We, the Alexander Nut Group Holding GmbH (hereinafter also referred to as “Responsible party”), take the protection of personal data very seriously. We adhere to the pertinent data protection regulations, in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). In the following, we would especially like to inform you of when and what type of data we collect within the scope of the use of our website and how we use this data.
I. General information
1. Scope of data processing
We generally only collect and use personal data from our users if this is required in order to ensure the functionality of our website, and insofar as it is required for providing our content and services. The collection and use of personal data from our users is only conducted if the processing of the data is permitted by statutory regulations or the user has provided their express consent.
2. Legal basis for data processing
Insofar as we receive the user’s consent for the processing of their personal data on our website, Art. 6, Sec. 1, Letter (a) GDPR serves as the legal framework for the processing of personal data.
In the processing of personal data, which is required to fulfill the contract to which the user is a contractual party, Art. 6, Sec. 1, Letter (b) GDPR serves as the legal framework. This also applies to processing operations that are required for the implementation of a contractual obligation or contractual measures.
Insofar as a processing of personal data is required for the fulfillment of a legal obligation to which our company is subject, then Art. 6, Sec. 1, Letter (c) GDPR serves as the legal framework.
If the processing is necessary to protect a legitimate interest of our company or a third party, and if the interests, fundamental rights and basic freedoms of the affected user do not supersede the first interest, then Art. 6, Sec. 1, Letter (f) GDPR serves as the legal framework (so called balancing of interests).
In addition, there are further legal grounds for the processing of personal data that we have listed – insofar as pertinent – in the following.
3. Storage period
The user’s personal data is deleted or locked as soon as the grounds for storage have been eliminated. Beyond that, data can be stored if this has been approved by European or national laws, in Union bylaws, laws or other regulations to which our company is subject. A deletion or blocking of data also occurs if a storage period prescribed by the said standards expires, unless there is a necessity for the further storage of the data for the conclusion or fulfillment of a contract.
4. Forwarding of personal data
If we forward personal data, then we exclusively forward them to service providers who support us in the fulfillment of the previously noted purposes. As so called contract processors, these companies may only use your personal data for the fulfillment of their tasks per our order and are obligated to adhere to the relevant data protection regulations. We use the following order processors:
The processing of the personal data stored by you is exclusively performed in countries of the European Economic Area.
II. Processing of personal data on the website
1. Provisioning of the website and compiling log files
a) Description of data processing
With each access to our website, our system automatically records and stores data and information from the accessing computer's system.
The following data is collected:
Information about the type of browser and the browser’s version
The user’s operating system
The user's Internet service provider
The user's IP address
Date and time of the access
The website from which the user accessed our website
Websites that are accessed from the user’s system via our website
This data is also stored in our system’s log files. This does not include the user's IP address or any other data that would enable the allocation of the data to a user. Storage of this data together with other personal user data is not processed.
b) Legal basis for data processing
Legal basis for the temporary storage of the data is Art. 6 Sec. 1, Letter (f) GDPR.
c) Purpose of data processing
The temporary storage of the IP address by the system is required in order to enable the delivery of the website to the user's computer. For this, the user’s IP address must be stored for the duration of the session.
Our legitimate interest also lies in these purposes in the data processing as per Art. 6, Sec 1, Letter (f) GDPR.
d) Duration of the storage
The data is deleted as soon as it is no longer required for the realization of the purpose, and its collection is therefore no longer necessary. This is the case – in the event that data is collected for provisioning the website – if the respective session has terminated.
e) Possibility of objection and deletion
The collection of data for provisioning the website and the storage of data in log files is required for the operation of the website. Therefore, there is no possibility of objection on the part of the user.
2. E-mail contact
a) Description of data processing
You can contact us via the e-mail address appearing on our website. In this case, the personal data provided by the user in the e-mail will be stored by us.
There will be no forwarding of this information to third parties. The data is exclusively used for the processing of the conversation.
b) Legal basis for data processing
The legal framework for the processing of data is Art. 6, Sec. 1, Letter (f) GDPR. If the e-mail contact targets the conclusion of a contract or a similar contractual obligation, then the additional legal framework for the processing is Art. 6, Sec. 1, Letter (b) GDPR.
c) Purpose of data processing
The processing of personal data only serves contact processing purposes. In case of contact processing, this includes a legitimate interest in the processing of data.
d) Duration of the storage
The data is deleted as soon as it is no longer required for the realization of the purpose and its collection is therefore no longer necessary. For the personal data sent by e-mail, this is then the case once the respective conversation has ended with the user. The conversation is considered terminated once the issue concerned has been finally clarified.
e) Possibility of objection and deletion
If the user contacts us via e-mail, then the user can object to the storage of their personal data at any time. This objection can be made through notification to the contact person listed at the end of our data protection information. In case of an objection, the conversation with the user cannot be continued and all personal data that has been stored within the establishment of the contact, is deleted by us.
