Data privacy at AL-KO

Privacy Policy

Data Privacy Statement

The following data privacy statement relates to use of the website www.al-ko.com (hereinafter “Website”).
We attach great importance to data protection. Your personal data are collected and processed pursuant to the applicable data protection provisions, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data to provide you with the aforementioned portal. This statement describes how and for what purpose your data are collected and used, and the options available to you in connection with your personal data.
By using this Website you agree to the collection, use, and transfer of your data in accordance with this Data Privacy Statement.

1. Controller

Controller for the collection, processing, and use of your personal data pursuant to the GDPR is

AL-KO Kober SE
Peter Kaltenstadler
Ichenhauser Straße 14
89359 Kötz

If you wish to object to the collection, processing, or use of your data by us pursuant to these data protection provisions, either as a whole or with regard to individual measures, you can address your objection to the above-named controller.
You can save and print this Data Privacy Statement at any time.

2. General use of the Website

2.1 Access data

We collect information about you when you use this Website. We automatically collect information on your usage behavior and your interaction with us, and record data regarding your computer or mobile device. We collect, store, and use data each time you access our Website (server log files). Access data include the name and URL of the retrieved file, date and time of the retrieval, transferred data volume, message regarding successful retrieval (HTTP response code), browser type and version, operating system, referrer URL (i.e. the previously visited web page), IP address, and the requesting provider.

We use these protocol data without reference to your identity or other profile creation for statistical analyses, for the purpose of operating, securing, and optimizing our Website, but also for the anonymous tracking of visitor numbers to our Website (traffic), as well as recording the scope and type of use of our Website and services, and similarly for billing purposes in order to measure the number of clicks received from collaboration partners. Based on this information we are able to provide personalized and location-specific content, and to analyze data traffic, search for bugs, perform troubleshooting, and improve our services. We reserve the right to review protocol data after collection if there are legitimate reasons to suspect unlawful use based on tangible evidence. IP addresses are stored for a limited period in log files if this is required for security purposes or for service provision, or for service billing, for example, when you use our services. After cancellation of the order process or after receipt of payment, we delete the IP address if it is no longer required for security purposes. IP addresses are also retained if we strongly suspect that a criminal offence has been committed in relation to the use of our Website. We also store the date of your last visit as part of your account (e.g. when you register, log in, click on links, etc.).

2.2 Email contact

When you contact us (e.g. via the contact form or email), we store your details in order to process the enquiry, and in case you have follow-up questions. We shall only store and use other personal data if you consent to this, or if doing so is authorized by law without special consent.

2.3 Google Analytics

We use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, text files which are stored on your computer, and which allow your Website usage to be analyzed. Information generated by the cookie regarding use of this Website by the visitor is usually transferred to a Google server in the USA and stored there.
However, in the event that IP anonymization is activated on this Website, your IP address will first be truncated by Google within the Member States of the European Union or in other European Economic Area countries. Only in exceptional circumstances will the full IP address be transferred to a Google server in the USA and truncated there. IP anonymization is activated on this Website. Google will use this information on our behalf to analyze your use of the Website, to compile reports on Website activity, and to provide us with other services relating to Website and internet use.
The IP address sent by your browser as part of Google Analytics is not merged with other Google data. You can prevent storage of cookies by choosing the appropriate browser software setting; we should advise you however that this may also prevent you from using some of the Website’s functions.
You can also prevent the collection of data generated by the cookie and relating to your Website usage (including your IP address) at Google and the processing of these data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plug-in or within mobile device browsers, you can click the following link to set an opt-out cookie which will prevent data collection by Google Analytics within this Website in future (this opt-out cookie only works in this browser and only for this domain. To delete the cookies in your browser, click this link again): Disable Google Analytics.

2.4 Legal bases and storage period

Legal basis for data processing pursuant to the aforementioned sections is point f) of Article 6 paragraph 1 GDPR. Our legitimate interests for data processing are, in particular, safeguarding of operations and security of the Website, analysis of how the Website is used by visitors, and simplifying use of the website.
Unless specifically stated, we only store personal data for the period necessary to fulfil the intended purposes.

3. Your rights as a data subject

Pursuant to the applicable law, you have various rights relating to your personal data. If you wish to assert these rights, clearly identify yourself in the request, and send it via email or post to the address listed in section 1.
An overview of your rights is set out below.

3.1 Right to obtain confirmation and access

You have the right to obtain at any time confirmation from us of whether your personal data are being processed. If this is the case, you shall have the right to obtain from us, free of charge, access to your retained personal data together with a copy of these data. You also have the right to the following information:

  1. Purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you, or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from you, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you. Where personal data are transferred to a third country or to an international organization, you shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

3.2 Right to rectification

You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3.3 Right to erasure (“right to be forgotten”)

You shall have the right to obtain from us the erasure of personal data concerning you without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. You withdraw consent on which the processing is based in accordance with point a) of Article 6(1) GDPR, or point a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
  3. You object to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
  4. The personal data have been unlawfully processed.
  5. The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
  6. The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR. Where we have made the personal data public and are obliged to erase the personal data, taking account of available technology and the cost of implementation we shall take reasonable steps, including technical measures, to inform controllers which process the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

3.4 Right to restriction of processing

You shall have the right to obtain from us restriction of processing where one of the following applies:

  1. The accuracy of the personal data is contested by you, with restriction applying for sufficient period to enable us to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data, and request the restriction of their use instead;
  3. we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
  4. you have objected to processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of our company override yours.

3.5 Right to data portability

You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance from us, where:
1. The processing is based on consent pursuant to point a) of Article 6(1) GDPR, or point a) of Article 9(2) GDPR or on a contract pursuant to point b) of Article 6(1) GDPR; and
2. The processing is carried out by automated means. In exercising your right to data portability pursuant to paragraph 1, you shall have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

 3.6 Right to object

You shall have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on point e) or f) of Article 6(1) GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
Where personal data are processed by us for direct marketing purposes, you shall have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, you shall have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

3.7 Automated individual decision-making, including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

3.8 Right to withdraw consent in relation to data protection

You shall have the right to withdraw your consent to the processing of personal data at any time

3.9 The right to lodge a complaint with a supervisory authority

You shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you is unlawful.

4. Data security

We have made every effort to ensure the security of your data pursuant to the applicable data protection laws and technical feasibility. Your personal data shall be encrypted by us when transferred. This shall apply to both orders and the customer login. We use the SSL coding system (Secure Socket Layer). Please be aware however that vulnerabilities may arise during data transfer via the internet (e.g. when communicating via email). Seamless protection of data against access by third parties is not possible. In order to safeguard your data, we support technical and organizational security measures which we continuously adapt to reflect the state of the art.
Furthermore, we cannot guarantee that our services will be available at certain times; the possibility of faults, interruptions, or failures cannot be excluded. The servers that we use are regularly backed up.

5. Automated decision-making

There is no automated decision-making based on the collected personal data.

6. Transfer of data to third parties, no data transfer to non-EU countries

We shall only use your personal data within our company. If and to the extent that we engage third parties (such as logistics service providers) within the scope of contract performance, they shall only receive personal data to the extent that the data transfer is required for the relevant performance. In the event that we outsource certain parts of the data processing (“contract processing”), the processor shall be contractually obliged to only use personal data to meet the requirements of data protection laws, and to guarantee protection of the data subject’s rights.
We do not transfer data to bodies or individuals outside the EU, apart from the cases mentioned in point 2.3 of this statement, and we have no plans to do so.

7. Data protection officer

Should you still have questions or concerns regarding data protection, please contact our data protection officer:

AL-KO Kober SE
Data Protection Officer
Ichenhauser Straße 14
89359 Kötz
datenschutz@alko.de

8. Web analysis with Google Analytics

This Website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, text files which are stored on your computer, and which enable an analysis of your Website usage to be performed. The information generated by the cookie regarding your use of this Website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymization is enabled on this Website, your IP address will first be truncated by Google within the Member States of the European Union or in other European Economic Area countries. Only in exceptional circumstances will the full IP address be transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this Website to analyze your use of the Website, to compile reports on Website activity, and to provide the Website operator with other services relating to Website and internet use. The IP address sent by your browser as part of Google Analytics is not merged with other Google data. You can prevent storage of cookies by choosing the appropriate browser software setting; we should advise you however that this may also prevent you from using some of the website’s functions.
You can also prevent the collection of data generated by the cookie and relating to your Website usage (including your IP address) at Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can prevent the collection of data by Google Analytics by clicking the following link. An opt-out cookie is set to prevent any future collection of your data when you visit this Website.
More information on the terms of use and data protection can be found in the Overview section of the Google Analytics Terms of Use. Please be aware that Google Analytics has been extended on this Website by the code “gat._anonymizeIp();” in order to ensure anonymized collection of IP addresses (known as IP masking).

9. Use of Google remarketing

This Website uses the Google Inc. remarketing function. The function is designed to help display interest-based ads to Website visitors within the Google ad network. The Website visitor’s browser stores a cookie that allows the visitor to be recognized when they open web pages which belong to the Google ad network. Ads which relate to content that the visitor has previously accessed on websites which use the Google remarketing function may be displayed to the visitor on these web pages. Google states that it does not collect personal data during this process. However, if you do not want the Google remarketing function, you can essentially disable it by changing the relevant settings at http://www.google.com/settings/ads. Alternatively, you can disable the use of cookies for interest-based ads via the Network Advertising Initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.

