Data privacy at AL-KO
Data Privacy Statement
The following data privacy statement relates to use of the website www.al-ko.com (hereinafter “Website”).
We attach great importance to data protection. Your personal data are collected and processed pursuant to the applicable data protection provisions, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data to provide you with the aforementioned portal. This statement describes how and for what purpose your data are collected and used, and the options available to you in connection with your personal data.
By using this Website you agree to the collection, use, and transfer of your data in accordance with this Data Privacy Statement.
Controller for the collection, processing, and use of your personal data pursuant to the GDPR is
AL-KO Kober SE
Ichenhauser Straße 14
If you wish to object to the collection, processing, or use of your data by us pursuant to these data protection provisions, either as a whole or with regard to individual measures, you can address your objection to the above-named controller.
You can save and print this Data Privacy Statement at any time.
2. General use of the Website
2.1 Access data
We collect information about you when you use this Website. We automatically collect information on your usage behavior and your interaction with us, and record data regarding your computer or mobile device. We collect, store, and use data each time you access our Website (server log files). Access data include the name and URL of the retrieved file, date and time of the retrieval, transferred data volume, message regarding successful retrieval (HTTP response code), browser type and version, operating system, referrer URL (i.e. the previously visited web page), IP address, and the requesting provider.
We use these protocol data without reference to your identity or other profile creation for statistical analyses, for the purpose of operating, securing, and optimizing our Website, but also for the anonymous tracking of visitor numbers to our Website (traffic), as well as recording the scope and type of use of our Website and services, and similarly for billing purposes in order to measure the number of clicks received from collaboration partners. Based on this information we are able to provide personalized and location-specific content, and to analyze data traffic, search for bugs, perform troubleshooting, and improve our services. We reserve the right to review protocol data after collection if there are legitimate reasons to suspect unlawful use based on tangible evidence. IP addresses are stored for a limited period in log files if this is required for security purposes or for service provision, or for service billing, for example, when you use our services. After cancellation of the order process or after receipt of payment, we delete the IP address if it is no longer required for security purposes. IP addresses are also retained if we strongly suspect that a criminal offence has been committed in relation to the use of our Website. We also store the date of your last visit as part of your account (e.g. when you register, log in, click on links, etc.).
2.2 Email contact
When you contact us (e.g. via the contact form or email), we store your details in order to process the enquiry, and in case you have follow-up questions. We shall only store and use other personal data if you consent to this, or if doing so is authorized by law without special consent.
2.3 Google Analytics
We use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, text files which are stored on your computer, and which allow your Website usage to be analyzed. Information generated by the cookie regarding use of this Website by the visitor is usually transferred to a Google server in the USA and stored there.
However, in the event that IP anonymization is activated on this Website, your IP address will first be truncated by Google within the Member States of the European Union or in other European Economic Area countries. Only in exceptional circumstances will the full IP address be transferred to a Google server in the USA and truncated there. IP anonymization is activated on this Website. Google will use this information on our behalf to analyze your use of the Website, to compile reports on Website activity, and to provide us with other services relating to Website and internet use.
The IP address sent by your browser as part of Google Analytics is not merged with other Google data. You can prevent storage of cookies by choosing the appropriate browser software setting; we should advise you however that this may also prevent you from using some of the Website’s functions.
You can also prevent the collection of data generated by the cookie and relating to your Website usage (including your IP address) at Google and the processing of these data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plug-in or within mobile device browsers, you can click the following link to set an opt-out cookie which will prevent data collection by Google Analytics within this Website in future (this opt-out cookie only works in this browser and only for this domain. To delete the cookies in your browser, click this link again): Disable Google Analytics.
2.4 Legal bases and storage period
Legal basis for data processing pursuant to the aforementioned sections is point f) of Article 6 paragraph 1 GDPR. Our legitimate interests for data processing are, in particular, safeguarding of operations and security of the Website, analysis of how the Website is used by visitors, and simplifying use of the website.
Unless specifically stated, we only store personal data for the period necessary to fulfil the intended purposes.
