Data Protection Information

This data protection policy provides information about how we handle your personal data and about your rights under the European Union’s General Data Protection Regulation (abbreviated GDPR) and Germany’s Federal Data Protection Act (abbreviated BDSG in German). As the controller, Amptown System Company GmbH (hereinafter referred to as “we” or “us”) is responsible for data processing.

Contents

I. General Information

1. Contact

Should you have any questions or suggestions relating to this information or if you would like to contact us regarding the assertion of your rights, please send your message to: Amptown System Company GmbH
Werner-Otto-Str. 26 22179 Hamburg, Germany T +49 40 64 21 59 0 F +49 40 64 21 59 18 info(at)amptown-system.com

2. Lawfulness of Processing

The term “personal data” as defined by applicable data protection law refers to all information that relates to a specific or identifiable person. We process personal data in accordance with the valid data protection regulations, in particular the GDPR and the BDSG. We only process data if we are legally allowed to do so. We only process personal data with your consent [section 15, paragraph 3, of the Telemediengesetz (TMG – German telemedia act) or article 6, paragraph 1, point (a), of the GDPR] if processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (article 6, paragraph 1, point (b), of the GDPR), if processing is necessary for compliance with a legal obligation (article 6, paragraph 1, point (c), of the GDPR), or when processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party and doing so does not override your interests or fundamental rights and freedoms that require the protection of your personal data (article 6, paragraph 1, point (f), of the GDPR).

3. Duration of Storage

Unless otherwise stated in the information below, we only store the data for as long as it is required to achieve the processing purpose or to fulfill our contractual or legal obligations. These legal storage obligations can arise, in particular, from commercial or tax regulations. We will retain any personal data contained in our accounting records for ten years from the end of the calendar year in which the data was collected, and we will retain personal data contained in commercial letters and contracts for six years. Furthermore, we will retain data in connection with provided consent subject to documentation requirements as well as in connection with claims arising from complaints and legal action for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

4. Categories of Recipients of Personal Data

We engage third parties to process your data on our behalf. Processing operations performed by such processors include, for example, hosting, IT system maintenance and support, customer and order management, accounting and billing, and file and disk destruction. A processor is defined as a natural person or legal entity, public authority, agency, or other body that processes personal data on behalf of a controller. Processors do not use the data for their own purposes, but process the data exclusively for the controller and are contractually obligated to implement appropriate technical and organizational measures to protect the data. In addition, we may transfer your personal data to entities such as postal and delivery services, our bank, tax consultants/auditors, or the tax authorities. For the purpose of contact tracing to break the chains of transmission of an infectious disease, personal data may be transferred to the competent public health department. Further recipients may result from the information provided below.

5. Transfer of Personal Data to Third Countries

Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer of data is deemed lawful if the European Commission has established that an adequate level of data protection is provided in such a third country. In the absence of such an adequacy decision by the European Commission, personal data will only be transferred to a third country if appropriate safeguards are in place in accordance with article 46 of the GDPR or if one of the conditions of article 49 of the GDPR has been met. Unless otherwise stated below, we use the EU’s standard contractual clauses for the transfer of personal data to processors established in third countries as appropriate safeguards: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32010D0087.

6. Processing When Exercising Your Rights Pursuant to Art. 15 to 22 of the GDPR

If you exercise your rights in accordance with articles 15 to 22 of the GDPR, we process the personal data provided for the purpose of implementing these rights and in order to be able to provide evidence of this fact. We will only process the personal data we have saved for the purpose of providing information and its preparation only for this purpose as well as to monitor adherence to applicable data protection law and will otherwise restrict processing in accordance with article 18 of the GDPR. The legal basis for such processing is article 6, paragraph 1, point c, of the GDPR in conjunction with articles 15 to 22 of the GDPR and section 34, paragraph 2, of the BDSG.

