Privacy Policy: alfatec GmbH & Co. KG

Privacy policy

Last updated: March 25, 2024

Thank you for visiting our website and for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (GDPR) and the country-specific implementation laws applicable to us. This privacy policy provides you with comprehensive information about the processing of your personal data by alfatec and the rights to which you are entitled.

Personal data is information that enables a natural person to be identified. This includes, in particular, name, date of birth, address, telephone number, e-mail address, but also your IP address.

Anonymous data exists if no personal reference can be established.

Responsible body and data protection officer

alfatec GmbH & Co. KG
Meckenloher Str. 11
91126 Rednitzhembach
Germany

Tel: +49 9122 9796-0
Fax: +49 9122 9796-50

E-Mail: datenschutz@alfatec.de

Contact of the data protection officer:
datenschutz@alfatec.de

Rights of objection

Please note the following information on the right to object:

If we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling insofar as it is associated with direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is possible free of charge and informally, preferably by e-mail to: datenschutz@alfatec.de.

If we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Your rights as a data subject

First of all, we would like to inform you about your rights as a data subject. These rights are standardized in Art. 15 - 22 EU GDPR. This includes:

The right of access (Art. 15 GDPR),
The right to erasure (Art. 17 GDPR),
The right to rectification (Art. 16 GDPR),
The right to data portability (Art. 20 GDPR),
The right to restriction of data processing (Art. 18 GDPR),
The right to object to data processing (Art. 21 GDPR).

To assert these rights, please contact: datenschutz@alfatec.de. The same applies if you have any questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.

Purposes and legal basis of data processing

The processing of your personal data is carried out in accordance with the provisions of the GDPR and all other applicable data protection regulations. The legal basis for data processing arises in particular from Art. 6 GDPR.
We use your data to initiate business, to fulfill contractual and legal obligations, to process the contractual relationship, to offer products and services and to maintain the customer relationship, which may also include analyses for marketing purposes and direct advertising.

Your consent also constitutes permission under data protection law. We will inform you about the purposes of data processing and your right of withdrawal. If the consent also relates to the processing of special categories of personal data, we will expressly point this out to you in the consent.
Special categories of personal data within the meaning of Art. 9 para. 1 GDPR will only be processed if this is required by law and there is no reason to assume that you have an overriding legitimate interest in the exclusion of processing.

Disclosure to third parties

We only pass on your data to third parties within the framework of the statutory provisions or with your consent. Otherwise, your data will not be passed on to third parties unless we are obliged to do so due to mandatory legal regulations (disclosure to external bodies such as supervisory authorities or law enforcement agencies).

Recipients of the data

Within our company, we ensure that only those persons receive your data who need it to fulfill our contractual and legal obligations. In many cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection agreements have been concluded with all service providers. External service providers support us in the following areas:

Financial accounting
IT
File destruction
Data protection
Payroll accounting

Transfer to third countries

Data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary for the fulfillment of the contractual obligation or is required by law or if you have given your consent. Personal data will not be transferred to service providers or group companies outside the European Economic Area.

Secure transmission of your data

We use technical and organizational security measures to protect the data we manage against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security measures are constantly reviewed in cooperation with security experts and adapted to new security standards. Data exchange to and from our website is encrypted. We offer HTTPS as the transmission protocol for our website, always using the latest encryption protocols. In addition, we offer our users content encryption in the contact forms. This data can only be decrypted by us. It is also possible to use alternative communication channels (e.g. post, email or telephone).

Storage duration of the data

We store your data for as long as is necessary for the respective processing purpose. Please note that numerous retention periods (may) require further storage of the data. This applies in particular to retention obligations under commercial or tax law (e.g. German Commercial Code, German Fiscal Code, etc.). If there are no further retention obligations, the data will be routinely deleted once the purpose has been achieved. In addition, we may retain data if you have given us your consent to do so or in the event of legal disputes and the provision of evidence within the scope of the statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.

Data categories, sources and origin

Which data we process is determined by the respective context: it depends on whether you place an online order or enter an inquiry in our contact form, whether you send us an application or submit a complaint to us, for example. Please note that we may also provide information on certain processing situations separately in a suitable place, e.g. when uploading application documents or making a contact request.

For reasons of technical security (in particular to prevent attacks on our web server), this data is stored in accordance with Art. 6 para. 1 lit. GDPR. After 7 days at the latest, the IP address is anonymized by shortening it so that a reference to the user can no longer be established.

