Privacy Protection - Intro - no head

Privacy Protection

All personal data will be treated as confidential. Our data protection practice is in compliance with the Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR). We are providing the details on data protection to you below:

Person responsible in the sense of the GDPR and DSGVO

ABUS August Bremicker Söhne KG
Altenhofer Weg 25, 58300 Wetter, Germany
Tel.: +49 2335 634-0
Fax: +49 2335 634-300
E-Mail: info@abus.de

Data Protection Officer

You can reach our Data Protection Officer by e-mail at   dataprotection@abus.de

Privacy Protection

All personal data will be treated as confidential. Our data protection practice is in compliance with the Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR). We are providing the details on data protection to you below:

Person responsible in the sense of the GDPR and DSGVO

ABUS August Bremicker Söhne KG
Altenhofer Weg 25, 58300 Wetter, Germany
Tel.: +49 2335 634-0
Fax: +49 2335 634-300
E-Mail: info@abus.de

Data Protection Officer

You can reach our Data Protection Officer by e-mail at   dataprotection@abus.de

1. Reasons for data collection

We collect and process your data for the provision of our website and to provide you with the best possible service with convenient access to our services.

2. Which data is collected, processed or used?

2.1 Visiting our website

When you access our website, your servers automatically collect general information, especially for the purpose of establishing a connection, functionality and system security. This includes the type of the browser that is used, the utilized operating system, the domain name of the Internet Service Provider (ISP), the connection data of the utilized computer (IP address), the website from which you are visiting us (referrer URL), the pages you visit on our website and data and duration of the visit. Because of a pseudonymization, we are unable to draw conclusions to a specific person. This data is not combined with any other data sources.

2.2 Contact form

When you contact us using a contact form, personal information will be collected. For a list of data that is collected, refer to the contact form. The data is stored to process your inquiry. Mandatory information is marked with an asterisk (*). All other information is voluntary. We will delete all data that was collected in the context of the contact form after the storage is no longer required or limit processing if legal obligations to retain data apply. The legal basis for processing of your personal data is Art. 6 Sect. 1 lit. b) DSGVO when you are contacting us within the framework of a contract conclusion. Otherwise, it is our lawful interest in answering your inquiries so that Art. 6 Sect. 1 lit. f) DSGVO constitutes the legal basis.

2.3 Newsletter subscription

With your consent, you can subscribe to our free email newsletter and stay informed about our great current offers. To register for the newsletter, we use what is known as the double opt-in process. This means that after you have registered, we will send an email to the email address you provided asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be locked and automatically deleted after one month. We also store your IP address and the time of registration and confirmation. The purpose of this process is to verify your registration and, if necessary, to investigate any misuse of your personal data. The only mandatory information required to receive the newsletter is your email address. All other information is voluntary. After you have confirmed, we will store your data for the purpose of sending you the newsletter. You can unsubscribe at any time by sending a message to the data controller (see the beginning of our privacy policy) e.g. via an email to info@abus.de. The legal basis is Art. 6(1)(1)(a) of the GDPR.

We use the newsletter provider CleverReach (CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany). CleverReach is a member of the Certified Senders Alliance. We will only ever provide CleverReach with your email address for the purpose of sending our newsletters out to you. CleverReach stores your data in such a way that it cannot be accessed by other CleverReach customers or third parties. CleverReach GmbH & Co. KG will never pass your personal details on to third parties. Newsletter software is used to analyse the reach of each of our newsletters to ensure that they are actually received by the intended parties. The individual behavioural patterns identified are used solely to statistically evaluate the success of the newsletter. This information will never be passed on to third parties or used for any other purpose. You can find further information on this in the privacy statement issued by CleverReach.

2.4 Sending our email newsletter to our existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services from our product range via email. No separate consent is required from you for this purpose in accordance with Section 7(3) of the Act Against Unfair Competition [Gesetz gegen den unlauteren Wettbewerb, UWG]. Data processing is carried out on the basis of our legitimate interests of sending personalised direct mail in accordance with Art. 6(1)(f) of the GDPR. If, however, you initially objected to the use of your email address for this purpose, we will not send you such emails. Even if you did not initially object, you are entitled to object to the use of your email address for the aforementioned advertising purposes at any time with future effect by sending a message to the data controller (see the beginning of our privacy notice). No costs will be incurred beyond the basic transmission rates. After receipt of your objection, your email address will no longer be used for advertising purposes with immediate effect.

