The controller as defined in Art. 4 (7) GDPR responsible for the collection, processing and use of your personal data is
Should you wish to object, in whole or part, to the collection, processing and/or use of your data by us in accordance with the provisions of these data protection regulations, please contact the controller specified above.
Please note that you can save and print this data protection declaration for reference purposes at any time.
2 The General Purposes of Data Processing
We use personal data for the purposes of the operation of our website www.an-solutions.de.
3 What Data We Use and Why
We employ hosting services in connection with the following: infrastructure and platform services, computer capacity, memory and database services, security and technical maintenance services that we require in order to operate our website. For the purposes of the above, we or our hosting service providers process inventory data, contact data, content data, contractual data, usage data, metadata and communication data of customers, other interested parties and visitors to our website; this processing is in keeping with our legitimate interest to ensure efficient and secure provision of our website in compliance with the stipulations of Art. 6 (1) f) GDPR in conjunction with Art. 28 GDPR.
3.2 Access Data
Whenever you access our website, we collect information on you. We automatically collect information on your usage behavior and your interaction with us and register data on the computer or mobile device you are using. We collect, save and use data each time our website is accessed (in the form of so-called server log files). The access data in question are:
- The name and URL of the downloaded file
- The date and time of access
- The volume of data transmitted
- Notification of successful download (HTTP status code)
- The user’s browser type and browser version
- The user’s operating system
- The referrer URL (i.e. the webpage from which the user was directed to our website)
- Websites accessed from our website by the user’s system
- The internet service provider of the user
- The IP address and the name of the requesting provider
Please note that we use this recorded data, without linking this with your person or for other forms of profile generation, for statistical analysis for the purposes of the ensuring the operation, the security and the optimization of our website but also for determination in anonymous form of the number of visitors to our website (traffic) and the scope and form of use of our website and services; we also use this data for accounting purposes in order to determine the number of clicks generated through cooperation partners. With the help of this information, we are able to provide personalized and location-based services and analyze data traffic, identify and eliminate faults and improve the services we offer. The above are in conformity with our legitimate interests as defined in Art. 6 (1) f) GDPR.
We reserve the right to subsequently review recorded data if there is concrete evidence for a justified belief that this has been used for unlawful purposes. We retain IP addresses in our log files for a limited period when this is necessary for security purposes, for the provision of services and/or accounting purposes in connection with service provision (e.g. should you use one of our services). On completion of the order process or on receipt of payment, we will delete such IP addresses if retention of these is no longer necessary for security purposes. We also retain IP addresses in cases in which there are concrete reasons for suspecting that a criminal offense has been committed in connection with the use of our website. In addition, we save the date of your last visit to our website (e.g. for registration and log-in, when you click on links etc.) to your user account.
We use so-called session cookies to optimize the use of our website. Session cookies are small text files that are downloaded by the servers of the websites you visit to your hard disk and are temporarily stored there. These files as such contain so-called session IDs that are used to associate the various queries placed through your browser with elements of the shared session. This means that we are able to recognize your computer when you return to our website. These cookies are automatically deleted as soon as you close your browser. One of their purposes is to enable you to use the shopping basket option over more than one page of our website.
To a limited extent we also use persistent cookies. These are also small text files that are downloaded to your device. They are retained on your device and make it possible for us to recognize your browser when you next visit our website. These cookies are stored on your hard disk and are automatically deleted after a specified period of time; this can be 1 month or up to 10 years. They help us make our website more user-friendly, efficient and secure and also enable us, for example, to display information specifically tailored to your interests on our pages.
Based on Art 6 (1) f) GDPR, our legitimate interest with regard to the use of these cookies is to make our website more user-friendly, efficient and secure. Among the information and data stored in cookies are the following:
- Log-in information
- Language settings
- Entered search terms
- Information on the number of times our website is accessed and the use of the various functions of our online service.
When a cookie is activated, it is assigned an identification code; however, your personal data is not matched with this identification code. Your name, IP address and similar information that would enable a cookie to be linked with you are not stored in cookies. The cookie technology enables us only to obtain information in pseudonymous form, for example, information on which pages of our shop have been visited, what products have been viewed, etc.
Please note that you can set your browser so that you are informed in advance before cookies are accepted. You can then decide in the individual case whether you wish to allow cookies in certain circumstances only or these are to be generally excluded during a session. You can also set your browser to reject all cookies. However, please note that this might mean you are unable to use all the features of our website.
3.4 Data Required by Us to Comply with Our Contractual Obligations
We process the personal data we require in order to comply with various contractual obligations; among the information we process are your name, address, email address and certain product, invoicing and payment data. It is necessary for us to collect this data in order to be able to conclude a contract with you.
This data will be deleted on expiry of our warranty period and any legal retention period. Data linked to a user account (see below) will be retained in all cases for the period that the account remains active.