1. Description of data processing
We use “cookies” in order to make the visit to our website as attractive as possible and to enable the use of certain functions. Cookies are small text files that are stored in the browser (or by the browser) of the user’s device. If the user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string that enables a specific identification of the browser once the website is accessed again.
a) Technically required cookies
b) Technically unnecessary cookies
Frequency of page visits
Usage of website functions
Search terms entered
c) Notice on changing the browser settings
Most browsers are configured in such a way that they automatically accept cookies. However, the user is able to block the storage of cookies on their computer by making the corresponding browser settings. However, this may restrict the functionality of our website.
2. Legal basis for data processing
The legal framework for the processing of personal data is Art. 6 Sec. 1, Letter (a) GDPR upon presentation of the user's consent in this regard.
Otherwise, the legal framework for the processing of personal data under application of cookies is Art. 6, Sec. 1, Letter (f) GDPR.
3. Purpose of data processing
The uses of technically unnecessary cookies are used for the purpose of improving the quality of our website and website content.
The user data collected by cookies is not used to create user profiles.
In the aforementioned purposes, our legitimate interest lies in the processing of the personal data as per Art. 6, Sec. 1, Letter (f) GDPR.
4. Duration of the storage, objection and deletion possibilities
IV. Rights of persons concerned
If personal data is processed by you, then you are a "person concerned" in terms of the GDPR and you have the following rights towards the responsible party:
1. Right to information
You can request confirmation from the responsible party regarding whether or not your personal data is processed by us.
If this type of processing exists, you can request the following information from the responsible party:
The purposes for which the personal data is used;
The categories of personal data that are processed;
The recipient and/or the categories of recipients towards whom the related personal data was or will be disclosed;
The planned duration of the storage of the personal data or, in case specific details are not possible, the criteria used for the determination of the storage period;
The existence of a right to correction or deletion of the affected personal data, a right to limitation of processing by the responsible party, or a right of objection against this processing;
The existence of a right of appeal to a supervisory authority;
All information regarding the origin of the data, if the personal data was not collected from the affected party;
The existence of automated decision making including profiling as per Art. 22, Sec. 1 and 4 GDPR and – at least in the most cases – meaningful information concerning the logic involved as well as the scope and the intended effects of this type of processing for the affected person or party.
You have the right to demand information pertaining to whether or not your personal data has been transferred to a third-party country or to an international organization. In this regard, you can demand to receive information regarding the appropriate guarantees as per Art. 46 GDPR in connection with the transfer of personal data.
2. Right to correction (of data)
You have a right to correction and/or completion of the data towards the responsible party, insofar as the processed personal data affecting you is incorrect or incomplete. The responsible party must immediately correct or complete the data.
3. Right to limitation of processing
Under the following prerequisites, you can demand the limitation of the processing of your personal data:
If you are contesting the correctness of the personal data for a period of time, which allows the responsible party to verify the correctness of the personal data;
The processing of the data is illegal and you do not consent to the deletion of the personal data and instead demand the limitation of the use of the personal data;
The responsible party no longer needs the personal data for purposes of processing, however it requires the data for asserting, exercising or defending legal claims, or
If you have filed an objection to the processing pursuant to Art. 21, Sec. 1 GDPR and it has not yet been determined whether or not the legitimate reasons of the person responsible outweigh your reasons.
If the processing of your personal data has been limited, then this data ― aside from its storage ― may only be processed with your consent or for the assertion, exercising or defense of rights or for the protection of the rights of another natural or legal person, or on grounds of an important public interest of the European Union or of a Member State.
If the limitation of processing was limited as per the above requirements, you will be informed by the responsible party prior to the limitation being lifted.
4. Right to deletion
a) Obligation to delete
You can request from the responsible party that the personal data is immediately deleted and the responsible party is obligated to delete the data immediately, insofar as one of the following grounds exists:
The grounds for which your personal data was collected or otherwise processed, no longer exists.
You may withdraw your consent upon which the processing of the data as per Art. 6, Sec. 1, Letter (a) or Art. 9, Sec. 2, Letter (a) GDPR is based, and there is no other legal basis for processing.
As per Art. 21, Sec. 1 GDPR, you withdraw your consent against the processing of your data and there are no overriding legitimate grounds for processing, or you file an objection as per Art. 21, Sec. 2 GDPR against the processing.
Your personal data was processed illegally.
The deletion of your personal data is required for the fulfillment of a legal requirement as per European Union law or the laws of the Member States – which the responsible party is subject to.
Your personal data was collected in relation to the offered information society services as per Art. 8, Sec. 1 GDPR.
b) Third-party information
If the responsible party has made your personal data public and if it is obligated to its deletion as per Art. 17, Sec.1 GDPR, then it takes ― under consideration of the available technologies and the implementation costs ― suitable measures (also of a technical nature) in order to inform the parties responsible for the processing of the personal data that you, as the affected party, have demanded the deletion of all links to this personal data or the deletion of copies or duplicates of this personal data.
c) Exceptions for obligations to delete
The right to deletion does not exist insofar as the processing is required for:
Exercising the right to freedom of expression and information:
Fulfilling a legal obligation that the processing is subject to as per the laws of the European Union or the Member States, to which the responsible party is subject, or for the fulfillment of a task that lies in the public interest or in the exercising of official authority that was transferred to the responsible party;
Reasons of public interest in the area of public health as per Art. 9, Sec. 2, Letters (h) and (i) as well as Art. 9, Sec. 3 GDPR;
Reasons of public interest in the area of archiving scientific or historical research purposes or for statistical purposes as per Art. 89, Sec. 1 GDPR, insofar as the law mentioned in Section a) is likely to render impossible or seriously prejudicial the attainment of the objectives of such processing, or;
Enforcement, exercising or defense of legal claims.
5. Right to information
If you have exercised the right to correction, deletion or limitation of the processing of your data towards the responsible party, then this party is obligated to inform all recipients that have been disclosed the affected personal data, to inform them of the correction, deletion or limitation of the personal data, unless this turns out to be impossible or only possible with an unreasonable effort.
Towards the responsible party, you have the right to be informed about the recipient(s).
6. Right to data transmission
You have the right to receive the personal data that you have transmitted to the responsible party in a structured, standard and machine-readable format. Furthermore, you have the right to transfer this data to another responsible party without being prevented from doing so by the responsible party who was provided this data, insofar as:
The processing is based on consent as per Art. 6, Sec. 1, Letter (a) GDPR or Art. 9, Sec. 2, Letter (a) GDPR or on a contract as per Art. 6, Sec. 1, Letter (b) GDPR and
The data is processed with the help of automated processes.
In the exercising of this right, you also have the right to affect that the relevant personal data is transferred directly from one responsible party to the other, insofar as this is technically feasible. Freedom and rights of other parties must not be infringed upon during this process.
The right to data transfer is not applicable for the processing of personal data that is required for the performance of a task that is in the public interest or in the exercise of public authority that was assigned to the responsible party.
7. Right to objection
You have the right, for grounds resulting from a special situation, to object to the processing of your personal data, which is performed pursuant to Art. 6, Sec. 1, Letter (e) or (f) GDPR at any time; this also applies to the use of the data for purposes of profiling.
The responsible party no longer processes the relevant personal data unless it can provide evidence of compelling grounds for processing worthy of protection that supersedes your interests, rights and freedoms, or the processing serves the enforcement, exercising or defense of legal claims.
If your personal data is processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling, insofar as this is connected to this type of direct marketing activity.
If you object to the processing of your data for purposes of direct marketing, then your data will no longer be used for such purposes.
You have the ability, in connection with use of information society services ― notwithstanding the Regulation 2002/58/EC ― to exercise your right to objection using an automated process in which technical specifications are used.
8. Right to objection of data protection-relevant declaration of consent
You have the right to revoke your data protection-relevant declaration of consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation.
9. Automated decision in individual cases including profiling
You have the right not to be subjected to a decision that is solely based on automated processing – including profiling – one that has a legal impact on you, or significantly affects you in a similar manner. This does not apply if the decision:
Is required for the conclusion or the fulfillment of a contract between you and the responsible party;
Is permissible due to the laws of the European Union or the Member States, under which the responsible party operates and the laws contain suitable measures for the safeguarding of your rights and freedoms as well as your legitimate interests, or;
Has been expressly approved by you.
However, these decisions cannot be based on special categories of personal data as per Art. 9, Sec. 1 GDPR insofar as Art. 9, Sec. 2, Letters (a) or (g) applies and suitable measures were made for the safeguarding of rights and freedoms as well as your legitimate interest.
In terms of the cases noted in the previous list of items (1) and (3), the responsible party takes suitable measures in order to ensure the rights and freedoms as well as your legitimate interests. This at least includes the right to obtain intervention of a person on behalf of the responsible party, on the statement of one's own position, and on appeal against the decision.
10. Right to object with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to object with a supervisory authority, in particular in the Member State of your place of residence, your place of work, or the place of the perceived violation if you are of the opinion that the processing of your personal data is in violation of the GDPR.
The Supervisory Board, where the objection is submitted, notifies the protester regarding the current status and the result of the objection including the possibility of a judicial remedy as per Art. 78 GDPR.
V. External links
Our website may contain links that refer to third-party websites. Insofar as this is not clearly recognizable, we will notify you that you are accessing a third-party link. We do not have any influence on the content and the design of third-party websites. This data protection information is therefore not applicable there.
VI. Changes to this data protection information
The continuous development of the Internet and, therefore, the ongoing changes to the applicable legal standards require that we adjust and amend our data protection information from time to time. We will inform you here about any corresponding changes.
VII. Responsible party
The responsible party in terms of GDPR and other national data protection laws of the EU member states as well as other data protection-relevant regulations is: