Privacy Policy
We are pleased that you are visiting our website. The protection and security of your personal data when using our website are very important to us. Therefore, we want to inform you here about which of your personal data we collect when you visit our website and for what purposes these are used.
This privacy policy applies to the online offering of AFA Folien GmbH, which is accessible under the domain afa-folien.de as well as the various subdomains (“our website”).
Who is responsible and how can I contact you?
Controller
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
AFA Folien GmbH
Böternhöfen 13
24594 Hohenweststedt
DE
Data Protection Officer
Erich Zimmermann
c/o ZiDa-Datensicherheit GmbH
Office:
Mannheim
Schwarzwaldstraße 17
68163 Mannheim
Homepage:
www.zida-datensicherheit.de
e-mail: e.zimmermann@zida-GmbH.de
What is this about?
This privacy policy fulfills the legal requirements for transparency regarding the processing of personal data. Personal data refers to all information relating to an identified or identifiable natural person. Such information includes, for example, your name, age, address, telephone number, date of birth, email address, IP address, or user behavior when visiting a website. Information where we cannot (or only with disproportionate effort) establish a connection to your person, e.g., through anonymization, is not considered personal data. The processing of personal data (e.g. collection, querying, use, storage, or transmission) always requires a legal basis and a defined purpose.
Stored personal data are deleted as soon as the purpose of the processing has been achieved and there are no legal reasons for further storage of the data. In the individual processing operations, we inform you about the specific storage periods or criteria for retention. Regardless, we may store your personal data in individual cases for the assertion, exercise, or defense of legal claims and where statutory retention obligations exist.
Who receives my data?
We only disclose your personal data processed on our website to third parties if this is necessary to fulfill the purposes and in individual cases is covered by the legal basis (e.g., consent or protection of legitimate interests). In addition, we may disclose personal data to third parties in individual cases if this serves the assertion, exercise, or defense of legal claims. Possible recipients may include, for example, law enforcement authorities, lawyers, auditors, courts, etc.
If we engage service providers for the operation of our website who process personal data on our behalf within the scope of commissioned processing pursuant to Art. 28 GDPR, these may also be recipients of your personal data. Further information about commissioned processors and the use of web services can be found in the overview of the individual processing activities.
Do you use cookies?
Cookies are small text files that are sent from us to the browser of your end device and stored there as part of your visit to our website. Alternatively, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to carry out various analyses, so that, for example, we are able to recognize the browser you are using on a repeat visit to our website and to transmit various pieces of information to us (non-essential cookies). With the help of cookies, we can, among other things, make our online offering more user-friendly and effective for you, for example by tracking your use of our website and identifying your preferred settings (e.g., country and language settings). If third parties process information via cookies, they gather the information directly through your browser. Cookies do not cause any damage to your end device. They cannot run programs or contain viruses.
We inform you about the respective services for which we use cookies in the individual processing operations. Detailed information about the cookies used can be found in the cookie settings or the consent manager of this website.
What rights do I have?
-
Access in accordance with Art. 15 GDPR regarding the data stored about you, including meaningful information regarding the details of processing as well as a copy of your data;
-
Rectification in accordance with Art. 16 GDPR of inaccurate or incomplete data stored by us;
-
Erasure in accordance with Art. 17 GDPR of data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims;
-
Restriction of processing under Art. 18 GDPR, insofar as the accuracy of the data is contested, the processing is unlawful, we no longer need the data and you reject its erasure because you need them for the assertion, exercise, or defense of legal claims, or you have objected to the processing in accordance with Art. 21 GDPR.
-
Data Portability in accordance with Art. 20 GDPR, as far as you have provided us with personal data on the basis of consent according to Art. 6(1)(a) GDPR or on the basis of a contract pursuant to Art. 6(1)(b) GDPR and these have been processed by us using automated procedures. You will receive your data in a structured, commonly used, and machine-readable format, or we will transmit the data directly to another controller where technically feasible.