The legal basis for the processing of this data is Art. 6 (1) b); we require this information in order to comply with our contractual obligations towards you.
If you wish to subscribe to our newsletter, you will be required to provide certain information when registering. Please note that your newsletter subscription registration will be recorded for retention. On completion of registration, a message will be sent to the email address you have specified in which you will be requested to again confirm your subscription registration (double opt-in procedure). This is necessary to ensure that unauthorized third parties cannot use your email address to register for our newsletter. You can at any time withdraw your consent to receive our newsletter and thus unsubscribe.
We will store your registration data for as long as you require us to send you our newsletter. We will retain the information on your subscription to our newsletter and the dispatch address for as long as it is necessary to provide confirmation of your originally provided consent; as a rule, the maximum statutory period of limitation of such entitlements under German Civil Law is three years.
The legal basis for our sending you our newsletter is your consent as per the stipulations of Art. 6 (1) a) GDPR in conjunction with Art. 7 GDPR and Art. 2 (2) No. 3 of the German Act Against Unfair Practices (UWG). The legal basis for our retention of your registration data is our legitimate interest in providing confirmation that our newsletter is being sent with your consent.
You can withdraw your consent to receive our newsletter at any time. You will incur no charges in this connection other than any standard costs that may be involved in contacting us to inform us of your wish. It will be sufficient for this purpose if you send a message to this effect (e.g. by email, fax or post) to the address specified in section 1 above. You will, of course, also find an unsubscribe link in each newsletter.
3.6 Product Recommendations
Independently of our newsletter, we will also send you product recommendations by email on a regular basis. In so doing, we hope to draw your attention to products from our range in which you might have an interest in view of recent products or services your have purchased from us. Please note that here we strictly comply with the corresponding legal guidelines. You can opt out of receiving our product recommendations at any time. You will incur no charges in this connection other than any standard costs that may be involved in contacting us to inform us of your wish. It will be sufficient for this purpose if you send a message to this effect (e.g. by email, fax or post) to the address specified in section 1 above. You will, of course, also find an unsubscribe link in each email.
The legal basis here is the lawfulness of this activity as per the stipulations of Art. 6 (1) f) GDPR in conjunction with Art. 7 (3) of the German Act Against Unfair Practices (UWG).
3.7 Contact by E-Mail
If you contact us (e.g. using our contact form or by email), we will process the information you have provided in order to deal with your inquiry and any follow-up queries you may submit.
Assuming it is necessary for us to process this information in connection with precontractual measures associated with your inquiry or if you are already a customer of ours, the legal basis for the processing of this data is that specified in Art. 6 (1) b) GDPR.
We will only process additional personal information if you consent to this (Art. 6 (1) a) GDPR) or if we have a legitimate interest in processing the data in question (Art. 6 (1) f) GDPR). It is in our legitimate interest, for example, to respond to your email.
4 Retention Periods
Unless otherwise specified, we will retain your personal data only for the duration we require this to fulfill the purpose(s) in question and/or to comply with legal data retention stipulations.
In certain instances, we are required to retain personal data in order to comply with the stipulations of German tax and commercial legislation. Where this is the case, the data will be retained by us only for as long as is legally stipulated; it will not be otherwise processed by us and will be deleted on expiry of the legal retention period.
5 Your Rights as a Data Subject
Under applicable law, you have various rights with regard to your personal data. Should you wish to exercise any of these rights, please send a corresponding message by email or post in which you clearly identify yourself to the address specified in section 1 above.
In the following, you will find an overview of your rights.
5.1 Right to Confirmation and Information
You have the right to receive transparent information on how your personal data is being processed.
Specifically, you have the right at any time to receive a confirmation from us whether we are processing personal data related to you.
If this is the case, you also have the right to require from us free of charge information on what personal data about you we have retained together with a copy of this data. You also have the right to information on the following:
- The purposes of the processing of your personal data
- The categories of your personal data concerned
- The recipients or categories of recipients to whom your personal data has been or will be disclosed, including recipients in third countries and international organizations
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- Your right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you and your right to object to such processing
- Your right to lodge a complaint with a supervisory authority
- Where the personal data has not been collected from you, any available information as to its source
- On the existence of an automated decision-making process, including profiling, as defined in Art. 22 (1) and (4) GDPR and - in such cases at least - meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Where personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards employed as specified in Art. 46 GDPR in connection with the transfer.
5.2 Right to Rectification
You have the right to require us to rectify your personal data and/or to complete any incomplete personal data on you.
Specifically, you have the right to obtain from us without undue delay the rectification of inaccurate personal data about you.
Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, also by means of provision of a supplementary statement.
5.3 Right to Erasure (‘Right to be Forgotten’)
There are various situations in which we are required to erase your personal data.
