Data protection
Welcome to our website! We attach great importance to the protection of your data and the protection of your privacy. We would like to show below which data we process when and for what purpose and on what legal basis. It will be explained to you how the services we offer work and how the protection of your personal data is guaranteed.
According to Art. 4 No. 1 GDPR, personal data is all information relating to an identified or identifiable natural person. A natural person who can be directly or indirectly identified is considered to be identifiable. Further information on this can be found in Art. 4 No. 1 GDPR, among others.
Insofar as we cite our public tasks (Art. 6 Para. 1 lit. e GDPR) as the legal basis for the processing of personal data, you have the right to object in accordance with Art. 21 GDPR.
Responsible
Responsible within the meaning of the GDPR for the processing of personal data:
AURORA Konrad G. Schulz GmbH & Co. KG
Joachim-Schulz-Straße 4, 69427 Mudau
Ralph Bast, Alexander Grund
www.aurora-eos.com
Data Protection Officer
Dr. Julia Dubowy
datenschutz@aurora-eos.com
Legal bases
In the following data protection declaration, we provide you with transparent information on the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course read this EU General Data Protection Regulation online on EUR-Lex, the gateway to the EU -Legal, see https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies:
- Consent (Art. 6 Para. 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the data you entered on a contact form.
- Contract (Art. 6 Para. 1 lit. b GDPR): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a sales contract with you, we need personal information in advance.
- Legal obligation (Art. 6 Para. 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are required by law to keep invoices for accounting purposes. These usually contain personal data.
- Legitimate interests (Art. 6 Para. 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to be able to operate our website securely and economically. This processing is therefore a legitimate interest.
Other conditions such as the perception of recordings in the public interest and the exercise of public authority as well as the protection of vital interests do not usually apply to us. If such a legal basis should be relevant, it will be shown in the appropriate place.
In addition to the EU regulation, national laws also apply: In Germany, the Federal Data Protection Act, BDSG for short, applies.
Visiting our websites
When you visit our website, we store the name of your Internet service provider, the website from which you visit us, the websites you visit on our site, the date and duration of your visit and information about the device you are using (brand, model, operating system) and internet browser. In addition, we collect your IP address to enable delivery of the website to your computer and to detect and prevent attempts at misuse. There is no possibility of objection, since these processes are absolutely necessary for the operation of the website. Please do not visit our site if you wish to opt out.
Data security
We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Despite regular checks, complete protection against all hazards is not possible.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses an SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
Automated case-by-case decision-making and profiling
Automated decision-making and profiling does not take place on our website.
Log files
Every time you visit our website, we automatically collect data and information from the system of your device and save it in so-called server log files. This data is information relating to an identified or identifiable natural person (here: website visitor). The data is automatically transmitted by your browser when you visit our website. This includes the following information:
- The time our website was accessed (request to the host provider's server),
- URL of the website from which you accessed our website,
- the operating system you are using,
- type and version of the browser you are using,
- IP address of your computer (the IP address is stored pseudonymised).
Our CMS uses a so-called system log to log system errors or system actions. User data such as the IP address are only stored anonymously. The standard storage period is 7 days.
The purpose of this processing is to make our website accessible from your device and to enable our website to be displayed correctly on your device or in your browser. Furthermore, we use the data to optimize our website and to ensure the security of our systems.
The legal basis for processing is Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in presenting you with a website optimized for your browser and in enabling communication between our server and your end device. For the latter, the processing of your IP address is particularly necessary.
Storage duration
The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
If you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and provided there is no obligation to store it.
We will inform you below about the specific duration of the respective data processing, provided that we have further information on this.
Data transfer to third countries
We only transfer or process data to countries outside the EU (third countries) if you agree to this processing, if this is required by law or is contractually necessary and in any case only to the extent that this is generally permitted. In most cases, your consent is the most important reason that we have data processed in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.
