All personal data are treated confidentially. Our data protection practice is in line with the German Federal Data Protection Act (FDPA) and the General Data Protection Regulation (GDPR). The following addresses the data protection details.
The controller within the meaning of GDPR and FDPA is
Gust. Alberts GmbH & Co.KG
Data Protection Officer:
Contact details: firstname.lastname@example.org
1. Reasons for collecting data
We collect and process your data to operate our website and to be able to provide you with the best possible service by way of convenient access to our services. We have set these out for you below.
2. Provision of our website
Our website is provided on our behalf by our service provider. Data processed on our website are, therefore, processed on our behalf on the servers of our service provider, with whom we have entered into an order processing contract. Processing on servers of other service providers only occurs if this is expressly stated in this Data Protection Policy. Our service provider is located within a country of the European Union or the European Economic Area.
The legal basis for the provision of our website and processing the connection data generated during communication with your terminal device (this includes, for example, the IP address of your device, via which your device can be addressed by other devices on the Internet) is our legitimate interest in providing information about our company and the products we offer within the meaning of Article 6(1), point f), GDPR.
3. Contact forms
If you contact us via the contact form and choose to contact us by e-mail, you must make your e-mail address and your message available to us. If you choose to contact us by telephone, the mandatory information is your telephone number and your message. The mandatory information is marked with an asterisk. All other details are voluntary.
The data shall be stored for the purpose of processing your enquiry. We shall not forward such data without your consent. We delete the data accruing in this context once storage is no longer required, or restrict the processing if there are legal obligations to retain data. The legal basis for the processing of your personal data is our legitimate interest in answering your enquiry within the meaning of Article 6(1), point f), GDPR insofar as your enquiry is not an initiation of a contract or an enquiry in conjunction with an existing contract. In the latter cases, the legal basis for data processing is Article 6(1), point (b), GDPR.
4. Consent management with Usercentrics
We use the “Usercentrics” consent management tool operated by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot). This enables us to obtain and manage your consent to data processing. The processing is necessary for compliance with a legal obligation (Article 7(1), GDPR), to which we are subject (Article 6(1), point c), GDPR). Website functionality is not guaranteed without the processing. The following data are processed in that respect:
Type of browser used, operating system used, connection data of the computer used (shortened IP address), the pages you visit on our site and the date and duration of the visit. In addition, a Cookie is stored to assign the granted consent (see also in the section “Cookies” of this Data Protection Policy).
Cybot is the recipient of your personal data and our processor. The data shall be deleted after 12 months. Data are processed in the European Union. You can find further information about objection and removal options in dealings with Usercentrics at:
Cookies are used to render use of the web pages and the website visitors’ preferences more attractive. For example, they are used to store the information you provide when selecting a language. Cookies are text files that are stored on your hard drive to enable identification of your browser when you return to the website.
You can prevent Cookies from being stored on your hard drive by adjusting the browser settings accordingly. Cookies that have already been set can be deleted at any time. Please refer to the respective browser instructions on how to delete Cookies or prevent their storage. If you do not accept Cookies, this may have a detrimental effect on your use of our website.
6. Use of Matomo
This website uses the “Matomo” open source web analysis service, which is operated on our own servers or on our service provider’s servers. Matomo uses so-called “Cookies”, small text files that are stored on your computer and by means of which it is possible to recognise your browser on a subsequent visit if you have consented to their use (see in detail in the “Cookies” section). This enables us to analyse your use of the website. To that end, the information generated by the Cookie about the use of this website is stored on our server.
Stored data include the IP address of the calling end terminal device, by means of which a rough geolocation is also performed, the page from which you were referred to our website (so-called referrer; in the case of a search engine referral, this may also contain the search term used), the operating system of your terminal device as well as the browser version and language used, resolution, active plug-ins, the time spent on the sub-page of our website as well as the number of sub-pages called up. The IP address is rendered anonymous before storage by deleting the last two octets (e.g. 192.168.xxx.xxx). By deleting the last octet, a rough geolocation is possible, but a recognition of your terminal device by means of the IP address is ruled out.
We use the collected data for anonymised analysis of user behaviour to optimise our website and our advertising. The information collected and stored in this context about the use of this website is not forwarded to third parties.
