Data Protection Declaration
Information with regard to the processing of Personal Data in accordance with Art. 13 of the General Data Protection Regulation (GDPR) of the European Union.
"The German version of this text is binding. The English version is a translation of the original and for information purposes only.”
1. Scope
This Data Security Declaration applies for the Websites of 3A Composites GmbH.
In particular it refers to personal information which is collected while using our websites. It does not apply to external websites accessed, e.g via links. In this case, the data protection declarations of the external sites apply.
References to the legal framework refer to the General Data Protection Regulation (GDPR) of the European Union in the version applicable on May 25th 2018 and to the German Federal Data Protection Act (Bundesdatenschutzgesetz/BDSG) in the version applicable as of November 26th 2019.
Personal Information ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Art. 4 GDPR). In addition, this declaration contains all relevant information with regard to the provision of our services.
2. Controller
The responsible entity for the processing of data on our websites and within the scope of the service provision is
3A Composites GmbH
Alusingenplatz 1
78224 Singen
Germany
Phone: +49 7731 941 3500
E-Mail: 3ac.datenschutz@3acomposites.com
3. Data Protection Officer
We have appointed an external Data Protection Officer:
Pfeil Concepts GmbH
David Pfeil
Schloßstraße 28
04425 Taucha
Germany
Phone: +49 34298 158920
E-Mail: 3ac.datenschutz@3acomposites.com
4. Information regarding the processing of data on our Website
4.1 Web-Hosting and Administration:
The web hosting service for the websites www.3acindustry.com; www.athloneextrusions.ie is provided by Mittwald CM Service GmbH & Co. KG.
Contact information:
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp
Germany
Phone: +49 5772293100
E-Mail: support@mittwald.de
Mittwald CM Service GmbH & Co. KG is a processor on behalf of our service provider com-a-tec GmbH. We refer to our contract with com-a-tec GmbH regulating the processing in accordance with Art. 28(3) GDPR.
The administrative support for the websites www.3acindustry.com; www.athloneextrusions.ie is provided by com-a-tec GmbH.
Contact information:
com-a-tec GmbH
Am Krebsgraben 15
78048 Villingen-Schwenningen
Germany
Phone: +49772198300
E-Mail: mail@com-a-tec.de
We have concluded a contract regulating the processing with com-a-tec GmbH in accordance with Art. 28 (3) GDPR.
4.2 SSL/TLS Encryption
This website uses SSL and/or TLS encryption for security reasons and in order to secure the transfer of personal data which you send to us as website operator. You can tell that the connection is secure and encrypted if the address line in your browser changes from “http://” to “https://” and a lock symbol appears. A third party is not able to read data which is transferred to our website if SSL or TLS encryption is enabled.
4.3 Processing of personal data when visiting our website
When visiting our website, selected personal data is automatically collected by our IT systems. This data is principally technical data (e.g. information about your internet browser, operating system or time you accessed the website.) This data is collected to ensure error-free functionality of our website. This data can also be used to analyse your user behaviour and to improve our services and products.
4.4 Cookies
Our websites uses cookies. Cookies do not cause any damage to your system and do not contain viruses. Cookies are used to make our website more user-friendly, to make it more effective and to improve security. Cookies are small text files which are stored on your device in your browser.
Most of the cookies we use are so-called “Session Cookies”. They are automatically erased after every session. Other cookies remain stored on your device until you erase them manually. These cookies enable us to recognize your browser on your next visit.
You can set your browser to inform you when cookies are being used and only allow cookies in individual cases, reject cookies in certain cases or in general, and activate the automatic erasure of cookies when the browser is closed. Disabling cookies, may restrict the website functionality.
Cookies required for the electronic communication process or for the provision of certain functions are processed on the basis of Art. 6(1)f GDPR. The website operator has a legitimate interest in storing cookies in order to provide technical error-free and optimized services.
4.5 Server log files
The website operator or provider collects and stores data about access to the site in so called server log files. Your browser collects the following data:
- Website visited
- Time of the request
- Volume of data sent in bytes
- Source/link from where it was accessed
- Browser type and Browser version
- Operating system
- IP address
The data is used only for statistical purposes and to improve the website. However, the website operator reserves the right to check the server log files retrospectively if there are specific indications of unlawful use. This data is not merged with data from other sources.
The collection of this data is conducted on the basis of Art. 6(1)f GDPR. The website operator has a legitimate interest in the technical error-free presentation and optimisation of the website. Server log files must be collected for this purpose. After a maximum of 7 days the data is anonymised by shortening the IP address at domain level so that it is no longer possible to establish a link with the individual user.