2.5 Registration function 

Users can create a user account. As part of the registration process, the required mandatory information is communicated to the user and processed for the purpose of creating the user account on the basis of Art. 6(1)(b) of the GDPR. The processed data includes, in particular, login information (name, password and an email address). The data entered during registration will be used for the purposes of using the user account and its associated purposes.

Users may be notified via email about information which is relevant to their user account, such as technical changes. If a user has terminated their user account, their data relating to the user account will be deleted, subject to a statutory retention obligation. It is the responsibility of the users to secure their data in the event of termination which occurs prior to the end of the contract. We are entitled to delete all user data stored during the term of the contract beyond any further recovery.

When our registration and login functions are used and when a user account is accessed, we store the IP address and time of each user action. Data is stored on the basis of our legitimate interests, as well as those of the users, of protecting against misuse and other unauthorised use. This data will not be transferred to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation in accordance with Art. 6(1)(c) of the GDPR.

2.6 Data processing for the processing of orders

We collect and process personal data if you provide us with this data in the context of executing a contract. The legal basis is Art. 6(1)(b) of the GDPR. The data that is collected is taken from the respective input form screens. Deletion is possible at any time and can be achieved by sending a message to the contact address of the data controller. We store and use the data you provide to us for the purposes of implementing the contract between you and us. After the contract has been fully implemented or your customer data has been deleted, your data is locked for the retention periods established under tax and commercial law and deleted after the expiration of these periods unless you have expressly agreed to the continued use of your data or are subject to further data processing by us which is permitted by law, of which we will inform you in these data protection provisions.

2.7 Data processing for the processing orders – data transfer to third parties

DATA TRANSFER TO CARRIERS

The personal data collected by us will be passed on to the carrier in charge of the delivery (e.g. UPS) within the scope of the contract, insofar as this is necessary for the delivery of the goods. The legal basis for the transfer of the data is Art. 6(1)(b) and (f) of the GDPR. 

DATA TRANSFER TO PAYMENT SERVICE PROVIDERS

PAYPAL

We have integrated PayPal components on our website. PayPal is an online payment service provider. Payments are made through PayPal accounts, which are virtual private or business accounts.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject selects “PayPal” as a payment option during the ordering process in our online shop, the data subject’s data will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal usually consists of the first name, last name, address, email address, IP address, telephone number and mobile phone number provided by the data subject, or other data required for payment processing. Personal data associated with the respective order is also required for the processing of the purchase contract.

The purpose of the data transmission is to process payments and prevent fraud. The data controller will transmit personal data to PayPal, in particular when there is a legitimate interest for its transmission. The personal data exchanged between PayPal and the data controller may be transferred by PayPal to credit reference agencies. The purpose of the data transmission is to check identity and credit.

PayPal may disclose personal data to affiliates and service providers or subcontractors to the extent necessary to fulfil its contractual obligations or to process the data on behalf of it.

The data subject has the option to withdraw their consent to the handling of their personal data by PayPal at any time. A withdrawal has no effect on personal data that must be processed, used or transmitted for (contractual) payment processing.

PayPal’s applicable data protection provisions can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

BS PAYONE

Payments are processed through BS PAYONE GmbH, Kiel Branch, Fraunhoferstraße 2-4, 24118 Kiel, Germany (https://www.bspayone.com/DE/de, hereinafter BS PAYONE). We pass your payment details on to BS Payone as part of the payment process. The transfer is executed in accordance with Art. 6(1)(b) of the GDPR, and only insofar as this is necessary for payment processing. For further data protection information, please refer to the privacy policy of BS PAYONE https://www.bspayone.com/DE/en/privacy.

You can object to the processing of your data at any time by sending a message to BS PAYONE. However, BS PAYONE may remain entitled to process your personal data if this is necessary for the contractual processing of payments.

3. Integration of YouTube videos

We have incorporated YouTube videos in our online offer, which are stored at  https://www.youtube.com and can be played back directly from our website. All of them are incorporated in an “expanded data protection mode”, i.e., no information of you as the user is transmitted to YouTube when you do not play back the videos. The data listed below is not transmitted until you play the videos. We have no influence on this data transmission. By visiting the website, YouTube receives information that you accessed the corresponding subpage of our website. The IP address, date and time of the inquiry, time zone difference to Greenwich Mean Time (GMT), content of the request (concrete page), access status/HTTP status code, respective transmitted data volume, website, from which the request was received, browser, operating system and its interface, language and version of the browser software are transmitted. This happens regardless of whether YouTube provides a user account through which you are logged in or if no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not want your profile to be assigned to YouTube, you have to log out before activating the button. YouTube stores your data as use profiles and utilizes it for purposes of advertising, market research and/or other needs based design of its website. Such analysis especially occurs (even for users who are not logged in) to provide needs-based advertising to inform other users of the social network about you activities on our website.

You have the right to object to the creation of these user profiles, whereby you have to address YouTube to exercise this right.

For more information about the purpose and volume of the data collection and its processing by YouTube, refer to the Privacy Protection Statement. It also provides additional information about your rights and options for settings to protect your privacy:
https://www.google.de/intl/de/policies/privacy. Google process also processes your personal data in the USA and has subjected itself to the US-Privacy-Shield,   https://www.privacyshield.gov/EU-US-Framework.

The legal basis for processing is Art. 6 Sect. 1 lit. f) DSGVO.

4. Integration of Google Maps

On this website, we are utilizing the offer of Google Maps. This allows us to display interactive cards for you directly on the website and provide you with the convenient use of the Map function. By visiting the website, Google receives information that you accessed the corresponding subpage of our website. Additionally, the IP address, date and time of the inquiry, time zone difference to Greenwich Mean Time (GMT), content of the request (concrete page), access status/HTTP status code, respective transmitted data volume, website, from which the request was received, browser, operating system and its interface, language and version of the browser software are transmitted. This happens regardless of whether Google provides a user account through which you are logged in or if no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not want your profile to be assigned to Google, you have to log out before activating the button. Google stores your data as use profiles and utilizes it for purposes of advertising, market research and/or other needs based design of its website. Such analysis especially occurs (even for users who are not logged in) to provide needs-based advertising to inform other users of the social network about you activities on our website.

You have the right to object to the creation of these user profiles, whereby you have to address Google to exercise this right.

For more information about the purpose and volume of the data collection and its processing by the plug-in provider, refer to the Privacy Protection Statements of the provider. It also provides additional information with regard of your respective rights and options for settings to protect your privacy:
http://www.google.de/intl/de/policies/privacy. Google process also processes your personal data in the USA and has subjected itself to the US-Privacy-Shield,   https://www.privacyshield.gov/EU-US-Framework.

The legal basis for processing is Art. 6 Sect. 1 lit. f) DSGVO.

5. Contests

From time to time, you have the option to participate in contests on our website. As part of these contests, personal information (e-mail address, name, address and, where applicable, additional data that is required for the contest) can be collected and stored. The personal information you forwarded to us is exclusively used for the contest (e.g., for the determination of win, notification of win and handover of the winnings. As part of the contest, we will specifically notify the respective participant about any data that is processed for the concrete contest. Upon conclusion of our contests, the participants’ data will be deleted.

6. Deletion

Personal data is deleted or blocked, as soon as the purpose of the storage no longer applies or you request the deletion. A deletion of the data also occurs in the event , that a retention period that is required by the specified standard  , unless ,  a requirement for the continued storage of the data exists for a contract conclusion or fulfilment of a contract  or you have given your consent to that respect  .

7. Cookies

Cookies are used to design the use of the websites and preferences of the website visitors attractively. For example, this causes your information to be saved for the selection of the language. Cookies are text files that are created on your hard drive to allow an identification of the browsers with repeated access to the website.

