The protection of your personal data during the collection, processing and use on the occasion of your visit to our website is an important concern for abilex GmbH. to view and use the site, the entry of personal data is not required.
INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA
In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, eg name, address, email addresses, user behavior.
The responsible party pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is the
Legally represented by its managing director: Elke Loeffler; Mario Henzler; Andreas Fechter
Löffel Straße 4
Phone (0711) 71 91 88 – 0
(for further information see imprint). You can reach our data protection officer at our postal address with the addition “the data protection officer” or at Datenschutzbeauftragter@abilex.de.
If we wish to use contracted service providers for individual functions of our offer or use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
Your right to information
The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. If such processing exists, you may request information from the controller about the following:
- The purposes for which the personal data are processed;
- the categories of personal data which are processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;
- the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
any available information on the origin of the data, if the personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling, pursuant to Art. 22 para. 1 and para. 4 of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the datasubject.
Your right to rectification
The right to request the correction of inaccurate or incomplete personal data stored by us without undue delay in accordance with Art. 16 GDPR.
Your right to erasure and oblivion
1. Obligation to delete
In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us without delay, provided that one of the following reasons applies:
- The need for processing to achieve the purpose has ceased to exist.
- The data subject has revoked his or her consent and no other legal basis exists.
- The data subject objects to the processing pursuant to Art. 21 para.1 or para. 2 of the GDPR; in the case of Art. 21 Para. 1, this only applies if there are no overriding legitimate grounds for the processing.
- The right to object pursuant to Art. 21 para. 1 GDPR applies exclusively to processing based on Art. 6 para. 1 e or f GDPR.
- The obligation to delete data requires a balancing of interests.
- The situation is different for objections relating to direct marketing (Art. 21 para. 2 GDPR): Here, no balancing of interests is required.
- The personal data have been processed unlawfully.
- Erasure is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR
2. to be forgotten
The “right to be forgotten” according to Art. 17 para. 2 GDPR, although the term is used as a synonym for “erasure” in Recital 65, refers to the erasure (of traces) of personal data that are accessible to a broad public through publications, especially on the Internet.
3. Exceptions to the obligation to erase
The obligation to erase under Article 17 para. 1 and the obligation to inform other controllers under Art. 17 para. 2 of the GDPR do not apply if, under Article 17 para. 3 of the GDPR, the processing is necessary
- for the exercise of the right to freedom of expression and information;
- for compliance with a legal obligation, for the performance of a task carried out in the public interest or for the exercise of official authority;
- for reasons of public interest in the area of public health;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR,
- insofar as the erasure would seriously jeopardize the achievement of these objectives;
- for the assertion, exercise or defense of legal claims.
Your right to restrict processing
The right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR under the following conditions:
- if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise or defense of legal claims;
- if you have objected to the processing pursuant to Article 21 para. 1 GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh your grounds.
Your right to object to processing
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 para. 1 e or f GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to processing of the personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
Your right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
- the processing is based on consent pursuant to Art. 6 para. 1 a GDPR or Art. 9 para. 2 a GDPR or on a contract pursuant to Art. 6 para.1 b GDPR and
- the processing is carried out with the aid of automated procedures. In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Your right to revoke consent given
In accordance with Art.7 para. 3 GDPR, you have the right to revoke consent to the processing of data, once given, at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Your right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. A competent authority is
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
PO Box 10 29 32, 70025 Stuttgart
Königstrasse 10a, 70173 Stuttgart
Phone.: 0711/61 55 41 – 0
Fax: 0711/61 55 41 – 15
E-mail: firstname.lastname@example.org .de
COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE
In the case of merely informational use of the website, ie if you do not register or otherwise transmit information to us, we only inherit the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DS- GMO):
- IP address
- date and time of the request
- time zone difference from Greenwich Mean Time (GMT)
- content of the request (specific page)
- access status/http status code
- amount of data transferred
- website from which the request came
- operating system and its interface
- language and version of the browser software.
In addition to the previously mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which the entity that sets the cookie (in this case by us) receives certain information. Cookies can execute small programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective.
In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, ie after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.
In part, the cookies serve to simplify the ordering process by storing settings (eg remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the execution of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent given or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
We may work with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we cooperate with aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the paragraphs below.
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Please note that if you do not accept cookies, the functionality of our website may be limited.
FURTHER FUNCTIONS AND OFFERS OF THE WEBSITE, PURPOSES OF DATA USE
In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide further personal data, which we use to provide the respective service and for which the aforementioned data processing principles apply.
