DATA PROTECTION DECLARATION

Welcome to our website and thank you for your interest in our company. We take the protection of your personal data extremely seriously. We process your data in compliance with the applicable statutory provisions on the protection of personal data, in particular the EU General Data Protection Regulation (GDPR) and the country-specific implementing legislation applicable to us. The purpose of this Data Protection Declaration is to provide you with comprehensive information about the processing of your personal data by ALRE-IT REGELTECHNIK GMBH and your rights in connection with the same.

For these purposes, personal data is any information that enables the identification of an individual. This includes in particular name, date of birth, address, telephone number, email address and your IP address. Data is anonymous when no personal reference to the user whatsoever can be established.

1. GENERAL

1.1 Controller and Data Protection Officer 

If you have any questions about this Data Protection Declaration, please contact:

ALRE-IT Regeltechnik GmbH
Richard-Tauber-Damm 10
12277 Berlin
Germany
Tel.: +49 (0) 30 399 84-0
Email: mail@alre.de 

Data protection contact
Email: datenschutz@alre.de
Data Protection Officer details
atarax GmbH & Co. KG Herzogenaurach
Email: datenschutz@atarax.de

1.2 Your rights as a data subject 

Firstly here, we would like to tell you about your rights as a data subject. These rights are set out in Articles 15–22 of the GDPR. They include:

• The right to access (Art. 15 GDPR),
• The right to erasure (Art. 17 GDPR),
• The right to rectification (Art. 16 GDPR),
• The right to data portability (Art. 20 GDPR),
• The right to restriction of processing (Art. 18 GDPR),
• The right to object to the processing of your data (Art. 21 GDPR).

To assert these rights, please contact: datenschutz@alre.de. The same applies if you have questions about data processing within our company or if you wish to revoke your previously granted consent. You also have the right to lodge a complaint with a data protection supervisory authority.

1.3 Right to object

Please note the following in connection with the right to object:

Where we process your personal data for direct marketing purposes, you are entitled to object to said processing at any time and without giving reasons for your decision. The same also applies to profiling where this is in connection with the direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes. The objection is free of charge and can be done in any form, where possible by contacting: datenschutz@alre.de

Where we process your data to safeguard legitimate interests, you may object to this processing at any time on grounds relating to your particular situation. This also applies to any profiling based on these provisions.

We will then no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing is to establish, exercise or defend legal claims.

1.4 Data processing purpose and legal basis 

When processing your personal data, we will comply with the provisions of the GDPR and all other applicable data protection legislation. The legal basis for the data processing arises in particular from Art. 6 GDPR.

We use your data for the initiation of business transactions, to fulfil contractual and legal obligations, to fulfil contractual relationships, to offer products and services, and to strengthen the customer relationship.

Your consent to data processing may also constitute an authorising instruction under data protection law. Before you grant your consent, we will inform you about the purpose of the data processing and about your right to revoke the same.

1.4.1 Disclosure to third parties

We will only disclose your data to third parties within the limits of the statutory provisions or with your corresponding consent. Otherwise, your data will not be disclosed to third parties except where we are compelled to so on the grounds of mandatory statutory provisions (disclosure to external bodies, e.g. supervisory authorities or law enforcement authorities). During visitor tracking with Matomo for our website, data will be uploaded locally on to alre’s web server. This data will not be transferred to third-party providers, e.g. Google Analytics.

1.4.2 Data recipients/recipient categories 

Within our company, we make sure that your data is only received by the people who need it to fulfil the contractual and legal obligations.

In particular, in certain cases IT service providers support our specialist departments to complete their tasks. The necessary data protection agreement has been concluded with all service providers.

1.4.3 Transfers to third countries/Intent to transfer to third countries 

Data will only be transmitted to third countries (countries outside the European Union and the European Economic Area) where this is necessary for fulfilment of the contractual relationship, where required by law, or where you have granted us your consent to the same.

We do not currently transfer your personal data to any service provider outside the European Economic Area.