You can prevent the storage of cookies on your hard drive with the corresponding browser settings. Already set cookies can be deleted at any time. For information about how to delete cookies or prevent their storage, refer to the respective browser instructions. If you don't accept cookies, it may impair the use of our Internet offer.

The legal basis for processing of cookies is Art. 6 Sect. 1 lit. f) DSGVO.

8. Data security

We protect our website and other systems with technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. The transmission of the data is dependent of the browser that is used with an SSL encryption from 128 bits to 256 bits. In spite of regular checks and consistent improvement of our security measures, a complete protection against all dangers is not possible.

9. Use of Google Analytics for web analysis

This website makes use of Google Analytics, a web analysis service provided by Google Ireland Ltd. (www.google.com). Google Analytics uses “cookies”, which are text files that are stored on your computer and which enable your visit and use of the website to be analysed. The information generated by the cookie concerning your use of this website is normally transmitted to a Google server in the USA and saved there. In the event that IP anonymisation has been activated on this website, your IP address will, however, be abbreviated beforehand by Google within Member States of the European Union or other states which are party to the Agreement on the European Economic Area. Your full IP address will only be sent to a Google server in the USA and saved there in exceptional circumstances. IP anonymisation technology is active on this website. Google uses this information on behalf of the operator of this website to evaluate your use of the website, to compile reports about website activity and to perform additional services associated with the use of the website and internet for the benefit of the operator. Google cannot combine the IP address transmitted by your browser as part of the Google Analytics service with any other data. You can block websites from saving cookies by adjusting the settings in your web browser software as appropriate; we would, however, like to point out that in doing so you will not be able to use the complete array of functions available on this website to their full extent.

You can also prevent cookies from collecting data relating to your use of this website (including your IP address) as well as prevent them from being sent to and processed by Google by downloading and installing the browser plugin available by clicking on the following link:   https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Alternatively to the browser plugin, you can click on this

LINK

to set an opt-out cookie, and prevent Google Analytics from collecting data on this website in future. This will store an opt-out cookie on your end device. If you delete your cookies, you will need to click on the link again. You can find the terms of use and notes on data protection at   https://www.google.com/analytics/terms/ or at   https://policies.google.com/?hl=en.

10. Google AdWords conversion

We use the Google Adwords service from the provider Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, to make people aware on external websites of our attractive offers with the help of advertising material (so-called Google Adwords). Our aim is to display advertisements to you which you find of interest, to make our website more interesting for you and to achieve a fair calculation of the advertising costs.

These advertising media are delivered by Google via so-called “ad servers”. To do this, we use ad server cookies which can measure certain parameters to measure performance, such as the display of adverts or clicks by the users. If you come to our website via a Google advert, Google AdWords will store a cookie on your PC. These cookies generally become invalid after 30 days and are not intended to be used to personally identify you. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post view conversions) and opt-out information (marker that the user would no longer like to be contacted) are generally stored with this cookie as analysis values.

These cookies allow Google to recognise your internet browser. If a user visits specific pages of the website of an AdWords customer and the cookie stored on their computer has not yet expired, both Google and the customer will be able to recognise that the user has clicked on the advert and was taken to our webpage. Each AdWords customer is assigned a different cookie. Cookies therefore cannot be tracked via the websites of AdWords customers. We ourselves do not collect or process any personal data in the mentioned advertising activities. We only receive statistical evaluations from Google. We are able to recognise based on these evaluations which of the advertising activities used are particularly effective. We do not receive additional data from the use of the advertising media, in particular we cannot identify the users based on this information.

Based on the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence over the scope and the further use of data which is collected by Google through the use of this tool and we therefore inform you according to our information status: By incorporating AdWords Conversion, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our adverts. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or you have not logged in, the provider may come to know and store your IP address.