In addition to the data mentioned above, abilex.de collects and stores all information that customers enter on the website or provide to abilex.de in any other way. These data are eg:
- VAT ID number
- Name of the orderer
- Phone number
- Fax number
abilex.de also uses the data to communicate with customers about products, services as well as orders, also abilex.de updates its records and customer accounts and uses data to recommend products or services to customers that might interest the customer. Information is also used by abilex.de to improve the e-shop and the website, to prevent or detect abuse and fraud or to enable third parties to perform technical, logistical or other services for abilex.de. In addition, data is used to store shopping carts or order templates and to make them available to the customer again when they are used again.
Only if the customer has previously given consent or if – as far as legal regulations provide – no objection has been raised, abilex.de also uses this data for product-related surveys and marketing purposes.
In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
Furthermore, we may pass on your personal data to third parties if we offer promotions, competitions, contracts or similar services together with partners. You will receive more information about this when you provide your personal data or below in the description of the offer.
If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
OBJECTION OR REVOCATION AGAINST THE PROCESSING OF YOUR DATA
If you have given your consent to the processing of your data, you may revoke it at any time. Such revocation will affect the permission of the processing of your personal data after you have expressed it to us.
Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your advertising objection using the following contact details:
You can reach our data protection officer at our postal address with the addition of “the data protection officer” or at
data protection email@example.com
HOSTING AND OPERATION OF THE WEBSITE, TECHNICAL SERVICE PROVIDERS
As part of the contract processing, the data is stored on the servers of the service provider, 1und1 Telecommunication SE. An order processing agreement has been concluded with this company.
CONTACT FORM AND EMAIL CONTACT
Our website contains a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:
Salutation, first name, last name, company, department, customer number, address (street, house number, postal code, city, country), e-mail address, fax, telephone, subject and message.
At the time the message is sent, the user’s IP address and the date and time of sending are also stored. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation. The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
On this website we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to distinguish whether an input is made by a natural person or is abused by machine and automated processing. The service includes the sending of the IP address and, if applicable, further data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in determining individual personal responsibility on the Internet and the prevention of abuse and spam. In the context of the use of Google reCAPTCHA, there may also be a transmission of personal data to the servers of Google LLC. in the United States.
In the event that personal data is transferred to Google LLC., which is based in the USA, Google LLC. has certified itself for the us-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list.
NEWSLETTER DISTRIBUTION AND PERFORMANCE MEASUREMENT WITH PARDOT
DESCRIPTION AND PURPOSE OF DATA PROCESSING
On our website, you have the option to subscribe to our newsletter, which we use to regularly inform you about current topics such as innovations, knowledge and methodology for business and technology, products, services & services as well as training and events.
To subscribe to our newsletter, we use the so-called double opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 14 days, then your data will be deleted. In addition, we store in each case your IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. Mandatory information for sending the newsletter is only your e-mail address. The provision of further, separately marked, information is voluntary and will only be used to personalize the newsletter.
LEGAL BASIS FOR DATA PROCESSING
The legal basis for the use of your e-mail address for the purpose of sending the newsletter is Art. 6 para. 1 lit. a GDPR (consent).
The legal basis for storing your IP address and the registration times is Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest in the data processing is to be able to prove the registration and, if necessary, to clarify a possible misuse of your personal data.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the data transmitted by the user during registration will be stored as long as the newsletter subscription is active.
We store your e-mail address for the purpose of sending the newsletter until you revoke your consent to receive it.
You can revoke your consent to receive the newsletter and unsubscribe at any time. You can declare the revocation by clicking on the unsubscribe link provided in every newsletter email or by sending a message to firstname.lastname@example.org. Withdrawal of consent will mean that they will no longer be able to receive any further marketing information.
For sending our newsletter and the associated processing of the above-mentioned data, we use the tool Pardot of the service provider Salesforce: Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States. Further information regarding data protection at the service provider can be found at: https://www.salesforce.com/company/privacy/.
NEWSLETTER SUCCESS MEASUREMENT USING PARDOT
We would like to point out that we evaluate your user behavior when sending the newsletter. For this purpose, we use the analysis tool Pardot of salesforce.com Inc. For the evaluation, the e-mails sent contain so-called “web beacons”. These are pixel-sized files that are retrieved from the server of our service provider when the newsletter is opened. For analysis purposes, the above-mentioned access data and the web beacons are linked to your e-mail address and an individual ID.
For technical reasons, this information can be assigned to individual newsletter recipients, but it is neither our intention nor that of the service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Furthermore, we have concluded a “Data Processing Agreement” with Salesforce. This is a contract in which Salesforce undertakes to protect the data of our users, to process it on our behalf in accordance with their data protection regulations and, in particular, not to pass it on to third parties.