7. LinkedIn page
The LinkedIn service is a social network operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn Ireland”) or LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA (“LinkedIn Corp.”), if your place of residence or permanent domicile is outside the European Union or the European Economic Area.
Social network users’ data may be processed for market research and advertising purposes, in particular usage profiles may be created that are used to serve advertisements within and outside the networks. Furthermore, data may be stored regardless of the devices used by the users (in particular, if the users are members of and logged into the respective platforms).
The data processed usually includes contact data, content data, usage data (in particular web pages visited, interest in content as well as access times) and so-called metadata such as device information and IP addresses of the end terminal devices used.
The legal basis for the collection and processing of data is your consent within the meaning of Article 6(1), point a), GDPR, which you may have granted to LinkedIn Ireland / LinkedIn Corp. You may withdraw your consent to data processing at any time with effect for the future. To do so, please contact the operator of the network directly. The withdrawal of consent does not affect the lawfulness of the data processing performed until the withdrawal.
In other respects, legitimate interests within the meaning of Article 6(1), point f), GDPR, may be the legal basis for data processing. This is the case, for example, if the purpose of the data processing is the technically secure operation of the website.
For detailed information about the processing and use of data by LinkedIn on its own website, as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to LinkedIn’s data protection information, which can be found at the following link:
As there is no EU Commission adequacy decision for the transfer of personal data to the USA, we have entered into standard data protection clauses within the meaning of Article 46(2), point c) GDPR, with Google, which you can obtain from our data protection officer.
The data are processed on the basis of an agreement between jointly responsible parties controllers in accordance with Article 26, GDPR, which you can view at the following link:
8. YouTube channel
The YouTube video platform is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your registered office or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
When visiting our channel on YouTube, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements within and outside the video platform that presumably correspond to your interests. Cookies are generally used on your terminal device for this purpose. The function of Cookies is explained in the context of the data protection instructions there, so please note the corresponding information there. Visitor behaviour and user interests are stored in these Cookies.
Furthermore, we receive a statistical evaluation of the collected data as to which groups of people are interested in our individual videos posted on YouTube. The number of views and playing times of videos are, in particular, made available to us in this context. In this respect, the data are made available in such an anonymous form that it is not possible to draw conclusions about individual persons. The information contained includes, for example, the approximate geographical location, the age group and other summary characteristics.
The legal basis for the collection and processing of data is your consent within the meaning of Article 6(1), point a), GDPR, which you may have granted or shall grant to Google when calling up the website there. You may withdraw your consent to data processing at any time with effect for the future. To do so, please contact Google directly. The withdrawal of consent does not affect the lawfulness of the data processing performed until the withdrawal.
For detailed information on the processing and use of data by Google on the YouTube website as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to Google’s data protection information, which can be found at the following link:
As there is no EU Commission adequacy decision for the transfer of personal data to the USA, we have entered into standard data protection clauses within the meaning of Article 46(2), point c) GDPR, with Google, which you can obtain from our data protection officer.
9. Facebook fan page and Instagram profile
Our presence on social networks and platforms, such as Facebook and Instagram, is aimed at active and timely communication with our customers and interested parties. We provide information there about our services, products and interesting special promotions relating to our company.
We use the social networks “Facebook” and “Instagram”, which are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta).
When you visit our online presences there, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used on your terminal device for this purpose. Information about the function of Cookies can be found in the “Cookies” section of this privacy Data Protection Policy. Visitor behaviour and user interests are stored in these cookies. The legal basis for the processing is Article 6(1), point a), GDPR.
For the USA, there is currently no adequacy decision by the European Commission. However, we have entered into standard data protection clauses with Facebook to ensure that your personal data are handled in a manner that is comparable to the European and German level of data protection. The legal basis for a data transfer to the USA when visiting our Facebook and Instagram fan page is therefore Article 46(2), point c), GDPR (standard data protection clauses).
For detailed information about the processing and use of data by the providers on their pages, as well as a contact option and your rights and setting options in this regard to protect your privacy, in particular objection options (so-called opt-out), please refer to the data protection notices of the providers linked below:
The objection and settings options can be found as follows:
- Facebook: https://www.facebook.com/settings/?tab=privacy
- Instagram: https://www.instagram.com/accounts/privacy_and_security/
Data processing for Facebook is carried out on the basis of an agreement between jointly responsible parties pursuant to Article 26, GDPR, which you can view here:
10. Facebook Pixel / Custom Audiences
We use the “Facebook Pixel” analysis service with the additional “Custom Audiences” function, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you have your registered office or place of residence in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). This feature allows us to target website visitors with advertising by serving personalised, interest-based Facebook ads to visitors to this website when they visit the Facebook social network. If the function is activated, a direct connection to a Facebook server is established when you visit this website. The pages of our website you have visited are forwarded to Facebook. Facebook associates this information with your personal Facebook user account provided you have one with Facebook and are logged into the account.
The processed data include:
- Ads viewed,
- Browser information,
- Content viewed,
- Device information,
- Geographical location,
- Interaction with advertisements,
- Services and products,
- The IP address of your terminal device,
- Marketing information,
- Pixel ID,
- Referrer URL,
- Marketing campaign success,
- Usage data,
- User behaviour,
- Where applicable, the Facebook user ID.
We only activate Facebook Pixel on our website if you have granted your permission. The basis for data processing is then your consent in accordance with Article 6(1), point a), GDPR, which you may have granted us during your first visit to our website. You may withdraw your consent at any time free of charge with effect for the future. To do this, you can use the button in the bottom left-hand corner to call up a tool in which you can manage your granted consent, or contact our data protection officer. For more information, please see the section on “Cookies and similar technologies” in this privacy Data Protection Policy. If you have consented to the use, but do not want Facebook to assign the collected information directly to your Facebook user account, you can deactivate the function via this link. To do this, you must be logged in to Facebook. You can find further information regarding the collection and use of data by Facebook regarding your rights and the possibilities to protect your privacy in Facebook’s data protection information via this link: As there is no EU Commission adequacy decision for the transfer of personal data to the USA, we have entered into standard data protection clauses with Facebook within the meaning of Article 46(2), point c) GDPR.
We also collect and process personal data from applicants for the purpose of processing the application procedure we conduct. In that respect, the processing may also be carried out electronically. This is always the case if the applicant submits application documents to us electronically, i.e. by e-mail or via a web form implemented on our website.
The applicant portal is operated by BITE GmbH, Resi-Weglein-Gasse 9, D-89077 Ulm (BITE) on our behalf. If we enter into an employment contract with an applicant, the forwarded data shall be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. However, if is we and the applicant do not enter into an employment contract, the application documents shall be deleted four months following notification of the rejection decision provided no other legitimate interests of the person responsible oppose deletion. Another legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). We would like to evaluate all applicants only according to their qualifications and therefore ask that, as far as possible, information about racial and ethnic origin, political opinions, religious or ideological beliefs or any trade union membership, genetic data, biometric data for the unique identification of a natural person, health data or data on sexual life or sexual orientation are not included in the application.
12. Data security
We secure our website and other systems by way of technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. Depending on the browser used, data are forwarded using 128 bit to 256 bit SSL encryption. Complete protection against all dangers is not possible despite regular checks and constant improvement of our security measures.
13. Deleting data
Personal data shall be deleted or blocked as soon as the purpose of the storage no longer applies or you request the deletion and no further storage obligations apply to us. Data shall also be deleted if a storage period specified by the aforementioned standard expires unless there is a need for further storage of the data to enter into or honour a contract or you have granted your consent in this regard.
14. Forwarding data to third countries
Our website includes tools from companies that have their registered office in the US. If these tools are active, your personal data may be transferred to the respective servers of the companies located in third countries.
In this context, we draw attention to the fact that the USA is not a safe third country within the meaning of EU data protection law. To that end, US companies undertake to surrender personal data to supervisory security authorities without you as the data subject having the opportunity to take legal action against this. Therefore, it cannot be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on servers in the US or that are accessible from the US for monitoring purposes. We do not exert any influence on these processing activities.
Data are transferred abroad, including to countries outside the EU or the EEA. An adequate level of data protection is ensured by way of the use of various security mechanisms. This can be, for example, an adequacy decision of the EU Commission within the meaning of Article 45(1), GDPR; binding internal data protection rules of the recipient within the meaning of Article 47, GDPR, or other appropriate safeguards. If no generally effective guarantees are available, we base the processing on standard contractual clauses entered into with the providers by the EU Commission within the meaning of Article 46(2), point c), GDPR. These measures ensure a sufficient level of data protection.
15. Rights of the data subject
If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights in dealings with the controller:
15.1 Right to obtain information
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed by us. Where that is the case, you have the right to obtain the following information from the controller:
- The purposes for which the personal data are processed
- The categories of personal data that are processed
- The recipients or categories of recipients to whom your personal data have been or shall be disclosed
- The planned duration of storage of the personal data relating to you or, if specific information about this is not possible, criteria for determining the storage duration
- The existence of a right to rectify or erase the personal data concerning you, a right to restrict processing by the controller or a right to object to such processing, the existence of a right of appeal to a supervisory authority
- (Any available information about the origin of the data, if the personal data are not collected from the data subject
15.2 Right to rectification
You have the right to rectification and/or the completion of incomplete personal data by the controller provided the processed personal data apply to you, are incorrect or incomplete. The controller is to rectify the data without delay.
15.3 Right to restriction of processing
You have the right to obtain request from the controller restriction of processing of your personal data under the following conditions:
- You contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
- The controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
- If you have objected to processing in accordance with Article 21(1), GDPR, pending the verification whether the legitimate grounds of the controller override your reasons.
If the processing of your personal data has been restricted, such data may only be processed – apart from the storage of such data – following your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of the processing was restricted in accordance with the aforementioned requirements, you shall be notified by the controller before the restriction shall be lifted.
15.4 Right to erasure
15.4.1 Obligation to erase
You have the right to obtain request from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing is based according to Article 6(1), point a) or Article 9(2), point a), GDPR, and where there is no other legal ground for the processing
- You object to the processing in accordance with Article 21(1), GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21(2), GDPR
- Your personal data have been unlawfully processed
- Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
- Your personal data have been collected in relation to the offer of the information society services referred to in Article 8(1), GDPR
15.4.2 Information forwarded to third parties
Where the controller has made your personal data public and undertakes in accordance with Article 17(1), GDPR, to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers that are processing your personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, such personal data.
The right to erasure shall not apply where processing is required:
- To exercise the right of freedom of expression and information
- To honour a legal obligation that necessitates processing in accordance with the law of the Union or the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- On the grounds of public interest in the area of public health in accordance with Article 9(2), points h) and i), as well as Article 9(3), GDPR
- To establish, exercise or defend legal claims
15.5 Right to information
If you have exercised the right to the rectification, erasure or restriction of processing in dealings with the controller, the controller undertakes to notify all recipients to whom your personal data have been disclosed of such rectification or deletion of data or restriction of processing unless it proves impossible or would involve a disproportionate effort. In dealings with the controller, you have the right to be informed of such recipients.
15.6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. In addition, you have the right to forward such data to another controller without hindrance from the controller to which the personal data have been provided, where
- The processing is based on consent in accordance with Article 6(1), point a), GDPR, or Article 9(2), point a), GDPR, or on a contract in accordance with Article 6(1), point b), GDPR and
- The processing is carried out by automated means
In exercising this right, you also have the right to have the personal data concerning you forwarded directly from one controller to another controller, insofar as this is technically feasible. This may not adversely affect freedoms and rights of other persons.
15.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on Article 6(1), point e) or f), GDPR. This also applies to profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
15.8 Right to withdraw the data protection law declaration of consent
You have the right to withdraw your data protection law declaration of consent at any time. Withdrawing the consent does not affect the legality of the processing that applied as a result of the consent up until the withdrawal.
15.9 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes on GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy in accordance with Article 78, GDPR.
16. Changes to this Data Protection Policy
Our website is subject to continual further development. As a result, we update this Data Protection Policy from time to time. We, therefore, recommend that you visit this Data Protection Policy regularly. You can identify any changes by way of the status mentioned below.