skip to Main Content

PRIVACY POLICY

We are very delight­ed that you have shown inter­est in our enter­prise. Data pro­tec­tion is of a par­tic­u­lar­ly high pri­or­i­ty for the man­age­ment of the Alpa­Suri GbR B. Bruns & W. Stamp. Our web­site is pri­mar­i­ly an infor­ma­tion page. We hard­ly process per­son­al data on the web­site. Only in a few places we need your per­son­al data in order to be able to offer you cer­tain ser­vices, e.g. appli­ca­tions, orders. You can also use the web­site with­out dis­clos­ing or oth­er­wise leav­ing us any per­son­al data, espe­cial­ly if you deac­ti­vate cook­ies. If the pro­cess­ing of per­son­al data is required and there is no legal basis for such pro­cess­ing, we gen­er­al­ly seek the con­sent of the data sub­ject. If the pro­cess­ing of per­son­al data is nec­es­sary and there is no statu­to­ry basis for such pro­cess­ing, we gen­er­al­ly obtain con­sent from the data sub­ject.

The pro­cess­ing of per­son­al data, such as the name, address, e-mail address, or tele­phone num­ber of a data sub­ject shall always be in line with the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), and in accor­dance with the coun­try-spe­cif­ic data pro­tec­tion reg­u­la­tions applic­a­ble to the Alpa­Suri GbR B. Bruns & W. Stamp. By means of this data pro­tec­tion dec­la­ra­tion, our enter­prise would like to inform the gen­er­al pub­lic of the nature, scope, and pur­pose of the per­son­al data we col­lect, use and process. Fur­ther­more, data sub­jects are informed, by means of this data pro­tec­tion dec­la­ra­tion, of the rights to which they are enti­tled.

As the con­troller, the Alpa­Suri GbR B. Bruns & W. Stamp has imple­ment­ed numer­ous tech­ni­cal and orga­ni­za­tion­al mea­sures to ensure the most com­plete pro­tec­tion of per­son­al data processed through this web­site. How­ev­er, Inter­net-based data trans­mis­sions may in prin­ci­ple have secu­ri­ty gaps, so absolute pro­tec­tion may not be guar­an­teed. For this rea­son, every data sub­ject is free to trans­fer per­son­al data to us via alter­na­tive means, e.g. by tele­phone.

1. Definitions

The data pro­tec­tion dec­la­ra­tion of the Alpa­Suri GbR B. Bruns & W. Stamp is based on the terms used by the Euro­pean leg­is­la­tor for the adop­tion of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR). Our data pro­tec­tion dec­la­ra­tion should be leg­i­ble and under­stand­able for the gen­er­al pub­lic, as well as our cus­tomers and busi­ness part­ners. To ensure this, we would like to first explain the ter­mi­nol­o­gy used.

In this data pro­tec­tion dec­la­ra­tion, we use, inter alia, the fol­low­ing terms:

  • a)    Personal data

    Per­son­al data means any infor­ma­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (“data sub­ject”). An iden­ti­fi­able nat­ur­al per­son is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in par­tic­u­lar by ref­er­ence to an iden­ti­fi­er such as a name, an iden­ti­fi­ca­tion num­ber, loca­tion data, an online iden­ti­fi­er or to one or more fac­tors spe­cif­ic to the phys­i­cal, phys­i­o­log­i­cal, genet­ic, men­tal, eco­nom­ic, cul­tur­al or social iden­ti­ty of that nat­ur­al per­son.

  • b) Data subject

    Data sub­ject is any iden­ti­fied or iden­ti­fi­able nat­ur­al per­son, whose per­son­al data is processed by the con­troller respon­si­ble for the pro­cess­ing.

  • c)    Processing

    Pro­cess­ing is any oper­a­tion or set of oper­a­tions which is per­formed on per­son­al data or on sets of per­son­al data, whether or not by auto­mat­ed means, such as col­lec­tion, record­ing, organ­i­sa­tion, struc­tur­ing, stor­age, adap­ta­tion or alter­ation, retrieval, con­sul­ta­tion, use, dis­clo­sure by trans­mis­sion, dis­sem­i­na­tion or oth­er­wise mak­ing avail­able, align­ment or com­bi­na­tion, restric­tion, era­sure or destruc­tion.

  • d)    Restriction of processing

    Restric­tion of pro­cess­ing is the mark­ing of stored per­son­al data with the aim of lim­it­ing their pro­cess­ing in the future.

