Personal data is all data that can be related to you personally, e.g., name, address, email address, IP address or user behavior, etc. Regarding the terms used, such as “processing”, “controller” or “data subject”, reference is made to the definitions in Art. 4 GDPR. In particular, the following can be found there: “Personal data” is all information relating to an identified or identifiable natural person (subsequently referred to as a “data subject”). A natural person is deemed identifiable, directly or indirectly, if they can be identified in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features expressing that natural person’s physical, physiological, genetic, psychological, economic, cultural or social identity (Art. 4(1) GDPR).
“Processing” is any operation or sequence of operations carried out with or without the aid of automated procedures in connection with personal data, such as the collection, recording, organization, ordering, storage, adaptation or modification, sorting, retrieval, use, disclosure by transmission, dissemination or any other form of making available, matching or linking, restriction, erasure or destruction (Art. 4(2) GDPR).
A “controller” is the natural or legal person, authority, institution or responsible official, who alone or together with others decides on the purposes and means of processing personal data (Art. 4(7) GDPR).
A “processor” is a natural or legal person, public authority, institution or other body that processes personal data on the data controller’s behalf (Art. 4(8) GDPR).
In particular, the terms “processing” and “personal data” are very broad, such that they cover almost any data handling.
- 01. Who is the Controller?
We are responsible for the processing of your data:
aixACCT Systems GmbH
Directors: Stephan Tiedke, Thorsten Schmitz‐Kempen
Tel.: +49 (0)241 47 57 03 0
Fax: +49 (0)241 47 57 03 66
- 02. Is there a data protection officer?
You can reach our data protection officer by post at our address (see above).
- 03. Who is affected by the data processing?
If you visit our online presences (e.g., our website or our social media profiles), e.g., as an interested party, customer, supplier, service provider or other visitor, your personal data will be processed within the framework of the statutory provisions or this policy. All visitors to our online presence are grouped together under the term “users”.
- 04. What data do we collect from you and for what purposes or upon what legal basis do we process it?
If you visit our online presences without registering or otherwise transmitting information to us, only the personal data transmitted to our server by the browser you use will be processed. To the best of our knowledge, processing covers the following data, which is technically necessary to display our online presence and to ensure its stability and security:
- Accessing computer’s IP address;
- Date and time of the request;
- Name and URL of the retrieved file;
- Access status/HTTP status code;
- the amount of data transferred;
- website from which the request comes (referrer URL);
- Browser used;
- Operating system.
If you also send us personal data, e.g. in the context of an email enquiry, we may also process the following data, among others:
- Inventory data (e.g., name, address);
- Contact details (e.g., email address, telephone number);
- Content data (e.g., text input);
- Usage data (e.g., sites visited);
- Communication/metadata (e.g., IP addresses).
We also process the following personal data for the purposes of providing contractual services, service and customer care as well as marketing/advertising, if you provide it:
- where applicable, contract data (e.g., contractual object, customer number)
- where applicable, payment data (e.g., bank details)
We process your personal data when you visit our online presence for the following purposes:
- Provision of the functions and contents of our online offer;
- Ensuring a smooth connection to our website;
- Ensuring a comfortable use of our website
- Evaluating and ensuring system security and stability and general security measures;
- Answering any contact requests or communicating with you;
- Other administrative purposes Provision of contractual services
- Customer service;
- Marketing / Advertising.
If, in the course of processing your personal data, we disclose it to third parties, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission, where you have consented to this, we are legally obliged to do so or on the basis of our legitimate interests. Legal permission exists in particular where the transfer of data is necessary for the fulfilment of contractual obligations (e.g., in the case of payment or shipping service providers). A legitimate interest may exist if we use data for direct marketing or to prevent fraud, or even if you are a customer of ours. A legitimate interest may also exist, for example, in the use of web or email hosts, cloud providers or other service providers. Such service providers often act as so-called processors on the basis of a corresponding contract. They are also obliged to comply with data protection requirements and to guarantee this contractually. The legal basis for such order processing relationships is Art. 28 GDPR.
- 05. To whom do we transfer your data?
- Email hosting providers;
- Web hosting providers;
- Shipping service provider
We select external service providers carefully. Regarding order processing relationships (Art. 28 GDPR), these companies are contractually bound to our instructions, and we monitor them regularly. There are corresponding contractual bases with regard to joint responsibility (Art. 26 GDPR). More detailed information can be found in the following descriptions of the individual services.
The legal basis for the transfer of your personal data is stated above under point 04.
- 06. How long do we process your data?
There are no plans to transfer your personal data to third countries (i.e., outside the EU or EEA) or to an international organization.
- 07. How long do we process your data?
The duration of the storage of your personal data is lawfully determined in line with existing legal retention periods (e.g., according to commercial or tax law). Unless otherwise stated below, your personal data will be routinely deleted after the expiry of any relevant period, provided that it is no longer required for the performance or initiation of the contract, we no longer have a legitimate interest in continuing to store it and/or you have not consented to its storage beyond this period.