-
Objection in accordance with Art. 21 GDPR to the processing of your personal data, insofar as this is based on Art. 6(1)(e) or (f) GDPR and for reasons arising from your particular situation, or if the objection relates to direct marketing. The right to object does not exist if compelling legitimate grounds for the processing are demonstrated that override your interests or if the processing serves the assertion, exercise, or defense of legal claims. If the right to object does not exist for individual processing operations, this is stated there.
-
Revocation in accordance with Art. 7(3) GDPR of your consent with effect for the future.
-
Complaint in accordance with Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data breaches the GDPR. Generally, you can contact the supervisory authority of your habitual residence, your place of work, or our company headquarters.
How are my data processed in detail?
Below, we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the provision requirement of your data, and the respective storage duration. Automated decision-making, including profiling, does not take place.
Provision of the Website
Nature and scope of processing
When accessing and using our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
-
IP address of the requesting computer
-
Date and time of access
-
Name and URL of the retrieved file
-
Website from which access is made (referrer URL)
-
Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR for this purpose.
Purpose and legal basis
The processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6(1)(f) GDPR. The collection of the data and storage in log files is absolutely necessary for the operation of the website. There is no right to object to this processing due to the exception in Art. 21(1) GDPR. Where further storage of log files is required by law, processing is carried out on the basis of Art. 6(1)(c) GDPR. There is no legal or contractual obligation to provide the data; however, the use of our website is technically not possible without providing the data.
Storage duration
The aforementioned data are stored for the duration of the website display and, for technical reasons, for up to 7 days thereafter.
Presence on Social Media Platforms
We maintain so-called fan pages, accounts, or channels on the networks listed below in order to provide you with information and offers even within social networks and to offer you additional ways to contact us and learn about our offerings. Below, we inform you about which data we and/or the respective social network process from you when you access and use our fan pages/accounts.
Data we process from you
If you contact us via Messenger or direct message on the respective social network, we generally process your username with which you contact us and, if necessary, other data you provide, insofar as this is necessary for processing/responding to your request.
The legal basis is Art. 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller).
(Static) usage data we receive from social networks
We receive statistics automatically provided via Insights functionalities relating to our accounts. The statistics include, among other things, the total number of page views, likes, page activity, post interactions, reach, video views, as well as the proportion of males/females among our fans/followers.
These statistics only contain aggregated data not assignable to individuals. We cannot identify you from them.
Data processed by social networks
To view the contents of our fan pages or accounts, you do not have to be a member of the respective social network; thus, a user account is not required.
However, please note that social networks collect and store data from website visitors without user accounts when accessing the network (e.g., technical data to display the website to you) and use cookies and similar technologies, over which we have no control. Details can be found in the privacy policies of the respective social networks (see corresponding links above).
If you wish to interact with content on our fan pages/accounts, e.g., comment on, share, or like our posts, and/or contact us through messenger functions, prior registration and provision of personal data to the respective social network is required.
We have no influence on data processing by the social networks during your use. To our knowledge, your data is particularly stored and processed in connection with the provision of services by the respective social network and for the analysis of usage behavior (using cookies, pixels/web beacons, and similar technologies) on which interest-based advertising is displayed to you both within and outside the respective social network. It cannot be ruled out that your data will be stored by social networks outside the EU/EEA and passed on to third parties.
Information on the exact scope and purposes of the processing of your personal data, storage periods/deletion, as well as guidelines on the use of cookies and similar technologies in connection with registration and use, can be found in the privacy policies/cookie guidelines of the social networks. There you will also find information on your rights and opt-out options.
Facebook Page
When visiting our Facebook page, Facebook (Meta) collects, among other things, your IP address and other information stored in cookies on your PC. This information is used to provide us as operators of the Facebook pages with statistical information about the use of the Facebook page. More information is available from Facebook at the following link: https://facebook.com/help/pages/insights.
With the statistical information provided, it is not possible for us to draw conclusions about individual users. We use these statistics only to better respond to the interests of our users, continuously improve our online presence, and ensure its quality.
We only collect your data via our fan page in order to provide communication and interaction with us. This typically includes your name, message content, comment content, and the "public" profile information you provide.