You can prevent your participation in this tracking process in different ways: a) by setting your browser software accordingly, in particular rejecting third party cookies means that you will not receive any adverts from third party providers; b) disabling cookies for conversion tracking by setting your browser so that cookies from the domain “  www.googleadservices.com” are blocked,   https://adssettings.google.com/authenticated, whereby this setting is deleted when you delete your cookies; c) disabling the interest-related adverts from the providers who are part of the self-regulated campaign “About Ads” via the link   http://www.aboutads.info/choices, whereby this setting will be deleted when you delete your cookies; d) permanently disabling in your browsers Firefox, Internet Explorer or Google Chrome via the link   https://support.google.com/ads/answer/7395996?hl=en. We would like to point out that you may not be able to make full use of all of the functions on this website.

(6) The legal basis for the processing of your data is Art. 6 Paragraph 1 Clause 1 lit f GDPR. Click here for more information about Google’s data protection:   https://policies.google.com/privacy?hl=en and   https://services.google.com/sitestats/en.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at   http://www.networkadvertising.org. Google is subject to the EU-US Privacy Shield,   https://www.privacyshield.gov/EU-US-Framework.

11. Google Ads remarketing

Our website uses Google Ads remarketing functions to appear in Google’s search results and on third-party websites. The provider is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For this purpose, Google sets a cookie in your device’s browser which automatically enables Internet-based advertising using a pseudonymous cookie ID which is based on the pages you visit. The processing is carried out on the basis of our legitimate interests of marketing our website as effectively as possible in accordance with Art. 6(1)(f) of the GDPR.

Any further processing will only occur if you have agreed with Google that your Internet and app browsing history will be linked to your Google account by Google and information from your Google account will be used to personalise your ads on the web. If, in this case, you are logged into Google when you visit our website, Google will use your data, together with Google Analytics data, to create and define audience lists for cross-device remarketing. To do this, Google will temporarily link your personal data with Google Analytics data to create audiences.

You can permanently disable advertising cookies by downloading and installing the browser plug-in available at the following link:

https://www.google.com/settings/ads/onweb/

Alternatively, you can visit the Digital Advertising Alliance’s website at www.aboutads.info to find information about the setting of cookies as well as change your preferences. Finally, you can configure your browser so that you are notified about the setting of cookies and can decide to accept them or reject them in specific cases or always reject them. Refusing to accept cookies may restrict the functionality of our website.

Google LLC, registered in the USA, is certified for the US-European data protection framework “Privacy Shield”, which ensures compliance with the level of data protection in the EU. Further information and the data protection provisions for advertising and for Google can be viewed here:  http://www.google.com/policies/technologies/ads/

12. Google AdSense

The data controller has integrated Google AdSense on this website. Google AdSense is an online service which allows the placement of advertisements on third-party websites. Google AdSense is based on an algorithm which selects advertisements displayed on third-party websites to match the content of the respective third-party website. Google AdSense allows interest-based targeting of the Internet user, which is implemented by generating individual user profiles.

The operating company of the Google AdSense component is Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

The purpose of the Google AdSense component is the integration of advertisements on our website. Google AdSense sets a cookie on the data subject’s IT system. An explanation of what cookies are has been provided above. By setting the cookie, Alphabet Inc. provides an analysis of the use of our website. Each time a data subject accesses one of the pages of this website, which is operated by the data controller for processing and which has a Google AdSense component integrated into it, the Internet browser on the data subject's IT system is automatically prompted by the respective Google AdSense component to transmit data to Alphabet Inc. for the purposes of online advertising and commission settlement. As part of this technical process, Alphabet Inc. receives personal data, such as the IP address of the data subject, which Alphabet Inc. uses, among other things, to establish the origin of visitors and clicks and subsequently enable commission settlement.

The data subject may, as stated above, prevent the setting of cookies by our website at any time by configuring their Internet browser accordingly and permanently objecting to the setting of cookies. Configuring an Internet browser in this way would also prevent Alphabet Inc. from setting a cookie on the data subject’s IT system. In addition, it is possible to delete a cookie which has already been set by Alphabet Inc. via the Internet browser or another software program.

Google AdSense also uses what is known as tracking pixels. A tracking pixel is a miniature image which is embedded in websites to enable recording and analysis of log files, which allows a statistical evaluation to be performed. Using this embedded tracking pixel, Alphabet Inc. can detect if and when a website has been opened by a data subject and which links the data subject has clicked on. Tracking pixels are used, among other things, to evaluate the flow of visitors to a website.

Through Google AdSense, personal data and information, which also includes the IP address and is necessary for the collection and accounting of the displayed advertisements, is transmitted to Alphabet Inc. in the United States of America. This personal data is stored and processed in the United States of America. Alphabet Inc. may disclose the collected personal data through this technical procedure to third parties.

An explanation of Google AdSense is provided here: https://www.google.com/intl/en/adsense/start/.

13. Use of GOOGLE reCaptcha

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. The provider is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). reCAPTCHA is supposed to verify whether the data input on our website (e.g. in a contact form) is carried out by a person or by an automated program. To do so, reCAPTCHA analyses the behaviour of the website visitor based on different features. The analysis begins automatically, as soon as the website visitor accesses the website. For the analysis, reCAPTCHA assesses different information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected for the analysis is provided to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

Data processing is carried out based on Art. 6 Paragraph 1 lit f GDPR. The website operator has a legitimate interest in protecting their website against improper automated spying and against spam. You can find further information on Google reCAPTCHA and the Google privacy statement here:   https://policies.google.com/privacy?hl=en and   https://www.google.com/recaptcha/intro/android.html.

Google also processes your personal data in the USA and is therefore subject to the EU-US Privacy Shield. For further information on this, please go to  https://www.privacyshield.gov/EU-US-Framework.

14. Facebook Custom Audience (pixel method)

(1) Furthermore, our website uses Facebook Inc.’s (‘Facebook’) remarketing function ‘Custom Audiences’ with the Facebook pixel. This allows website users to view interest-based advertisements whilst visiting the social networking site Facebook or other websites that also use the function (‘Facebook-Ads’). In doing so, our aim is to display advertisements that are of interest to you. The legal basis for the processing of your data is Art. 6(1)(1)(f) of the GDPR.

(2) Based on the marketing tools used, your browser automatically establishes a direct connection with Facebook’s server. We have no influence over the scope and the further use of the data collected by Facebook through the use of this tool and we therefore inform you according to the current extent of our knowledge: with the Facebook Pixel embedded, Facebook is informed that you have accessed the corresponding page on our website or have clicked on one of our adverts. If you are registered with a Facebook service, Facebook can associate the visit with your account. Even if you are not registered with Facebook or you have not logged in, the provider may find out and store your IP address and further identifiers.

(3) You can deactivate the function ‘Facebook Custom Audiences’ here:

The web tracking for Facebook tracking on this page is

Deactivate Facebook tracking

Please note that you will have to deactivate the function again once you have deleted your cookies. Facebook users who are logged in can make further settings at   https://www.facebook.com/settings/?tab=ads.

(4) Further information concerning Facebook’s data processing and data collection can be found at: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, and if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Harbour, Dublin 2, Ireland;   http://www.facebook.com/policy.php;

(5) Specific information and details concerning the Facebook Pixel and its functions can be found in Facebook’s help section at   https://www.facebook.com/business/help/742478679120153.

(6) Facebook is subject to the EU-US Privacy Shield, and thereby guarantees compliance with European data protection law. Further information can be found under   https://www.privacyshield.gov/EU-US-Framework.

15. Typekit fonts by Adobe

This website uses external “Typekit” fonts provided by Adobe Systems Software Ireland Ltd., 4-5 Riverwalk, Citywest Business Camps, Dublin 24, Ireland and if you live in North America, the provider is Adobe Systems Inc. 345 Park Avenue, San Jose, CA 95110-2704. By using this service, we are able to provide you with a better user experience on our website. This serves the purpose of increasing the attractiveness of our website. The legal basis for the use of this service is Art. 6(1)(1)(f) of the GDPR.

When you visit our pages, your browser downloads the required fonts directly from the Adobe servers to display them correctly on your device. In the process, your browser connects to the Adobe servers. When this happens, Adobe receives information that our website has been viewed using your IP address.

