Information about privacy at ASAP available to download:
File: PDF Size: 191 KB
Click here to download it free of charge.
Thank you for your interest in our company. Protecting your data is of the highest priority for the ASAP Group. You can generally use the website of ASAP Holding GmbH without providing any personal data. However, processing personal data may become necessary if the individual concerned (the ‘data subject’) wishes to use special services provided by our company through our website. If we need to process personal data and there is no legal basis for such processing, we will usually request the data subject’s consent.
As the data controller, ASAP Holding GmbH has implemented various technical and organisational measures to ensure that any personal data processed by this website is as fully protected as possible. However, the web-based transmission of data can never be 100 per cent secure and we can therefore not guarantee the absolute security of your data. This is why the data subject is free to use alternative means to provide us with their personal data, such as by phone or by post.
1 Terms and definitions
1.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is a person who can be identified, directly or indirectly, – in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.2 Data subject
Data subject means any identified or identifiable natural person whose personal data is being processed by the data controller.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.4 Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
1.7 Controller or data controller
Controller or data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for the designation of a controller may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular investigation in accordance with Union or Member State law are not regarded as recipients.
1.10 Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.
2 Data controller
The data controller within the meaning of the General Data Protection Regulation, other data protection provisions applicable in the Member States of the European Union and other provisions related to data protection law is:
ASAP Holding GmbH Sachsstraße 1A | 85080 Gaimersheim, Germany
Phone: +49 8458 3389 0 | Fax: +49 8458 3389 199| firstname.lastname@example.org | www.asap.de
Directors: Michael Neisen, Robert Morgner
3 Data Protection Officer’s contact details
Any data subject may contact the Data Protection Officer of ASAP Holding GmbH directly with their questions or suggestions regarding data privacy.
The Data Protection Officer of ASAP Holding GmbH can be contacted by
phone on: +49 8458 3389 363 or by email at: email@example.com
Cookies are used on the web pages of ASAP Holding GmbH. Cookies are text files stored and saved on a computer system by a web browser.
Cookies are used by a large number of websites and servers. Many cookies contain a ‘cookie ID’. The cookie ID is the unique identifier of the cookie. It consists of a string of characters through which websites and servers can be associated with the specific browser on which the cookie was stored. This enables websites and servers visited by a data subject to distinguish the individual browser of that data subject from other browsers that contain other cookies. A specific web browser can be recognised and identified by the unique cookie ID.
ASAP Holding GmbH uses 1tag to manage cookies. 1tag is a consent management system from Dentsu Germany GmbH. 1tag Consent Manager collects the consent given by you, as the website user, to load third-party pixels or other services on the website on behalf of the website operator. The consent infor-mation provided will be stored both in 1tag consent cookies and on the 1tag server, as well as on a Dentsu Germany GmbH server. The following information is stored in the 1tag consent cookies:
- Time stamp of the website visit
- Visitor’s ID
- Consent status per vendor
- Consent status per purpose
Moreover, cookies already placed can be deleted at any time via the web browser or other software programs. This is possible in all standard web browsers. If the data subject disables cookies in their web browser, some of the functions of our website may not work properly.
We use the following cookies:
Google Analytics cookie that activates the controlling element for distinguishing users. This cookie is installed when a user visits the website for the first time via a browser. When the user revisits the website using the same browser the cookie recognises them as the same visitor. Only if the visitor uses a different browser will they be regarded as a different user.
This cookie is part of Google Analytics. It is used to distinguish users.
This cookie is part of Google Analytics. It is used to throttle the request rate and/or limit the collection of data on high traffic sites.
This cookie controls the ASAP newsletter subscription box. If the user clicks on it, the box will no longer be shown.
This cookie is used to support Google’s marketing services.
This cookie is used to support Google’s marketing services.
