Responsibility for the lawful collection, processing and use of personal data is borne by ATH&S GmbH
CEO: Mr. Peter Riesen
Email address: info@ath-s.de
Address: Brönninghauser Str. 26, 33729 Bielefeld
Phone: 0521/55359-19
  With this Privacy Notice we inform you (also referred to as "User" or "Data Subject" in the text below) about the processing of our data in general, whenever you visit our website, when you contact us by e-mail or telephone and when you have a contractual relationship with a customer, supplier or otherwise. In addition, we inform you about your rights regarding the processing of your data. The term "data processing" always means the processing of personal data.

1. General instructions on data processing

1.1 Categories of personal data

We process the following categories of personal data:
  • Inventory data (for example, names, addresses, functions, organization affiliation, etc. );
  • Contact details (for example, email address, phone/fax numbers, etc. );
  • Content data (e.g. text input, image files, videos, etc. );
  • Usage data (e.g. access data);
  • Metadata/communication data (e.g. IP addresses).

1.2 Personal data recipient/personal data recipient categories

If we disclose, transfer or otherwise make data from other persons and companies, such as the web host, processor or third party, available to you as part of our processing, this is done on the basis of legal authorization (e.g. if the transfer of data to third parties is required to perform a contract (performed in accordance with GDPR Article 6 para. 1 point (b) ), if the parties concerned have consented or if a legal obligation exists to do so.

1.3 Place and duration of personal data storage

Unless otherwise specified in this Privacy Policy, the processing of personal data will be carried out exclusively in data processing centers that are located in the GDPR area. The criterion for the duration of storage of personal data is the corresponding statutory retention period. After the expiration of the specified period, the relevant data will be deleted if they are no longer required to achieve the goals, fulfill or conclude the contract.

1.4 Data transfer to third countries

If we process data in a third country (e.g. outside the European Union (EU) or the European Economic Area (EEA)) or if we do so as part of the use of third-party services or disclosure or transfer of data, or if we process data in a third country (i.e. outside the European Union (EU) or The European Economic Area (EEA)), or if we do this as part of the use of third-party services or disclosure, the transfer of data to third parties occurs only if it is done to fulfill our (preliminary) contractual obligations, on the basis of your consent, legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or authorize the processing of data in a third country only if there are special requirements of article 44 and further of the General Data Protection Regulation, meaning that processing is carried out, for example, on the basis of special guarantees, such as an officially recognized level of data protection that meets EU requirements, or compliance with officially recognized special contractual obligations (for example, called "Standard Contractual Provisions"). We also cooperate with enterprises in Belarus. Currently, there is no relevant decision of the EU Commission on the level of data protection in Belarus. However, we have additional suitable or adequate guarantees for the transfer of data to Belarus in the form of standard EU contractual provisions in accordance with Article 46 para. 2 point (c) ) Authorized by GDPR. You can request us to send copies of the agreed EU standard contractual provisions.

2. Data processing during your visit to our website

2.1 Log files

Every time a data subject accesses our website, the general data and information are stored in our system's log files:
  • Date and time of receipt (timestamp);
  • Information about the request and the destination address (protocol version, HTTP method, referrer, UserAgent string);
  • Name of the received file and the amount of data transmitted (the requested URL, incl. query string, size in bytes);
  • A message indicating whether the selection was successful (HTTP status code).
When using this general data and information, we do not draw any conclusions about the data subject. No personal evaluation, data analysis for marketing purposes or profiling is carried out. The IP address is not stored in this context. The legal basis for temporary storage of data is article 6, paragraph 1 point (f) of the General Data Protection Regulation. The collection of data for the provision of the website and the storage of data in log files are mandatory for the safe operation of our website. Therefore, there is no objection possibility for the interested person.

2.2 Malware detection and log data analysis

We collect and automate log data obtained as a result of the operation of our company's communication technologies to the extent necessary to detect, limit or eliminate failures or errors in communication technologies or to protect against attacks on our information technologies or communication systems. This is also necessary to detect and protect against malware. The legal basis for the temporary data storage and evaluation is article 6, paragraph 1 point (f) of the General Data Protection Regulation. Data storage and analysis are mandatory to ensure the availability of the website and its safe operation. Therefore, there is no objection possibility for the interested person.

2.3 Cookies

Our website uses so-called cookies. Cookies are small text files exchanged between a web browser and a hosting server. Cookies are stored on the user's computer and transmitted from it to our website. You can restrict or completely prohibit the use of cookies by means of a corresponding setting of your Internet browser. Cookies that you have already saved can be deleted at any time. Disabling cookies for our website may make it impossible for a user to view or use the website in full. The legal basis for the processing of personal data using cookies is article 6, paragraph 1 point (f) of the General Data Protection Regulation. The legitimate interest stems from the purposes of data collection mentioned above.

2.4 Hosting

The hosting services we use are designed to provide the following services: infrastructure and platform services, computing power, storage and database services, security services and maintenance that we use to operate our website. At the same time, we or our data processor process inventory data, contact data, content data, contract data, usage data, metadata and communication data of users of our website based on our legitimate interests in the effective and secure provision of this online offer in accordance with article 6, paragraph 1 point (f) of the General Data Protection Regulation. Article 28 of the General Data Protection Regulation (conclusion of an order processing contract). The legitimate interest stems from the purposes of data collection mentioned above.

3. Data processing under the contact

3.1 How to contact us by email

You can contact us at the email address published on our website and through the contact form. Since you use this method of communication, the data provided by you (for example, first name, last name, address), at least the email address, as well as the information contained in the email, are stored together with possible personal data provided by you for the purpose of establishing contact and processing your request. In addition, our system collects the following data:
  • IP address of the calling computer;
  • Date and time of sending the email.
Data from the contact form is transmitted using SSL or TLS encryption, respectively.

3.2 Contact us by post and/or fax

If you send us a letter or fax, the data provided by you (for example, first name, last name, address) and the data specified in the letter or fax will be saved. The information contained in the fax, as well as the personal data that you can provide, is stored for the purpose of establishing contact and processing your request. The legal basis for the processing of personal data within the framework of letters and telefaxes sent to us is article 6, paragraph 1 points (b) and (f) of the General Data Protection Regulation, respectively. The legal basis for the processing of personal data within the framework of emails sent to us is article 6, paragraph 1 points (b) and (f) of the General Data Protection Regulation, respectively. The legitimate interest stems from the purposes of data collection mentioned above.

3.3 Data processing within the framework of relations with customers, suppliers or other contractual relations

In particular, we collect and process the contact information of our customers, suppliers and other contractors (for example, name, address, phone number, email address), as well as other personal information necessary for customer, supplier or other contractual relations. We collect and process personal data in order to provide it to customers, suppliers or service providers, as well as for identification of contract partners, processing orders and correspondence. The legal basis for the collection and processing of personal data is article 6, paragraph 1 points (b) and (f) of the General Data Protection Regulation. The legitimate interest stems from the purposes of data collection mentioned above.

4. Your rights

As a data subject, you have the following rights in connection with the processing of your personal data:

4.1 The right to receive information

(1) The data subject has the right to request confirmation from the Operator whether personal data relating to him is being processed; in this case, the data subject has the right to receive information about this personal data and to receive the following information: a) processing purposes; b) categories of personal data that will be processed; c) recipients or categories of recipients to whom personal information has been or is still being disclosed, in particular recipients in third countries or in international organizations; d) if possible, the planned period during which personal data will be stored, or, if this is not possible, the criteria for determining this period; e) the right to correct or erase personal data concerning you, or to restrict the processing by the controller, or the right to object to such processing; f) the right to file a complaint with the supervisory authority; g) if personal data is not collected from the data subject, all available information about the origin of the data; h) the availability of an automated decision–making process, including profiling, in accordance with art. 22 (1) and (1). 4 GDPR and – at least in these cases - meaningful information about the logic involved, as well as the extent and expected consequences of such processing for the data subject. (2) If personal data is transferred to a third country or an international organization, the data subject has the right to receive information about the relevant guarantees provided for in article 46 of the General Data Protection Regulation (GDPR) in connection with the transfer.

4.2 The right to rectification

The data subject has the right to immediately demand from the Responsible Person the rectification of inaccurate personal data concerning him. Taking into account the purposes of processing, the data subject has the right to request the completion of incomplete personal data, including means of an additional application.