We expressly point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services may result in data not being processed and stored anonymously. In addition, US government authorities may have access to individual data. In addition, it may happen that collected data is linked to data from other services from the same provider, provided you have a corresponding user account. If possible, we try to use server locations within the EU, if this is offered.
We will inform you in more detail about data transfer to third countries at the appropriate points in this data protection declaration, if this applies.
Data collection on our website
Below you can find out where we and why we collect personal data from you.
Use of cookies
Our website uses HTTP cookies to store user-specific data.
In the following we explain what cookies are and why they are used so that you can better understand the following data protection declaration.
Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites. Each cookie must be evaluated individually, since each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "pests". Cookies also cannot access information on your PC.
With regard to the function, a distinction must be made between technically necessary and non-essential cookies.
Technically necessary cookies
Here you will find all the cookies that are required for the operation of our website and its functions (technically necessary cookies). These are usually set in response to an action you have taken. This includes registration, login or settings such as language or cookie preferences. It is possible to disable these cookies in the browser. In this case, it can no longer be guaranteed that our website will function correctly.
The system cookies PHPSESSID and csrf_https-contao_csrf_token are used. Both are required for the secure operation of the website.
Technically unnecessary cookies
Here you will find all cookies that are not absolutely necessary for the operation of our website and its functions (technically unnecessary cookies). The use of such cookies represents data processing that is only permitted with your active consent (Art. 6 Para. 1 lit. a DSGVO). This also applies to the transfer of your personal data to third parties.
The third-party service YouTube sets its own cookie.
No cookie is set by Google Maps.
When you visit our website for the first time, we ask you which of these types of cookies you would like to allow. We save your decision in a so-called. Cookie Consent Tool.
The storage period depends on the respective cookie and is specified below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.
You can also influence the storage period yourself. You can manually delete all cookies at any time via your browser (see also "Right of objection" below). Furthermore, cookies that are based on consent will be deleted at the latest after you withdraw your consent, whereby the legality of storage remains unaffected until then.
Communication & contact
If you contact us and communicate by telephone, e-mail or online form, personal data may be processed.
The data will be processed for the handling and processing of your question and the associated process.
The data will be stored for as long as they are required for the stated purpose or as long as the law requires.
Phone
If you call us, the call data will be stored pseudonymously on the respective end device and with the telecommunications provider used. In addition, data such as name and telephone number can then be sent by e-mail and saved to answer enquiries. The data will be deleted as soon as the business case has ended and legal requirements permit.
E-mail
If you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone,...) and data is stored on the e-mail server.
Online forms
If you communicate with us using an online form, data will be stored on our web server and, if necessary, forwarded to an e-mail address from us.
The purpose of processing the personal data is to process the contact request and to be able to contact the requester to answer the request. The other personal data processed during sending serve to prevent misuse of our contact form.
If you send us a message via the contact form, we store the data provided in order to contact you - by telephone or e-mail - depending on how you wish it. If storage is no longer necessary, we will delete the collected personal data. The legal basis for this data processing is Art. 6 Para. 1 S. 1 lit. b GDPR.
Google Maps
On this website we use the offer of Google Maps. This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function.
By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data collected when you visit our website will be transmitted. This takes place regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the provider's data protection declaration. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
You can find more information on how Google Analytics handles user data in the Google data protection declaration: https://support.google.com/analytics/answer/6004245?hl=de
Browser plug-in
You can prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de
Objection against data collection
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this website: Disable Google Analytics
IP anonymization
We use the "Activation of IP anonymization" function on this website. As a result, however, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Google Tag Manager
We use Google Tag Manager on our website to facilitate the tracking of user activities and to optimize our online offering. Google Tag Manager is a solution that allows us to manage and serve website tags from one interface. These are small code elements that are used to collect data about user behavior and forward it to various services. The legal basis for using the tool is Article 6(1)(f) GDPR.
Please note that we do not collect any personal data via Google Tag Manager. The data we collect is used exclusively to analyze user behavior and to optimize our website. A merger with other data sources does not take place. Google Tag Manager itself does not collect any personal data either. For information about Google Tag Manager's privacy practices, visit Google's website.