This cookie is used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across various websites.
|__cmpld||Timestamp. Contains the time when the visitor last saw the consent layer.||HTTP||395 days||Required cookie|
|__cmpcc||Integer. Test if visitors browser supports cookies.||HTTP||395 days||Required cookie|
|__cmpcpc||Cookie by the 1tag Consent Manager, which includes a list of custom, purpose IDs separated by underscore.||HTTP||395 days||Required cookie|
|__cmpcvc||Cookie by the 1tag Consent Manager, which includes a list of custom vendor IDs separated by underscore.||HTTP||395 days||Required cookie|
|__cmpiab||Cookie by the 1tag Consent Manager, which includes a list of IAB vendor IDs separated by underscore.||HTTP||395 days||Required cookie|
|__cmpiabc||Cookie by the 1tag Consent Manager, which includes a list of IAB purpose of date usage IDs separated by underscore.||HTTP||395 days||Required cookie|
|nc_euconsent||Consent String of the IAB CMP Frame-work (TCF) v1.||HTTP||395 days||Required cookie|
*Category, i.e. depending on their function and purpose cookies can be grouped into the following categories: Required cookies, statistics cookies, marketing cookies.
4.1 Required cookies <br/>Required cookies help to make a website usable by enabling basic functions such as site navigation and access to secure areas of the website. The website cannot function properly without these cookies.
4.2 Statistics cookies<br/>Statistics cookies help website owners to understand how users interact with websites by anonymously gathering and reporting information.
4.3 Marketing cookies<br/>Marketing cookies are used to track visitors on websites. The purpose of these cookies is to display advertisements that are relevant and engaging to individual users and therefore more valuable for publishers and advertising third parties.
4.4 Third-party cookies<br/>Third-party cookies are placed on our website by other websites.
5 Collection of general data and information
Each time a data subject or an automated system accesses the website of ASAP Holding GmbH, the website collects a set of general data and information. This general data and information is stored in the server’s log files. The following information may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system was sent to our website (called the “referral site”), (4) the sub-pages that an accessing system navigates to on our website, (5) the date and time of access to our website, (6) the Internet Protocol address (IP address), (7) the accessing system’s internet service provider and (8) any similar data and information that can be used to prevent and protect against attacks on our IT systems.
When using this general data and information ASAP Holding GmbH will never draw conclusions as to the data subject. Instead this information will be used to (1) correctly deliver the contents of our website, (2) optimise the contents of our website and the marketing for the website, (3) ensure the sustained functioning of our IT systems and the technical features of our website and (4) provide law enforcement authorities with the information they need for criminal prosecution in the event of a cyberattack. Therefore, ASAP Holding GmbH uses this data and information collected anonymously for statistical purposes on the one hand and, on the other, to improve data protection and data security in our company and, ultimately, to ensure that any personal data processed by us is protected in the best possible way. The anonymous data in the server’s log files is stored separately from any other personal data provided by the data subject.
7 Newsletter subscription
The website of ASAP Holding GmbH offers users the opportunity to subscribe to our company’s newsletter. The entry fields used for this purpose show which personal data is transmitted to the data controller when a user takes out a subscription.
ASAP Holding GmbH uses a newsletter to inform its customers and business partners about the company’s services on a regular basis. The data subject will only be able to receive our company’s newsletter if (1) the data subject has provided a valid email address and (2) the data subject has registered for the newsletter service. For legal reasons, a double opt-in confirmation email is sent to the email address entered by the data subject when they first sign up for the newsletter. The aim of this confirmation email is to check whether the owner of the email address, as the data subject, has authorised the receipt of the newsletter.
When a data subject registers for the newsletter service, we also store the IP address assigned by the internet service provider (ISP) of the computer system that the data subject used for the registration, as well as the date and time of registration. Collecting this data is necessary to enable us to investigate any (potential) misuse of the data subject’s email address at a later time, and its purpose is therefore to provide the data controller with legal protection.
