Privacy policy

Responsible according to the General Data Protection Regulation

Aquasabi GmbH & Co. KG
Salzdahlumer Str. 196
38126 Braunschweig
Deutschland

Tel.: +49-(0)531-2086358
Fax: +49-(0)531-2086359
E-Mail: info@aqua-rebell.de

Represented by the general partner
Aquasabi Verwaltungs GmbH
General manager: Tobias Coring

Data protection officer
datenschutz@aquasabi.de

We appreciate your interest in our website and our company.

The protection of your personal data is very important to us. Your data is protected in accordance with the law, so that our data protection practice is in accordance with the General Data Protection Regulation (GDPR), the Federal Data Protection Act (FDPA) and the Telemedia Act (TMA). Below you will find information about our processing of personal data and your rights:

I. Data processing in general

1. Scope and purpose of processing

In principle, the responsible party processes personal data only if this is necessary to maintain the functions of his website and to provide his services. The processing takes place to the extent of the consent of the user or as far as it is permitted by legal regulations.

2. Lawfulness of processing

If the responsible party obtains consent for processing, legal basis is article 6 (2)(a), GDPA. Any processing necessary to fulfill a contract to which the data subject is a party shall have its legal basis in article 6(1)(b), GDPA. This also applies to processing required for the execution of pre-contractual measures, which is carried out on request of the data subject. The legal basis for the processing of personal data required to fulfill the legal obligations of the controller is article 6 (1)(c) GDPA. Article 6(1)(d), GDPA is the legal basis in the event that vital interests of the data subject or any other natural person require the processing of personal data. Article 6(1)(f), GDPA is the legal basis for the processing of personal data when it is necessary to safeguard a legitimate interest of the business of the controller or a third party and which outweighs the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.

3. Storage and deletion

The responsible party deletes or blocks personal data if the purpose of the storage is omitted. Storage can also take place if required by law or regulation. In particular, there may be statutory storage obligations of six years under commercial law and ten years under fiscal law. Blockages or deletions also occur if specified periods of storage end according to laws or regulations and the data for the conclusion of contract, the fulfillment of contract or the termination of contract are no longer required. Data storage is also possible for the preservation of evidence under the statute of limitations. The regular limitation period is three years, whereby limitation periods of 30 years can also be possible.

II. Provision of internet presence and log files

1. Scope of processing

Every access to the website of those responsible as well as every retrieval of a file stored on their website are by default logged automatically. In this case, the date and time of access, web browser and version, operating system, the website from which the user accesses the page of the responsible party and the websites that the user accesses via the website of the responsible party, as well as the ISP of the user and his IP address can be logged.

This data may be stored in the log files of the system of the responsible parties. A combination of this data with other data sources, in particular other personal data of the user, does not take place.

2. Lawfulness of processing

The temporary storage of these data and log files has its legal basis in article 6(1)(f), GDPR.

3. Purpose

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session. Data storage in log files is done to ensure the functionality of the website. In addition, the responsible party uses the data to optimize the Internet presence and to ensure the security of his IT systems.

The above-mentioned purposes also represent the predominant legitimate interests of the controllers in this data processing in accordance with Article 6(1)(f), GDPR.

4. Storage and deletion

The data will be deleted as soon as it is no longer necessary for the realization of the purposes above. In the case of the collection of data for the provision of the Internet presence, this is the case at the end of the respective session and in the case of storage of data in log files at the latest after seven days.

III. Cookies

1. Scope of processing

The websites of those responsible use cookies. A „Cookie“ is a small text file, which is stored in the browser, respectively, saved on the user’s computer by the browser. With this file, the web server can store preferences and settings on the user's computer, that are automatically restored on the next visit. Likewise, it is possible for a server to recognize the user without having to constantly re-enter the username and password.

Two types of cookies can be used on the pages of those responsible. First, the so-called session cookies, which are deleted when the browser is closed. On the other hand, the so-called persistent cookies that may remain on the computer of the person concerned for a prolonged period of time. Using the collected information, usage patterns and structures of websites can be analyzed. For example, those responsible can continue to optimize their internet presence by improving their content or personalization and making it easier to use.

2. Lawfulness of processing

The legal basis for the processing of personal data using cookies is article 6(1)(f) GDPR.

3. Purpose

The purpose of the use of cookies is to make the visit of the website of the responsible party more pleasant and to provide certain functionalities. In addition, the controller can further optimize the website by improving the content or personalization and simplify it using the data collected by the cookies.

In the aforementioned purposes processing is necessary for the purposes of the legitimate interests pursued by the controller according to article 6(1)(f) GDPR.

4. Storage, objection or removal options

In all current browsers, the handling of cookies can be expressly regulated. Most browsers accept cookies by default. Users can allow or deny both temporary (session) cookies and persistent cookies independently in the security settings. However, if the data subject deactivates the cookies, they may not be able to access the web site of those responsible and some pages may not be displayed correctly.

IV. Contact

1. Scope of processing

For example, if the data subject contacts the responsible party by e-mail, the personal data communicated and the date and time of the transmission will be stored by the responsible party.

These data are used exclusively for the processing of communication between the data subject and the responsible party and are not disclosed to third parties.

2. Lawfulness of processing

Legal basis for the processing of this personal data is art. 6(1)(a), GDPR, if consent has been given. Otherwise the legal basis is art. 6(1)(f), GDPR and as far as the establishment, fulfillment or termination of a contract are concerned, art. 6(1)(b) GDPR, too.

3. Purpose

The processing of personal data from the communication takes place exclusively to handle the contact and answer the request of the person concerned as well as to prevent misuse of the contact form and to protect the IT systems of those responsible.