4.3 The right to erasure

(1) The data subject has the right to request the Controller to erase personal data related thereof, and the Controller is obliged to erase the personal data immediately if one of the following reasons applies: a) Personal data is no longer needed for the purposes for which they were collected or otherwise processed. b) The data subject withdraws their consent, which is subject to processing in accordance with Article 6, paragraph 1 point (a) or article 9 para. 2 point (a) of the GDPR, and there is no other legal basis for processing. c) The interested person objects to the processing, and there are no priority legal grounds for processing, or the data subject submits an application in accordance with Article 21, paragraph. 2 of the GDPR. d) Personal data has been processed illegally. e) The erasure of personal data is necessary to fulfill a legal obligation in accordance with the legislation of the Union or the legislation of the Member States to which the controller is subordinate. f) Personal data was obtained in connection with the services offered by the Information Society in accordance with Article 8. A criminal case has been initiated against GDPR under Article 1. (2) If the administrator has made personal data public and if the administrator is obliged to erase them in accordance with paragraph 1, reasonable measures, including technical measures, will be taken, considering available technologies and implementation costs, to notify the data controllers processing personal data that the data subject may be deleted and that the data subject has requested the erasure of all references to this personal data, as well as copies of this personal data. (3) Paragraphs 1 and 2 do not apply to the extent that processing is required a) to exercise the right to freedom of expression and information; b) to fulfill a legal obligation requiring processing in accordance with the legislation of the Union or the Member States to which the controller is subordinate, or to perform a task that meets public interest or is carried out within the exercise of state power entrusted to the controller; c) for reasons of public interest in the field of public health in accordance with Article 9, paragraph. 2 points (h) and (i), as well as Article 9, paragraph 3 of the GDPR; (d) For archival, scientific or historical research purposes of public interest or for statistical purposes in accordance with article 89 (1), to the extent that the law referred to in paragraph 1 allegedly makes it impossible or seriously impedes the achievement of the purposes of such processing, or e) for presentation, fulfillment or defense of legal claims.

4.4 The right to restrict processing

(1) The data subject has the right to request the controller to restrict processing if one of the following conditions is provided: a) the accuracy of personal data is disputed by the data subject during the period that allows the controller to verify the accuracy of personal data, b) the processing is illegal and the data subject refuses to erase the personal data and instead requires restrictions on the use of personal data; c) the data controller no longer needs personal data for processing purposes, but the data subject needs them to present, implement or defend legal claims, or d) the data subject objects to processing in accordance with Article 21, paragraph 1 of the GDPR and it has not yet been determined whether the legitimate reasons of the responsible person outweigh the justified reasons of the interested person. (2) If processing has been restricted in accordance with paragraph 1, these personal data, with the exception of their storage, may be stored only with the consent of the data subject or for the presentation, fulfillment or protection of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interests of the Union or the Member State.

4.5 The right to data portability

(1) The data subject has the right to receive relevant personal data, provided by the subject to the controller in a structured, generally accepted and machine-readable format, and the subject has the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been disclosed, provided that a) processing is based on consent in accordance with Article 6, paragraph 1 point (a) or article 9 para. 2 point (a) of the GDPR or on contractual basis in accordance with Article 6, paragraph 1 point (b) of the GDPR, and b) processing is carried out using automated procedures. (2) When fulfilling their right to data portability in accordance with paragraph 1, the data subject has the right to request that personal data be transferred directly from one controller to another controller, to the technically possible extent. The right provided for in paragraph 1 of this article must not infringe on the rights and freedoms of others. This right does not apply to processing necessary for the performance of a task that meets the public interest or is carried out within the framework of the exercise of state power, which has been transferred to a responsible person.

4.6 The right to object

The data subject has the right, for reasons arising from their specific situation, to refuse at any time the processing of relevant personal data, which may be prohibited in accordance with Article 6, paragraph 1 points (e) or (f) of the GDPR, and has the right to object; this also applies to profiling based on these provisions. The Controller will no longer process personal data unless they can demonstrate convincing legal grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is not intended to present, implement or defend legal claims. In connection with the use of Information Society services, regardless of Directive 2002/58/EC, the Data Subject can exercise their right to object using automated procedures that use technical specifications.

4.7 The right to withdraw consent

The data subject has the right to withdraw their consent to data protection at any time. Withdrawal of consent does not affect the legality of processing carried out on the basis of consent until the moment of withdrawal.

4.8 The right to file a complaint with the supervisory authority

Without prejudice to any other administrative or judicial remedies, every interested person has the right to file a complaint with a supervisory authority, in particular in an EU Member State at the place of residence, place of work or place of alleged violation, if the interested person believes that the processing of related personal data violates these Rules.