Privacy

Thank you for visiting our website and for your interest in our company and products. The protection of your personal data is very important to us. ACTICO GmbH (hereinafter referred to as “ACTICO”, “we” or “us” attaches great importance to the security of user data and compliance with data protection regulations.

Table of contents

  1. Definition of terms
  2. Principles behind the collection and processing of personal data
  3. Processing of personal data
    1. Automated data processing
    2. Cookie-based services
    3. Google services
    4. Tracking and analytics tools
    5. Social media
    6. Advertising and marketing tools
    7. Accessories and other plug-ins
    8. Our services
  4. Data transmissions
    1. Internal data transmission
    2. Transmission with the Group
    3. Transmission to third parties
    4. Transmission to a third country
    5. Transmission to international organizations
  5. Automated decision-making, including profiling
  6. Retention period
  7. Technical security
  8. Legal basis for processing
  9. Infromation realting to minors
  10. Rights of data subjects
  11. Revocation of your consent to data processing
  12. External links
  13. Changes to our privacy policy
  14. Contact details of data controller and external data protection officer

1. Definition of Terms

The terms used in this privacy policy should be understood according to their legal definition as set out in Article 4 of the General Data Protection Regulation (GDPR).

 

2. Principles behind the collection and processing of personal data

You can visit our website without actively disclosing any personal data. However, it may be necessary to process your personal data if you wish to use specific services that our company provides via our website. If we need to process your personal data and there is no legal basis for such processing, we will always ask for your consent.

 

3. Processing of Personal Data

3.1 Automated Data Processing

You can visit our site without actively providing any personal information. However, we automatically save access data (server log files) such as the name of your internet service provider, the operating system you are using, the website from which you are visiting us, the date and duration of your visit, the name of the requested file, and your computer’s IP address for 7 days. This is done for security reasons, for example to recognize attacks on our website.  We only use this data to help us improve our service, and it cannot be traced back to you individually. We do not combine this data with other data sources. The legal basis for the data processing is Art. 6 para. 1 (f) GDPR. We process and use your data for the following purposes: 1. To provide the ACTICO website, 2. To improve our websites, and 3. To prevent and detect errors and malfunctions and any misuse of our websites. This kind of data processing is either for the purpose of fulfilling the contract on the use of ACTICO’s website or because we are pursuing a legitimate interest in ensuring the functionality and error-free operation of ACTICO’s website and adapting it to the requirements of its users.

3.2 Cookie-based Services

We use cookies on our websites in order to make your visit to our website more attractive and enable you to use certain functions. The use of cookies serves our legitimate interest in making your visit to our website as pleasant as possible in line with Art. 6 para. 1 (f) GDPR. Cookies are a standard internet technology for storing and retrieving login and other usage information relating to all ACTICO website users. Cookies are small text files that are placed on your device. Among other things, they enable us to store user settings so that our website can be displayed in a format tailored to your device.  Some of the cookies we use are deleted when you shut down your browser (known as session cookies). Other cookies remain on your device so that we or our partners can recognize your browser when you next visit (known as persistent cookies).

You can manage your cookie settings in your browser. You can decide whether to accept each one individually, accept only certain cookies, or accept them all. You can also delete cookies retrospectively in order to remove data that websites have stored on your computer. Disabling cookies may mean you are unable to use all the functions of the ACTICO website.

Disabling or removing cookies (opt out)

Web browsers provide options for restricting or deleting cookies. For more information, visit the following websites:

3.3 Google Services

We use cookie-based Google programs to make your visit to our website more pleasant and make it easier to use some of its functions. Use of these Google programs serves our legitimate interest in accordance with Art. 6 para. 1 (f) GDPR as it allows us to ensure your visit to our website is clear, uncomplicated and as pleasant as possible.

Google’s privacy policy can be found at https://policies.google.com/privacy?hl=en.