4.6 Content Management System (CMS)
The website www.3acindustry.com uses CMS “Typo3“.
Contact information:
TYPO3 Association
Sihlbruggstrasse 105
CH 6340 Baar
Switzerland
Phone: +41415110035
E-Mail: info@typo3.org
TYPO3 Association is a processor for com-a-tec GmbH, our service provider. In compliance with data protection, we refer to our contract with com-a-tec GmbH regulating the processing according to Art. 28(3) GDPR.
4.7 Google Fonts (local hosting)
Google Fonts are used on this website in order to ensure font consistency. Google Fonts are hosted locally on our web space. There is no connection to Google servers. For more information, please see the privacy statement for Google Fonts https://policies.google.com/privacy
4.8 Google Analytics
This website uses the services of Google Analytics, a web analytics service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so called "cookies". These are small text files which are stored on your device allowing your user behaviour on the website to be analysed.
The following information is collected:
- Browser type and browser version,
- Operating system,
- Referrer-URL (previously visited website),
- Hostname (IP address),
- Time of server request
As a rule, the information on your user behaviour, generated by cookies, is transmitted to a Google server in the USA and stored there.
The storage of Google Analytics cookies and the use of this analytic tool are based on Art. 6(1)f GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to improve its web presentation and marketing.
To protect your personal data, we have enabled the IP anonymisation function for this website. Your IP address is shortened by Google in the member states of the European Union or in other contracting states in the European Economic Area, before being transferred to the U.S. Only in exceptional cases are complete IP addresses transferred to Google servers in the U.S. and shortened there.
Google uses the data on behalf of the operator of this website in order to evaluate your use of the website, to compile reports on website activity and provide other services related to the website activity and internet use to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
You can set your browser to prevent the storage of cookies. Please note that in this case you may not be able to use all the features and functionality of the website. You can also prevent Google from collecting and processing data generated by the cookie and regarding your use of our website (including your IP address) by downloading and installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en.
Additional information regarding the use of personal data by Google Analytics can be found in Google’s Data Protection Declaration: https://support.google.com/analytics/answer/6004245?hl=en.
User and event related data, stored by Google, which is linked to cookies, user identification (e.g.user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or erased after 14 months. The following link gives more details: https://support.google.com/analytics/answer/7667196?hl=en.
4.9 Google reCAPTCHA
Our websites use the Google Inc. service reCAPTCHA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to evaluate whether forms available on our website are filled in by a human or wrongfully by an automated system or 'bot'. This includes the transmission of the IP address for the device used, the website which you visit where reCAPTCHA is integrated, the date and duration of your visit, identification of the browser and operating system used, your Google account if you are logged on to Google, mouse movements on the reCAPTCHA surfaces as well as tasks where you must identify images. These are provided by Google. This Google Fonts are installed locally. A connection to Google servers is not taking place. The Information can be transmitted to and stored on a Google operated server in the USA. Google Inc. is certified in accordance with the “EU Privacy Shield“, which ensures the fulfilment of GDPR Data processing standards. Your data may be transferred to the USA in the process. Google Inc. is certified in accordance with the “EU Privacy Shield“, which ensures the compliance with GDPR data protection standards applicable in the EU.
The data is processed in compliance with Art.6 (1) GDPR on the basis of given consent or on the basis of our legitimate interest in protecting our website services from misuse and spam in compliance with Art. 6(1)f GDPR.
For additional information about Google reCAPTCHA and Google’s Data Security Declaration, please see: www.google.com/intl/de/policies/privacy/.
4.10 Social Media
Youtube Plugin
Our website uses YouTube social plug-ins from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you view a page which contains such a plug-in, your browser connects directly with YouTube servers. The plug-in transmits log information to the YouTube servers. This log information may contain your IP address, the addresses of websites visited which also contain YouTube functions, your browser type and setting, date and time of your request, your YouTube use as well as cookies. The use of the YouTube plug-in is on the basis of Art. 6(1)f GDPR and on our legitimate interest for the best possible exposure of our services on social media.
Further information on the purpose, scope and further processing and use of data by YouTube, as well as your rights in this regard and options for protecting your privacy, can be found in the YouTube Data Protection Declaration: https://policies.google.com/privacy ;Users can select the option (opt out): http://tools.google.com/dlpage/gaoptout?hl=en
In addition, users have the option to adjust the settings for the display of advertisements: https://adssettings.google.com/authenticated
4.11 Newsletter distribution
We send newsletters, e-mails and other electronic messages (the following “newsletter“) only with the explicit consent of the recipients. Our newsletters contain information about our services and our company.