7. Your Rights

As a data subject, you have the right to assert the rights granted to data subjects vis-à-vis our company. In particular, you have the following rights:
  • In accordance with article 15 of the GDPR and section 34 of the BDSG, you have the right to obtain confirmation as to whether or not we are processing your personal data and, if so, to what extent.
  • In accordance with article 16 of the GDPR, you have the right to obtain from us the rectification of inaccurate personal data.
  • According to article 17 of the GDPR and section 35 of the BDSG, you have the right to obtain from us the erasure of your personal data.
  • According to article 18 of the GDPR, you have the right to obtain from us the restriction of processing your personal data.
  • According to article 20 of the GDPR, you have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit this data to another controller.
  • If you specifically granted us your consent to process your data, you may withdraw this consent at any time in accordance with article 7, paragraph 3, of the GDPR. Withdrawing your consent does not affect the lawfulness of the processing that was carried out on the basis of your consent before its withdrawal.
  • If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with article 77 of the GDPR.

8. Right to Object

Pursuant to article 21, paragraph 1, of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data carried out on the legal basis of article 6, paragraph 1, point (e) or (f), of the GDPR. In the event that we process your personal data for the purpose of direct advertising, you can object to this processing in accordance with article 21, paragraphs 2 and 3, of the GDPR.

9. Data Protection Officer

You can contact our data protection officer at the following e-mail address: E-Mail: datenschutz@amptown-system.com Herting Oberbeck Datenschutz GmbH Hallerstr. 76, 20146 Hamburg https://www.datenschutzkanzlei.de

II. Data Processing on Our Website

When you use this website, we collect data that you provide yourself. In addition, we also automatically collect certain data about your use of the website during your visit. Within the scope of applicable data protection law, an IP address is also considered personal data. An IP address is assigned to each device connected to the Internet by the Internet service provider so that it can send and receive data.

1. Processing of Server Log Files

If you are just using the website to acquire information, then only general information will automatically be stored initially (i.e. not via a registration), which your browser transmits to our server. This data includes: Your browser type/version, operating system used, current page visited, the previously visited page (referrer URL), IP address, time and date of the server request, and HTTP status code. This data is processed on the legal basis of article 6, paragraph 1, point (f), of the GDPR, i.e. on the basis of our legitimate interests in managing the technical and security aspects of the website. The saved data will be deleted after seven days unless there are specific indications that lead to a reasonable suspicion of illegal use and further examination and processing of the data is necessary for this purpose. We are not able to identify you as a data subject on the basis of this saved data. As such, articles 15 to 22 of the GDPR, in accordance with article 11, paragraph 2, of the GDPR, do not apply to this data unless, in order to exercise your rights under those articles, you provide us with additional information that allows us to identify you.

2. Cookies

We use cookies and similar technologies (hereinafter referred to collectively as “cookies”) on our website. Cookies are small text files that are saved by your browser when you visit a website. These files are used to identify your browser so that it can be recognized by web servers in the future. You have full control over the use of cookies through your browser. You can delete the cookies via your browser’s security settings at any time. You can completely deactivate the use of cookies through your browser settings or deactivate them in certain cases. Additional information on this topic is provided by the German Federal Office for Information Security: https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html. The use of cookies is required for the technical operation of our website and therefore permitted without the user’s consent.

3. Contact Form and RMA Form

Our website contains contact forms that you can use to send us messages and submit an RMA request. In this context, your data is encrypted when transferred to our server (you can recognize this by the “https” in your browser’s address bar). All data fields marked as mandatory are required to process your request. Should you not fill out these fields, we will be unable to process your request. The provision of any other data is optional. Alternatively, you can also send us a message via the contact e-mail. We process this data for the purpose of responding to your inquiry. If your inquiry is related to the conclusion or performance of a contract with us, the legal basis for processing your data is article 6, paragraph 1, point (b), of the GDPR. In all other cases, we process this data on the basis of our legitimate interests in communicating with individuals who submit inquiries. As a result, the legal basis for processing the data in this case is article 6, paragraph 1, point (f), of the GDPR.

4. WP Statistics

Our website uses the WordPress analytics plug-in WP Statistics for the statistical analysis of website visits. For this purpose, we process server log files that your browser sends us while the page is loading. Simple statistics are generated from this data in anonymous form. This data is not used to create usage profiles and no cookies are set. All of the data collected by WP Statistics is saved on this web server in a completely anonymous form. As a result, it is not possible to personally identify a visitor, even retrospectively. We process this data to measure our reach and to optimize our website. This data is processed on the legal basis of article 6, paragraph 1, point (f), of the GDPR, i.e. on the basis of our legitimate interests.