Specifically, you have the right per Art. 17 (1) GDPR to require us to erase your personal data without undue delay. We are also obligated to erase your personal data without undue delay where one of the following applies:
- Your personal data is no longer required in relation to the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which processing is based in accordance with Art. 6 (1) a) GDPR or Art. 9 (2) a) GDPR, and there is no other legal ground for processing.
- You object to processing per Art. 21 (1) GDPR and there are no overriding legitimate grounds for processing, or you object to processing per Art. 21 (2) GDPR.
- Your personal data has been unlawfully processed.
- Your personal data needs to be erased for purposes of compliance with a legal obligation in Union or Member State law to which we are subject.
- Your personal data has been collected in relation to the offer of information society services as specified in Art. 8 (1) GDPR.
If we have made your personal data public and we are obligated under Art. 17 (1) GDPR to erase your personal data, we, taking account of available technology and the cost of implementation, are required take reasonable steps, including technical measures, to inform controllers who are processing your personal data that you have requested the erasure by such controllers of any links to, copy or replication of your personal data.
5.4 Right to Restriction of Processing
There are various situations in which you have the right to require us to restrict the processing of your personal data. Specifically, you have the right to require us to restrict the processing of your personal data where one of the following applies:
- You contest the accuracy of your personal data while allowing us a period that enables us to verify the accuracy of your personal data;
- The processing is unlawful and you decline the erasure of your personal data and request the restriction of its use instead;
- We no longer require your personal data for the purposes of processing, but the data is required by you for the establishment, exercise or defense of legal claims; or
- You have objected to processing per Art. 21 (1) GDPR pending verification of whether the legitimate interests of our organization override yours.
5.5 Right to Data Portability
You have the right to receive and transmit your personal data in a machine-readable format or to have your data transmitted by us. Specifically, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from us, assuming processing is based on consent provided in accordance with Art.
- 6 (1) a) GDPR or Art. a) 1. 9 (2) a) GDPR or in based on a contract per Art. 6 (1) 1 b) GDPR and
- Processing is carried out by automated means.
In exercising your right to data portability as specified in paragraph 1, you have the right to have your personal data transmitted directly from one controller to another, where this is technically feasible.
5.6 Right to Object
You have the right to object even to legitimate processing of your personal data by us if this becomes necessary because of your specific situation and this is not overridden by our legitimate interests with regard to processing your data.
Specifically, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data per Art.
6 (1) e) or f) GDPR; this applies also to any profiling that is based on these provisions. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing which override your interests, rights and freedoms or if processing is necessary for the establishment, exercise or defense of legal claims.
Where personal data is processed by us for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing; this also applies to profiling where this is related to such direct marketing.
Where your personal data is processed for scientific, historical research purposes or statistical purposes per Art. 89 (1) GDPR, you have the right, on grounds relating to your particular situation, to object to processing of your personal data, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
5.7 Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal consequences to which you are subject or has a similar significant adverse effect on you.
Please note that we do not undertake automated decision-making on the basis of the personal data we obtain from you.
5.8 Your Right to Withdraw Consent in Connection with Data Protection-Related Activities
You have the right to withdraw your consent to the processing of your personal data at any time.
5.9 Your Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence or with that authority that is responsible for your place of work or the place of the alleged infringement if you consider that the processing of your personal data is unlawful.
6 Data Security
We make every effort to ensure that your data is secure from unauthorized access in compliance with the requirements of current data protection legislation using all the technical options available.
Your personal data is transmitted to us in encrypted form. This also applies to the information provided when you place an order with us and login. We use SSL (Secure Socket Layer) encryption technology; however, please note that there can be security flaws in connection with the transmission of data over the internet (e.g. communication by email). It is not possible to completely protect such data against malicious access.
To ensure the best possible level of security of your data, we employ the technical and organizational measures specified in Art. 32 GDPR, which we continuously update to ensure that these are state of the art.
Please also note that we cannot guarantee continual availability of our online services - we cannot exclude the possibility of disruption, interruption or failure of our online website. We ensure that there is regular back-up of the servers we use.
7 Transmission of Data to Third Parties; No Transfer of Data to Non-EU Countries
In general, we will use your data only for in-house purposes.
If and insofar as it becomes necessary for us to transmit your data to third parties for the purposes of contract performance (e.g. to logistics service providers), these persons will be provided only with the data they require in order to provide the corresponding service.
In situations in which we outsource certain aspects of data processing (‘commissioned data processing’), we require our processors to contractually undertake to only process personal data in conformity with the requirements of data protection legislation and to ensure that the rights of the individuals involved are not infringed.
With the Exception of the Newsletter, which is processed via the MailChimp marketing platform, Atlanta, USA, in the case of the retention of data as specified in section 4 above, this data will not be transmitted to organisations or persons outside the EU. Only the registration data for the newsletter will be transmitted.
8 Data Protection Officer
Should you have any queries or concerns relating to the protection of your data, please contact our Data Protection Officer: