ALBA plc & Co. KG
Data privacy statement
The protection and security of your data is an important issue for us, the ALBA, and one that we pay attention to in all our business processes. In this data privacy statement, we would therefore like to provide you with an overview of the data protection-related aspects of our website. In the following we will explain:
- Which data we collect when you use the website of the ALBA
- The purposes for which these data are processed by the companies of the ALBA and third-party companies
- Which rights and options you have with respect to the processing of your data
- How you can contact us in data protection matters
When does this data privacy statement apply?
This data privacy statement applies to the website of the ALBA in the domain www.alba-kg-offer.com.
For websites of companies affiliated with ALBA other than those mentioned above, separate data protection declarations and further data protection notices for offline business apply, which are made available to you within or for the corresponding offers.
1. Responsibility and data protection officer
The controller of the data processing within the meaning of the European General Data Protection Regulation (following “GDPR”) is the
ALBA plc & Co. KG
Knesebeckstr. 56-58
10719 Berlin
Any mention of "we", "us" or the "ALBA " in this data privacy statement exclusively refers to ALBA plc & Co. KG.
You can reach the company data protection officer of the ALBA at datenschutz (at) alba.info or by way of the postal service:
ALBA plc & Co. KG
c/o the data protection officer
Knesebeckstr. 56-58
10719 Berlin
2. Data processing when visiting our website
2.1. Automatically collected access data
You can visit our websites without providing any personal information. Only the access data sent to us by your browser automatically will be collected in this case. This for example includes your online identifiers (e.g. IP address, session IDs, device IDs), information on the web browser and operating system used, possibly the website from where you opened our websites (i.e. if you have come to our website by way of a link), the names of the requested files (i.e. of the texts, videos, pictures etc. you viewed on our websites), the language settings of your browser, possible error reports, and the times of the individual access events.
The access data need to be processed to enable your visit and comfortable use of our websites and ensure their continuous functionality and security.
the access data are temporarily stored in internal log files to provide statistical information about the use of our website. This enables our continuous optimization and further development of our websites with respect to the usage routines and technical equipment of our users, and helps to eliminate faults and security risks. The information stored in the log files is not directly relatable to you personally – especially as we will only store the IP addresses in a truncated, anonymized form. The log files are stored for 30 days and then archived after anonymization.
The legal basis of this data processing is Art. 6 para. 1 lit. f) GDPR (balancing of interests based on our legitimate interests detailed above).
2.2. Your communications and messages
We record all information and data that you provide to us via our website or via e-mail addresses belonging to us. We will only use your details to process your request. We delete the resulting data after storage is no longer necessary or restrict processing if there are statutory retention obligations.
Your message will only be forwarded to another company affiliated with ALBA or to external third parties if this is necessary to process your request (e.g. we will forward your message to another company affiliated with ALBA if it is responsible for your request). If you do not want your message to be passed on to another company or third party, you can inform us of this directly in your message - naturally also as a precautionary measure. We will then process your message without any information that could be used to identify you (e.g. your name, customer numbers or contact details). Any processing of your personal data in connection with messages and notifications that goes beyond the above description may also take place after obtaining your consent or for the initiation, fulfilment or execution of a contract.
The legal basis for the data processing described above in the event of contract initiation, fulfillment or processing is Art. 6 para. 1 lit. b) GDPR.
2.3. Cookies
We only use technically necessary cookies to improve the presentation and content of our website. A cookie is a standardized text file that is stored by your browser for a specified period of time. Cookies enable the local storage of information such as language settings and temporary identification features, which can be retrieved by the server that set the cookie when the website is subsequently accessed.
We set technically necessary cookies on the basis of Art. 6 para. 1 lit. f) GDPR, consent is therefore not required. Since these are strictly necessary cookies, the storage of information or access to existing information on your end device in these cases is carried out in accordance with § 25 para. 2 TDDDG.