III. Data Processing on Our Social Media Profile Pages

We are active on several social media platforms with a company profile page. We want to use these profiles as additional ways to provide information about our company and to communicate with others. Our company has profile pages on the following social media platforms:
  • Facebook
  • Instagram
  • LinkedIn
  • Xing
  • YouTube
When you visit or interact with a profile on a social media platform, your personal data may be processed. The data associated with the use of a social media profile also regularly constitutes personal data. This includes messages and statements made using the profile. In addition, when you visit a social media profile, certain information about your visit is often collected automatically, and this data may also be considered personal data.

1. Visiting a Social Media Page

a. Facebook and Instagram Pages

Certain information about you is processed when you visit our Facebook or Instagram page, where we present information about our company or individual products from our range. The sole controller responsible for processing this data is Facebook Ireland Ltd. (based in Ireland/EU and hereinafter referred to as “Facebook”). For more information about how Facebook processes personal data, please visit https://www.facebook.com/privacy/explanation. Facebook offers the ability to object to certain forms of data processing; relevant information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.

Facebook provides us with anonymous statistics and insights for our Facebook and Instagram pages that help us understand the types of actions people take on our site (referred to as “Page Insights”). These Page Insights are created on the basis of certain information about people who have visited our site. This personal data is processed by Facebook and by us as joint controllers. Such processing is conducted on the basis of our legitimate interest in analyzing the types of actions carried out on our profile page and improving our page on the basis of that knowledge. The legal basis for processing this data is article 6, paragraph 1, point (f), of the GDPR. We cannot associate the information obtained through these Page Insights with individual Facebook profiles that interact with our Facebook page. We have entered into a Page Insights Controller Addendum with Facebook that governs the processing of this data as joint controllers and specifies our individual and joint obligations under applicable data protection law. For details about how personal data is processed in order to create Page Insights and the agreement between us and Facebook, please visit https://www.facebook.com/legal/terms/information_about_page_insights_data. With respect to the processing of this data, you have the opportunity to exercise your rights as a data subject (see “Your Rights”), including vis-à-vis Facebook. Further information can be found in Facebook’s privacy policy at https://www.facebook.com/privacy/explanation.

Please note that according to Facebook’s privacy policy, user data is also processed in the United States or other third countries. Facebook only transfers user data to countries for which the European Commission has adopted an adequacy decision in accordance with article 45 of the GDPR or on the basis of appropriate safeguards in accordance with article 46 of the GDPR.

b. LinkedIn Company Profile

The LinkedIn Ireland Unlimited Company (based in Ireland/EU and hereinafter referred to as “LinkedIn”) is, as the sole controller, exclusively responsible for processing personal data when you visit our LinkedIn profile. For more information about how LinkedIn processes personal data, please visit https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit, follow, or interact with our company profile on the LinkedIn website, LinkedIn processes personal information to provide us with statistics and insights in anonymous form. This gives us insights into the types of actions people take on our profile page (referred to as “Page Insights”). In particular, LinkedIn will process data that you have already provided to LinkedIn through the information contained in your profile, such as your job title, country, industry, seniority, company size, and employment status. In addition, LinkedIn will process information about how you interact with our profile page on LinkedIn, such as whether you are a follower of our LinkedIn profile page. LinkedIn does not provide us any personal data about you through these Page Insights. We only have access to aggregated Page Insights. It is also not possible for us to draw any conclusions about actions taken by individual users based on the information contained in these Page Insights. The personal data contained within these Page Insights is processed by LinkedIn and us as joint controllers. Such processing is conducted on the basis of our legitimate interest in analyzing the types of actions taken on our LinkedIn company profile page and improving our company profile page on the basis of that knowledge. The legal basis for processing this data is article 6, paragraph 1, point (f), of the GDPR. We have entered into a Page Insights Joint Controller Addendum with LinkedIn that governs the processing of this data as joint controllers and specifies our individual and joint obligations under applicable data protection law. The addendum is available at https://legal.linkedin.com/pages-joint-controller-addendum. Under this agreement, the following applies:

