Privacy Policy

We, AVA Velsen GmbH (hereinafter collectively referred to as "the company", "we" or "us"), take the protection of your personal data seriously and would like to inform you about data protection in our company.

The entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR") has imposed additional obligations on us within the framework of our responsibility under data protection law, in order to protect the personal data of a data subject affected by processing (in the following, we make reference to you as the data subject as "customer", "user", "you" or "data subject" as well).

Insofar as we decide - either alone or together with others - on the purposes and means of data processing, this primarily includes the obligation to transparently inform you about the type, scope, purpose, duration, and legal basis of the processing (see Art. 13 and 14 GDPR). With this statement (hereinafter: "Data protection notice") we inform you about the way in which your personal data will be processed by us.
Our data protection notice comprises the following sections:

1. General
2. Your visit to our website
3. First contact
4. Integration of Google Analytics
5. Google Maps
6. Social media presence

A. General
(1) Definitions
Following the example of Art. 4 GDPR, this data protection notice is based on the following definitions:

• 'Personal data' (Art. 4(1) GDPR) means any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information regarding the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Linking such information or other additional knowledge may also make that person identifiable. It is irrelevant how the information may come about or what form or materialisation it may have (photos as well as video or sound recordings can also contain personal data).
• 'Processing' (Art. 4(2) GDPR) means any operation which is performed on personal data, whether or not by automated (i.e. technology-assisted) means. This comprises in particular the collection (i.e. sourcing), recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data as well as changing the purpose or intended use that the data processing was originally based on.
• 'Controller' (Art. 4(7) GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• –Third party' (Art. 4(10) GDPR) means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data; this also includes other legal persons within the group of companies.
• 'Processor' (Art. 4(8) GDPR) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, especially in accordance with their instructions (e.g. IT service provider). Within the meaning of data protection law, a processor is in particular not a third party.
• 'Consent' (Art. 4(11) GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

(2) Name and address of the controller
Within the meaning of Art. 4(7) GDPR, we are the body responsible for processing your personal data:

AVA Velsen GmbH
Alte Grube Velsen 16
66127 Saarbrücken
+49 (0)6898/9460
+49 (0)6898/946111
info@ava-velsen.de

Further information regarding our company can be found on our website under 'Legal notice and disclaimer'.

(3) Contact details of the data protection officer
Our data protection officer is always available to answer any questions regarding data protection in our company. Their contact details are:

SICON GmbH
Zeppelinstr. 4
66740 Saarlouis
Germany
Phone: +49(0)6831/ 22411
Fax: +49(0)6831/122370
datenschutz@sicon-it.de

(4) Data security
We use suitable technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or against unauthorised access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, implementation costs as well as the nature, scope, context, and purpose of the processing as well as the existing risks of a data breach (including its probability and effects) for the data subject. Our security measures are continuously improved, in line with technological development.

We are happy to provide more information on request. Please contact our data protection officer for this (see A. (3)).

(5) Erasure of data and storage period
In the following, we state how long we store data and when it is deleted or made unavailable within the context of each processing operation that we carry out. Where no explicit storage duration is stated in the following, personal data is deleted or made unavailable as soon as the purpose or the legal basis for the storage no longer apply. As a matter of principle, your data is stored on our servers in Germany exclusively, unless it is passed on in compliance with the provisions under A.(6) and A.(7).

However, data may be stored beyond the specified time in the event of a(n) (impending) legal dispute with you or other legal proceedings or if storage is provided for by legal regulations to which we as the person responsible are subject (e.g. Section 257 German Commercial Code (HGB), Section 147 Fiscal Code of Germany (AO)). If the storage period stipulated by the statutory provisions expires, the personal data will be made unavailable or deleted, unless we need to store the data further and there is a legal basis for this.

(6) Cooperation with processors
As with any major company, we may use external service providers in Germany and abroad for the handling and processing of our business transactions (e.g. in the areas of IT, logistics, telecommunications, sales, and marketing). They only act in accordance with our instructions and have been contractually obliged within the meaning of Art. 28 GDPR to comply with data protection regulations.