  • e)    Profiling

    Pro­fil­ing means any form of auto­mat­ed pro­cess­ing of per­son­al data con­sist­ing of the use of per­son­al data to eval­u­ate cer­tain per­son­al aspects relat­ing to a nat­ur­al per­son, in par­tic­u­lar to analyse or pre­dict aspects con­cern­ing that nat­ur­al person’s per­for­mance at work, eco­nom­ic sit­u­a­tion, health, per­son­al pref­er­ences, inter­ests, reli­a­bil­i­ty, behav­iour, loca­tion or move­ments.

  • f)     Pseudonymisation

    Pseu­do­nymi­sa­tion is the pro­cess­ing of per­son­al data in such a man­ner that the per­son­al data can no longer be attrib­uted to a spe­cif­ic data sub­ject with­out the use of addi­tion­al infor­ma­tion, pro­vid­ed that such addi­tion­al infor­ma­tion is kept sep­a­rate­ly and is sub­ject to tech­ni­cal and organ­i­sa­tion­al mea­sures to ensure that the per­son­al data are not attrib­uted to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son.

  • g)    Controller or controller responsible for the processing

    Con­troller or con­troller respon­si­ble for the pro­cess­ing is the nat­ur­al or legal per­son, pub­lic author­i­ty, agency or oth­er body which, alone or joint­ly with oth­ers, deter­mines the pur­pos­es and means of the pro­cess­ing of per­son­al data; where the pur­pos­es and means of such pro­cess­ing are deter­mined by Union or Mem­ber State law, the con­troller or the spe­cif­ic cri­te­ria for its nom­i­na­tion may be pro­vid­ed for by Union or Mem­ber State law.

  • h)    Processor

    Proces­sor is a nat­ur­al or legal per­son, pub­lic author­i­ty, agency or oth­er body which process­es per­son­al data on behalf of the con­troller.

  • i)      Recipient

    Recip­i­ent is a nat­ur­al or legal per­son, pub­lic author­i­ty, agency or anoth­er body, to which the per­son­al data are dis­closed, whether a third par­ty or not. How­ev­er, pub­lic author­i­ties which may receive per­son­al data in the frame­work of a par­tic­u­lar inquiry in accor­dance with Union or Mem­ber State law shall not be regard­ed as recip­i­ents; the pro­cess­ing of those data by those pub­lic author­i­ties shall be in com­pli­ance with the applic­a­ble data pro­tec­tion rules accord­ing to the pur­pos­es of the pro­cess­ing.

  • j)      Third party

    Third par­ty is a nat­ur­al or legal per­son, pub­lic author­i­ty, agency or body oth­er than the data sub­ject, con­troller, proces­sor and per­sons who, under the direct author­i­ty of the con­troller or proces­sor, are autho­rised to process per­son­al data.

  • k)    Consent

    Con­sent of the data sub­ject is any freely giv­en, spe­cif­ic, informed and unam­bigu­ous indi­ca­tion of the data subject’s wish­es by which he or she, by a state­ment or by a clear affir­ma­tive action, sig­ni­fies agree­ment to the pro­cess­ing of per­son­al data relat­ing to him or her.

2. Name and Address of the controller

Con­troller for the pur­pos­es of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), oth­er data pro­tec­tion laws applic­a­ble in Mem­ber states of the Euro­pean Union and oth­er pro­vi­sions relat­ed to data pro­tec­tion is:

Alpa­Suri GbR B. Bruns & W. Stamp
Elbufer­straße 12
21423 Win­sen / Luhe
Deutsch­land

Phone: +49 (0)4179 — 4179 752670
Email: info@alpasuri.com
Web­site: https://www.alpasuri.com

3. Cookies

The Inter­net pages of the Alpa­Suri GbR B. Bruns & W. Stamp use cook­ies. Cook­ies are text files that are stored in a com­put­er sys­tem via an Inter­net brows­er.

Many Inter­net sites and servers use cook­ies. Many cook­ies con­tain a so-called cook­ie ID. A cook­ie ID is a unique iden­ti­fi­er of the cook­ie. It con­sists of a char­ac­ter string through which Inter­net pages and servers can be assigned to the spe­cif­ic Inter­net brows­er in which the cook­ie was stored. This allows vis­it­ed Inter­net sites and servers to dif­fer­en­ti­ate the indi­vid­ual brows­er of the dats sub­ject from oth­er Inter­net browsers that con­tain oth­er cook­ies. A spe­cif­ic Inter­net brows­er can be rec­og­nized and iden­ti­fied using the unique cook­ie ID.