10. Google Ads

Our Website uses Google conversion tracking. If you visit our Website via an ad delivered by Google, a cookie is set on your computer by Google Ads. The cookie for conversion tracking is set when the user clicks an ad delivered by Google. These cookies are only valid for 30 days and are not used to identify you personally. If the user visits certain pages on our Website and the cookie has not yet expired, we and Google can see that the user has clicked the ad and has been redirected to this web page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked through the websites of Ads customers. The information obtained with the help of conversion cookies is used to create conversion statistics for Ads customers who have opted for conversion tracking. Customers discover the total number of users who have clicked their ad and have been redirected to a web page to which a conversion tracking tag has been added. However, they are not given information that could personally identify users.
If you do not wish to participate in tracking activities, you can refuse the cookies that are required for this, for example by choosing browser settings which generally disable the automatic setting of cookies, or by setting your browser to block cookies from the “googleleadservices.com” domain.
Please note that you may not delete opt-out cookies if you do not want performance data to be recorded. If you have deleted all of your cookies in the browser, you must reset the relevant opt-out cookie.

11. Data Privacy Statement for the use of YouTube

Our Website uses plug-ins from the YouTube site which is operated by Google. Website operator is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit web pages on which a YouTube plug-in has been installed, a connection to the YouTube servers is established. The YouTube server is notified as to which of our web pages you have visited. If you are logged into your YouTube account, you enable YouTube to match your browsing habits directly to your personal profile. You can prevent this by logging out of your YouTube account. More information on handling user data can be found in the YouTube Privacy Policy at https://www.google.de/intl/de/policies/privacy.

12. Use of Facebook and Google+ social media plug-ins

Our Website uses social plug-ins (“plug-ins”) from the Facebook and Google+ social media networks. These services are provided by Facebook Inc. and Google Inc. (“providers”). Facebook is operated by Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (“Facebook”). Google+ is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). An overview of plug-ins and their appearance can be found at http://developers.facebook.com/plugins and https://developers.google.com/+/plugins.
When you access a web page on our Website which contains one of these plug-ins, your browser establishes a direct connection to the Google or Facebook servers. The content of the plug-in is sent directly to your browser by the relevant provider, and is embedded into the web page. By embedding the plug-in, providers receive the information that your browser has opened the relevant web page on our Website, even if you do not have a profile with the corresponding social media network or are not logged into it. This information (including your IP address) is sent by your browser directly to a server belonging to the relevant provider in the USA, and is then stored there.
If you are logged into one of the social media networks, providers can directly match the visit to our Website to your Facebook or Google+ profile. If you interact with the plug-ins, for example by clicking the “Like” or “+1” button, the corresponding information will also be sent directly to a provider’s server and stored there. The information is also published on the social media network and displayed to your contacts there.
Please refer to providers’ data privacy policies for information on the purpose and scope of data collection, further processing and use of the data by providers, your rights in this respect, and settings options to protect your privacy.
Facebook data privacy policies: http://www.facebook.com/policy.php
Google data privacy policies: http://www.google.com/intl/de/+/policy/+1button.html
If you do not want Google or Facebook to directly match the data collected via our Website to your profile in the relevant social media network, you must log out of the corresponding network before visiting our Website. You can also use browser add-ons to completely prevent the loading of any plug-ins, e.g. use Facebook Blocker to prevent Facebook plug-ins (http://webgraph.com/resources/facebookblocker/).

13. Use of Facebook remarketing

This Website uses the “Custom Audiences” remarketing function from Facebook Inc. (“Facebook”). This function is used to display interest-based ads (“Facebook ads”) to visitors to this Website during their visit to the Facebook social media network. The Facebook remarketing tag has been implemented on this Website for this purpose. This tag establishes a direct connection to the Facebook servers when you visit the Website. The Facebook server is then informed that you have visited this Website, while Facebook matches this information with your personal Facebook user account. Further details on the collection and use of data by Facebook, along with your rights in this respect and settings options to protect your privacy can be found in the Facebook data privacy policies at https://www.facebook.com/about/privacy.
Alternatively, you can disable the “Custom Audiences” remarketing function at https://www.facebook.com/settings/?tab=ads#_=_. You must be logged into Facebook to do so.
Our data privacy policy complies with the Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”) and the Telemedia Act (Telemediengesetz, “TMG”).

As of: 25.05.2018