In Germany, there are special retention periods in the following areas, among others:
- Under commercial law (6 years e.g., for opening balance sheets, annual accounts, accounting vouchers or similar).
- under tax law (10 years for all documents relevant under tax law)
- under labor law (e.g., 6 months for documents of rejected applicants)
- 08. What are your rights?
You have the following rights with regard to the processing of your personal data:
- Right of access (Art. 15 GDPR);
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR);
- Right to data portability (Art. 20 GDPR).
- Right to object (Art. 21 GDPR)
- Right to withdrawal of consent given (Art. 7(3) GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
The latter 3 rights are explained in more detail below. If you have any questions about your rights, please do not hesitate to contact us. The contact details can be found above in the sections concerning the controller.
- 09. When and how you can object to data processing?
Where your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(1)(f) GDPR, you have the right to object to the data processing at any time. This means that we may no longer process your personal data in the future, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the data processing the processing is for the establishment, exercise or defense of legal claims.
However, the right to object only applies if there are grounds for doing so that arise from your particular situation or if your objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
Sending us a letter to our postal address or an email (see above under point 01) will suffice should you wish to exercise your right of objection.
- 10. When and how you can withdraw your consent?
You can withdraw any consent you have given to us at any time. Such a withdrawal will cause us to cease prospectively processing your personal data based on this consent.
Sending us a letter to our postal address or an email (see above under point 01) will suffice should you wish to exercise your right of withdrawal.
- 11. Where can you lodge a complaint?
You have the right to lodge a complaint with a data protection supervisory authority in relation to our processing of your personal data. A list of the German data protection supervisory authorities can be found at the following address:
- 12. When and why is it necessary to provide your data?
You provide us with your personal data (e.g., name or email address) in the context of support or other enquiries.
The provision of your personal data is partly required by law (e.g., by tax law regulations). It may also be necessary for the implementation of (pre-) contractual measures. Failure to provide your personal data would mean that the contract with you could not be concluded or that your enquiry could not be answered.
The provision of the following data in particular is mandatory for the implementation of contracts or pre-contractual measures or for communication with us:
- Email address;
- Telephone number, where applicable (e.g., for queries or responding to customer enquiries).
- Customer number, where applicable (e.g., for support activities)
- 13. Does automated decision-making (e.g. profiling) take place?
There is no automated decision-making including profiling.
- 14. How can you contact us?
You can contact us by post, telephone or email, for example. Our contact details can be found above in the section concerning the controller’s details.
If you contact us, e.g., by email or via the contact form, we automatically save the personal data you voluntarily provide to us for the purpose of processing your enquiry or contacting you. This data will not be passed on to third parties.
- 15. How do we secure our website?
Taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk (Article 32 GDPR). These measures include, in particular, ensuring the confidentiality, integrity and availability of data. We have also established business processes at our company that ensure, in particular, the protection of data subjects’ rights, the deletion of data and also the response to data breaches. We also observe the principles of data protection law, including data protection through technology design and through data protection-friendly default settings (privacy by design and privacy by default, Art. 25 GDPR).
For security reasons and to protect the transmission of your personal data and other confidential content, we use encrypted transmission via SSL / TLS certificate on our website. You can recognize this by the fact that “https” (instead of “http”) appears in the address line of your browser, as well as a lock symbol and a different color display.
- 16. What are cookies and how do we use them?
We use so-called cookies on our website. These are small text files that are saved by your browser and stored on your terminal device.
The so-called transient (or temporary) cookies are automatically deleted when you close your browser. These include session cookies in particular. These store a certain identifier (the so-called session ID), which makes it possible to recognize your terminal device when you return to our website. This can be used, for example, to save the contents of the virtual shopping basket of an online shop or the login status. Session cookies will be deleted when you log out or close the browser.
The so-called persistent (or permanent) cookies are automatically deleted after a certain period of time; the duration of storage differs depending on the cookie. This can, for example, store user information for reach measurement or marketing purposes or even a login status for a longer period of time.
A distinction must be made between first-party cookies and third-party cookies for both temporary and permanent cookies. The former are set by the controller, the latter by third-party providers.
- 17. How do we handle applicants’ data?
Where necessary, we also place job advertisements on our website, which can be answered electronically (i.e., by email or through PDF files); we also accept unsolicited applications. Applicants’ data will be processed electronically for the purpose of handling the application procedure. This application data includes, in particular, name, address, telephone number, email address, date of birth, educational information or even grades.
Where an application results in the conclusion of an employment contract, the application data may be stored for the usual organizational and administrative process of the respective personnel file. Otherwise, i.e., where applicants are unsuccessful, the application data will be deleted 6 months after notification of rejection. This applies in any case if there are no specific legal requirements to the contrary or the respective applicant has expressly consented to a longer storage of their application data.
- 18. Which social media profiles do we use?
- LinkedIn DATA PROTECTION GUIDELINES