3.3.1 Google Analytics

This website uses functions of the Google Analytics web analytics service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google). Google Analytics uses cookies: text files that are stored on your computer in order to analyse how you use our website. The information generated by the cookie concerning your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. Google uses this information to evaluate your use of the website, compile reports on website activity for the website operators and provide other services related to website activity and internet use. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

Disabling cookies

You can disable cookies by adjusting your browser settings, but this may mean you cannot use all the functions of this website. By using this website, you consent to the processing of the data collected about you by Google in the manner and for the purposes set out above.

Objecting to data collection

If you do not want Google to receive data from your browser when you visit our website, please follow the link to Google’s opt-out: http://tools.google.com/dlpage/gaoptout?hl=de.

This plug-in prevents your browser from requesting the analytics code, so Google does not receive any data when you access the website. This plug-in is only available for Microsoft Internet Explorer 11, Google Chrome, Mozilla Firefox, Apple Safari and Opera. According to Google, installing this plug-in means your browser blocks the Google Analytics script. For more information on terms of use and data privacy, please visit https://www.google.com/analytics/terms/us.html and https://policies.google.com/privacy?hl=en.

Data retention

With the help of Google Analytics’ data retention controls, we have set the amount of time that data is retained at user and event level before it is automatically deleted from the Analytics servers. We have set the following retention periods: 50 months

IP anonymization

Please note that we have extended Google Analytics with the code “gat.anonymizeIp” on this website so that your IP address is concealed (IP masking). This means that Google will truncate your IP address within European Union Member States and other signatory states to the Agreement on the European Economic Area prior to transmission to the United States.

Demographic characteristics of Google Analytics

This website uses the Google Analytics “Demographics” function. This makes it possible to create reports with information on the age, gender, and interests of website visitors. This data comes from interest-related advertising by Google and from visitor data from third parties. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described under “Objecting to data collection”.

3.3.2 Google Remarketing

This website uses Google Remarketing technology. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google). This technology allows us to re-target visitors to our website through targeted advertising on websites of the Google advertising network. This advertising is displayed through the use of cookies.

Cookies are placed on your computer, and these allow third parties, including Google, to record which of our websites were visited from your browser. Based on this information, our ads may be displayed at a later date when you visit other websites, for example as part of a Google search or on websites that are part of the Google network. For more information about Google’s privacy practices and how remarketing works, please visit: https://policies.google.com/privacy?hl=en. You can also disable cookies by adjusting your browser settings and/or opt out of your data being collected as part of Google Remarketing here: https://policies.google.com/technologies/ads?hl=en.

3.3.3 Google Ads Conversion Tracking (formerly Google AdWords)

Our website uses Google Ads conversion tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google).  A cookie is placed on your computer (“conversion cookie”) if you have reached our website via a Google advertisement. These cookies expire after 30 days and are not used for the purposes of personal identification. If you visit certain of our web pages and the cookie has not yet expired, we and Google can identify that someone has clicked on the ad and has been forwarded to our website in this way. Every Google Ads customer receives a different cookie, so cookies cannot be traced via the websites of Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Ads customers can see the total number of users who clicked on their ad and were redirected to a website with a conversion tracking tag.  However, they do not receive any information that allows users to be identified.

If you prefer not to participate in tracking, you can prevent cookies being installed by adjusting your browser settings (disable cookies option). You will then no longer be included in conversion tracking statistics. For more information about terms of use and data protection please visit: https://policies.google.com/privacy?hl=en.

3.3.4 Google Tag Manager

This website uses Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google). This service allows website tags to be managed via an interface. Google Tag Manager only implements tags. This means that no cookies are used and no personal data collected. Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If a deactivation has been executed at domain or cookie level, it will remain valid for all tracking tags, provided they have been implemented with Google Tag Manager.

For more details, visit the Google data privacy centre: https://policies.google.com/privacy?hl=en.