The processing of your personal data for the purposes mentioned above is based on our legitimate business and communication interest in providing an information and communication channel in accordance with Art. 6(1)(f) GDPR. If you have given your consent to data processing to the provider of the social network, the legal basis for processing is Art. 6(1)(a), Art. 7 GDPR.
As the actual data processing is carried out by the provider of the social network, our possibilities to access your data are limited. Only the provider has full access to your data. Therefore, only the provider can take appropriate measures to fulfill your user rights (access requests, deletion requests, objection, etc.). Therefore, it is most effective to assert such rights directly against the respective provider.
We are jointly responsible with Facebook for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.
Primary responsibility for the processing of Insights data, according to the GDPR, lies with Facebook, and Facebook fulfills all obligations under the GDPR regarding the processing of Insights data. Meta Platforms Ireland Ltd. provides the essence of the Page Insights Supplement to data subjects.
We do not make decisions regarding the processing of Insights data and the duration of cookie storage on user devices.
Further information can be found directly at Facebook (Supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
For more information, including the exact scope and purposes of the processing of your personal data, storage duration/deletion, as well as guidelines on the use of cookies and similar technologies in connection with registration and use, see the privacy policies/cookie guidelines of Facebook: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 https://www.facebook.com/policies/cookies
Instagram Page
When you visit our Instagram page, Instagram (Meta) collects, among other things, your IP address and other information in the form of cookies on your PC. This information is used to provide us, as the operators of Instagram pages, with statistical information about the use of the Instagram page. More information is provided by Instagram at the following link (note: by clicking on the following link, you will be redirected to Facebook, which is also part of the Meta group. The information provided via the link also applies to Instagram): https://facebook.com/help/pages/insights.
With the statistical information provided, it is not possible for us to draw conclusions about individual users. We use these only to better respond to the interests of our users, to continuously improve our online presence, and ensure its quality.
We only collect your data via our fan page to provide communication and interaction with us. This generally includes your name, message content, comment content, and the "public" profile information you provide.
The processing of your personal data for the aforementioned purposes is based on our legitimate business and communication interest in providing an information and communication channel pursuant to Art. 6(1)(f) GDPR. If you have given your consent to the provider of the social network regarding data processing, the legal basis is Art. 6(1)(a), Art. 7 GDPR.
As the actual data processing is carried out by the social network provider, our access to your data is limited. Only the provider of the social network has full access to your data. Consequently, only the provider can take the necessary actions to fulfill your user rights (access requests, deletion requests, objection, etc.). Therefore, exercising such rights is most effective by contacting the provider directly.
We are jointly responsible with Instagram for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.
Primary responsibility for Insights data processing lies, according to GDPR, with Instagram, and Instagram fulfills all obligations under the GDPR with regard to Insights data processing. Meta Platforms Ireland Ltd. provides the essential parts of the Page Insights Supplement to the data subjects.
We do not make decisions regarding the processing of Insights data or the storage duration of cookies on user devices.
Further information can be found directly at Instagram (Supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
Further information, including the exact scope and purposes of processing your personal data, storage duration/deletion, as well as cookie policy and similar technologies relating to registration and usage, can be found in Instagram’s privacy/cookie policy (note: clicking the following link will take you to Facebook): https://help.instagram.com/519522125107875/?helpref=uf_share You can also find this information in the help section of Instagram's website via the following link: https://help.instagram.com/581066165581870
LinkedIn Page
LinkedIn is a social network operated by LinkedIn Inc., based in Sunnyvale, California, USA, which enables users to create private and professional profiles as well as company profiles. Users can maintain existing contacts within the network and establish new ones. Companies and other organizations can create profiles to upload photos and other company information to present themselves as employers and hire staff. Other LinkedIn users have access to this information and may write their own articles and share content with others. The network focuses on professional exchange on topics of interest with people who share the same professional interests.
When using or visiting the network, LinkedIn automatically collects data from users or visitors during the visit/use, such as username, job title, and IP address. This is accomplished using various tracking technologies. LinkedIn uses this data, among other things, to provide information, offers, and recommendations to users.