WEBSITE ANALYSIS WITH PARDOT MARKETING AUTOMATION SYSTEM
DESCRIPTION AND PURPOSE OF DATA PROCESSING
Pardot is a so-called marketing automation system linked to our Salesforce CRM system, which we use to implement various aspects of our online marketing. It allows us to link our customer database with automatic newsletter dispatch. We pursue the following purposes:
- measure the success of marketing campaigns
- make our website offers more customer-friendly
- to conduct email/newsletter campaigns
- to inform our customers specifically about technology, products, services, training and events
If you have given your consent to the use of Pardot in our Cookie Preference Manager when visiting our website, Pardot records your click path by setting cookies in your browser and creates an individual pseudonymous usage profile from this. Please note that if you leave personal data in an input field on our website, this data will be merged with the usage profile created via Pardot. Pardot then performs a comparison with our CRM system Salesforce and, if a data record exists, adds the user profile to the customer data record or creates a new data record for interested parties.
LEGAL BASIS FOR DATA PROCESSING
The legal basis for the processing of personal data using the aforementioned cookies is Art. 6 para. 1 lit. a GDPR.
The legal basis for the use of Salesforce Pardot is our legitimate interest according to Art. 6 para.1 lit. f GDPR. We thereby pursue business interests such as sales promotion and product marketing and maintain the customer relationship.
The legal basis for storing your IP address and registration times is Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest in the data processing is to be able to prove the registration and, if necessary, to clarify a possible misuse of your personal data.
RECIPIENT OF THE DATA
We use the Pardot Marketing Automation System (“Pardot MAS”) of Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot”) on our websites. Pardot is a product of the Salesforce Group for collecting and analyzing user behavior on websites. We have entered into an individual agreement including so-called standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR with Pardot LLC to ensure compliance with the EU General Data Protection Regulation by Pardot LLC. The text of the standard contractual clauses can be found at eur-lex.europa.eu/legal-content/EN/TXT/PDF/.
For more information about Salesforce’s use of data and data protection in connection with Pardot, please see the following links:
STORAGE PERIOD, REVOCATION AND OBJECTION
SALESFORCE – SALES CLOUD
We have concluded an order processing contract with Salesforce for the use of the Sales Cloud. Through this contract, Salesforce assures that you process the data in accordance with the GDPR and ensure the protection of the rights of the data subject. Salesforce is subject to the EU-US as well as the EU-US Privacy Shield, has been awarded the TRUSTe Privacy Seal, and limits access data to that permitted by law. In addition, Salesforce Sales Cloud is certified by trusted security standards, including PCI-DSS, SOC2, ISO 27001.
The use of Salesforce is made pursuant to Art. 6 para. 1 p. 1 lit. f GDPR based on our legitimate economic interest to optimize our sales activities and to manage user accounts. These interests are considered legitimate within the meaning of the aforementioned provision.
DURATION FOR WHICH THE PERSONAL DATA ARE STORED
The criterion according to which we determine the duration of the storage of personal data is the respective statutory retention period, unless otherwise stated. After expiration of this period, the data will be deleted, provided that they are no longer required for the fulfillment or initiation of the contract.
LEGAL OR CONTRACTUAL REGULATIONS FOR THE PROVISION OF PERSONAL DATA
The provision of personal data is sometimes required by law, eg tax regulations, or may also result from contractual regulations (eg information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.
EXISTENCE OF AUTOMATED DECISION MAKING
Automatic decision-making or profiling does not take place.
LEGAL BASIS FOR DATA PROCESSING
Art. 6 I lit. a GDPR is our legal basis for processing operations in which we obtain consent for a specific processing purpose, in particular the registration for the newsletter. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration , the processing of the data is based on Art. 6 I lit. b GDPR. The same legal basis also covers processing operations that are necessary for the implementation of pre-contractual measures, such as in the case of inquiries about our products or services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Article 6 I lit. c GDPR.
LEGAL BASIS ART. 6 I LIT. F GDPR, OUR LEGITIMATE INTERESTS IN PROCESSING
Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the legal bases mentioned in Section 14 are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. A legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, Sentence 2 GDPR).
If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the performance of our business activities.
The customer is aware that data protection for data transmissions on the Internet cannot be comprehensively guaranteed at the current state of the art. In this respect, the customer is responsible for the security of the data he transmits via the Internet. For this reason, every person concerned is free to transmit personal data to us by alternative means, for example by telephone.
Contact data protection officer
The trust of our customers is very important to us. Therefore, we are happy to answer any questions regarding the processing of personal data. If you have any questions that are not answered by this data protection declaration or if customers would like more detailed information on a particular point, please contact our data protection officer at any time at the following e-mail address:
data protection email@example.com
We also ask that you contact the data protection officer if you become aware of or suspect violations of personal data protection by our company.