete it from our servers and also from CleverReach’s servers. Data we have stored for other purposes is not affected by that.
For more details, please refer to CleverReach’s Privacy Policy at: https://www.cleverreach.com/en/privacy-policy/.

Conclusion of a contract for data processing services
We have concluded a contract for data processing services with CleverReach and fully implement the strict requirements of Germany’s data protection authorities as part of using CleverReach.


7. PLUGINS AND TOOLS

YouTube with extended data protection
Our website uses plug-ins of the website YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, using this mode means that YouTube does not store any information on visitors to this website before they watch the video on it. However, extended data protection mode does not necessarily preclude data being disclosed to YouTube partners. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video or not. As soon as you start a YouTube video on our website, a connection to YouTube’s servers is established. As part of that, the YouTube server is informed about which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your browsing behaviour directly to your personal profile. You can prevent that by logging off from your YouTube account. YouTube may also store various cookies on your device after you start a video. YouTube can obtain information on visitors to our website with the aid of these cookies. This information is used, among other things, to record video statistics, improve user-friendliness and prevent attempted fraud. The cookies remain on your device until you delete them. Further data processing operations over which we have no control may be initiated after you start a YouTube video. YouTube is used to make the presentation of our online offers more appealing. That is a legitimate interest within the meaning of Article 6 (1) point (f) GDPR. You can find more information on data protection at YouTube in its Privacy Policy at: https://policies.google.com/privacy?hl=en-GB.

Google Web Fonts
This site uses web fonts provided by Google to ensure that consistent fonts are displayed. When a page is called, your browser loads the required web fonts in its cache so that texts and fronts are displayed correctly. To enable that, the browser you use must establish a connection with Google’s servers. As a result, Google is notified that our website was called from your IP address. Google Web Fonts are used to make the presentation of our online offers consistent and more appealing.  That is a legitimate interest within the meaning of Article 6 (1) point (f) GDPR. If your browser does not support web fonts, a default font from your computer is used. You can find more information on Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s Privacy Policy at: https://policies.google.com/privacy?hl=en-GB.

Google Maps
This site uses the map service Google Maps via an API. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Your IP address must be stored so that the features of Google Maps can be used. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on transfer of the data. Google Maps is used to make the presentation of our online offers more appealing and so that the places specified on the website are easy to find. That is a legitimate interest within the meaning of Article 6 (1) point (f) GDPR. You can find more information on how user data is handled in the Google Privacy Policy: https://policies.google.com/privacy?hl=en-GB.

MyFonts Web Fonts

Our website uses fonts provided by MyFonts Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA. When the website is called, data is also called by a MyFonts server, as a result of which MyFonts gains knowledge of your IP address at least. Among other things, MyFonts also learns that you have called the font via our website, as well as a number of technical details about your browser, since just about every web browser sends this data automatically to the server whenever the website is called. Some browsers allow the data sent to the server to be restricted or modified, but whether that is possible depends on the browser vendor. Even though MyFonts requires the data that is sent, and in particular the IP address, only for the purpose of delivering the called content, we cannot say whether, and have no influence on whether and to what extent, MyFonts analyses this information statistically or stores it. You can obtain more information on data protection at MyFonts at: https://www.myfonts.com/info/terms-and-conditions.

Live-Chat
We use userlike.com, a live chat from Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany, on the website. You can use the live chat like a contact form to chat with our employees in near real time. Personal data is collected when the chat is started:

  • The date and time you called the chat function
  • The browser type and version
  • Your IP address
  • The operating system you use
  • The URL of the website you previously visited
  • The amount of data sent
  • Your first name and surname
  • Your e-mail address

Depending on how the chat with our employees proceeds, further personal data that you enter may be collected during the course of the chat. The nature of that data depends greatly on your inquiry or the problem you describe to us. When you call the website altendorf.com, the chat widget is loaded in the form of a JavaScript file. Userlike uses the Amazon web service CloudFront as a content delivery network (CDN). This service is provided by Amazon Web Services, Inc., P.O. Box 81226, Seattle, WA 98108, USA. A CDN is a global network of servers that provide content for Userlike. The chat widget is like a source code that is executed on your computer and enables the chat. Userlike also stores the live chat threads. The objective of this is to avoid the possible need for extensive comments to be provided on the history of your inquiry and to enable constant control of the quality of our live chat offer. If you do not wish the thread to be stored, please notify us using the specified contact details. Stored live chats are then deleted by us immediately. The live chat is used to enable a quick and attractive means of responding to inquiries about our products. That is a legitimate interest within the meaning of Article 6 (1) point (f) GDPR.


8. SERVICES OF OUR OWN

Job applications
We offer you the opportunity to apply for a job at our company (by e-mail or regular post). The following provides you with information on the scope, purpose and use of the personal data collected as part of the application process. We pledge that your data is collected, processed and used in compliance with prevailing data protection law and all other statutory regulations and that your data is treated with strict confidentiality.