4. Storage and deletion

The personal data collected on contact will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case when the respective conversation with the person concerned has ended and it follows from the circumstances that a final clarification has been carried out.

5. Possibility to object

The data subject has the option of revoking consent to the processing of this personal data at any time. The data subject may also object to the storage of their personal data at any time, in which case the conversation can not be continued. In fact, in such a case, all personal data stored during the establishment of contact will be deleted.

V. Google Analytics

1. Scope of processing

The responsible party uses Google Analytics on its website, a web analysis service of Google Inc. (https://www.google.com/intl/en/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter „Google“). In this context, pseudonymised usage profiles are created and cookies (see III.) are used. The information generated by the cookie about the use of this website by the person concerned such as

  1. browser type / version,
  2. OS used,
  3. referrer-URL (previously visited site),
  4. host name of the accessing computer (IP address),
  5. time of server request,

ware transmitted to a Google server in the USA and stored there. The IP addresses are anonymized so that an assignment is not possible (IP masking). In no case will the IP address of the person concerned be merged with other data provided by Google. This information may also be transferred to third parties if required by law or if third parties process this data on order.

This website uses the “demographic features” function of Google Analytics. As a result, reports can be produced that contain statements on the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This data can not be assigned to a specific person. You can disable this feature at any time through the ad settings in your Google Account, or generally prohibit Google Analytics from collecting your data, as shown below.

2. Lawfulness of processing

The legal basis for the processing of personal data using Google Analytics is Article 6 (1)(f) GDPR.

3. Purpose

Google Analytics is used for the purpose of needs-based design and continuous optimization of the Internet presence.

Google Analytics is used to statistically record the use of the internet presence and to evaluate it for the purpose of optimizing the service.

The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and tailor-made website design.

In the above-mentioned purposes, the legitimate and overriding interest of the responsible parties lies in the processing according to art. 6 (1)(f) GDPR.

4. Storage, objection and deleting options

The affected person can prevent the installation of cookies by setting the browser software accordingly; It should be noted, however, that in this case not all features of this website may be fully used.

In addition, the data subject can prevent the collection of data related to your use of the website (including the IP address) generated by the cookie, as well as the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).

As an alternative to the browser add-on, in particular for browsers on mobile devices, the person concerned can also prevent data collection by Google Analytics by clicking on this link: (Deactivate Google Analytics). An opt-out cookie is set which prevents the future collection of data when visiting this website. The opt-out cookie is only valid in this browser and only for this website and is stored on the used device. If the cookies are deleted in this browser, the opt-out cookie must be set again.

For more information about privacy in connection with Google Analytics, refer the Google Analytics Help Center.
(https://support.google.com/analytics/answer/6004245?hl=en).

VI. YouTube Videos

1. Scope of processing

The party responsible used the embedding feature of the platform “YouTube” to display and play videos on its website. „YouTube” is part of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“).

It uses the advanced data protection mode, which according to "YouTube" initiates storage of user information only when the video is playing. When the playback of embedded YouTube videos is started, "YouTube" sets cookies to collect information about user behavior. If the data subject is logged in to Google upon playback, the data is assigned directly to the data subject's Google Account. To prevent this association with your profile, you can log out before activating the video. Google stores your data (even for logged- out users) as usage profiles and analyzes them.

Regardless of the playback of the embedded video, every time you visit this website you will be connected to the Google Network "DoubleClick", which may trigger further data processing.

2. Lawfulness of processing

Legal basis for the processing of personal data using YouTube is art. 6(1)(f) GDPR.

3. Purpose

According to "YouTube", this is done by YouTube to capture video statistics, improve user-friendliness and prevent abusive practices while the responsible party uses "YouTube videos" to visualize their services.

In the aforementioned purposes there is a legitimate and overriding interest in the data processing according to art. (6)(1)(f) GDPR.

4. Objection- and deletion options

Data subjects have the right to object to the creation of usage profiles.The objection is exercised towards “YouTube”.

Google LLC, based in the United States, is EU-US Privacy Shield certified, which ensures compliance with the level of data protection in the EU.

For more information on "YouTube" privacy, please refer to the Google Privacy Policy: https://www.google.com/intl/en/policies/privacy

VII. Application procedure

The controller collects and processes the personal data provided by applicants for the purpose of executing the application process. If necessary, the processing can also be carried out electronically. In the case of a contract of employment with an applicant, the transmitted data will be stored for the purpose of the employment relationship in compliance with legal provisions. If no employment contract is finalized with the applicant, the application documents will be automatically deleted within 10 weeks of notification of rejection, provided that deletion does not prejudice the legitimate interests of the controller (eg, a burden of proof in a case based on the General Equal Treatment Act).

VIII. Rights of the data subject

Concerning the processing of a data subject’s personal data, the data subject is the party concerned and is entitled to the following rights towards the party responsible:

1. Right of confirmation

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed.

2. Right of access

Right to access to the personal data and the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to article 46 relating to the transfer.

The controller shall provide a copy of the personal data undergoing processing as long as its posessal does not adversely affect the rights and freedoms of others.

3. Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. 2Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4. Right to erasure („right to be forgotten“)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing.
  3. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2).
  4. the personal data have been unlawfully processed.
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1)

Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

5. Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
  4. the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

6. Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

  1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
  2. the processing is carried out by automated means.

In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

7. Right to object

  1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. 2The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  4. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

8. Automated individual decision-making, including profiling

  1. 1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, except it is necessary for entering into, or performance of, a contract between the data subject and a data controller, is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or is based on the data subject’s explicit consent.
  2. 2. If it is necessary for entering into, or performance of, a contract between the data subject and a data controller, or is based on the data subject’s explicit consent the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

9. Right of withdrawal

The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.