    • LinkedIn and we have agreed that LinkedIn is responsible for ensuring that you are able to exercise your rights under the GDPR. You can contact LinkedIn online using the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=en) or you can reach LinkedIn using the contact information in LinkedIn’s privacy policy. You can contact LinkedIn Ireland’s data protection officer using the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us using the contact details provided in order to exercise your rights in relation to the processing of personal data within the framework of Page Insights. In this case, we will forward your request to LinkedIn.
    • LinkedIn and we have agreed that the Irish Data Protection Commission will serve as the lead supervisory authority responsible for overseeing data processing in conjunction with Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (for more information, please visit www.dataprotection.ie) or with any other supervisory authority.

Please note that according to LinkedIn’s privacy policy, LinkedIn also processes personal information in the United States or other third countries. In this context, LinkedIn only transfers personal data to countries for which the European Commission has adopted an adequacy decision in accordance with article 45 of the GDPR or on the basis of appropriate safeguards in accordance with article 46 of the GDPR.

c. Xing

New Work SE (based in Germany/EU) is, as the sole controller, exclusively responsible for processing personal data when you visit our Xing profile. For more information about how New Work SE processes personal data, please visit https://privacy.xing.com/en/privacy-policy.

d. YouTube

Google Ireland Limited (based in Ireland/EU) is, as the sole controller, exclusively responsible for processing personal data when you visit our YouTube channel. For more information about how YouTube or Google Ireland Limited processes personal information, please visit https://policies.google.com/privacy.

2. Comments and Direct Messages

We also process information that you have provided to us via our company profile page on the respective social media platform. Such information can include your username, contact details, or a message you send us. This data is processed by us as the sole controller. We process this data on the basis of our legitimate interests in communicating with individuals who submit inquiries. The legal basis for processing the data is article 6, paragraph 1, point (f), of the GDPR. Other data may be processed on the basis of your consent [article 6, paragraph 1, point (a), of the GDPR] or if this is necessary to fulfill a legal obligation [article 6, paragraph 1, point (c), of the GDPR].

IV. Further Data Processing

1. Contact via E-mail

If you send us a message via the e-mail address indicated, we will process the data you provide for the purpose of answering your inquiry. We process this data on the basis of our legitimate interests in communicating with individuals who submit inquiries. The legal basis for processing the data is article 6, paragraph 1, point (f), of the GDPR.

2. Data from Customers and Interested Parties

If you contact our company as a customer or interested party, we will process your data to the extent necessary for the establishment and/or performance of our contractual relationship. This includes regularly processing the personal data, contract data, and payment data provided to us, as well as contact and communication data from our contacts for corporate customers and business partners. The legal basis for processing this data is article 6, paragraph 1, point (f), of the GDPR. In addition, we also process data from customers and interested parties for analysis and marketing purposes. This data is processed on the basis of article 6, paragraph 1, point (f), of the GDPR, and serve our legitimate interests in improving our products and services and providing you with specific information about our offers. Other data may be processed on the basis of your consent [article 6, paragraph 1, point (a), of the GDPR] or if this is necessary to fulfill a legal obligation [article 6, paragraph 1, point (c), of the GDPR].

3. Job Applications

If you apply for a position with our company, we will process your application data exclusively for purposes related to your interest in current or future employment with us and in order to process your application. Your application will be processed and viewed only by the relevant employees at our company. All employees responsible for processing your application data are obligated to keep your data strictly confidential. If we are unable to offer you a position with our company, we will retain the information you provide for up to six months after a potential rejection for the purpose of answering questions related to your application and rejection. This does not apply if legal requirements prohibit the deletion of your data, if saving your data for a longer period of time is necessary for the purpose of providing evidence, or if you have granted us your express consent to save your data for a longer period of time. The legal basis for processing this data is section 26, paragraph 1, sentence 1, of the BDSG. In the event that we retain your application data beyond a period of six months on the basis of your express consent, please note that you can withdraw this consent at any time in accordance with article 7, paragraph 3, of the GDPR. Withdrawing your consent does not affect the lawfulness of the processing that was carried out on the basis of your consent before its withdrawal.