Further information concerning data processing by Adobe Fonts can be found at:   https://www.adobe.com/de/privacy/policies/adobe-fonts.html and https://www.adobe.com/de/privacy.html; Adobe is subject to the EU-US Privacy Shield framework, https://www.privacyshield.gov/EU-US-Framework.

16. Google fonts

This website uses external fonts based on our legitimate interests provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. By using this service, we are able to provide you with a better user experience on our website. This serves the purpose of increasing the attractiveness of our website.

When you visit our pages, your browser downloads the required fonts directly from the Google servers to display them correctly on your device. In the process, your browser connects to the Google servers. When this happens, Google receives information that our website has been viewed from your IP address.

Further information on data processing can be obtained from:  https://policies.google.com/privacy; Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

17. Applications

We also collect and process personal data of candidates for the purposes of managing the application process that we conduct. In this case, processing may also be carried out electronically. This is always the case if the candidate transmits application documentation to us electronically, i.e. by e-mail or via an online form on our website. If we enter into an employment contract with a candidate, the transmitted data will be stored for the purposes of managing the employment relationship whilst complying with legal regulations. If an employment contract is, however, not entered into between us and the candidate, the application documentation will then be deleted four months after notification of the refusal, provided no other legitimate interests of the controller oppose such deletion. Another legitimate interest in this sense is, for example, burden of proof in a process according to the General Equal Treatment Act (AGG). We would like to assess all candidates only in accordance with their qualification and therefore request that you omit from your application any information concerning race and ethnicity, political opinions, religious or ideological beliefs or any trade union membership, genetic data, biometric data to clearly identify a natural person, health data or data concerning sex life or sexual orientation.

18. Rights of the data subject

If your personal data is processed, you are a data subject under the GDPR and have the following rights with regard to the data controller:

18.1 Right of access

You have the right to obtain from the controller confirmation as to whether or not your personal data are being processed.

Where that is the case, you have the right to obtain access to the following information from the data controller:

  • the purposes for which the personal data is being processed;
  • the categories of personal data being processed;
  • the recipients or categories of recipient your personal data has been or is being disclosed to;
  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of your personal data or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source.

18.2 Right to rectification

You have the right to obtain from the controller the rectification and/or completion of inaccurate or incomplete personal data. The data controller must carry out the rectification without undue delay.

18.3 Right to restriction of processing

You have the right to obtain the restriction of processing where one of the following applies:

  • you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
  • you have objected to processing under Article 21(1) of the GDPR pending the verification of whether the legitimate grounds of the controller override your grounds.

If the processing of your personal data is restricted, this data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing of your personal data is limited pursuant to the aforementioned conditions, you will be informed by the data controller before the restriction is lifted.

18.4 Right to erasure

Erasure obligation

You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • Your withdraw consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing;
  • You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
  • Your personal data have been unlawfully processed.
  • Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

Informing third parties

Where the controller has made the personal data public and is obliged pursuant to Article 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Exceptions

The right to erasure does not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;
  • for the establishment, exercise or defence of legal claims.

Right to be informed

If you have exercised your right to obtain rectification, erasure or restricted processing from the data controller, the data controller must inform all recipients to whom your personal data has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort. You also have the right to be informed of these recipients by the data controller.

18.6 Right to data portability

You have the right to receive personal data you have provided to the data controller in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

  • the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and
  • the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This may not adversely affect the rights and freedoms of others.

18.7 Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

18.8 Right to withdraw a declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent until its withdrawal.

18.9 Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • is necessary for entering into or performance of a contract between an organisation and the individual,
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • is based on your explicit consent.

In all cases, these decisions may not be based on special categories of personal data referred to in Article 9(2)1) of the GDPR, unless point (a) or (g) of Article 9(2) of the GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

18.10    Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Validity of this declaration

This data protection statement applies for the following companies in the ABUS group:

ABUS August Bremicker Söhne KG
Altenhofer Weg 25
58300 Wetter
Germany

ABUS Pfaffenhain GmbH
Fabrikstraße 1
09387 Jahnsdorf
Germany

ABUS Security Center GmbH & Co. KG
Linker Kreuthweg 5
86444 Affing
Germany

Questions & answers

FAQ
Security glossary