If you do not want us to record your user behavior, you can disable the use of cookies in your browser settings or install a browser plugin to disable Google Analytics. Please note, however, that in this case you may not be able to use all the functions of our website to their full extent."
YouTube
Our website also contains links to the website of the social network YouTube. We integrate YouTube in the extended data protection mode, i.e. with the domain www.youtube-nocookie.com. A "CONSENT" cookie is set.
If you click on a link to a video, you will be redirected to the respective external page on YouTube. If you are also logged in to YouTube as a member, the operator, YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066 USA, can assign your visit to our site to your respective user account.
We would like to point out that YouTube LLC is part of the Google LLC group of companies, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
If you do not want YouTube to collect and store data about your visit to our website, you must log out of your YouTube account before clicking on the link.
The purpose and scope of the data collection and the further processing and use of your data by YouTube can be found in the corresponding data protection declaration, which you can find here:
http://www.google.de/intl/de/policies/privacy/.
We base the use of YouTube on Art. 6 Para. 1 lit. f GDPR. By clicking on the link and simultaneously registering in the respective social network, data processing takes place within the scope of our legitimate interest.
Order processing contract (AVV)
Like most companies, we do not work alone, but also use the services of other companies or individuals ourselves. By involving various companies or service providers, it may be that we pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called data processing contract (AVV). The most important thing for you to know is that the processing of your personal data takes place exclusively according to our instructions and must be regulated by the AVV. Processors can be service providers such as hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.
To make the terminology easier to understand, here is an overview of the three roles in the GDPR: data subject (you as a customer or interested party) → person responsible (we as a company and client) → processor (service providers such as web hosts or cloud providers)
The contract must contain the following:
- Binding to us as the responsible party
- Controller's Obligations and Rights
- Categories of data subjects
- Type of personal data
- Type and purpose of data processing
- Subject and duration of the data processing
- Place of implementation of the data processing
- to ensure data security measures
- take possible technical and organizational measures to protect the rights of the data subject
- to keep a data processing directory
- to cooperate with the data protection supervisory authority upon request
- carry out a risk analysis in relation to the personal data received
- Sub-processors may only be commissioned with the written consent of the person responsible
Data subject rights
In accordance with Articles 13 and 14 GDPR, we inform you about the following rights to which you are entitled so that data is processed fairly and transparently:
According to Article 15 GDPR, you have a right to information as to whether we are processing your data. If this is the case, you have the right to receive a copy of the data and to be informed of the following information:
- for what purpose we carry out the processing;
- the categories, ie the types of data being processed;
- who receives this data and if the data is transferred to third countries, how security can be guaranteed;
- how long the data will be stored;
- the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
- that you can complain to a supervisory authority (links to these authorities can be found below);
- the origin of the data if we did not collect it from you;
- whether profiling is carried out, i.e. whether data is automatically evaluated in order to create a personal profile for you.
According to Article 16 GDPR, you have the right to have the data corrected, which means that we must correct data if you find any errors.
According to Article 17 GDPR, you have the right to erasure ("right to be forgotten"), which specifically means that you can request the erasure of your data.
According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.According to Article 20 GDPR, you have the right to data portability, which means that we can provide you with your data in a common format upon request.
According to Article 21 GDPR, you have a right of objection, which, after enforcement, will result in a change in processing.
- If the processing of your data is based on Art. 6 Para. 1 lit. e (public interest, exercise of official authority) or Art. 6 Para. 1 lit. f (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
- If data is used for direct advertising, you can object to this type of data processing at any time. We may no longer use your data for direct marketing after this.
- If data is used to operate profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling after this.
According to Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g. profiling).
According to Article 77 GDPR, you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.
If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. In Germany there is a data protection officer for each federal state. The following local data protection authority is responsible for us:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Address: Lautenschlagerstrasse 20, 70173 Stuttgart
Telephone number: 07 11/61 55 41-0
Email address: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de/