3.4 Tracking and Analytics Tools

3.4.1 Hotjar

Our website uses Hotjar, a web analytics tool provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta (hereinafter referred to as Hotjar). Hotjar is used to pseudonymize interactions between randomly selected individual users and the website. This creates a log of mouse movements and clicks, for example with the aim of highlighting possible improvements to the website in question. It also evaluates information on the operating system, browser, incoming and outgoing links, geographical origin, resolution and type of device for statistical purposes.  This information helps us to continuously improve our website and adapt it to the needs of our visitors. This is deemed to be a legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR.

The information generated by the tracking code and cookie about the user’s visit to the ACTICO website is transmitted to and stored on the Hotjar servers in Ireland. This data is not assigned to an individual and Hotjar does not share it with third parties. If you do not want this information to be collected, you can disable it on all websites that use Hotjar via the Do Not Track header in your browser. Information on this opt-out option can be found here: https://www.hotjar.com/legal/compliance/opt-out

For more information on Hotjar, visit: https://www.hotjar.com/ Hotjar’s privacy policy can be found at https://www.hotjar.com/legal/policies/privacy.

3.5 Social Media

3.5.1 Our Social Media Presence

We have a presence on several social media platforms, for example through fan pages. This allows us to provide information about ACTICO and to get in touch with you.  Please note that we have no influence over how your personal data is used on these platforms. Only the operator of each platform has full knowledge of the content of the transmitted data and its use.

As a rule, cookies are stored in your browser when you visit a social media platform.

This can occur even if you are not a member of that particular platform. We have no knowledge of whether your data is transferred outside the European Economic Area.

Any processing of personal data carried out by us on social media platforms is on the basis of Art. 6 para. 1 (f) GDPR. Our legitimate interest is based on presenting ACTICO to the outside world in a variety of ways and using the opportunity to communicate with our customers as effectively as possible.

The legal basis may also constitute your consent to data processing pursuant to Art. 6 para. 1 (a) GDPR if you have previously given this to the operator of the social media platform.

The privacy policies of the respective operators provide detailed information about how they process your data, how you can object to the processing of your data, your rights with regard to your data, and other specific information:

Facebook

Supplier: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy: https://www.facebook.com/about/privacy/

Cookie information: https://www.facebook.com/policies/cookies/

Specific information about Facebook fan pages: When you visit our Facebook fan page, Facebook processes your personal data (Facebook Insights). This data is transmitted to us anonymously by Facebook as part of Facebook Insights. This anonymous data comprises statistical data about our fan page subscribers.

In addition, Facebook provides us with profile information when you interact with us or our page, such as linking or commenting on posts, writing to us via Facebook, or following our page.

LinkedIn

Supplier: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy policy: https://www.linkedin.com/legal/privacy-policy

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Specific information about LinkedIn company pages: When you visit our LinkedIn business page, LinkedIn processes your personal data. This data is transmitted to us anonymously by LinkedIn as part of LinkedIn Analytics. This anonymous data comprises statistical data on our followers.

In addition, LinkedIn provides us with your profile name when you interact with us or our page, such as linking or commenting on posts or following our page.

Twitter

Supplier: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Privacy policy: https://twitter.com/privacy?lang=de

Opt-Out: https://twitter.com/personalization

Specific information about Twitter business profile: When you visit our Twitter business profile, Twitter collects your personal data. This data is transmitted to us anonymously by Twitter as part of Twitter Analytics. This anonymous data comprises statistical data on our followers.

In addition, Twitter shares your profile name with us when you interact with us, our profile, or our tweets, for example by linking, retweeting, replying to, or following our page.

Xing

Supplier: XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany

Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

Specific information about Xing’s business profile: When you visit our Xing business profile, Xing collects your personal data.

In addition, Xing shares your profile name with us when you interact with us or our profile, such as linking or commenting on posts or following our page.

Kununu

Supplier: Kununu GmbH, Neutorgasse 4-8, Top 3.02, A – 1010 Vienna

Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

Specific information about kununu business profile: When you visit our kununu business profile, kununu collects your personal data.