The personal data collected during newsletter registration will be used only for the purpose of sending our newsletter to the recipient. Moreover, newsletter subscribers may receive information via email where this is necessary for operating the newsletter service or for the corresponding registration process, such as in the event of changes to the newsletter service or to the technical set-up of the service. The personal data collected in connection with the newsletter service will not be transferred to any third parties. The data subject may cancel their newsletter subscription at any time. The data subject may, at any time, withdraw their consent to the storage of personal data which they have given in order to allow us to send the newsletter. Every newsletter contains a link which allows the data subject to exercise the right to withdraw their consent. Moreover, the data subject may go directly to the controller’s website in order to unsubscribe from the newsletter service or they may notify the controller in another way of their decision to withdraw consent.
7.2 Newsletter tracking
The newsletters of ASAP Holding GmbH contain “tracking pixels”. A tracking pixel is a miniature graphic embedded in such emails which are sent in HTML format to enable log file recording and log file analysis. This allows a statistical analysis of the success or failure of online marketing campaigns to be carried out. The embedded tracking pixel shows ASAP Holding GmbH if and when an email was opened by a data subject and which links included in the email were clicked on by the data subject.
This personal data collected with the help of tracking pixels embedded in the newsletters is stored and analysed by the controller in order to optimise the newsletter service and tailor the content of future newsletters more accurately to the data subject’s interests. This personal data will not be passed on to third parties. The data subject has the right to withdraw their consent to the use of tracking pixels, which they gave separately during the double-opt-in process, at any time. The controller will erase this personal data once consent has been withdrawn. ASAP Holding GmbH will automatically interpret a cancellation of the newsletter service as withdrawal of consent.
8 Contacting the company via the website<br/>The website of ASAP Holding GmbH includes information which allows users to contact our company quickly and communicate directly with us (contact form, email). When a data subject contacts ASAP Holding GmbH via email or using a corresponding form, the personal data transmitted by the data subject will be stored. The purpose of storing such personal data sent voluntarily to ASAP Holding GmbH by the data subject is to process the enquiry or make contact with the data subject. To process the enquiry this data may be transferred to the companies affiliated with ASAP Holding GmbH. However, this personal data will not be transferred to any third parties outside the ASAP Group.
9 Data privacy in the context of job applications and the application process<br/>The controller collects and processes personal data of job applicants (hereinafter referred to as “applicants”) for the purpose of implementing the application process. This may include electronic processing, in particular where an applicant sends the corresponding application documents electronically to the controller, for example by email or via the web form on the website.
It is important to us at ASAP Holding GmbH to ensure, by suitable technical and organisational measures, that personal data has the best possible protection during the application process.
To check the suitability of candidates for vacant positions we also transfer the personal data to companies affiliated with ASAP Holding GmbH and, where necessary, in a pseudonymised form to our customers. We give all applications thorough consideration and there will be no automated individual decision-making based on specific criteria.
Should ASAP Holding GmbH or one of its affiliated companies and the applicant enter into a contract of employment, we will continue to store the data transferred to us for the purpose of performing the employment contract in compliance with the statutory provisions. If no contract of employment is entered into with the applicant, the application documents will be erased no later than three months after the decision has been communicated to the applicant, provided that the erasure is not in conflict with any other legitimate interests of the controller. Such other legitimate interest within this meaning is, for example, a duty to provide evidence in proceedings under the German General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz, AGG).
If, during the application process, applicants have consented to a longer period of storage of their personal data so that they may be considered for other vacancies in the future, the applicant’s personal data will be stored for two years and erased after expiry of this period.
If the data subject decides to exercise their right to withdraw consent they may contact ASAP Holding GmbH, as the data controller, at any time to do so. The responsible persons at ASAP Holding GmbH will then arrange for this personal data to be erased. <br/><br/>
10 Legal bases of processing<br/>Art. 6 (1) (a) GDPR is our company’s legal basis for processing activities where we ask the data subject to give their consent for a particular purpose of processing or where the data subject has given their consent by entering their personal data voluntarily on our contact form or our application portal. If the processing of personal data is necessary in order to perform a contract to which the data subject is a party, such as processing activities that are necessary to enable us to deliver services, then the legal basis for these processing activities is Art. 6 (1) (b) GDPR. This applies also to such processing activities as are necessary to take steps prior to entering into a contract, for example when we receive enquiries about our services or during the application process. If our company has a legal obligation which requires us to process personal data, such as complying with our fiscal obligations, then the legal basis for processing is Art. 6 (1) (c). It may be necessary in some rare cases to process personal data in order to protect the vital interests of the data subject or another natural person. This could be the case for example where a visitor was injured on our premises and we would have to give the person’s name, age and health insurance details or other vital information to a physician, hospital or another third party. In this case the legal basis for processing would be Art. 6 (1) (d) GDPR. Finally, some processing activities may be based on Art. 6 (1) (f) GDPR. This is the legal basis for processing activities which are not covered by any of the legal bases referred to above if processing is necessary to protect a legitimate interest of our company or a third party unless the interests or fundamental rights and freedoms of the data subject override such an interest. Where the processing of personal data is based on Article 6 (1) (f) GDPR, our legitimate interest is performing our business activities as service provider for the automotive industry and ensuring that our IT systems are secure.
11 Profiling and automated decision-making
We do not apply any methods of automated decision-making nor do we engage in profiling.
12 Erasure and blocking of personal data
The controller will limit the processing and storage of the data subject’s personal data to the period that is necessary in order to achieve the intended purpose or that is required by law or by provisions to which the controller is subject.
If there is no longer a purpose for storing personal data or if the storage period required by law has expired, the personal data will be routinely erased or blocked.
13 Rights of the data subject
12.1 Right to confirmation
Any data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning them is being processed. If the data subject decides to exercise this right they may contact ASAP Holding GmbH, as the data controller, at any time to do so.
13.2 Right of access
All data subjects whose personal data is being processed have the right to obtain from the controller, at any time and free of charge, information about their personal data held by the controller and to receive a copy of this data. The data subject also has the right to obtain information about the following:
- the purpose of processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of a right to rectify or erase the personal data concerning you, a right to restrict the processing by the controller or a right to object to such processing
- the existence of a right to lodge a complaint with a supervisory authority
- where the personal data is not collected from the data subject, any available information on the origin of the data
- the existence of an automated decision-making process, including profiling, as referred to in Article 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved, as well as the significance and envisaged consequences of such processing for the data subject
The data subject also has a right to be told whether personal data has been transferred to a third country or an international organisation. If this is the case the data subject is also entitled to information about the appropriate safeguards relating to the transfer. If the data subject decides to exercise this right they may contact ASAP Holding GmbH, as the data controller, at any time to do so.
13.3 Right to rectification
All individuals whose personal data is being processed have the right to request the immediate rectification of inaccurate personal data concerning them. The data subject also has the right to have incomplete personal data completed – including by means of providing a supplementary statement – taking into account the purposes of processing.
If the data subject decides to exercise this right they may contact ASAP Holding GmbH, as the data controller, at any time to do so.
13.4 Right to erasure (right to be forgotten)
All individuals whose personal data is being processed have the right to request from the controller that the personal data concerning them be erased without delay if one of the following reasons applies and processing is not necessary:
- The personal data was collected or otherwise processed for purposes for which it is no longer needed.
- The data subject withdraws their consent, which formed the legal basis for processing the data pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
- The data subject objects to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing as set out in Art. 21 (2) GDPR.
- The personal data has been processed unlawfully.
- The personal data must be erased for fulfilling a legal obligation in European Union law or the law of the member state to which the controller is subject.
- The personal data was collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
If one of the reasons listed above applies and the data subject decides to have their personal data held by ASAP Holding GmbH erased, this person may contact ASAP Holding GmbH, as the data controller, at any time to do so. ASAP Holding GmbH will comply with the erasure request without delay.
If the personal data was made public by ASAP Holding GmbH and if our company, as the controller, is obliged to erase the personal data pursuant to Art. 17 (1) GDPR, ASAP Holding GmbH, taking account of available technology and the cost of implementation will take reasonable steps, including technical measures, to inform other controllers who are processing the personal data that the data subject has requested these other controllers to erase any links to or copies or replication of that personal data unless the processing is necessary. The responsible persons at ASAP Holding GmbH will do what is necessary in each individual case.
