2. Data processing when visiting our websites
2.1. Automatically collected access data
You can visit our websites without providing any personal information. Only the access data sent to us by your browser automatically will be collected in this case. This for example includes your online identifiers (e.g. IP address, session IDs, device IDs), information on the web browser and operating system used, possibly the website from where you opened our websites (i.e. if you have come to our website by way of a link), the names of the requested files (i.e. of the texts, videos, pictures etc. you viewed on our websites), the language settings of your browser, possible error reports, and the times of the individual access events.
The access data need to be processed to enable your visit and comfortable use of our websites and ensure their continuous functionality and security.
The access data are temporarily stored in internal log files to provide statistical information about the use of our website. This enables our continuous optimization and further development of our websites with respect to the usage routines and technical equipment of our users, and helps to eliminate faults and security risks. The information stored in the log files is not directly relatable to you personally – especially as we will only store the IP addresses in a truncated, anonymized form. The log files are stored for 30 days and then archived after anonymization.
The legal basis of this data processing is GDPR section 6.1.f (balancing of interests based on our legitimate interests detailed above).
2.2. Cookies
We use own cookies on our websites and cookies from third-party providers. A cookie is a standardized text file that is stored by your browser for a defined period. Cookies enable the local storage of information such as the language settings and temporary identification features that the server which installed the cookie can access when the website is visited again. You can view and delete the cookies used in the security settings of your browser. And you can configure your browser settings as you wish, for example to reject the acceptance of third-party cookies or all cookies. We need to point out that you might not be able to use all the functions of our website in this case.
Our own cookies serve to make your visit of our websites more user-friendly and secure. The legal basis for the attendant data processing is GDPR section 6.1.f.
We use third-party cookies for web analysis and promotional purposes. Please see sections 2.6 and 4 of this data privacy statement for more information on this.
2.3. Your communications and messages
We collect all information and data you communicate to us by way of our websites. In various places of our websites, you are for example provided with the option of sending us messages and partly also data (e.g. PDF documents) by way of "Contact form" or "Contact" functions. The mandatory information required for these functions, if any, is highlighted as a rule.
We will only use the information you provide for processing your request.
We will delete the data accrued in the process as soon as their storage is no longer required, or restrict their processing where statutory retention periods apply.
Your message will only be forwarded to another ALBA Group company or external third party insofar as required for processing your request (we will for example forward your message to another ALBA Group company if it is responsible for processing your request). If you do not want your message to be potentially forwarded to another company, you can directly inform us of this in your message – naturally also as a precautionary measure. We will in this case only forward your message to the other company without the data that could identify you whereby you could be identified (e.g. your name, customer number or contact data).
The legal basis for the data processing detailed above is GDPR section 6.1.b. If you have consented to the forwarding and other processing of the data communicated by you, the legal basis is GDPR section 6.1.c.
2.4. Facebook Plug-ins
Some of our websites include functions provided by the social network Facebook (so-called plug-ins). These plug-ins are operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). Facebook is therefore solely responsible for operating the plug-ins in keeping with data protection requirements.
The plug-ins are integrated by way of a so-called two-click solution, meaning that to use a plug-in, you need to activate it first (= first click) to be able to operate it in the manner intended by Facebook (= second click). This is to prevent Facebook from collecting data about you without your consent.
If you visit a website containing a plug-in that you have previously activated, your browser will establish a direct connection with Facebook servers which sends the content of the plug-in (e.g. "like" or share buttons) to your browser and then integrates it in our website. This lets Facebook know that you have visited our website. If you are logged into Facebook with your personal user account when visiting our website, Facebook will be able to link the website visit with this account. When plug-ins are interacted with, e.g. by clicking the "like" button or leaving a comment, the respective information will be directly collected by Facebook and stored there. If you would like to prevent this, you need to log out of your Facebook account before activating plug-ins.
Further information on the purpose and scope of the data collection by Facebook, the further processing and use of your data there, your rights in this regard and setting options for protecting your privacy is available from Facebook's data privacy information at (http://de-de.facebook.com/privacy/explanation.php).
The legal basis for the data processing detailed above, insofar as our responsibility, is GDPR section 6.1.f (balancing of interests based on our legitimate interest in making our contents available to a larger number of users).
2.5. Integration of YouTube videos
We have embedded YouTube videos in parts of our websites. YouTube is a video platform operated by the Google company YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube"). The embedded YouTube videos can be watched on our websites directly. They are integrated in an "expanded data protection mode", meaning that no data about you as the user will be sent to YouTube if you do not watch the video. Data will only be sent to YouTube once you watch the videos. This data transmission is outside our sphere of influence. For the event of personal data being transmitted to the USA, Google and YouTube have subjected themselves to the EU-US Privacy Shield.
Visiting a website with embedded YouTube videos will provide YouTube and Google with the access data accrued in the process, and the information that you have visited the respective sub-page of our website. This happens regardless of whether you are logged into YouTube or Google or not. If you are logged into Google, your data will be directly linked with your Google account. If you do not wish them to be linked with your YouTube profile, you need to log out before watching a video. YouTube and Google may use your access data for the creation of usage profiles for promotional purposes, market research, and the needs-oriented design of their own websites. You have a right to object to the creation of these usage profiles, with objections needing to be directly addressed to YouTube or Google, respectively. For more information, please see the Google data privacy statement applicable to YouTube.
The legal basis for the data processing detailed above, insofar as our responsibility, is GDPR section 6.1.f (balancing of interests based on our legitimate interest in embedding video contents).
2.6. Web analysis
Our websites use the web analysis service Google Analytics, which is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies for collecting your access data when our websites are visited. Google compiles the access data into pseudonymous usage profiles at our behest and sends them to a Google server in the USA. Your IP address is anonymized beforehand. We are therefore unable to determine which usage profiles belong to a specific user. We are thus neither able to identify you from the data collected by Google, nor can we determine how you use our websites. For the event of personal data being sent to the USA by way of exception, Google has furthermore subjected itself to the EU-US Privacy Shield. The data processing by Google Analytics therewith comes under an adequacy decision by the EU Commission, meaning that the data protection level is recognized as adequate even if the processing takes place in the USA by way of exception./p>
Google will use the information obtained through the cookies at our behest to analyse the use of our website, compile reports about website activities and provide us with other services in connection with website use and Internet use. Further information on this is also available from the data privacy statement of Google Analytics.
You can object to the creation and analysis of pseudonymous user profiles by Google as described above at any time. You have several options for this:
(1) You can set your browser so that Google Analytics cookies are blocked
(2) You can change the Google advertising settings at Google.
(3) You can install a deactivation cookie by clicking here: deactivate Google Analytics
(4) You can install the deactivation plug-in provided by Google at http://www.google.com/settings/ads/plugin in your browsers Firefox, Internet Explorer or Chrome (this option will not work in mobile devices).
The legal basis for this data processing is GDPR section 6.1.f (balancing of interests based on our legitimate interest in analysing the general usage behaviour).