In addition, kununu shares your profile name with us when you interact with us or our profile, such as linking or commenting on posts or following our page.

YouTube

Supplier: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy: https://policies.google.com/privacy?hl=en

Cookie information: https://policies.google.com/technologies/ads?hl=en

Opt-Out: https://adssettings.google.com/anonymous?hl=en&sig=ACi0TCiJxXvvKBloi2agYqXUJ4wynvlJklYAPsz_wOZwSUspvMZl4kBzJhFORHem0ERdQR1S2YqYpM9z1j8524iEylUKxtZ5IQ

Specific information about YouTube accounts or channels: When you visit our YouTube channel, YouTube collects your personal data. This data is transmitted to us anonymously by YouTube as part of YouTube STUDIO usage. This anonymous data comprises statistical data about our channel subscribers.

In addition, YouTube shares the username of your Google+ profile with us when you interact with us or our channel, such as linking or commenting on videos or subscribing to our channel.

3.5.2 Social Media Plug-Ins

3.5.2.1 Facebook Plug-In

Facebook contents and functions are embedded in our website in the form of a social media plug-in provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Facebook). We use these services on the basis of Art. 6 para. 1 (f) GDPR, as we have a legitimate interest in disseminating and increasing the awareness of our online presence.

For example, content such as photos, videos, texts and buttons that you can use to share content within the social media platform may be embedded in our website. You can view a list of plug-ins and what they look like at https://developers.facebook.com/docs/plugins/.

Facebook is certified as part of the Privacy Shield agreement. In this way, Facebook offers a guarantee in the sense of Art. 44 ff. GDPR in order to comply with European data protection standards.

The embedded plug-in informs Facebook that you have visited the corresponding page on our website. It receives this information regardless of whether or not you are a Facebook member. If you are logged in to Facebook at the same time as you visit our website, Facebook can assign this visit to your account. If you prefer to avoid this, you need to log out of Facebook and delete its cookies before visiting our website. If users interact with the plug-in, for example by pressing the Like button or making a comment, the corresponding information is transferred directly from your device to Facebook and stored there.

More information about the purpose and scope of data collection, its further processing and use, setting options (such as the use of your data for advertising purposes) and your rights with regard to processing is provided by Facebook’s data policy at: http://www.facebook.com/policy.php. You can find your settings at https://www.facebook.com/settings?tab=ads

3.5.2.2 Twitter

Our website uses functions and contents provided by Twitter, a service operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter Twitter). We use these services on the basis of Art. 6 para. 1 (f) GDPR, as we have a legitimate interest in disseminating and increasing the awareness of our online presence. For example, content such as photos, videos, texts and buttons that you can use to share content within the social media platform may be embedded in our website. If you are a Twitter member , Twitter can assign your visit to our website to your user profile. Twitter’s privacy policy can be found at https://twitter.com/privacy

Opt-out: https://twitter.com/personalization

3.5.2.3 YouTube

Our website features videos from YouTube, a platform operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter Google).

We use these services on the basis of Art. 6 para. 1 (f) GDPR, as we have a legitimate interest in disseminating and increasing the awareness of our online presence. If you are logged in to your YouTube account when you play a video, YouTube can directly assign your surfing behaviour to your personal profile. This assignment occurs regardless of whether or not you click on the video. You can prevent this assignment by logging out of your YouTube account.

More information about how YouTube handles your data is available in YouTube’s privacy policy at: https://policies.google.com/privacy?hl=en.

3.6 Advertising and Marketing Tools

3.6.1 HubSpot

We use the HubSpot service on our website. The provider is HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. We use web beacons and cookies to monitor your activity on our website for the purpose of web analytics and to improve our service. The function of cookies is described above. They allow HubSpot to collect and evaluate data such as IP address, geographical location, browser type, duration of visit and subpages accessed. Using this data, HubSpot generates a report about your visit. If you wish to prevent HubSpot collecting your data, you can disable cookies at any time by adjusting your browser settings. For more information on the cookies used by HubSpot, please visit: https://knowledge.hubspot.com/articles/kcs_article/account/hubspot-cookie-security-and-privacy and on tracking using web beacons and your right of objection at https://legal.hubspot.com/cookie-policy.

Our use of this tracking tool is based on our legitimate interest in running our business and optimizing our website in the sense of Art. 6 para 1. (f) GDPR.

For more information about Hubspot’s data privacy policy, please visit: https://legal.hubspot.com/dpa.

HubSpot is certified in the framework of the EU-U.S. Privacy Shield.

3.6.2 LinkedIn Ads

Our website uses LinkedIn’s online market tool LinkedIn Ads. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland (hereinafter LinkedIn).

The use of LinkedIn Ads as a marketing and optimization tool allows us to analyze user activity on our website in order to systematically improve its functions and offers and enhance the user experience. For this purpose, LinkedIn stores data about user behaviour via cookies on our website. You can prevent LinkedIn storing your data on the following websites via an opt-out cookie:

https://www.linkedin.com/psettings/guest-controls

http://optout.aboutads.info/?c=2#!/

http://www.youronlinechoices.com/uk/your-ad-choices

Our use of the online marketing tool is based on our legitimate interest in the economic operation of our online marketing offer within the meaning of Art. 6 para. 1 (f) GDPR.

For more information on LinkedIn’s privacy policy, please visit https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified in the framework of the EU-U.S. Privacy Shield.

3.6.3 Twitter Ads

Our website uses the Twitter Ads online marketing tool. The provider is Twitter International Company, One Cumberland Place, Fenjan Street, Dublin 2, D02 AX07 Ireland (hereinafter Twitter).

The use of Twitter Ads as a marketing and optimization tool allows us to analyze user activity on our website in order to systematically improve its functions and offers and enhance the user experience. For this purpose, Twitter stores data about user behaviour via cookies on our website. You can prevent Twitter storing your data on the following websites via an opt-out cookie:

https://twitter.com/personalization

http://optout.aboutads.info/?c=2#!/

Our use of the online marketing tool is based on our legitimate interest in the economic operation of our online marketing offer within the meaning of Art. 6 para. 1 (f) GDPR.

For more information on Twitter’s privacy policy, please visit: https://twitter.com/en/privacy. Twitter is certified in the framework of the EU-U.S. Privacy Shield.

3.7 Accessories and Other Plug-Ins

3.7.1 Shariff

Our website uses the Shariff extension provided by GitHub, Inc. 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA (hereinafter Shariff). Shariff helps us to ensure that social media buttons are embedded in our website using an HTML link in accordance with data protection regulations. Plug-ins provided by social networks usually transmit personal data to the social media operator as soon as the visitor accesses the website in which it is embedded. However, the use of Shariff means that personal data is only transferred when you actively operate the plug-in. Therefore, we use Shariff to protect your personal data while at the same time using social media plug-ins that comply with data protection regulations.

More information on the function and use of Shariff is available in the computer magazine c´t  at www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.html. GitHub’s privacy policy can be viewed at: https://help.github.com/articles/github-privacy-statement/

3.8 Our Services

3.8.1 HubSpot Contact Form

Our website uses online marketing components from HubSpot. The provider is HubSpot Inc, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland (hereinafter HubSpot).

HubSpot enables us to provide and process data that you voluntarily make available to us as part of our online marketing presence. This data comprises contact data (first name, last name, company, e-mail address). This data is stored on the HubSpot Inc. servers and we can use it to contact you by e-mail, provided that you have given your consent.

We store the data that you enter in the contact form until you request us to delete it, revoke your consent to its storage, or until the reason for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory requirements – particularly retention periods – remain unaffected.

Storage of the data by HubSpot is based on the consent of the user within the meaning of Art. 6 para. 1 (a) GDPR.

For more information on HubSpot’s data privacy policy, please visit: https://legal.hubspot.com/dpa. HubSpot is certified in the framework of the EU-U.S. Privacy Shield.

3.8.2 E-mail Contact

If you send us an enquiry or information by e-mail, your details (e-mail address, content of your e-mail, subject of your e-mail and date/time) including the contact data that you provide in it (first name, last name, telephone number if applicable, address) will be stored by us for the purpose of processing the enquiry and any follow-up questions. We do not disclose this data without your consent. The legal basis for the collection and processing of the data is Art. 6 para. 1 (a) GDPR.

Please note that e-mail transmission may entail the contents being read or changed by third parties without authority or without being noticed. ACTICO uses software to filter unwanted e-mails (spam filter). The spam filter may block e-mails that have been falsely identified as spam.

We store the data that you enter until you request us to delete it, revoke your consent to its storage, or until the reason for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory requirements – particularly retention periods – remain unaffected.

3.8.3 Subscribing to Our Newsletter

Our website gives you the option of subscribing to our company newsletter. This is a way of keeping our customers and business partners up to date on our products on services. If you wish to subscribe, you have to provide us with a valid e-mail address. We do not collect any additional data, or if so, this done on a strictly voluntary basis. For legal reasons, we use the double opt-in process. This involves sending a confirmation e-mail to the e-mail address that you have provided before dispatching your first newsletter. We use this data exclusively for sending the newsletter and do not disclose it to third parties. The legal basis for the collection and processing of the data is Art. 6 para. 1 (a) GDPR.

When you subscribe to the newsletter, we also store the IP address assigned by the internet service provider to your computer system at the time of registration, along with the date and time. The collection of this data is required in order to trace any potential misuse of the subscriber’s e-mail address at a later stage, and therefore acts as a safeguard for us.

You may revoke the consent that is granted for the storage of your data, e-mail address and their use for dispatching the newsletter at any time via the Unsubscribe link in each newsletter. Alternatively, please feel free to e-mail your unsubscribe request to info@actico.com at any time. The lawfulness of the data processing actions that have already taken place is not affected by the cancellation. Your personal data will be deleted when you cancel your subscription. Unsubscribing from the newsletter is interpreted as automatic cancellation.

3.8.4 Careers Section / Online Applications

Our website invites you to visit the careers section and/or submit applications by e-mail. Applicants’ personal data (master data, contact details, attachments such as cover letters, resumes, references, etc.) is collected and processed for the purposes of the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant sends corresponding application documents to the data controller, for example by e-mail or via a web form on the website. If the data controller agrees an employment contract with an applicant, the data that has been transmitted is stored for the purpose of processing the employment relationship in accordance with the statutory provisions.  If the data controller does not agree a contract of employment with the candidate, the application documents are automatically deleted six months after notifying the applicant of the rejection, provided that other legitimate interests of the data controller do not override this deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under Germany’s General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz – AGG).  The legal basis for the collection and processing of the data is § 26 para. 8 p. 2, para. 1 of Germany’s Federal Data Protection Act (Bundesdatenschutzgesetz/ BDSG) in conjunction with Art. 6 para. 1 (b) GDPR.

Applicant Pool

The online application allows you to give your express consent to us storing and using your data beyond the period of the current application procedure. This consent means we can tell you about new job advertisements or vacancies that may be of interest to you. The legal basis for the collection and processing of your data in this case is § 26 para. 2 BDSG in conjunction with Art. 6 para. 1 (a) GDPR.

3.8.5 Event Registration

Our website provides an online registration facility. We store the data provided in the registration form (e.g. type of event) including the contact details you enter (e.g. first name, last name, postcode, street and house number, city and e-mail address) for the purpose of processing the event registration and handling potential queries. The legal basis for the collection and processing of this data is Art. 6 para. 1 (a) GDPR.

We retain the data that you enter when registering for an event until you request us to delete it, revoke your consent to its storage, or until the reason for storing the data no longer applies (e.g. once the event is over). Mandatory statutory requirements – particularly retention periods – remain unaffected.