13.5 Right to restriction of processing
All individuals whose personal data is being processed have the right to request from the controller that processing their data be restricted if one of the following applies:
- the data subject contests the accuracy of their personal data, in which case processing should be restricted for a period that enables the controller to verify the accuracy of the personal data;
- the processing activity is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
- the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been verified whether the legitimate grounds of the controller override those of the data subject.
If one of the above applies and the data subject decides to request that their personal data held by ASAP Holding GmbH be erased, this person may contact ASAP Holding GmbH, as the controller, at any time to do so. The responsible persons at ASAP Holding GmbH will arrange for processing to be restricted.
13.6 Right to data portability
All individuals whose personal data is being processed have the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. The data subject also has the right to transmit that data to another controller, without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and where the processing is carried out by automated means unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
When exercising their right to data portability pursuant to Art. 20 (1) GDPR, the data subject also has the right to have their personal data transmitted directly from one controller to another, provided it is technically feasible and the rights and freedoms of other individuals are not adversely affected.
To exercise the right to data portability the data subject may contact ASAP Holding GmbH, as the controller, at any time.
13.7 Right to object
All individuals whose personal data is being processed have the right to object at any time, on grounds relating to their particular situation, to processing of their personal data which is based on Art. 6 (1) (e) or (f) GDPR. This includes any profiling based on those provisions.
If the data subject objects, ASAP Holding GmbH will no longer process their personal data unless we can demonstrate compelling legitimate grounds for the processing which override the data subject's interests, rights and freedoms or unless the processing is for the establishment, exercise or defence of legal claims.
Where ASAP Holding GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of their personal data for such marketing. This includes any profiling to the extent that is related to such direct marketing. If the data subject objects to ASAP Holding GmbH processing their personal data for direct marketing purposes, ASAP Holding GmbH will no longer process their personal data for such purposes.
The data subject also has the right, on grounds related to their particular situation, to object to processing of their personal data which is processed by ASAP Holding GmbH for scientific or historical research or statistical purposes pursuant to Art. 89 (1) GDPR unless such processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object the data subject may contact ASAP Holding GmbH, as the controller, at any time.
13.8 Automated individual decision-making, including profiling
All individuals whose personal data is being processed have the right not to be subjected to a decision based solely on automated processing — including profiling — which produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller or (2) is authorised by law to which the controller is subject and this law lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or (3) is based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller or (2) is based on the data subject’s explicit consent, ASAP Holding GmbH will implement suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, granting them at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
If the data subject decides to exercise their rights concerning automated decision-making, they may contact ASAP Holding GmbH, as the data controller, at any time.
13.9 Right to withdraw consent under data protection law
All individuals whose personal data is being processed have the right to withdraw consent to the processing of their personal data at any time. If the data subject decides to exercise their right to withdraw consent, they may contact ASAP Holding GmbH, as the data controller, at any time to do so.
If the data subject decides to exercise their right to withdraw consent, they may contact ASAP Holding GmbH, as the data controller, at any time to do so.
14 Use and application of social media
The controller has integrated components of YouTube into this website. YouTube is an online video portal that enables video publishers to post video clips free of charge and other users to view, rate and comment on these videos, also free of charge. YouTube allows the publication of all types of videos, and both complete films and TV broadcasts as well as music videos, trailers or videos made by users can be accessed via the web portal. The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Each visit to one of the pages of this website which is operated by the controller and has an integrated YouTube component (YouTube video), automatically prompts the web browser on the data subject’s IT system to download a representation of the corresponding YouTube component from YouTube. For more information on YouTube please go to www.youtube.com/intl/de/yt/about/
15 Use and application of Google Maps
The controller uses maps from Google Maps – a service provided by Google, Inc. The interactive map is an integrated component of the ASAP Group’s website. The purpose of the map is to make it easier to locate individual sites of the ASAP Group and enable users to use the map function with ease. This application is downloaded directly from Google servers, which means that Google receives personal data such as IP address and location details. By visiting the website Google is informed of the fact that the user accessed the respective sub-page (www.asap.de/en/contact) of the website. The controller has no influence over whether and to what extent or for what period Google stores personal data and uses it internally. The legal basis for using this service is Art. 6 (1) (f) GDPR. If visitors to the website of the ASAP Group are registered with a Google service, Google is able to assign their visit to a personal account. Even if the user is not registered with Google or is not logged in to Google, it is still possible for Google to store personal data such as IP addresses and use it for profiling. Google stores the data collected as user profiles for market research and advertising purposes. The data is evaluated in particular – regardless of whether users are logged in or not – to display advertising in line with the user’s requirements and in order to inform other users of the social network about the user’s personal activities on the ASAP Group’s website. As the data controller, we wish to point out that users have the right to object to this user profiling by Google. Please also note that data may be processed by Google outside of Europe. For further information on data privacy at Google please go to: www.google.de/intl/de/policies/privacy/
16 Use and application of analysis tools
16.1 Google Analytics with anonymisation function
Demographic characteristics and the categorisation of data subjects according to their interests allow us to tailor ads to specific target groups. The controller uses this service to make their Google campaigns more efficient and improve their marketing strategy. Website visitors can be categorised according to age, gender and interests. In addition, Google Analytics groups data subjects into segments such as users who are interested in sports and travel or individuals who wish to buy a car. The demographic characteristics and categories of interest correspond to those which are used for tailoring ads in the Google Display Network. With each website visit this personal data, including the IP address of the data subject’s internet connection, is transferred to Google in the United States of America. This personal data is then stored by Google in the United States of America. It is possible that Google may transfer this personal data collected via this technical process to third parties. The controller will routinely erase the data subject’s data as soon as it is no longer needed for the intended purpose. The storage period specified as standard in the controller’s system settings is 26 months. The controller has no influence on how long the data is stored by Google. The data subject may at any time prevent the placement of cookies by the controller’s website by selecting the appropriate setting in their browser and thereby permanently blocking the placement of cookies (see section 4). Such a setting in the web browser used by the data subject also prevents Google from placing a cookie on the data subject’s IT system. Moreover, cookies already placed by Google Analytics can be deleted at any time via the browser or with the help of other software programs. In addition, the data subject also has the option to object to and prevent the collection of data generated by Google Analytics regarding the use of this website as well as the processing of this data by Google. To do so, the data subject must download and install a browser add-on available from the following link: https://tools.google.com/dlpage/gaoptout.
The controller uses Google Analytics Audience for analysing website visitors in order to improve their marketing results. As a data management platform, Google Audience is part of Google Analytics and collects and organises the data of visitors to this website to enable us to find, expand and reach target groups with the right message at the right time. These target groups are directly and repeatedly addressed by the website’s controller in remarketing. For a more detailed description of Google Analytics Audience please follow this link: https://www.google.com/analytics/audience-center/.
16.2 Use of Google Remarketing
17 Data processing by Google and transmission to the USA
Data is also transmitted to the United States of America and stored on servers located there using cookies in connection with corresponding Google services such as Google Analytics. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used and information on usage times. The abbreviated IP addresses of the users are also stored. Google may link this data to other data of the user, such as the search history, personal accounts, the usage data of other devices and any other available data that Google has on the user, and use it for any of its own purposes. Although no ‘real ID (of a person)’ was collected at first, the link to a possibly existing Google account also makes it possible to iden-tify and assign it directly to the user. The data stored on Google servers in the USA are subject of access by the state authorities in the USA according to national law. In its judgement of 16.072020, the ECJ has determined a lack of appropriate guarantees, enforceable rights and effective remedies against intelligence requests for the disclosure of personal data of EU citizens processed or transmitted in the US. If you do not want to transfer data to Google in the USA, select “Reject all” from the cookie settings.
Information about the creation of this document