3. Your rights as a data subject
Pursuant to the applicable law, you have various rights relating to your personal data. If you wish to assert these rights, clearly identify yourself in the request, and send it via email or post to the address listed in section 1.
An overview of your rights is set out below.
3.1 Right to obtain confirmation and access
You have the right to obtain at any time confirmation from us of whether your personal data are being processed. If this is the case, you shall have the right to obtain from us, free of charge, access to your retained personal data together with a copy of these data. You also have the right to the following information:
- Purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you, or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from you, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you. Where personal data are transferred to a third country or to an international organization, you shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
3.2 Right to rectification
You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3.3 Right to erasure (“right to be forgotten”)
You shall have the right to obtain from us the erasure of personal data concerning you without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw consent on which the processing is based in accordance with point a) of Article 6(1) GDPR, or point a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
- You object to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR. Where we have made the personal data public and are obliged to erase the personal data, taking account of available technology and the cost of implementation we shall take reasonable steps, including technical measures, to inform controllers which process the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
3.4 Right to restriction of processing
You shall have the right to obtain from us restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by you, with restriction applying for sufficient period to enable us to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data, and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
- you have objected to processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of our company override yours.
3.5 Right to data portability
You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance from us, where:
1. The processing is based on consent pursuant to point a) of Article 6(1) GDPR, or point a) of Article 9(2) GDPR or on a contract pursuant to point b) of Article 6(1) GDPR; and
2. The processing is carried out by automated means. In exercising your right to data portability pursuant to paragraph 1, you shall have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
3.6 Right to object
You shall have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on point e) or f) of Article 6(1) GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
Where personal data are processed by us for direct marketing purposes, you shall have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, you shall have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
3.7 Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
3.8 Right to withdraw consent in relation to data protection
You shall have the right to withdraw your consent to the processing of personal data at any time
3.9 The right to lodge a complaint with a supervisory authority
You shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you is unlawful.
4. Data security
We have made every effort to ensure the security of your data pursuant to the applicable data protection laws and technical feasibility. Your personal data shall be encrypted by us when transferred. This shall apply to both orders and the customer login. We use the SSL coding system (Secure Socket Layer). Please be aware however that vulnerabilities may arise during data transfer via the internet (e.g. when communicating via email). Seamless protection of data against access by third parties is not possible. In order to safeguard your data, we support technical and organizational security measures which we continuously adapt to reflect the state of the art.
Furthermore, we cannot guarantee that our services will be available at certain times; the possibility of faults, interruptions, or failures cannot be excluded. The servers that we use are regularly backed up.
5. Automated decision-making
There is no automated decision-making based on the collected personal data.
6. Transfer of data to third parties, no data transfer to non-EU countries
We shall only use your personal data within our company. If and to the extent that we engage third parties (such as logistics service providers) within the scope of contract performance, they shall only receive personal data to the extent that the data transfer is required for the relevant performance. In the event that we outsource certain parts of the data processing (“contract processing”), the processor shall be contractually obliged to only use personal data to meet the requirements of data protection laws, and to guarantee protection of the data subject’s rights.
We do not transfer data to bodies or individuals outside the EU, apart from the cases mentioned in point 2.3 of this statement, and we have no plans to do so.
7. Data protection officer
Should you still have questions or concerns regarding data protection, please contact our data protection officer:
AL-KO Kober SE
Data Protection Officer
Ichenhauser Straße 14
8. Web analysis with Google Analytics
This Website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, text files which are stored on your computer, and which enable an analysis of your Website usage to be performed. The information generated by the cookie regarding your use of this Website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymization is enabled on this Website, your IP address will first be truncated by Google within the Member States of the European Union or in other European Economic Area countries. Only in exceptional circumstances will the full IP address be transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this Website to analyze your use of the Website, to compile reports on Website activity, and to provide the Website operator with other services relating to Website and internet use. The IP address sent by your browser as part of Google Analytics is not merged with other Google data. You can prevent storage of cookies by choosing the appropriate browser software setting; we should advise you however that this may also prevent you from using some of the website’s functions.