(7) Requirements for the transfer of personal data to third countries
Within the framework of our business relationships, your personal data may be transferred or disclosed to third companies. These might also be outside the European Economic Area (EEA), i.e. in third countries. Such processing will only be for the purposes of fulfilling the contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer below at the relevant points.

The European Commission certifies that some third countries have data protection that is comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. Insofar as this is the case, we will ensure that sufficient data protection is guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct. If you require further information on this, please contact our data protection officer (see under A.(3)).

(8) No automated decision-making (including profiling)
We do not intend to use your personal data for automated decision-making processes (including profiling).

(9) No obligation to make available personal data
We do not make concluding a contract with us dependent on you providing us with personal data in advance. As a matter of principle, there is no legal or contractual obligation for you as a customer to provide us with your personal data; however, it may be that we are only able to provide certain offers to a limited extent or not at all if you do not provide the necessary data. If this should be the case - by way of exception - within the scope of the products offered by us, you will be advised of this separately.

(10) Legal obligation to transmit certain data
We might be subject to a special statutory or legal obligation to make available the lawfully processed personal data to third parties, in particular public bodies (Art. 6(1) point (c) sentence 1 GDPR).

(11) Your rights
You may assert your rights towards us as a data subject with regard to your processed personal data at any time using the contact details given under A.(3) above. As a data subject, you are entitled:

• to obtain from us information about your data that we process, in compliance with Art. 15 GDPR. In particular, you can request to obtain information about the purposes of the processing; the category of data; the categories of recipient to whom the personal data has been or will be disclosed; the planned period for which the personal data will be stored; the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing; the right to lodge a complaint; where the personal data is not collected by us, any available information as to its source; the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the details;
• to immediately request the rectification of incorrect data or the completion of your data stored by us, in compliance with Art. 16 GDPR;
• to request the erasure of your data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims, in compliance with Art. 17 GDPR;
• to request the restriction of the processing of your data if you dispute the accuracy of the data or if the processing is unlawful, in compliance with Art. 18 GDPR;
• to receive the data you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller ("data portability"), in compliance with Art. 20 GDPR;
• to object to the processing, provided that the processing is based on Art. 6(1) point (e) sentence 1 or point (f) GDPR, in compliance with Art. 21 GDPR This is particularly the case if the processing is not required in order to fulfill a contract with you. Unless it is an objection to direct marketing, we will ask you - when you exercise such an objection - to explain the reasons why we should not process your data as we have done. If your objection is justified, we will examine the situation and either stop or adjust the data processing or demonstrate the compelling legitimate grounds, on the basis of which we will continue the processing;
• at any time to withdraw your consent given (even before the GDPR came into effect, i.e. before 25th May 2018) to us by a declaration or by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of your agreement to the processing of personal data for one or more specific purposes, in compliance with Art. 7(3) GDPR. This results in us no longer being permitted to continue the processing of data in future, which was based on this consent; and
• to complain to a data protection supervisory authority about the processing of your personal data in our company, for example to the data protection supervisory authority responsible for us, in compliance with Art. 7 GDPR
  Unabhängiges Datenschutzzentrum (Independent Data Protection Centre) Saarland
  Fritz-Dobisch-Str. 12
  66111 Saarbrücken
  Phone: +49(0)681 94781-0
  poststelle@datenschutz.saarland.de

(12) Changes and amendments to the data protection notice
In the context of the further development of data protection law and technological or organisational changes, our data protection notice is reviewed regularly regarding the need for changes or amendments. You will be informed about any changes on our German website in particular. Last update of this data protection notice: October 2021.

B. Your visit to our website
(1) Explaining the function
When you visit our website, your personal data may be processed.

(2) Processed personal data
When using the website for information purposes, we collect, store and process the following categories of personal data:
"Log data": When you visit our website, a so-called set of log data (so-called server log files) is temporarily and anonymously saved on our web server. This comprises:

• User's IP address
• Name of the accessed website
• File, date, and time of access
• Data volume sent (body_bytes_sent)
• Notification of successful access
• Browser type and version
• Htaccess user
• Domain name of the requesting Internet service provider
• Called URL / subpage
• Protocol (e.g. http 2.0)
• Status
• Referrer URL (previously accessed website)
• User agent
• User's operating system

(3) Purpose and legal basis for data processing
We process the personal data described in more detail above in accordance with the provisions of the GDPR, any other relevant data protection regulations, and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6(1) point (f) sentence 1 GDPR, the purposes mentioned also represent our legitimate interests.

The processing of the log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and the security of the connection (legal basis is Art. 6(1) point (f) sentence 1 GDPR).

(4) Duration of data processing
For security reasons (e.g. in order to investigate cases of fraud / abuse), the data is stored for 7 days. If longer storage is required for evidence purposes, the data will be deleted after the matter has been resolved conclusively.

(5) Transmission of personal data to third parties; basis of justification
The following categories of recipients, who are usually processors, may have access to your personal data:

• Service providers for the operation of our website and the processing of the data stored or transmitted by the systems (e.g. for data centre services, payment processing, IT security). The legal basis for the transfer is then Art. 6(1) S. 1 point (b) sentence 1 or point (f) GDPR, insofar as it is not a processor;
• Government agencies / authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer in that case is Art. 6(1) point (c) sentence 1 GDPR;
• Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the transfer in that case is Art. 6(1) point (b) sentence 1 or point (f) GDPR;

See A. (7) regarding the guarantees of an adequate level of data protection when the data is passed on to third countries.
In addition to that, we will only pass on your personal data to third parties if you have given your express consent in accordance with Art. 6(1) point (a) sentence 1 GDPR.

(6) Use of cookies on our website
a) Cookies
We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a unique string of characters, which gather information and send it to the provider that sets the cookie. Cookies cannot run programs or transfer viruses to your computer and therefore cannot cause any damage. Their purpose is to make the Internet offer more user-friendly and effective, and consequently more pleasant for you.
Cookies may contain data via which the device used might be recognised again. In some cases, though, cookies only contain information about certain settings that cannot be related to a person. However, cookies cannot identify a user directly.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. In addition to that, cookies can have different functions:

• Technical cookies: These are absolutely necessary in order to move around the website, to use basic functions, and to guarantee the security of the website; they neither collect information about you for marketing purposes, nor store which websites you have visited;
• Performance cookies: These collect information on how you use our website, which pages you visit, and whether there are any errors when using our website, for example; they do not collect any information that could identify you - all information collected is anonymous and is only used to improve our website and to find out what our users are interested in;
• Advertising cookies, targeting cookies: Their purpose is to offer the website user needs-oriented advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 14 months;
• Sharing cookies: These serve to improve the interactivity of our website with other services (e.g. social media networks); sharing cookies are stored for a maximum of 13 months.

Any use of cookies that is not technically necessary represents data processing that is only permitted with your express and active consent in accordance with Art. 6(1) point (a) sentence 1 GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. In addition to that, we will only pass on your personal data processed via cookies to third parties if you have given your express consent in accordance with Art. 6(1) point (a) sentence 1 GDPR.

C. First contact
(1) Explaining the function
You can contact us at any time via the contact details provided on our website. You may do so by e-mail, fax, telephone or post.

(2) Processed personal data
When you contact us, we collect, store, and process the personal data that you provide to us. This is usually your name, first name, e-mail address, address, and phone number.

(3) Purpose and legal basis for data processing
Your data will only be collected, stored, and used for the purpose of answering your request or for contacting you. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6(1) point (f) GDPR.
If the purpose of your contact is concluding a contract or submitting an application for a vacancy, the further legal basis for the processing of your data is Art. 6(1) point (b) GDPR.

(4) Data receiver
Depending on the reason and content of your contact with us, it may be necessary that the data you provide in connection with your contact is forwarded within our company for appropriate processing.

(5) Duration of data processing
We will delete all data after the purpose of contacting / processing your request is no longer necessary.

(6) Your rights
See A (11) regarding how to exercise your rights towards us with respect to processing your personal data when you contact us.

(7) Objection
You may object to data processing at any time. In such a case, any communication with you will cease and cannot be continued. Please use the contact options found under A (2) to submit your objection. In this case, all personal data stored in the course of contacting us will be deleted.

D. Integration of Google Analytics
(1) Explaining the function
This website uses Google Analytics, a web tracking service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). We primarily record the interactions between you as a user of the website and our website by using cookies, device / browser data, IP addresses, and website or app activities. Google acts as a processor and we have concluded a corresponding contract with Google.

The information generated via the cookies about your use of this website is usually transferred to a Google server in the USA and is stored there. The European Court of Justice considers the US to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data might be processed by US authorities for control and monitoring purposes, potentially even without the possibility of redress.

We use the 'anonymizeIP' function (so-called IP masking): As IP anonymisation is activated on this website, your IP address will be truncated by Google within the area of Member States of the European Union or other States party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. The IP address that your Browser sends within the scope of Google Analytics will not be associated with any other data held by Google.

Further information on the scope of services provided by Google Analytics can be found under https://marketingplatform.google.com/about/analytics/terms/de/. Google provides information on data procession when using Google Analytics under the folloing link: https://support.google.com/analytics/answer/6004245?hl=de/. General information on data processing, which according to Google also applies to Google Analytics, is provided in Google's privacy policy under www.google.de/intl/de/policies/privacy.

(2) Processed personal data
During your visit to our website, the following data, among other things, can be collected, stored, and processed:

• The pages you have visited, your "click path"
• Achievement of "website goals" (conversions, e.g. newsletter registrations, downloads, purchases)
• Your user behavior (e.g. clicks, dwell time, bounce rates)
• Your approximate location (region)
• Your IP address (in abbreviated form)
• Technical information regarding your browser and the end devices you use (e.g. language setting, screen resolution)
• Your Internet provider
• The referrer URL (via which website / via which advertising material you came to this website)

(3) Purpose and legal basis for data processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on your website activities. The reports provided by Google Analytics are used to analyse the performance of our website.

The legal basis for the collection and further processing of the information is the consent you have given in accordance with Art. 6(1) point (a) sentence 1 GDPR. By giving your consent in accordance with Art. 49(1) point (a) sentence 1 GDPR, you furthermore consent to your data being processed in the USA.

(4) Duration of data processing
The data sent by us and linked to cookies is automatically deleted after 14 months. Once a month, any data whose retention period has expired is automatically deleted.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) as well as from processing this data by

1. not consenting to the cookie, or
2. downloading the browser add-on to deactivate Google Analytics HERE and installing it.

You can also prevent the storage of cookies via a corresponding setting of your browser software. However, if you configure your browser so that all cookies are rejected, functionality on this and other websites may be restricted.

(5) Objection
You can withdraw your consent at any time with effect for the future by calling up the cookie settings [SET LINK TO THE CONFIGURATION OPTIONS OF THE CONSENT TOOL] and changing your selection there.

Further information regarding the terms of use of Google Analytics and the data protection at Google can be found under https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.

E. Google Maps
We do not use the service Google Maps on our website. Any links to Google Maps that may be found on our website is only used as passive links to the provider's site.

F. Social media presence
a) We maintain publicly accessible Facebook and Instagram profiles, on which we inform you about additional content and via which you can communicate with us and interact in other ways. Your use of Facebook and Instagram results in extensive data processing, which we would like to inform you about in our separate privacy statement as follows >
Please add link here

b) Social media plug-ins
We do not use any social media plug-ins on our website. Any symbols of social media providers that may be found on our website (e.g. Facebook and Instagram) are only used as passive links to the sites of the respective providers.