We only collect your data through our company profile to enable communication and interaction with us. This generally includes your name, message content, comment content, as well as the "public" profile information you provide.
The processing of your personal data for the aforementioned purposes is based on our legitimate business and communication interest in providing an information and communication channel pursuant to Art. 6(1)(f) GDPR. If, as a user, you have given the social network provider your consent to data processing, the legal basis extends to Art. 6(1)(a), Art. 7 GDPR.
As the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network has full access to your data. Therefore, only the provider can take appropriate actions to fulfill your rights as a user (access requests, deletion, objection, etc.). Therefore, asserting such rights is most effective when directed directly to the provider.
We are jointly responsible with LinkedIn for the personal content of our company profile. Data subject rights can be asserted with LinkedIn Inc. as well as with us.
We do not make any decisions regarding the data collected on LinkedIn’s site by means of tracking technologies.
Further information about LinkedIn can be found at: https://about.linkedin.com.
Further information on LinkedIn’s data protection can be found at: https://www.linkedin.com/legal/privacy-policy.
Further information on storage duration/deletion and the use of cookies and similar technologies relating to registration and use at LinkedIn can be found at: https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy.
YouTube Video
Nature and scope of processing
We have integrated YouTube videos into our website. YouTube Video is a component of the video platform operated by YouTube, LLC, where users can upload content, share it over the Internet, and receive detailed statistics.
YouTube Video allows us to embed content from the platform into our website.
YouTube Video uses cookies and other browser technologies to evaluate user behavior, recognize users, and create user profiles. This information is used, among other things, to analyze the activity of listened-to content and to compile reports. If a user is registered with YouTube, LLC, YouTube Video can assign the played videos to the user's profile.
When you access these contents, you establish a connection to servers of YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted.
Purpose and legal basis
The use of the service is based on your consent according to Art. 6(1)(a) GDPR and § 25(1) TDDDG.
We intend to transfer personal data to third countries outside the European Economic Area, especially the USA. Data transmission to the USA takes place according to Art. 45(1) GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US sub-processors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision by the European Commission (including US companies not certified under the EU-U.S. DPF), we have agreed with the recipients of the data on other appropriate safeguards within the meaning of Art. 44 ff. GDPR. Unless otherwise specified, these are the standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, we obtain your consent prior to such a third-country transfer in accordance with Art. 49(1)(a) GDPR, which you provide via the consent manager (or other forms, registrations, etc.). Please note that unknown risks (e.g., data processing by foreign security authorities, the exact scope and consequences of which we do not know, over which we have no influence, and of which you may not be aware) may be associated with third-country transfers.
Storage duration
The exact storage duration of the processed data is not within our control but is determined by YouTube, LLC. Further information can be found in the YouTube Video privacy policy: https://policies.google.com/privacy.
Google Maps
Nature and scope of processing
To create route descriptions, we use the Google Maps map service. Google Maps is a service from Google Ireland Limited, which displays a map on our website.
When you access this content on our website, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. These data are processed exclusively for the aforementioned purposes and to maintain the security and functionality of Google Maps.
Purpose and legal basis
The use of Google Maps is based on your consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG.
We intend to transfer personal data to third countries outside the European Economic Area, especially the USA. The data transfer to the USA takes place in accordance with Art. 45(1) GDPR on the basis of the adequacy decision of the European Commission. The relevant US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision from the European Commission (including US companies not certified under the EU-U.S. DPF), we have agreed to other appropriate safeguards with the data recipients in accordance with Art. 44 ff. GDPR. Unless otherwise stated, these are the standard contractual clauses of the European Commission under Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
Furthermore, before such a third-country transfer, we obtain your consent in accordance with Art. 49(1)(a) GDPR, which you give via the consent manager (or other forms, registrations, etc.). Please note that for third-country transfers there may be unknown risks (e.g., data processing by security authorities in the third country, whose exact scope and consequences are unknown to us, over which we have no control, and of which you may not be aware).
Storage duration
The exact storage duration of the processed data is not controlled by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Maps: https://policies.google.com/privacy.