3.8.6 Information Material (Brochures, Magazines, Price Lists etc.)

Our website allows you to request information about our products and services by filling out an online form.

We store the data that you enter in the form, including your contact details (title, first name, last name, company, address, telephone number and e-mail) for the purpose of processing your request and handling follow-up questions. It is also forwarded to the order processor charged by us to dispatch the information materials. The legal basis for the collection and processing of this data is Art. 6 para. 1 (a) GDPR.

We retain the data that you enter in the online form until you request us to delete it, revoke your consent to its storage, or until the reason for storing the data no longer applies (e.g. after the information material has been dispatched to you). Mandatory statutory requirements – particularly retention periods – remain unaffected.

 

4. Data Transmission

4.1 Internal Data Transmission

We transfer your data internally to the Administration and HR departments in order to fulfil our contractual or legal obligations. Data transmission or disclosure of your data only occurs to the extent necessary for this purpose and in accordance with relevant data protection regulations.

4.2 Transmission within the Group

ACTICO is a globally active company headquartered in Germany. The data that you send to us is stored in our central customer database in Germany and disclosed within the Group for administrative purposes. The exchange of data within the Group occurs in order to execute a contract or as a condition of use of its websites. There may also be an interest in disclosing this data for internal, administrative purposes. Should the processing of your data take place outside the European Economic Area (EEA), this will be done in compliance with all applicable data protection laws and, in particular, in accordance with the provisions of Art. 44 f. GDPR.

4.3 Transmission to Third Parties

Please note that the provision of certain personal data is required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on contracting party). When entering into a contract, it is sometimes necessary for the person involved to provide us with personal data, which we subsequently have to process. For example, you may need to provide us with personal data if our company enters into a contract with you. Failure to provide this personal data would make it impossible to enter into the contract.

Should the processing of your data take place outside the EEA, this will be done in compliance with all applicable data protection laws and, in particular, in accordance with the provisions of Art. 44 f. GDPR.

4.4 Transmission to a Third Country

We transmit your data to countries outside the EEA (known as third countries) on the basis of the aforementioned purposes (transmission Group-wide and transmission to third parties). We only transmit your data in order to fulfil our contractual and legal obligations or on the basis of your consent. This transmission also complies with all applicable data protection laws and, in particular, in accordance with the provisions of Art. 44 f. GDPR. More specifically, this is either on the basis of adequacy decisions taken by the European Commission or on the basis of certain guarantees (e.g. standard data protection clauses, etc.).

4.5 Transmission to International Organizations

We do not transmit data to international organizations.

 

5. Automated Decision-Making, Including Profiling

Some of your data is processed automatically in order to analyze certain aspects (profiling). We use profiling in the following cases:

  • Where we are obliged by law to combat money laundering and fraud. This also involves data analytics (e.g. in payment transactions). These measures also serve to protect you.
  • We use data analytics tools in order to provide you with targeted product information and advice. These allow us to provide personalized communication and targeted advertising, including market and opinion research.
  • We use credit scoring to assess creditworthiness. This calculates the probability of customers fulfilling their payment obligations in accordance with the terms of the contract. The calculation might include factors like income, expenditure, existing liabilities, occupation, length of employment, experience from previous business relationships, contractual repayment of previous loans and information provided by credit reporting agencies. The scoring is based on a proven and recognized statistical procedure. The credit scores help us to make decisions and are incorporated into our risk management procedures.

Any data subject who is subject to the processing of personal data shall have the right, as granted by the European regulatory authorities, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects upon him or her or significantly affects him or her in a similar way, unless the decision is (1) necessary for the performance of or entering into a contract or (2) authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or (3) is based on the data subject’s explicit consent.

 

6. Retention Period

As a general rule, we store your data for as long as it is necessary for the provision of our services or insofar as this has been stipulated by the European regulatory authorities or other legislative body responsible for regulating the data processor.  In all other cases, we delete your personal data after the purpose has been fulfilled, with the exception of data that we are obliged to retain in order to meet our legal obligations (e.g. retention periods stipulated in tax law or commercial law, which oblige us to store documents such as contracts and invoices for a specific period).