We collect and process the following data as part of a contact request

Surname, first name
Name of the company
Contact details
Zip code, city (optional)
Salutation (optional)
Information in the message field

We collect and process the following data for online applications:

Surname, first name
contact details
Curriculum vitae, cover letter, references
Information in the message field

Obligation to provide data

Various personal data is required for the establishment, execution and termination of the contractual relationship and the fulfillment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions offered there. We have summarized details on this for you under the above-mentioned point. In certain cases, data must also be collected or made available due to legal provisions. Please note that it is not possible to process your request or execute the underlying contractual relationship without providing this data.

Technologies on our site

Contact form and contact by e-mail

A contact form is available on our website for you to contact us electronically. If you write to us via the contact form, we will process the data you provide in the contact form to contact you and answer your questions and requests. In doing so, we observe the principle of data minimization and data avoidance in that you only have to provide the data that we absolutely need in order to be able to contact you. This is your e-mail address and the message field itself. In addition, your IP address is processed for technical reasons and for legal protection. All other information is voluntary and can be optional (e.g. to answer your questions more individually). If you contact us by e-mail, we process the personal data provided in the e-mail exclusively for the purpose of processing your request. If you do not use the forms provided to contact us, no further data will be collected.

Links to other providers

Our website also contains - as far as can be seen - links to websites of other providers. As far as links to websites of other providers are available, we have no influence on their contents. Therefore, we cannot assume any guarantee or liability for this third-party content. The respective provider or operator of the pages is always responsible for the content of the linked pages.

The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal content was not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete evidence of an infringement. If we become aware of any legal infringements, we will remove such links immediately.

Cookies

The Internet pages use so-called cookies. They serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved (locally) by your browser. Cookies only contain pseudonymous, usually even anonymous data. There are cookies that remain in place for the duration of a browser session (so-called session cookies) and those that are stored for longer periods (so-called persistent cookies, e.g. consent settings). The latter are automatically deleted after the specified time (usually 6 months). In addition to our own cookies, we also use cookies from third-party providers. These use the information contained in the cookies, e.g. to display content to you or to record the pages you have visited.

Due to our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), we use technically necessary cookies, which are absolutely necessary for the operation of the website and to ensure its functionality. In addition, we use cookies without your consent if their sole purpose is to store or access information stored in the terminal device for the transmission of messages or if this is absolutely necessary in order to provide the service you have expressly requested, § 25 para. 2 TTDSG.

Subject to your consent, other cookies are used that enable us or third parties to evaluate, for example, how our offers are used. This enables us to design the content according to user needs. Cookies also enable us to measure the effectiveness of a particular advertisement and to place it, for example, depending on the thematic interests of the user. The legal basis for this is your express consent (Art. 6 para. 1 sentence 1 lit. a GDPR, Section 25 para. 1 TDDSG).
You can revoke your consent at any time with effect for the future and change the cookie settings via our consent banner. Please note that changes must be made individually for each end device.
If you have accounts with the third-party providers we use and are logged in there, your data may be linked to the respective account. You can prevent such a combination by not giving or revoking your consent to the respective cookies or by logging out of the respective third-party providers beforehand.

Most browsers allow cookies automatically. You can also deactivate, restrict or delete cookies on your end device manually via your browser settings or with the help of software. If you deactivate the setting of cookies, you will not be able to use our website to its full extent or only to a limited extent.

CCM19 Consent Tool (Art. 6 para. 1 sentence 1 lit. c GDPR)

This website uses the CCM19 cookie consent technology to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection regulations. The provider of this technology is Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany.

CCM19 cookie consent technology is used to obtain the legally required consent to the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.

When you visit our website, a CCM19 cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the provider of the CCM19 cookie.

The data collected will be stored until you ask us to delete it, the CCM19 cookie itself deletes it after 1 year or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected by this.

Details on the data processing of the CCM19 cookie can be found in the privacy policy (ccm19.de).

Social media

On our website you will find links to our social media presences on LinkedIn, Instagram and Facebook. You can recognize the links to the social media sites by the respective company logo. If you follow this link, you will be taken to our company presence on the respective social media network. When you click on a link to a social media network, a connection is established to the servers of the respective social media network. This tells the social media network's servers that you have visited our website. In addition, further data is transmitted to the provider of the social media network. These are, for example

Address of the website on which the link you have accessed is located
Date and time of accessing the website or activating the link
Information about the browser and operating system used
IP address

Responsible body within the meaning of the EU General Data Protection Regulation

(GDPR) and other data protection regulations is, in addition to us

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
Facebook (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland)
Instagram (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland).

If you are already logged in to the respective social media network at the time you activate the link, the provider of the social media network can determine your user name and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media network. You can exclude this possibility of assignment to your personal user account by logging out of your user account beforehand.

The servers of the social media networks are located in the USA and other countries outside the European Union. The data may therefore also be processed by the provider of the social media network in countries outside the European Union. Please note that the companies in these countries are subject to data protection laws that generally do not protect personal data to the same extent as is the case in the member states of the European Union.

Please note that we have no influence on the scope, type and purpose of data processing by the provider of the social media network. For further information on the use of your data by the social media networks integrated on our website and on options to object, please refer to the information linked below:

LinkedIn privacy policy: https://de.linkedin.com/legal/privacy-policy
- Opt-out: https://de.linkedin.com/legal/cookie-policy
Facebook privacy policy: Datenschutz-Infos | Privacy Center | Verwalte deine Privatsphäre auf Facebook, auf Instagram und im Messenger | Facebook Privacy
- Opt-out: Cookie-Richtlinie von Meta | Privacy Center | Verwalte deine Privatsphäre auf Facebook, auf Instagram und im Messenger | Facebook Privacy
Instagram privacy policy: Meta | Privacy Center | Verwalte deine Privatsphäre auf Facebook, auf Instagram und im Messenger | Facebook Privacy
- Opt-out: Cookie-Richtlinie von Meta | Privacy Center | Verwalte deine Privatsphäre auf Facebook, auf Instagram und im Messenger | Facebook Privacy

You have the following rights in relation to the processing of your personal data:

Right of access; right to rectification; right to erasure; right to restriction of processing; right to object; right to data portability; right to lodge a complaint with the competent data protection authority regarding unlawful processing of your personal data.

However, as alfatec GmbH & Co. KG does not have full access to your personal data, you should contact the social media providers directly when asserting your rights, as they have access to the personal data of their users and can take appropriate measures and provide information.

Should you nevertheless require assistance, we will of course be happy to help you. Please contact [Datenschutz@alfatec.de].

Application form

On our website, you have the opportunity to find out about vacancies and apply online at the same time.

We only process the data you provide to us as part of an application for the purpose of and as part of the application process in accordance with the statutory provisions. If your application relates to a specific job advertisement, we will only process the data you provide for the purpose of processing it for this specific position. The processing of your applicant data is carried out to carry out pre-contractual measures at the request of an applicant in accordance with Art. 6 para. 1 lit. b GDPR.

After the end of the application process for a position, we will only process your application data if this is necessary in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests (e.g. to defend against unjustified claims) or if you have expressly consented to the processing of your application data for future job advertisements in accordance with Art. 6 para. 1 lit. a GDPR. The same applies to unsolicited applications after comparing your application requirements and your qualification profile with our job offers.

The mandatory applicant data is marked as such or can be found in the respective job description. In addition, applicants can voluntarily provide us with further information.

By submitting your application to us, you agree that we may process your data for the purpose of carrying out the application process in the manner and to the extent described in this privacy policy.

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are communicated as part of the application process, their processing is carried out in accordance with Art. 9 para. 2 lit. b GDPR (e.g. health data, such as severely disabled status) or on the basis of your consent in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data, insofar as this is necessary for the assessment of suitability for professional practice).

We would like to point out that the processing of special categories of personal data may entail increased risks for the rights and freedoms of the data subjects. Insofar as we process special categories of personal data, this is done exclusively for the purpose of assessing suitability to practise the profession and we will provide further information on this separately.

Data that you provide to us in an online form will be transmitted to us in encrypted form in accordance with the state of the art. You can also send us your application by e-mail. However, we would like to point out that e-mails are generally sent unencrypted and you must ensure that they are encrypted yourself in order to provide optimum protection.

The data provided by you may be further processed by us in the event of a successful application for the purposes of the employment relationship. Otherwise, if the application for a job advertisement is unsuccessful, the applicant data will be deleted after expiry of the statutory periods or, if you have expressly consented to longer-term storage for a specific purpose, after expiry of this period.

The deletion generally takes place after six months, unless you have agreed to a longer storage period in order to be able to answer any follow-up questions regarding the application and to comply with our obligations to provide evidence under the Equal Treatment Act. Invoices for any travel expense reimbursements are archived in accordance with tax law requirements.