Through the use of cook­ies, the Alpa­Suri GbR B. Bruns & W. Stamp can pro­vide the users of this web­site with more user-friend­ly ser­vices that would not be pos­si­ble with­out the cook­ie set­ting.

By means of a cook­ie, the infor­ma­tion and offers on our web­site can be opti­mized with the user in mind. Cook­ies allow us, as pre­vi­ous­ly men­tioned, to rec­og­nize our web­site users. The pur­pose of this recog­ni­tion is to make it eas­i­er for users to uti­lize our web­site. The web­site user that uses cook­ies, e.g. does not have to enter access data each time the web­site is accessed, because this is tak­en over by the web­site, and the cook­ie is thus stored on the user’s com­put­er sys­tem. Anoth­er exam­ple is the cook­ie of a shop­ping cart in an online shop. The online store remem­bers the arti­cles that a cus­tomer has placed in the vir­tu­al shop­ping cart via a cook­ie.

The data sub­ject may, at any time, pre­vent the set­ting of cook­ies through our web­site by means of a cor­re­spond­ing set­ting of the Inter­net brows­er used, and may thus per­ma­nent­ly deny the set­ting of cook­ies. Fur­ther­more, already set cook­ies may be delet­ed at any time via an Inter­net brows­er or oth­er soft­ware pro­grams. This is pos­si­ble in all pop­u­lar Inter­net browsers. If the data sub­ject deac­ti­vates the set­ting of cook­ies in the Inter­net brows­er used, not all func­tions of our web­site may be entire­ly usable.

4. Collection of general data and information

The web­site of the Alpa­Suri GbR B. Bruns & W. Stamp col­lects a series of gen­er­al data and infor­ma­tion when a data sub­ject or auto­mat­ed sys­tem calls up the web­site. This gen­er­al data and infor­ma­tion are stored in the serv­er log files. Col­lect­ed may be (1) the brows­er types and ver­sions used, (2) the oper­at­ing sys­tem used by the access­ing sys­tem, (3) the web­site from which an access­ing sys­tem reach­es our web­site (so-called refer­rers), (4) the sub-web­sites, (5) the date and time of access to the Inter­net site, (6) an Inter­net pro­to­col address (IP address), (7) the Inter­net ser­vice provider of the access­ing sys­tem, and (8) any oth­er sim­i­lar data and infor­ma­tion that may be used in the event of attacks on our infor­ma­tion tech­nol­o­gy sys­tems.

When using these gen­er­al data and infor­ma­tion, the Alpa­Suri GbR B. Bruns & W. Stamp does not draw any con­clu­sions about the data sub­ject. Rather, this infor­ma­tion is need­ed to (1) deliv­er the con­tent of our web­site cor­rect­ly, (2) opti­mize the con­tent of our web­site as well as its adver­tise­ment, (3) ensure the long-term via­bil­i­ty of our infor­ma­tion tech­nol­o­gy sys­tems and web­site tech­nol­o­gy, and (4) pro­vide law enforce­ment author­i­ties with the infor­ma­tion nec­es­sary for crim­i­nal pros­e­cu­tion in case of a cyber-attack. There­fore, the Alpa­Suri GbR B. Bruns & W. Stamp ana­lyzes anony­mous­ly col­lect­ed data and infor­ma­tion sta­tis­ti­cal­ly, with the aim of increas­ing the data pro­tec­tion and data secu­ri­ty of our enter­prise, and to ensure an opti­mal lev­el of pro­tec­tion for the per­son­al data we process. The anony­mous data of the serv­er log files are stored sep­a­rate­ly from all per­son­al data pro­vid­ed by a data sub­ject.

5. Registration on our website

The data sub­ject has the pos­si­bil­i­ty to reg­is­ter on the web­site of the con­troller with the indi­ca­tion of per­son­al data. Which per­son­al data are trans­mit­ted to the con­troller is deter­mined by the respec­tive input mask used for the reg­is­tra­tion. The per­son­al data entered by the data sub­ject are col­lect­ed and stored exclu­sive­ly for inter­nal use by the con­troller, and for his own pur­pos­es. The con­troller may request trans­fer to one or more proces­sors (e.g. a par­cel ser­vice) that also uses per­son­al data for an inter­nal pur­pose which is attrib­ut­able to the con­troller.