1.5 Data storage period 

We store your data for as long as necessary to fulfil the respective purpose of the processing. Please note that numerous retention periods require data to continue to be stored beyond that time (mandatory retention). This relates in particular to retention obligations under commercial or tax law (e.g. German Commercial Code, German Tax Code, etc.). In the absence of any further retention obligations, the data will be routinely erased once the purpose has been fulfilled.

In addition, we may also retain your data if you have granted us consent to do so or where legal disputes arise and we are using evidence within the statutory limitation period, which can be up to thirty years. The standard limitation period is three years.

1.6 Secure transfers of your data 

To protect the data stored by us against accidental or deliberate manipulation, loss, destruction, or access by unauthorised persons, in the best way possible, we use appropriate technical and organisational security measures. The security levels are continually reviewed in collaboration with security experts and are adapted to the latest security standards.

Data exchanges from and to our website are always encrypted. We use HTTPS as the transfer protocol for our website, using the latest encryption protocols in each instance.

1.7 Obligation to provide data

Various personal data is necessary for the establishment, implementation and termination of the contractual relationship and to fulfil the contractual and statutory obligations associated with the same. The same applies to the use of our website and the various features it provides.

We have summarised the details of this for you in the paragraph above. In certain cases, data also needs to be collected or provided on the basis of statutory provisions. Please note that if you do not provide this data, it will not be possible to process your request or fulfil the underlying contractual relationship.

2. yOUR RIGHTS AS A DATA SUBJECT  

2.1 Data categories, sources and origin 

The data we process is determined by the context in each instance: This depends on whether you, for example, place an order online or submit a request via our contact form, whether your send us a job application or file a complaint.

Please note that we also provide information for special processing situations separately, in a suitable location, e.g. when uploading application documents or making a contact request.

2.2 Automated individual decisions

We do not use any purely automated processing processes to make decisions.

3. GENERAL INFORMATION

3.1 Right to object

Please note the following in connection with the right to object:

Where we process your personal data for direct marketing purposes, you are entitled to object to said processing at any time and without giving reasons for your decision. The same also applies to profiling where this is in connection with the direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes. The objection is free of charge and can be done in any form, where possible by contacting: datenschutz@alre.de

Where we process your data to safeguard legitimate interests, you may object to this processing at any time on grounds relating to your particular situation. This also applies to any profiling based on these provisions.

We will then no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing is to establish, exercise or defend legal claims.

3.2 Data processing purpose and legal basis 

When processing your personal data, we will comply with the provisions of the GDPR and all other applicable data protection legislation. The legal basis for the data processing arises in particular from Art. 6 GDPR.

We use your data for the initiation of business transactions, to fulfil contractual and legal obligations, to fulfil contractual relationships, to offer products and services, and to strengthen the customer relationship.

Your consent to data processing may also constitute an authorising instruction under data protection law. Before you grant your consent, we will inform you about the purpose of the data processing and about your right to revoke the same.

3.3 Disclosure to third parties

We will only disclose your data to third parties within the limits of the statutory provisions or with your corresponding consent. Otherwise, your data will not be disclosed to third parties except where we are compelled to so on the grounds of mandatory statutory provisions (disclosure to external bodies, e.g. supervisory authorities or law enforcement authorities). During visitor tracking with Matomo for our website, data will be uploaded locally on to alre’s web server. This data will not be transferred to third-party providers, e.g. Google Analytics.

3.4 Data recipients/recipient categories 

Within our company, we make sure that your data is only received by the people who need it to fulfil the contractual and legal obligations.

In particular, in certain cases IT service providers support our specialist departments to complete their tasks. The necessary data protection agreement has been concluded with all service providers.

3.5 Transfers to third countries/Intent to transfer to third countries 

Data will only be transmitted to third countries (countries outside the European Union and the European Economic Area) where this is necessary for fulfilment of the contractual relationship, where required by law, or where you have granted us your consent to the same.

We do not currently transfer your personal data to any service provider outside the European Economic Area.

3.6 Data storage period 

We store your data for as long as necessary to fulfil the respective purpose of the processing. Please note that numerous retention periods require data to continue to be stored beyond that time (mandatory retention). This relates in particular to retention obligations under commercial or tax law (e.g. German Commercial Code, German Tax Code, etc.). In the absence of any further retention obligations, the data will be routinely erased once the purpose has been fulfilled.