Registering for our newsletters is only possible with a double-opt-in procedure. This means that after registration you receive an e-mail which asks you to confirm your registration. Registrations are stored, as proof that the registration process is according to the valid legal regulations. The data retained in this process is the time of registration and confirmation as well as the IP address. Likewise, all changes to your personal data are stored by the service provider. E-mail addresses can be stored for up to 3 years after unsubscribing based on our legitimate interest to retain proof of prior consent. The processing of this information is restricted to countering possible claims by former subscribers. An individual request for erasure is possible at all times provided that the existence of prior consent is confirmed at the same time. In the case where we are subject to general legal retention regulations, we reserve the right to store the e-mail address solely for this purpose on the blocking list (so-called “Blacklist“).
Recording the registration process is conducted on the basis of our legitimate interest in demonstrating that the registration process has been conducted in accordance with the law.
Our newsletters are sent on the basis of consent given by the recipient, or if consent is not required, on the basis of our legitimate interest in direct marketing activities insofar as these are lawful, e.g. in the case where advertising to existing customers is permissible. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests.
The newsletter is sent (e.g. by e-mail or by post) for direct marketing purposes on the basis of your consent (Art. 6(1)a GDPR), as well as on the basis of our legitimate interests (Art. 6(1)f GDPR).
We use the services of CleverReach GmbH & Co. KG to send our newsletter
CleverReach GmbH & Co. KG
Schafjückenweg 2
26180 Rastede
Germany
CleverReach GmbH & Co. KG is the processor for 3A Composites GmbH. To comply with the data protection regulations, we have concluded a contract with CleverReach GmbH & Co. KG concerning the processing in accordance with Art. 28(3) GDPR.
The CleverReach GmbH & Co.KG data protection declaration can be found at: https://www.cleverreach.com/en/privacy-policy/.
You can unsubscribe from the newsletter at any time, i.e. withdraw your consent or opt out of receiving the newsletter. A link to unsubscribe from the newsletter can be found at the bottom of each newsletter. Alternatively, you can use any of the contact options stated above.
5. Information regarding the processing of personal data within our service provision
Insofar as the internet services of 3A Composites GmbH provide the option to enter personal or business data, this data is entered by the user on a voluntary basis. To process your enquiry (e.g. in order to send brochures, samples, to respond to price enquiries or to register for online offers/seminars), we sometimes work with partners, distributors or service providers to whom we forward your data to facilitate a speedy response to your enquiry or to provide the services requested. All information is treated confidentially in accordance with the applicable data protection legislation regulations.
5.1 Processing purposes
Order processing, information regarding orders and delivery data, execution of logistic services, implementing orders and projects, recording contract and contact information required for the fulfilling of orders or in the preparation of orders, accounting, bookkeeping, credit and collection management/dunning, organization and execution of purchase and procurement, provision of online offers/seminars and other web/online-based information, sales and marketing, customer care, prospective customer and supplier relationships.
5.2 Legal basis
- Fulfillment of contract and pre-contract measures (Art. 6(1)b GDPR),
- Legal obligations (Art. 6(1)c GDPR) or public interest (Art. 6(1)e GDPR),
- Consent (Art. 6(1)a GDPR in conjunction with Art. 7(1-4) GDPR)
- Safeguarding our legitimate interests (Art. 6(1)f GDPR),
5.3 Categories of data subjects
Potential customers, customers and/or employees of customers, suppliers, potential suppliers, partners, intermediaries/agents, external service providers and freelancers.
5.4 Categories of personal data
We process personal data, which we receive from you in your function as representative or authorised agent of the legal entities (Prospective customers, customers, suppliers, external suppliers, partners, freelancers, employees of customers and intermediaries/agents).
In particular:
- Contact information (surname, first name, title, telephone, fax, mobile phone, internet address, e-mail, position, company, company address, if applicable number of employees, line of business, customer type, phone (company), fax (company), contact history und correspondence, information about offers and initial business contact),
- Account data (order information, payment information, account information, bank, IBAN, BIC, name of the account holder, information for the performance of contractual obligations),
- Personal data from orders, purchase orders and contracts (address, contact data, contract contents).
5.5 Categories of recipients
Internal entities which are principally involved in the fulfilment of business processes (e.g. purchasing, sales, marketing, administration, order processing, finance & accounting).
Public authorities such as social insurance agencies and fiscal authorities in the event of overriding mandatory provisions.
External contractors (processors as defined by Art. 4 & Art. 28 GDPR for the purposes mentioned above).
In addition, we will only disclose your personal data if you have given us your express consent to do so in accordance with Art. 6(1)a GDPR, or if there is a legal obligation to disclose the data in accordance with Art. 6(1)c GDPR, e.g. in the context of criminal prosecution or if the disclosure is necessary pursuant to Art. 6(1)f GDPR for the purpose of asserting or defending legal claims or exercising rights, and it cannot be assumed that the disclosure is contrary to an overriding interest of the data subject that merits protection.
5.6 Legal retention/erasure
When the legal retention period is over, we erase the respective personal data as long as the personal data is no longer needed for preparation or performance of a contract or when we no longer have a legitimate interest in storing the data.
Storage period of personal data:
- 10 years according to the law on turnover tax (Section 14 UStG).
- 10 years according to the German fiscal code (Section 147 AO) for all tax-relevant information.
- 10 years according to the commercial code (Section 257(1) 1 + 4 HGB). This applies to account books, inventories, initial balances, consolidated and annual financial statements accounts, corporate and financial reports.
5.7 Data transfer to third countries outside the EU
For the provision of product information and, if necessary, the dispatch of product samples (within the meaning of Art. 6(1)b GDPR), we pass on the contact information of customers and interested parties to partners or service providers as required.
In some cases, partners or service providers are located in third countries.
In principle, no other transfer of data to third countries takes place.
However, it can never be ruled out that data may be transferred via or to companies in a third country when using electronic communications via the internet.
6. Data subject rights
You have the right to receive information free of charge and at any time about the origins, recipients and purposes for collecting your personal data. You also have the right to request that your personal data be corrected, erased or blocked, and in certain circumstances, you may also request that the processing of your personal data be restricted. To make this request or for further questions relating to data protection, contact the Controller or our external data protection officer at any time. You also have the right to lodge a complaint with the relevant supervisory authority.
6.1 Withdrawal of consent for data processing (Art.7 GDPR)
Many data processing functions are only possible with your express consent. You have the right to withdraw your consent at any time by sending us an informal communication by e-mail. The withdrawal of consent does not affect the lawfulness of data processing before consent was withdrawn.
6.2 Right to object to data processing in certain cases and for direct marketing purposes (Art. 21 GDPR )
If data processing is carried out on the basis of GDPR 6(1)e or f, you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation; this also applies to profiling based on those provisions. The applicable legal basis on which processing is based can be found in this Data Protection Declaration. If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
6.3 Right to lodge a complaint with the responsible supervisory authority (Art. 13 GDPR)
In the event of violations of the GDPR, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the member state of his or her habitual residence, place of work or place of the alleged infringement without prejudice to any other administrative or judicial remedy.
6.4 Right to data portability (Art. 20 GDPR)
You have the right to receive personal data, which we process automatically based on the consent you have provided or as part of a contract, delivered to you or to a third party in a structured, commonly used machine-readable format. If you request that the data be transferred directly to another responsible body, this will be done provided this is technically feasible.
6.5 Right to access, immediate rectification and immediate erasure (Art. 15,16,17 GDPR)
Within the framework of the applicable legal provisions, you have the right at any time and free of charge to get information about your stored personal data, its origins, recipients and the purpose of data processing and, if necessary, a right to rectification, blocking or erasure of this data. For this purpose, as well as for further questions on the subject of personal data, contact us at any time at the address given at the end of the website in the legal information.
6.6 Right to restriction of processing (Art. 18 GDPR )
You have the right to obtain restriction of processing your personal data. To do so, you can contact us any time at the address given at the end of the website in the legal information. The right to restrict processing your data is possible in the following cases:
- If you contest the accuracy of the personal data which we store, we usually need some time in order to verify your claim. In this case, you have the right to request restriction of processing for the duration of the verification period.
- If your personal information is or was being processed unlawfully, you can request restriction of processing instead of erasure.
- If we no longer need your personal data but you require it to exercise, defend or assert legal claims, you have the right to request restriction of processing instead of erasure.
- If you have lodged an objection in accordance with Art. 21(1) GDPR, your legitimate interests and our interests must be compared with each other. Until it has been determined whose interests are overriding, you have the right to request the restriction of the processing of your personal data.
- If you have restricted the processing of your personal data, this data may - apart from their storage - only be processed with your consent or to assert, exercise or defend legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
Updated 18.02.2022