Scope and purpose of data collection
If you send us an application, we process your related personal data (e.g. contact and communications data, application documents, notes as part of job interviews etc.), where that is necessary to decide on whether to establish an employment relationship with you. The legal basis for that is Section 26 of the new version of the German Federal Data Protection Act (BDSG) (steps prior to entering into an employment relationship), Article 6 (1) point (b) GDPR (general steps prior to a contract) and – if you have given your consent – Article 6 (1) point (a) GDPR. You can withdraw your consent at any time. Your personal data is passed on only to persons at our company who are involved in handling your application. If your application is successful, the data you have provided is stored in our data processing systems for the purpose of carrying out the employment relationship on the basis of Section 26 of the new version of the German Federal Data Protection Act (BDSG) and Article 6 (1) point (b) GDPR.

Period of time for which the data is retained
If we do not wish to offer you a job, or you decline a job offer, withdraw your application, withdraw your consent to processing of your data or ask us to erase the data, the data you have sent us, including any remaining physical application documents, is stored or retained for a maximum of 6 months after the end of the application process so that details of the application process can be ascertained in the event of discrepancies (Article 6 (1) point (f) GDPR).
YOU CAN OBJECT TO STORAGE OF THAT DATA IF YOU HAVE LEGITIMATE INTERESTS THAT OVERRIDE OUR INTERESTS.
The data is erased when the retention period ends, unless there is a statutory obligation to retain it or another legal reason why it still needs to be stored. If it becomes apparent that your data will need to be stored after the retention period ends (because a legal dispute is likely or pending, for example), the data will only be erased once there are no grounds for storing it. Other statutory retention obligations remain unaffected.


9. OUR SOCIAL MEDIA PRESENCES

Data processing through social networks
We maintain publicly accessible profiles in social networks. Further below, you can find details of the specific social networks we use. Social networks, such as Facebook, Instagram, etc., can usually analyse your user behaviour extensively when you visit their websites or a website that has social media content integrated in it (such as Like buttons or advertising banners). When you visit our social media presences, numerous processing operations of relevance to data protection are initiated. They are specifically: If you are logged into your social media account when you visit our social media presence, the operator of the social media portal can assign that visit to your user account. However, your personal data might also be recorded even if you are not logged in or do not have an account with the social media portal in question. In this case, the data is recorded, for example, by means of cookies that are stored on your device or by recording your IP address. The data recorded in this way can be used by the operator of the social media portals to create user profiles in which your preferences and interests are stored. In that way you can be shown interest-based advertising in and outside the social media presence. If you have an account with the social network in question, the interest-based advertising can be shown on all devices which you are or were logged into. Please also note that we cannot track or ascertain all the processing processes that are carried out on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Please refer to the terms of use and privacy policies of the respective social media portals for details of that.

Legal basis
Our social media presences are intended to ensure that we are represented as extensively as possible on the Internet. That is a legitimate interest within the meaning of Article 6 (1) point (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (such as consent within the meaning of Article 6 (1) point (a) GDPR).

Controller and exercise of rights
When you visit one of our social media presences (such as Facebook), we and the operator of the social media platform are jointly responsible for the data processing operations initiated in connection with your visit. In principle, you can exercise your rights (access to and information on, rectification and erasure of data, restriction of processing, data portability and the right to lodge a complaint) towards us and towards the operator of the social media portal (such as Facebook). Please note that, although we have joint responsibility with the operators of the social media portals, we do not have full control over the data processing operations carried out on the social media portals. The possibility of our exerting influence depends substantially on the corporate policy of the provider in question.

Length of time for which the data is stored

The data recorded directly by us by means of our social media presence is erased from our systems as soon as the purpose for which it was stored no longer applies, or you ask us to erase it or withdraw your consent to its storage. The cookies stored on your device remain there until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected by that. We have no control over the length of time for which the operators of the social networks store your data for their own purposes. If you wish to obtain details of that, please find out more directly from the operators of the social networks (for example in their data policy (see below)).

SPECIFIC SOCIAL NETWORKS

Facebook
We have a profile on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Google is certified under the EU-US Privacy Shield. We have concluded an agreement on joint processing (Controller Addendum) with Facebook. This agreement defines the data processing operations for which we are responsible and those for which Facebook is responsible when you visit our Facebook page. You can view the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum.
You can change your ad settings yourself in your user account. To do that, click on the link below and log in: https://www.facebook.com/settings?tab=ads.
Please refer to Facebook’s Data Policy for details: https://www.facebook.com/about/privacy/.

Instagram
We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how your personal data is used, please refer to Instagram’s Data Policy: https://help.instagram.com/519522125107875.


10. AMENDMENTS

It is necessary from time to time to adapt the content of this Data Privacy Statement for data collected in the future. We therefore reserve the right to amend this statement at any time. We will likewise publish the amended version of the Data Privacy Statement here. That means you should read the Data Privacy Statement again when you visit us the next time.


April 2019