You can also prevent the collection of data generated by the cookie and relating to your Website usage (including your IP address) at Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can prevent the collection of data by Google Analytics by clicking the following link. An opt-out cookie is set to prevent any future collection of your data when you visit this Website.
9. Use of Google remarketing
10. Google Ads
Our Website uses Google conversion tracking. If you visit our Website via an ad delivered by Google, a cookie is set on your computer by Google Ads. The cookie for conversion tracking is set when the user clicks an ad delivered by Google. These cookies are only valid for 30 days and are not used to identify you personally. If the user visits certain pages on our Website and the cookie has not yet expired, we and Google can see that the user has clicked the ad and has been redirected to this web page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked through the websites of Ads customers. The information obtained with the help of conversion cookies is used to create conversion statistics for Ads customers who have opted for conversion tracking. Customers discover the total number of users who have clicked their ad and have been redirected to a web page to which a conversion tracking tag has been added. However, they are not given information that could personally identify users.
If you do not wish to participate in tracking activities, you can refuse the cookies that are required for this, for example by choosing browser settings which generally disable the automatic setting of cookies, or by setting your browser to block cookies from the “googleleadservices.com” domain.
Please note that you may not delete opt-out cookies if you do not want performance data to be recorded. If you have deleted all of your cookies in the browser, you must reset the relevant opt-out cookie.
11. Data Privacy Statement for the use of YouTube
12. Use of Facebook and Google+ social media plug-ins
Our Website uses social plug-ins (“plug-ins”) from the Facebook and Google+ social media networks. These services are provided by Facebook Inc. and Google Inc. (“providers”). Facebook is operated by Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (“Facebook”). Google+ is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). An overview of plug-ins and their appearance can be found at http://developers.facebook.com/plugins and https://developers.google.com/+/plugins.
When you access a web page on our Website which contains one of these plug-ins, your browser establishes a direct connection to the Google or Facebook servers. The content of the plug-in is sent directly to your browser by the relevant provider, and is embedded into the web page. By embedding the plug-in, providers receive the information that your browser has opened the relevant web page on our Website, even if you do not have a profile with the corresponding social media network or are not logged into it. This information (including your IP address) is sent by your browser directly to a server belonging to the relevant provider in the USA, and is then stored there.
If you are logged into one of the social media networks, providers can directly match the visit to our Website to your Facebook or Google+ profile. If you interact with the plug-ins, for example by clicking the “Like” or “+1” button, the corresponding information will also be sent directly to a provider’s server and stored there. The information is also published on the social media network and displayed to your contacts there.
Please refer to providers’ data privacy policies for information on the purpose and scope of data collection, further processing and use of the data by providers, your rights in this respect, and settings options to protect your privacy.
Facebook data privacy policies: http://www.facebook.com/policy.php
Google data privacy policies: http://www.google.com/intl/de/+/policy/+1button.html
If you do not want Google or Facebook to directly match the data collected via our Website to your profile in the relevant social media network, you must log out of the corresponding network before visiting our Website. You can also use browser add-ons to completely prevent the loading of any plug-ins, e.g. use Facebook Blocker to prevent Facebook plug-ins (http://webgraph.com/resources/facebookblocker/).
13. Use of Facebook remarketing
This Website uses the “Custom Audiences” remarketing function from Facebook Inc. (“Facebook”). This function is used to display interest-based ads (“Facebook ads”) to visitors to this Website during their visit to the Facebook social media network. The Facebook remarketing tag has been implemented on this Website for this purpose. This tag establishes a direct connection to the Facebook servers when you visit the Website. The Facebook server is then informed that you have visited this Website, while Facebook matches this information with your personal Facebook user account. Further details on the collection and use of data by Facebook, along with your rights in this respect and settings options to protect your privacy can be found in the Facebook data privacy policies at https://www.facebook.com/about/privacy.
Alternatively, you can disable the “Custom Audiences” remarketing function at https://www.facebook.com/settings/?tab=ads#_=_. You must be logged into Facebook to do so.
As of: 25.05.2018