Privacy policy

Privacy Policy

We are pleased that you are visiting our website. Protecting and securing your personal information when using our website is very important to us. Therefore, we would like to inform you here about which of your personal data we collect when you visit our website and for what purposes this data is used.

This privacy policy applies to the online presence of AFA Nord GmbH, which can be accessed under the domain afa-nord.de as well as various subdomains (“our website”).

Who is responsible and how can I contact you?

Responsible Party

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

AFA Nord GmbH

Böternhöfen 13
24594 Hohenwestedt
DE

Data Protection Officer

Erich Zimmermann
c/o ZiDa-Datensicherheit GmbH
Office: Mannheim
Schwarzwaldstraße 17
68163 Mannheim
Homepage: www.zida-datensicherheit.de
e-mail: e.zimmermann@zida-GmbH.de

What is this about?

This privacy policy fulfills the legal requirements for transparency in the processing of personal data. Personal data is all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, phone number, date of birth, e-mail address, IP address, or user behavior when visiting a website. Information that we are unable (or only with disproportionate effort) to relate to your person, e.g., through anonymization, does not constitute personal data. The processing of personal data (e.g., collection, query, use, storage or transfer) always requires a legal basis and a defined purpose.

Stored personal data is deleted as soon as the purpose of processing has been achieved and there are no longer any legitimate reasons to retain the data. We inform you about the concrete retention periods or storage criteria in the individual processing operations. Regardless, we may store your personal data in individual cases to assert, exercise, or defend legal claims and if statutory retention obligations exist.

Who receives my data?

We only pass on your personal data processed on our website to third parties if this is necessary to fulfill the purposes and in individual cases allowed by the legal basis (e.g., consent or safeguarding legitimate interests). Furthermore, we may, in individual cases, pass personal data on to third parties if this serves the assertion, exercise, or defense of legal claims. Possible recipients include, for example, law enforcement authorities, lawyers, auditors, courts, etc.

If we use service providers for the operation of our website who process personal data on our behalf in accordance with Art. 28 GDPR, these may be recipients of your personal data. Further information about the use of processors and web services can be found in the overview of individual processing operations.

Do you use cookies?

Cookies are small text files that are sent by us to your device's browser and stored there during your visit to our web pages. As an alternative to cookies, information can also be stored in the local storage of your browser. Some functionalities of our website cannot be offered without cookies or local storage (technically necessary cookies). Other cookies enable various analyses, for example; we are able to recognize the browser you are using on your next visit and send us different information (non-essential cookies). With cookies, we can make our website more user-friendly and effective, for example by tracking your use of our website and determining your preferred settings (e.g., country and language settings). If third parties process information through cookies, they collect the information directly via your browser. Cookies do not cause any harm to your device. They cannot execute programs or contain viruses.

We provide information about each service for which we use cookies in the individual processing operations. Detailed information about the cookies used can be found in the cookie settings or Consent Manager of this website.

What rights do I have?

Under the legal provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

Access (Art. 15 GDPR) to the data we store about you, in the form of detailed information about processing as well as a copy of your data;

Rectification (Art. 16 GDPR) of inaccurate or incomplete data that we store;

Erasure (Art. 17 GDPR) of data we store, to the extent processing is not required to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims;

Restriction of processing (Art. 18 GDPR), if the accuracy of the data is contested, the processing is unlawful, we no longer require the data, and you refuse deletion because you need them to assert, exercise, or defend legal claims, or you have objected to processing pursuant to Art. 21 GDPR.

Data portability (Art. 20 GDPR), if you have provided us with personal data by consent under Art. 6(1)(a) GDPR or on the basis of a contract under Art. 6(1)(b) GDPR and this data has been processed using automated means. You will receive your data in a structured, commonly used, and machine-readable format or we will transfer the data directly to another controller where technically feasible.

Objection (Art. 21 GDPR) to the processing of your personal data, provided it is based on Art. 6(1)(e), (f) GDPR and reasons arise from your particular situation, or the objection is directed against direct marketing. The right to object does not exist if overriding compelling legitimate grounds for the processing can be demonstrated or processing is necessary for the assertion, exercise, or defense of legal claims. Where the right to object does not apply for individual processing activities, we mention this there.

Revocation (Art. 7(3) GDPR) of consent you provided, effective for the future.

Right to lodge a complaint (Art. 77 GDPR) with a supervisory authority if you consider the processing of your personal data to be unlawful. You can generally contact the supervisory authority at your regular place of residence, workplace, or at our business location.

How exactly is my data processed?

Below, we inform you about the specific processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data, and the respective retention period. Automated decision-making including profiling does not take place.

Provision of the website

Type and scope of processing

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

IP address of the requesting computer

Date and time of access

Name and URL of the requested file

Website from which the access is made (referrer URL)

Browser used and, if applicable, your computer's operating system as well as the name of your access provider

Our website is not hosted by ourselves but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.

Purpose and legal basis

The processing takes place to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6(1)(f) GDPR. The collection of the data and its storage in log files are essential for the operation of the website. There is no right to object to this processing due to the exception in Art. 21(1) GDPR. Where longer storage of log files is required by law, processing is carried out on the basis of Art. 6(1)(c) GDPR. There is no legal or contractual obligation to provide this data, however, calling up our website is technically impossible without the data.

Retention period

The above data are stored for the duration of displaying the website and for technical reasons for up to 7 days thereafter.

Social Media Presences

We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers within social networks and to provide additional ways to contact us and to find out about our offers. Below, we inform you about which data we or the respective social network process about you in relation with accessing and using our fan pages/accounts.

Data that we process from you

If you contact us via messenger or direct message on the respective social network, we usually process your username, via which you are contacting us, and may store further data you provide, if required to process/respond to your request.

The legal basis is Art. 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller).

(Statistical) usage data that we receive from social networks

We receive automatically provided statistics regarding our accounts through the networks' insights features. The statistics include, among other things, the total number of page views, likes, page activities and post interactions, reach, video views, as well as the ratio of male/female among our fans/followers.

The statistics contain only aggregated and non-personally identifiable data. We cannot identify you from these statistics.

Which data the social networks process from you

You do not have to be a member of the respective social network to view the content of our fan pages or accounts, and thus do not need a user account with the respective network.

Please note, however, that social networks may collect and store data from website visitors without a user account when their website is accessed (e.g., technical data to display the website to you) and use cookies and similar technologies, over which we have no control. For details, please see the privacy policies of each social network (see the respective links above).

If you wish to interact with content on our fan pages/accounts, such as comment, share or like our posts, and/or contact us via messenger functions, prior registration with the respective social network and provision of personal data is required.

We have no influence on data processing by social networks during your use. To our knowledge, your data is stored and processed especially in connection with the provision of each social network's services and for analyzing user behavior (using cookies, pixels/web beacons, and similar technologies), on which basis interest-based advertising is served both within and outside each network. It cannot be excluded that your data is also stored or disclosed to third parties outside the EU/EEA by the social networks.

Information on, among other things, the precise scope and purposes of your personal data processing, storage duration/deletion, as well as information on the use of cookies and similar technologies during registration and use of social networks, can be found in the privacy and cookie policies of the social networks. There you will also find information about your rights and options to object.

Facebook Page

When you visit our Facebook page, Facebook (Meta) collects, among other things, your IP address and other information which is present in the form of cookies on your PC. This information is used to provide us, as operators of the Facebook page, with statistical information about the use of the page. Facebook provides more information about this at the following link: https://facebook.com/help/pages/insights.

The statistical information provided does not allow us to draw conclusions about individual users. We only use it to better address the interests of our users, to improve our online presence and to ensure its quality.

We collect your data via our fan page solely to provide a possible way to communicate and interact with us. This usually includes your name, message content, comment content, and your “publicly” provided profile information.

The processing of your personal data for the above purposes is based on our legitimate economic and communicative interest in providing an information and communication channel under Art. 6(1)(f) GDPR. If you, as a user, have given consent to the social network provider for data processing, the legal basis of processing extends to Art. 6(1)(a), Art. 7 GDPR.

Since actual data processing is carried out by the provider of the social network, our ability to access your data is limited. Only the provider is fully entitled to access your data. Therefore, only the provider can directly take appropriate actions to fulfill your rights (information requests, deletion, objections, etc.). As such, asserting these rights is most effective if directed straight at the relevant provider.

We are jointly responsible with Facebook for the personal content of the fan page. Data subject rights may be asserted both with Meta Platforms Ireland Ltd. and with us.

The primary responsibility for the processing of Insights data lies with Facebook in compliance with the GDPR, and Facebook fulfills all obligations under the GDPR with regard to the processing of Insights data; Meta Platforms Ireland Ltd. provides the essence of the page insights addendum to the data subjects.

We do not make decisions regarding the processing of Insights data or storage duration of cookies on user devices.

For further information, see Facebook's (page insights controller addendum): https://www.facebook.com/legal/terms/page_controller_addendum.

More information regarding the precise scope and purposes of the processing of your personal data, retention periods/deletion, as well as policy on the use of cookies and similar technologies during registration and use, can be found in Facebook’s data and cookie policies: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 https://www.facebook.com/policies/cookies

Instagram Page

When visiting our Instagram page, Instagram (Meta) collects, among other things, your IP address and other information present as cookies on your PC. This information is used to provide us, as operators of the Instagram pages, with statistical information about Instagram page usage. More information is provided by Instagram at the following link (note: by clicking the following link, you go to Facebook’s website, also part of the Meta group. The information provided there applies equally to Instagram): https://facebook.com/help/pages/insights.

The statistical information provided does not allow us to draw conclusions about individual users. We only use it to better address the interests of our users, to continually improve our online presence, and to ensure its quality.

We collect your data via our fan page only to provide a possible way to communicate and interact with us. This usually includes your name, message content, comment content, and your “publicly” provided profile information.

The processing of your personal data for the above purposes is based on our legitimate economic and communicative interest in providing an information and communication channel under Art. 6(1)(f) GDPR. If you, as a user, have given consent to the social network provider for data processing, the legal basis of processing extends to Art. 6(1)(a), Art. 7 GDPR.

Since actual data processing is carried out by the provider of the social network, our ability to access your data is limited. Only the provider is fully entitled to access your data. Therefore, only the provider can directly take appropriate actions to fulfill your rights (information requests, deletion, objections, etc.). Thus, asserting these rights is most effective if directed straight at the relevant provider.

We are jointly responsible with Instagram for the personal content of the fan page. Data subject rights may be asserted both with Meta Platforms Ireland Ltd. and with us.

The primary responsibility for the processing of Insights data lies with Instagram, which fulfills all obligations under the GDPR with regard to processing such data. Meta Platforms Ireland Ltd. provides the substance of the page insights addendum to affected individuals.

We do not make decisions regarding the processing of Insights data or the duration of cookies on user devices.

For further information, see Instagram's (page insights controller addendum): https://www.facebook.com/legal/terms/page_controller_addendum.

Further information regarding the precise scope and purposes of the processing of your personal data, retention periods/deletion, as well as the use of cookies and similar technologies during registration and use, can be found in Instagram’s data and cookie policies (note: clicking the following links takes you to Facebook’s website): https://help.instagram.com/519522125107875/?helpref=uf_share This information can also be found via Instagram’s help section at: https://help.instagram.com/581066165581870

LinkedIn Page

LinkedIn is a social network operated by LinkedIn Inc. based in Sunnyvale, California, USA, which allows the creation of private and professional profiles for individuals and company profiles. Users can maintain and expand their network of contacts. Companies and other organizations can create profiles to upload photos and company information in order to present themselves as employers and to recruit staff. Other LinkedIn users can access this information and create their own articles and share this content with others. The network’s focus is on the professional exchange on topics with people sharing similar business interests.

When using or visiting the network, LinkedIn automatically collects data from users/visitors, e.g., username, job title, and IP address. This is done with the help of various tracking technologies. LinkedIn provides users, among other things, with information, offers, and recommendations based on the data collected.

We collect your data via our company profile solely to enable communication and interaction with us. This generally includes your name, message content, comment content, and your "publicly" provided profile information.

The processing of your personal data for the above purposes is based on our legitimate economic and communicative interest in providing an information and communication channel in accordance with Art. 6(1)(f) GDPR. If you, as a user, have given consent to the social network provider for data processing, the legal basis of processing extends to Art. 6(1)(a), Art. 7 GDPR.

Since actual data processing is done by the social network provider, our ability to access your data is limited. Only the provider is fully entitled to access your data. Only the provider can directly take suitable measures to fulfill your user rights (information requests, deletion requests, objection, etc.) and implement them. Assertion of such rights is therefore most effective directly with the relevant provider.

We are jointly responsible with LinkedIn for the personal content on our company profile. Data subject rights may be asserted both with LinkedIn Inc. and with us.

We do not make decisions regarding the data collected via tracking technologies on the LinkedIn site.

More information about LinkedIn is available at: https://about.linkedin.com.

More information on LinkedIn’s privacy policy can be found at: https://www.linkedin.com/legal/privacy-policy.

Further information on retention periods/deletion as well as guidelines on the use of cookies and similar technologies regarding registration and use at LinkedIn can be found at: https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy.

YouTube Video

Type and Scope of Processing

We have integrated YouTube videos on our website. YouTube Video is a component of the YouTube, LLC video platform where users can upload, share content over the Internet, and receive detailed statistics.

YouTube Video allows us to integrate content from the platform into our website.

YouTube Video uses cookies and other browser technologies to analyze user behavior, recognize users, and create user profiles. This information is used, among other things, to analyze the activity on the content played and to generate reports. If a user is registered with YouTube, LLC, YouTube Video can associate the played videos with their profile.

When you access this content, you connect to the servers of YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Ireland, transmitting your IP address and possibly browser data such as your user agent.

Purpose and Legal Basis

The use of the service is based on your consent under Art. 6(1)(a) GDPR and § 25 (1) TDDDG.

We intend to transfer personal data to countries outside the European Economic Area, in particular the USA. The data transfer to the USA is based on Art. 45(1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision by the European Commission (including for US companies not certified under the EU-U.S. DPF), we have agreed with the recipients of the data on other appropriate safeguards as defined by Art. 44 et seq. GDPR. These are – unless otherwise specified – the EU Commission’s Standard Contractual Clauses in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses is available at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Furthermore, we obtain your consent under Art. 49(1), sentence 1(a) GDPR before such third country transfers, which you grant via the Consent Manager (or other forms, registrations, etc.). Please note that with third-country transfers, specific, unknown risks may exist (e.g., data processing by the third country’s security authorities, whose precise scope and consequences for you we do not know, cannot affect, and of which you may not become aware).

Retention period

The precise retention period of the data processed is not within our control but is determined by YouTube, LLC. Further information can be found in the privacy policy for YouTube Video: https://policies.google.com/privacy.

Google Maps

Type and scope of processing

We use the map service Google Maps to create directions. Google Maps is a service of Google Ireland Limited, which displays a map on our website.

When you access this content on our site, a connection is established to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, transmitting your IP address and possibly browser data such as your user agent. This data is processed exclusively for the purposes stated above and to maintain the security and functionality of Google Maps.

Purpose and Legal Basis

The use of Google Maps is based on your consent according to Art. 6(1)(a) GDPR and § 25(1) TDDDG.

We intend to transfer personal data to countries outside the European Economic Area, in particular the USA. The data transfer to the USA is based on Art. 45(1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision by the European Commission (including for US companies not certified under the EU-U.S. DPF), we have agreed with the recipients of the data on other appropriate safeguards as defined by Art. 44 et seq. GDPR. These are – unless otherwise specified – the EU Commission’s Standard Contractual Clauses in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses is available at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Furthermore, we obtain your consent under Art. 49(1), sentence 1(a) GDPR before such third country transfers, which you grant via the Consent Manager (or other forms, registrations, etc.). Please note that with third-country transfers, specific, unknown risks may exist (e.g., data processing by the third country’s security authorities, whose precise scope and consequences for you we do not know, cannot affect, and of which you may not become aware).

Retention period

The precise retention period of the processed data is not determined by us but by Google Ireland Limited. Further information can be found in the privacy policy for Google Maps: https://policies.google.com/privacy.