Google Analytics (Art. 6 para. 1 sentence 1 lit. a GDPR, as well as § 25 para. 1 TTDSG)

This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a GDPR, as well as § 25 para. 1 TTDSG). Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. If IP anonymization is activated, your IP address will be shortened before transmission within the European Union or the European Economic Area. The unabridged transmission of the full IP address to Google only takes place in exceptional cases.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

sessions are terminated after 30 minutes of inactivity and campaigns after six months. Users' personal data is deleted or anonymized after 14 months.

Google processes and stores the data in the USA. Compliance with the European level of data protection when transferring and processing data in third countries is ensured by corresponding contractual regulations and guarantees. Google Inc. is certified according to the US-EU Data Privacy Framework, so that a level of data protection comparable to the GDPR is guaranteed.

Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: . http://tools.google.com/dlpage/gaoptout?hl=de.

You can revoke your consent at any time with effect for the future. To do so, simply call up our consent banner and select the appropriate consent.

Please note that the change in the settings of the consent banner must be made individually for each end device.

This website uses the IP anonymization function of Google Analytics. In addition, a contract for commissioned data processing has been concluded with Google. It is also possible to deactivate Google Analytics via a browser add-on.

Further information can be found at https://support.google.com/analytics/answer/6004245 (Allgemeine Informationen zu Google Analytics und Datenschutz).

Google Tag Manager (Art. 6 para. 1 sentence 1 lit. a EU-GDPR, as well as § 25 para. 1 TTDSG)

This website uses the Google Tag Manager of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This service allows website tags to be managed via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain. This means that no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, it remains in place for all tracking tags that are implemented with Google Tag Manager.
However, the Google Tag Manager will only be executed if you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a EU-GDPR, § 25 para. 1 TTDSG.
You can revoke your consent via our consent banner at any time with effect for the future.

As part of these services, the data collected may be transferred to another country outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal recourse. However, we take the possible measures required under data protection law.
You can find further information at http://www.google.com/tagmanager/use-policy.html

Webinars

To participate in a webinar, a participant receives an email with an invitation link. The e-mail address was either provided to us by the participant or collected by us as part of the registration for a webinar. To participate in an online event, a name is required, although a pseudonym can also be chosen. The information is temporarily stored in the browser and used for future registrations for online events.

If a participant activates access to the microphone or video camera of the end device used, sound and video data can be processed and played back in the online event. Access can be deactivated again at any time using the buttons with the corresponding icons. Participation in online events is generally possible even if access is deactivated. It is also possible to exchange text messages in a group chat. The messages are then visible to all participants in the online event.

If a participant's screen is transmitted during an event, the screen content displayed in the online meeting is shown to all other participants. Each participant should therefore ensure that no sensitive data is displayed on the screen before using the function. The screen sharing function can be deactivated at any time using the corresponding button.

If we offer recordings of the respective event, the participants will be informed before the event takes place and expressly informed of the recording. If webinars are recorded, this is indicated by a recording icon in the screen area. In this case, all video and audio data will be stored by us.

The legal basis for the use of a service to conduct online meetings or webinars is the performance of a contract or the fulfillment of pre-contractual obligations pursuant to Art. 6 para. 1 lit. b GDPR. In the case of open webinars, it is Art. 6 para. 1 lit. f GDPR, provided that no contractual relationship is established through participation in the webinar. In this case, the legitimate interest is the organization of a webinar and the information of a broad public. In the case of a recording, the legal basis is the consent of the participant pursuant to Art. 6 para. 1 lit. a GDPR.

We offer the option of subscribing to a newsletter on our website. Our newsletter contains information about our products or services as well as accompanying information.

Registration for our newsletter takes place using the so-called double opt-in procedure. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with a third-party e-mail address. Subscriptions to the newsletter are logged in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in traceability. This includes storing the time of registration and confirmation as well as the IP address. Changes to your stored data are also logged.

The newsletter is sent on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR or, if consent is not required, on the basis of our legitimate interests in direct advertising for our own similar products and services in accordance with Art. 6 para. 1 lit. f GDPR. However, we will only send you a newsletter without your consent if we have already received your email address as part of another order, the newsletter relates to similar products or services and you had the opportunity to object to its use for marketing purposes when your contact details were collected and did not do so. As part of sending the newsletter, we also process your response behavior on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

You can stop receiving our newsletter at any time by revoking your consent in accordance with Art. 7 para. 3 GDPR with effect for the future or by objecting to the processing. You will find a corresponding option in the respective newsletter itself or simply contact us by e-mail. In the event of revocation or objection, we may store your e-mail address for up to three years on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR before we delete it in order to be able to prove that you have previously given your consent.