3. Data disclosure
3.1. Principle
We will principally only disclose your data if:
- you have given your express consent in accordance with Art. 6 para. 1 lit. a) GDPR,
- the disclosure is permitted by law and is necessary for the performance of contractual relationships with you or for the implementation of pre-contractual measures taken at your request in accordance with Art. 6 para. 1 lit. b) GDPR
- we are legally obliged to disclose data in accordance with Art. 6 para. 1 lit. c) GDPR or
- the disclosure pursuant to Art. 6 para. 1 lit. f) GDPR is necessary for the assertion, exercise or defense of legal claims of a company affiliated with ALBA and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.
3.2. Disclosure to external service providers of the ALBA
Parts of the data processing described in this data protection statement can be performed by external service providers at our behest. Besides the ones mentioned in this data protection statement, these service providers can in particular also include computer centres that store our websites and data bases, IT service providers that service our systems, and consultancy firms.
Insofar as we disclose data to our service providers, they are only permitted to use this information to fulfil their tasks. We selected and commissioned these service providers with great care. They are contractually bound to our instructions, have suitable technical and organizational measures in place for protecting the rights of data subjects, and are regularly monitored by us.
In the event of our disclosure of your data over and beyond this data protection statement to a service provider based in a country outside the European Economic Area (EEA), we will separately inform you of this fact and the specific guarantees underlying the data transfer, as the case may be. If you require copies of guarantees to substantiate an adequate level of data protection, please contact our data protection officer (see section 1).
4. Storage period
Unless stated otherwise in this data protection statement, we will only store and use your data for as long as required to fulfil our contractual or statutory obligations or the purposes the data were collected for. We will, however, restrict their processing after the expiry of the statutory limitation purposes, meaning that your data will only be used to comply with statutory obligations from then on.
We will delete the data immediately thereafter, unless we still need them until the expiry of statutory limitation periods as proof for civil claims, or owing to statutory retention obligations. Even after this, we may still be required to store your data for accounting purposes. We are required to do so by statutory documentation obligations possibly arising from the Commercial Code, Tax Code, Banking Act, Money-Laundering Act and Securities Trading Act. The document storage periods required there range from two to ten years.
The legal basis of this data processing for fulfilling statutory documentation and retention obligations is Art. 6 para. 1 lit. c) GDPR.
5. Your rights
If you wish to assert the statutory data privacy rights detailed below, you can contact our data protection officer (see section 1) at any time:
- You have the right to request information about the processing of your personal data by us at any time in accordance with Art. 15 GDPR. When providing you with information, we will explain the data processing and provide you with an overview of the data stored about you.
- If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected (in accordance with Art. 16 GDPR).
- You can also request the erasure of your data. If deletion is not possible in exceptional cases due to other legal provisions, the data will be restricted in processing so that it is only available for this legal purpose (in accordance with Art. 17 GDPR).
- You can also have the processing of your data restricted, e.g. if you are of the opinion that the data stored by us is incorrect (in accordance with Art. 18 GDPR).
- You have the right to data portability, i.e. we will send you a digital copy of the personal data you have provided to us on request (in accordance with Art. 20 GDPR).
You also have the right to lodge a complaint with the data protection supervisory authority responsible for us. You can also contact the supervisory authority responsible for your place of residence at any time, which will forward your request to the supervisory authority responsible for us if necessary.
6. Right to object
If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time in accordance with Art. 21 GDPR on grounds relating to your particular situation. If you are objecting to data processing for direct marketing purposes, you have a general right to object, which we will implement without you having to provide any reasons.
If you would like to make use of your right to object, simply send an informal message to the contact details given in section 1.
7. Data security
We maintain appropriate technical measures for our website to ensure data security, in particular to protect your data from risks during data transmission and from unauthorized access by third parties. These measures are adapted to the current state of the art. To secure the personal data you enter on our website, we use Transport Layer Security (TLS), which encrypts the information you enter.
8. Changes to this privacy policy
We update this privacy policy from time to time, e.g. when we adapt our website or the legal or official requirements change.