2. Data processing when visiting our websites
2.1. Access data automatically collected
You can visit our websites without having to provide any personal information. In this case, only the access data sent to us by your browser automatically will be collected. This, for example, includes your online identifiers (e.g. IP address, session IDs, device IDs), information on the web browser and operating system used, possibly the website from which you accessed our websites (i.e. if you accessed our website via a link), the names of the requested files (i.e. of the texts, videos, images etc. you looked at on our websites), the language settings of your browser, possibly error reports, and the timing of the individual access events.
The access data needs to be processed to make it possible for you to visit and operate our websites with ease and to ensure continuous functionality and security of our website.
Access data is also temporarily stored in internal log files to provide statistical information about the use of our website. This makes it possible for us to continuously optimise and develop our websites with a view to the patterns of usage and technical equipment of users, and it helps to eliminate faults, malfunctions and security risks. It is not possible to directly deduce your identity from the information stored in the log files – in particular, we will only store the IP address in truncated, anonymised form. The log files are stored for 30 days and then archived after anonymisation.
The lawful basis for processing such data is GDPR, Art. 6.1.f (reconciling your right to protection of personal data with our legitimate interests detailed above).
On our websites we use our own cookies as well as third-party provider cookies. A cookie is a standardised text file that is stored by your browser for a definite period. Cookies make it possible to store information such as language settings and temporary identification features locally on your terminal device; the server which installed the cookie locally on your device can access such information when you visit the website again. Check your browser security settings to view and delete the cookies used. You can change your browser settings according to your needs, for example it would be possible for you to disable third-party cookies only or cookies in general. Please note that you may not be able to use all the functions of our website if you disable cookies.
The reason why we use our own cookies is to make it more convenient for you to use our website and to make it secure. The lawful basis for the associated processing of anonymised data through absolutely necessary cookies is GDPR, Art. 6.1.f. Other data will be processed only to the extent you have given your consent, in which case GDPR, Art. 6.1.a will be the lawful basis for processing.
We use third-party cookies for web analysis as well as promotional purposes. Please see sections 2.7 and 4 of this data privacy statement for more information.
2.3. Your communication and messages
We collect all information and data you communicate by way of our websites. At our websites we offer various contact options, including the "Contact form”, for sending us messages and, in part, also data (e.g. PDF documents). The mandatory information absolutely required for providing these functions, if any, is generally highlighted.
We will only use the information you provide for the purpose of processing your request. We will delete the data collected in the process as soon as it is no longer necessary to store it, or, alternatively, we will restrict processing where statutory retention periods apply.
Your message will only be disclosed to another ALBA Group undertaking or external third party insofar as this is required for the purpose of processing your request (we will, for example, forward your message to another ALBA Group undertaking if such undertaking is in charge of processing your request). If you do not agree with your message potentially being disclosed to another company or third party, please inform us directly in your message – naturally it would also be possible for you to do so as a precautionary measure. In this case, we will disclose your message to the other company excluding the data that could be used to identify you (e.g. your name, customer number or contact details). Your personal data in connection with messages and communication may also be processed beyond the scope specified above after you have given your consent.
The lawful basis for processing data as detailed above is GDPR, Art. 6.1.b. If you have consented to disclosure and other processing of the data communicated by you, the lawful basis is GDPR, Art. 6.1.a.
2.4. Facebook Plug-ins
Some of our websites include functions provided by the Facebook social network which are referred to as plug-ins. These plug-ins are operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). This means that Facebook is the controller in charge for operating the plug-ins in keeping with data protection requirements.
If you visit a website containing a plug-in that you previously enabled, your browser will directly connect to Facebook servers which will, in turn, send the plug-in content (e.g. "like" or share buttons) to your browser and then integrate it into our websites. This means that Facebook will know that you have visited our website. If you are signed into Facebook with your personal user account details when visiting our website, Facebook will also be able to link the website visit to your Facebook account. In case of plug-in interaction, e.g. if you click the "like" button or write a comment, the respective information will be collected directly by Facebook and stored by them. If you would like to prevent this from happening, you need to log out of your Facebook account before enabling plug-ins.
The lawful basis for processing the data detailed above, insofar as we are the controller, is GDPR, Art. 6.1.f (reconciling your right to the protection of personal data with on our legitimate interest in making our contents available to a larger number of users).
2.5. YouTube video integration
We have embedded YouTube videos in parts of our websites. YouTube is a video platform operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”), which is part of Google. You can watch embedded YouTube videos directly on our websites. The “enhanced data protection mode” is used to embed them. This means that no data about you, the user, will be sent to YouTube for as long as you do not watch the video. Data will only be transmitted to YouTube once you start watching any of the videos. Such data transmission is beyond our control.
When you visit a website with embedded YouTube videos, YouTube and Google will be provided with the access data collected in the process, along with the information that you have visited the respective sub-page of our website. This happens regardless of whether you are logged into YouTube or Google or not. If you are logged into your Google account, your data will be linked with your Google account directly. If you do not wish them to be linked with your YouTube profile, you will have to log out before watching a video. YouTube and Google may use your access data for creating user profiles for the purpose of promotion, market research and developing a user-friendly YouTube and Google website design. You have the right to object to the creation of these user profiles; you will have to address any such objection directly to YouTube or Google, respectively. For more information, please see Google data privacy statement for YouTube.
The lawful basis for processing the data detailed above, insofar as we are the controller, is GDPR, Art. 6.1.f (reconciling your right to the protection of personal data with our legitimate interest in embedding video content). In addition, all parties involved in data processing have committed themselves to transferring personal data to third countries subject to appropriate safeguards (GDPR, Art. 44 f.).
2.6. Google Maps
Our websites use the Google Maps service operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). In order for the Google map material we use to be integrated and displayed in your web browser, your web browser must connect to a Google server, which may also be located in the USA, when you click on the contact page. This is how Google will be informed that the IP address of your device clicked on the contact page of our websites. The lawful basis for data processing detailed above is GDPR, Art. 6.1.f (reconciling your right to the protection of personal data with our legitimate interest in embedding online maps for contact purposes). In addition, all parties involved in data processing have committed themselves to transferring personal data to third countries subject to appropriate safeguards (GDPR, Art. 44 f.).
If you call up Google maps on our website whilst being logged into your Google profile, Google will be able to link this event to your Google profile. If you do not wish the event to be linked to your Google profile, you will have to log out of your Google profile before clicking on our contact page. Google will store your data and use it for the purpose of advertising, market research and personalised presentation of Google Maps. You have the right to object to the collection of this data by Google by contacting Google directly.
2.7. Web analysis
Google will use the information obtained through the cookies at our behest to analyse the use of our websites, to compile reports about website activities and to provide us with other services in connection with website and Internet use. Further information on this topic is also available from the data privacy statement of Google Analytics.
You have the right to object, at any time, to the creation and analysis of pseudonymous user profiles by Google as described above. You have several options for doing so (the following information has been included without warranty, express or implied):
(1) You can adjust browser settings to block Google Analytics cookies;
(2) You can change Google Ads Settings on Google.
(3) You can disable cookies by clicking here: Disable Google Analytics
(4) You can install the disable plug-in provided by Google at http://www.google.com/settings/ads/plugin in your Firefox, Internet Explorer or Chrome browser (this option will not work on mobile devices).
The lawful basis for processing such data is GDPR, Art. 6.1.a (reconciling your right to the protection of personal data with our legitimate interest in analysing the general pattern of usage). In addition, all parties involved in data processing have committed themselves to transferring personal data to third countries subject to appropriate safeguards (GDPR, Art. 44 f.).