 

7. Technical Security

ACTICO uses technical and organizational security measures to protect the data that we administer against accidental or malicious manipulation, loss, destruction or access by unauthorized persons.  We continuously enhance our security measures in line with the latest technological advances.

To maintain security and protect the transmission of confidential content, such as your requests to us as the website operator, this site uses SSL (Secure Socket Layer) encryption in conjunction with the highest level of encryption supported by your browser. This is normally 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website has been transmitted in encrypted form by the fact that the browser’s address bar changes from “http://” to “https://” and displays a padlock icon.

When SSL encryption is activated, the data you transmit to us cannot be read by third parties.

We would like to point out that data transmission over the internet (e.g. when communicating via email) can have security gaps.  It is not possible to completely protect data from unauthorized access by third parties.

 

8. Legal Basis for Data Protection

Our legal basis for data processing activities for which we have obtained consent for a specific processing purpose is Art. 6 para. 1 (a) GDPR.

If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing activities that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 (1) (b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of inquiries about our products or services.

If we are subject to a legal obligation which makes the processing of personal data necessary, for example in order to fulfil tax regulations, the processing is based on Art. 6 para. 1 (c) GDPR.

If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, the processing is based on Art. 6 para. 1 (d) GDPR.

Finally, processing operations may be based on Art. 6 para. 1 (f) GDPR. Processing activities are based on this legal foundation if the processing is necessary to safeguard our legitimate interest or that of a third party, provided that the interests, fundamental rights and basic freedoms of the data subject do not prevail.

 

9. Information relating to Minors

This online service is not intended for minors under the age of 16. Persons under the age of 16 may not transmit any personal data to ACTICO without the consent of their parent or legal guardian.

 

10. Rights of Data Subjects

Pursuant to Art. 15 GDPR, you have the right to request confirmation as to whether or not we are processing data concerning you. You have the right to request information about this data and other data as listed in Art. 15 para. 1 GDPR, and to obtain a copy of your data.

Pursuant to Art. 16 GDPR, you have the right to request the rectification or completion of data concerning you and processed by us.

Pursuant to Art. 17 GDPR you have the right to demand the immediate erasure of data concerning you. Alternatively, you can request us to restrict the processing of your data in accordance with Art. 18 GDPR.

Pursuant to Art. 20 GDPR, you have the right to receive the data you transmitted to us and also to request its transmission to another controller.

You also have the right to lodge a complaint with the relevant supervisory authority in accordance with Art. 77 GDPR.

 

11. Revocation of your Consent to Data Processing

Some data processing operations are only possible with your express consent. You can revoke your consent at any time. Simply send an informal e-mail message to datenschutz@actico.com. The lawfulness of the data processing actions before the revocation is not affected by the revocation.

 

12. External Links

Our website contains links to the websites of other providers. Please note that we have no influence on the content of the linked websites and their providers’ compliance with data protection regulations.

 

13. Changes to our Privacy Policy

We reserve the right to modify this data privacy information at any time in the event of changes to our website and in compliance with the applicable data protection regulations in order to ensure that it fulfils the legal requirements.

 

14. Contact Details of Data Controller and External Data Protection Officer

Data Controller:

ACTICO GmbH
Ziegelei 5
88090 Immenstaad
Germany

Tel.: +49 7545 9338-0
E-mail: info@actico.com

 

External Data Protection Officer:

Deutsche Datenschutzkanzlei – Stefan Fischerkeller

Tel.: +49 7542 949 21 -1
E-mail: datenschutz@actico.com

Please note: Your enquiries will be treated confidentially and forwarded directly to the data protection officer.

 

This privacy statement has been prepared by the Deutsche Datenschutzkanzlei [German Data Protection Authority] Bodensee office