In this declaration you will find information about the processing of personal data when using our website. Personal data are all data that can be related to you personally, e.g. Name, address, e-mail addresses, user behavior.
I. Name and address of the responsible person and contact details of the data protection officer
Responsible according to EU-General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
AAF Lufttechnik GmbH
Managing director: Toshifumi Namura
telephone: +49 (0)6252 69977-0
2. Contact details of the data protection officer
You can contact our data protection officer via:
Osaka Umeda Twin Towers South, 1-13-1 Umeda, Kita-ku, Osaka, Japan 530-0001
E-mail address: email@example.com or via the postal address with the addition “Attn: data protection officer”.
II. General information on data processing
1. Scope of processing personal data
In principle, we only process personal data of our users insofar as this is necessary for the provision of a functional website and for our content and services. The processing of personal data of our users takes place regularly but only with the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
a) Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR)
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 Abs. 1 lit. a EU-General Data Protection Regulation (GDPR) serves as the legal basis.
b) Contract fulfillment and pre-contractual inquires (Art. 6 Para. 1 S. 1 lit. b. GDPR)
When processing personal data that is required to fulfill a contract to which the data subject is a party, Art. 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
c) Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR)
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR serves as the legal basis.
d) Protection of vital interests (Art. 6 Para. 1 S. 1 lit. d. GDPR)
in the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Para. 1 lit. d GDPR serves as the legal basis.
e) Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR)
if processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interests, Art. 6 Para. 1 lit. f DSGVO served as the legal basis for the processing.
In addition to the GDPR, there is national law, such as the Federal Data Protection Act (BDSG), which may contain special regulations.
3. Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage does no longer apply. Storage can also take place if this has been provided by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data in order to conclude or fulfill a contract.
III. Safety measures
In order to ensure an appropriate level of protection, technical and organizational measures are taken in accordance with the legal requirements, particularly taking into account the following criteria:
2) implementation costs
3) type, scope and purpose of processing
4) the probability of occurrence and extent of the threat to the rights and freedoms of natural persons.
In addition, when selecting the measures, particular emphasis is placed on securing confidentiality, integrity and the availability of data.
For example, SSL encryption is used to protect the transmitted data during data exchange. You can recognize this on the one hand by „https://“ in the URL and on the other hand by the lock symbol displayed in the browser in the address bar.
Procedures are implemented that adequately guarantee the exercise of data subject rights, such as deletion.
In addition, data protection is taken into account through data protections – friendly default settings (privacy by default) and technology design (privacy by design).
IV. Transfer of personal data to third parties
As part of the processing of personal data, it is possible that data may be transmitted to other companies, legally independent organizational units or persons or disclosed to them. This is the case, for example, with IT service providers such as the present Web hosting by qwertiko GmbH (Waldstrasse 41-43, 76133 Karlsruhe; Germany) or the internet agency Navigate AG (Waldstrasse 41-43, 76133 Karlsruhe, Germany).
V. Data processing in third countries
Data processing in third countries- i.e. in countries outside the European Union (EU), the European Economic Area (EEA) – does not take place directly by the person responsible.
If service providers, such as Google Ireland Limited with the parent company Google LLC in the USA, should process data outside of the European Union, this is done in accordance with the legal requirements, according to the service provider.
We only process data, subject to express consent or contractually or legally required transmission, in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations.
VI. Provision of the website and creation of log files
1. Description and scope of data processing
This website is operated by the web hosting provider qwertiko GmbH (Waldstraße 41-43, 76133 Karlsruhe) on their servers.
Every time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:
(1) information about the browser type and the version used
(2) the user’s operating system
(3) the user’s IP address
(4) date and time of access
(5) websites from which the user’s system reached our website.
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Affected person
The person concerned is the respective website visitor.
3. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 lit. f GDPR.
4. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. To do this, the user’s IP address must be saved for the duration of the session.
The storage in log files takes place in order to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
This is also the basis for our justified interest in data processing according to Art. 6 para. 1 lit. f DSGVO.
5. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after 14 days at the latest. Any further storage is possible. In this case, the IP addresses of the users will be deleted or alienated so that it is no longer possible to assign the accessing client.
6. Opposition and removal option
The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility of objection on the part of the user.