In addition, we may also retain your data if you have granted us consent to do so or where legal disputes arise and we are using evidence within the statutory limitation period, which can be up to thirty years. The standard limitation period is three years.

3.7 Secure transfers of your data 

To protect the data stored by us against accidental or deliberate manipulation, loss, destruction, or access by unauthorised persons, in the best way possible, we use appropriate technical and organisational security measures. The security levels are continually reviewed in collaboration with security experts and are adapted to the latest security standards.

Data exchanges from and to our website are always encrypted. We use HTTPS as the transfer protocol for our website, using the latest encryption protocols in each instance.

3.8 Obligation to provide data

Various personal data is necessary for the establishment, implementation and termination of the contractual relationship and to fulfil the contractual and statutory obligations associated with the same. The same applies to the use of our website and the various features it provides.

We have summarised the details of this for you in the paragraph above. In certain cases, data also needs to be collected or provided on the basis of statutory provisions. Please note that if you do not provide this data, it will not be possible to process your request or fulfil the underlying contractual relationship.

3.9 Data categories, sources and origin 

The data we process is determined by the context in each instance: This depends on whether you, for example, place an order online or submit a request via our contact form, whether your send us a job application or file a complaint.

Please note that we also provide information for special processing situations separately, in a suitable location, e.g. when uploading application documents or making a contact request.

3.10 Automated individual decisions

We do not use any purely automated processing processes to make decisions

4. SOCIAL MEDIA LINKS

On our website you will find links to the social media services Facebook, Instagram and LinkedIn. You will recognise the links to the social media service web pages from the respective company logos. Clicking these links will take you to our company’s page on the respective social media service. Clicking a link to a social media service establishes a connection to the servers of that social media service. Doing so tells the social media service server that you have visited our website. Other data is also transferred to the provider of the social media service. This may include, for example:

• Address of the website containing the activated link
• Date and time the website was visited or the link was activated
• Information about the browser and operating system used
• IP address

If you are already logged in to the social media service in question when you press the link, the social media service provider will be able to determine your user name and possibly even your real name from the data transmitted and link this information to your personal user account with the social media service. You can prevent this ability to link to your personal user account by logging out of your account beforehand.

The social media services use servers in the USA and other countries outside the European Union. The data may therefore also be processed by the providers of the social media services in countries outside the European Union. Please note that companies in such countries are subject to data protection legislation that does not generally offer the same level of protection for personal data as in the member states of the European Union.

Please note that we have no control over the extent, nature and purpose of the data processing by the social media service providers. For more information about how your data is used by the social media services embedded in our website, see the privacy policies of the respective social media services.

5. DATA COLLECTION AND USE

5.1 Cookies

5.2 Google Maps

We use Google Maps (API) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website. To ensure data protection, Google Maps is deactivated when you enter this website for the first time. A direct connection to the Google servers is only established if you have given your consent to Google Maps using our cookie banner (consent according to Art. 6 Para. 1 lit. a) EU GDPR). You can revoke your consent here at any time. This prevents your data from being transferred to Google the first time you enter the site.

After activation, Google Maps will save your IP address. This is then usually transferred to a Google server in the USA and stored there.

You can find additional information on handling user data in Google’s data protection declaration.

5.3 You Tube

We integrate the videos from the platform “YouTube” from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, into our online offering.

The videos were embedded in the extended data protection mode. According to the information provided by the YouTube platform, the cookie activity and the resulting data collection are only linked to the use of the playback function of the video itself.

By embedding the videos, data is always transferred to the server of the corresponding platform. These processing operations are based on your consent (Art. 6 Para. 1 lit. a) EU-DS-GVO), which you can revoke here at any time.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in Google’s privacy policy. There you will also find further information on your rights and setting options to protect your privacy.

5.4 Google Marketing Platform (before: Double Click)

Double Click (now: Google Marketing Platform) is Google’s advertising network. It is mainly
used to implement advertising with Google Ads but it is also used for other services such as YT and Google Maps.

The Alre homepage uses YouTube videos in the enhanced data protection mode to keep personal data
to a minimum. YouTube videos are also embedded on the b@home landing page.

After the video is played, a connection is established with Google’s servers which results, among other things, in a data transfer with the advertising network. Using Google Maps also gives rise to such a data transfer. Read Google’s Privacy Policy here on the use of Google’s services.

5.5 Google Analytics

We use Google Analytics to analyze website usage. The data obtained from this is used to optimize our website and advertising measures.

Google Analytics is a web analysis service operated and provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, United States). Google processes the website usage data on our behalf and is contractually obliged to take measures to guarantee the confidentiality of the processed data.

The following data, among other things, are recorded during your website visit:

• Pages accessed
• Achieving “website goals” (e.g. contact requests and newsletter registrations)
• Your behavior on the pages (e.g. clicks, scrolling behavior and length of stay)
• Your approximate location (country and city)
• Your IP address (in abbreviated form so that no clear assignment is possible)
• Technical information such as browser, internet provider, device and screen resolution
• Source of origin of your visit (i.e. via which website or which advertising material you came to us)
  This data is transmitted to a Google server in the USA.

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognized on future website visits.

The recorded data is saved together with the randomly generated user ID, which enables pseudonymous user profiles to be evaluated. This user-related data is automatically deleted after 14 months. Other data are stored indefinitely in aggregated form.

If you do not agree to the recording, you can prevent it by installing the browser add-on once to deactivate Google Analytics or by rejecting cookies via our cookie settings dialog.

5.6 Matomo analysis

This website uses Matomo, open-source software for the statistical analysis of visitor traffic. Matomo uses so-called “cookies”, text files stored on your computer which enable analysis of your use of the website. Information generated by the cookie relating to your use of this website is stored on the server of the provider, Alre-IT Regeltechnik GmbH. The IP address is anonymised after processing and before it is stored.

During visitor tracking with Matomo for the Alre homepage and the b@home landing page, the following data will be collected locally on alre’s web server:

• Anonymised IP addresses with the last 2 bytes removed (so, for example, 198.51.0.0 instead of 198.51.100.54)
• Pseudo-anonymised location (based on the anonymised IP address)
• Date and time
• Title of the page accessed
• URL of the page accessed
• URL of the previous page (if the page permits)
• Screen resolution
• Local time
• Files clicked and downloaded
• External links
• Page load time
• Country, region, town/city (low accuracy due to IP address)
• Main browser language
• Browser’s user agent
• Interaction with forms (but not their content)

You can prevent cookies from being installed with an appropriate setting in your browser software. Please note however that doing so may make you unable to use all functions of this website to their full extent.

Here you can decide whether or not a unique web analysis cookie can be placed in your browser to enable the website operator to collect and analyse various statistical data. If you wish to prevent this, click the following link to store the Matomo deactivation cookie in your browser.

5.7 Contact form/making contact by email (Art. 6(1)(a, b) GDPR)

Our b@home website contains a contact form which can be used to contact us electronically. When you write to us using the contact form, we process the data provided by you in the contact form to make contact with you and answer your questions and requests.

During the course of a contact request, we collect and process the following data:

• Name (first name/last name)
• Contact details (email)
• Subject
• Content of the request (optional)

The principle of data minimisation and data avoidance is complied with here, meaning that you only need to enter the data we need in order to contact you. This is your email address and the message field itself. Your IP address is also processed for technical reasons and for legal security. All other data fields are optional and can be specified (e.g. for a more relevant response to your enquiry) if desired.

We use appropriate security measures to protect the security and confidentiality of your data in the best possible way. Your request is submitted to us in encrypted form.

If you contact us by email, we will process the personal data provided in the email for the sole purpose of dealing with your enquiry

6. OUR SOCIAL MEDIA CHANNELS 

We maintain pages on the Facebook, Instagram, LinkedIn and YouTube social media channels. Insofar as we control the processing of your data, we will ensure compliance with the applicable data protection provisions.

Below you will find the key information regarding data protection legislation in respect of our pages.

Name and address of the organisation’s Data Controller

The Controller, as defined by the EU General Data Protection Regulation (EU GDPR) and other data protection provisions, for the company’s pages, in addition to ALRE-IT Regeltechnik GmbH is:

• Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
• Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
• LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
• YouTube (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)

You use these platforms and their functions at your own risk however. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, liking).

Please note that by doing so, your data may be processed outside the European Union region.

Purpose and legal basis

We maintain the fan pages ourselves in order to communicate with visitors to said pages and keep them informed in this manner about our products and services.

We also collect data for statistical purposes to further develop and optimise our content and to make our site more appealing. The data required for this (e.g. total number of page visits, page activities and data provided by the visitors, interactions) is prepared by the social networks and made available to us. We have no control over how such data is generated or displayed.

Furthermore, in addition to being processed by the social media providers, your personal data will also be processed by ALRE-IT Regeltechnik GmbH for market research and promotional purposes. It is therefore possible that, for example, usage profiles will be created based on your usage behaviour and the resulting interests. Among other things, these can be used to place advertisements that match your interests on and outside the platforms. Cookies are generally stored on your computer for this purpose. Irrespective of the foregoing, data that is not collected on your end devices directly may also be stored in your usage profiles. This storage and analysis is performed across multiple devices. This applies in particular, but not exclusively, when you are registered as a member and logged in to the respective platforms.

We do not collect and process any other personal data.

Your personal data is processed by ALRE-IT Regeltechnik GmbH on the basis of our legitimate interest in effective information and communication pursuant to Art. 6(1)(1f) of the EU GDPR.

Where you are asked to consent to the processing of your data, in other words where you declare your agreement by pressing a button or similar (opt-in), the legal basis for the processing is Art. 6(1)(1a) and Art. 7 of the EU GDPR.

Your rights/opt-out options

If you are a member of a social network and you do not want the network to receive data about you through our page and link it to your member data stored by the network in question, you must

• log out of the respective network before visiting our fan page,
• delete the existing cookies on your device and
• close and restart your browser.

Once you log back in again though, you will again be recognisable to the network as a particular user.

For a detailed description of the processing operations and opt-out options in each instance, see the information from the providers using the links below.

Facebook

• Data Policy:    https://www.facebook.com/about/privacy/
• Opt-out:          https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

Instagram

• Data Policy:    https://help.instagram.com/519522125107875
• Opt-out:          http://www.networkadvertising.org/managing/opt_out.asp and http://www.youronlinechoices.com

LinkedIn

• Privacy Policy:  https://www.linkedin.com/legal/privacy-policy
• Opt-out:             https://www.linkedin.com/legal/cookie-policy and http://www.youronlinechoices.com

YouTube

• Privacy Policy:  https://policies.google.com/privacy
• Opt-out:             https://tools.google.com/dlpage/gaoptout?hl=en-GB and http://www.youronlinechoices.com

In general, you have the following rights in respect of the processing of your personal data:

Right of access, right to rectification, right to erasure, right to restrict the processing, right to object, right to data portability and the right to lodge a complaint about unlawful processing of your data with the responsible data protection authority.

Since ALRE-IT Regeltechnik GmbH does not have full access to your personal data however, you should contact the social media providers directly when asserting your rights as they have access to your user’s personal data in each instance and can take appropriate measures and provide you with information.

If you still need help, we will of course try to assist. Please contact datenschutz@alre.de

7. DISCLAIMER – LINKS TO OTHER PROVIDERS 

Our website also contains links to the websites of other companies. Where links are provided to the websites of other providers, we have no influence over the content thereof. Therefore, we cannot accept any responsibility for, or offer any guarantee as to, their content. The provider or operator of such sites will always be responsible for the content of linked pages.

At the time of linking, the linked pages were checked for any possible legal violations and identifiable rights infringements. There was no evidence of illegal content at that time. Continual monitoring of the content of such linked sites is not reasonable without concrete evidence of a legal violation however. Should any legal violation come to our attention, the links in question will be removed immediately.