By reg­is­ter­ing on the web­site of the con­troller, the IP address—assigned by the Inter­net ser­vice provider (ISP) and used by the data subject—date, and time of the reg­is­tra­tion are also stored. The stor­age of this data takes place against the back­ground that this is the only way to pre­vent the mis­use of our ser­vices, and, if nec­es­sary, to make it pos­si­ble to inves­ti­gate com­mit­ted offens­es. Inso­far, the stor­age of this data is nec­es­sary to secure the con­troller. This data is not passed on to third par­ties unless there is a statu­to­ry oblig­a­tion to pass on the data, or if the trans­fer serves the aim of crim­i­nal pros­e­cu­tion.

The reg­is­tra­tion of the data sub­ject, with the vol­un­tary indi­ca­tion of per­son­al data, is intend­ed to enable the con­troller to offer the data sub­ject con­tents or ser­vices that may only be offered to reg­is­tered users due to the nature of the mat­ter in ques­tion. Reg­is­tered per­sons are free to change the per­son­al data spec­i­fied dur­ing the reg­is­tra­tion at any time, or to have them com­plete­ly delet­ed from the data stock of the con­troller.

The data con­troller shall, at any time, pro­vide infor­ma­tion upon request to each data sub­ject as to what per­son­al data are stored about the data sub­ject. In addi­tion, the data con­troller shall cor­rect or erase per­son­al data at the request or indi­ca­tion of the data sub­ject, inso­far as there are no statu­to­ry stor­age oblig­a­tions. The entire­ty of the controller’s employ­ees are avail­able to the data sub­ject in this respect as con­tact per­sons.

6. Contact possibility via the website

The web­site of the Alpa­Suri GbR B. Bruns & W. Stamp con­tains infor­ma­tion that enables a quick elec­tron­ic con­tact to our enter­prise, as well as direct com­mu­ni­ca­tion with us, which also includes a gen­er­al address of the so-called elec­tron­ic mail (e-mail address). If a data sub­ject con­tacts the con­troller by e-mail or via a con­tact form, the per­son­al data trans­mit­ted by the data sub­ject are auto­mat­i­cal­ly stored. Such per­son­al data trans­mit­ted on a vol­un­tary basis by a data sub­ject to the data con­troller are stored for the pur­pose of pro­cess­ing or con­tact­ing the data sub­ject. There is no trans­fer of this per­son­al data to third par­ties.

7. Routine erasure and blocking of personal data

The data con­troller shall process and store the per­son­al data of the data sub­ject only for the peri­od nec­es­sary to achieve the pur­pose of stor­age, or as far as this is grant­ed by the Euro­pean leg­is­la­tor or oth­er leg­is­la­tors in laws or reg­u­la­tions to which the con­troller is sub­ject to.

If the stor­age pur­pose is not applic­a­ble, or if a stor­age peri­od pre­scribed by the Euro­pean leg­is­la­tor or anoth­er com­pe­tent leg­is­la­tor expires, the per­son­al data are rou­tine­ly blocked or erased in accor­dance with legal require­ments.

8. Rights of the data subject

  • a) Right of confirmation

    Each data sub­ject shall have the right grant­ed by the Euro­pean leg­is­la­tor to obtain from the con­troller the con­fir­ma­tion as to whether or not per­son­al data con­cern­ing him or her are being processed. If a data sub­ject wish­es to avail him­self of this right of con­fir­ma­tion, he or she may, at any time, con­tact any employ­ee of the con­troller.

  • b) Right of access

    Each data sub­ject shall have the right grant­ed by the Euro­pean leg­is­la­tor to obtain from the con­troller free infor­ma­tion about his or her per­son­al data stored at any time and a copy of this infor­ma­tion. Fur­ther­more, the Euro­pean direc­tives and reg­u­la­tions grant the data sub­ject access to the fol­low­ing infor­ma­tion:

    • the pur­pos­es of the pro­cess­ing;
    • the cat­e­gories of per­son­al data con­cerned;
    • the recip­i­ents or cat­e­gories of recip­i­ents to whom the per­son­al data have been or will be dis­closed, in par­tic­u­lar recip­i­ents in third coun­tries or inter­na­tion­al organ­i­sa­tions;
    • where pos­si­ble, the envis­aged peri­od for which the per­son­al data will be stored, or, if not pos­si­ble, the cri­te­ria used to deter­mine that peri­od;
    • the exis­tence of the right to request from the con­troller rec­ti­fi­ca­tion or era­sure of per­son­al data, or restric­tion of pro­cess­ing of per­son­al data con­cern­ing the data sub­ject, or to object to such pro­cess­ing;
    • the exis­tence of the right to lodge a com­plaint with a super­vi­so­ry author­i­ty;
    • where the per­son­al data are not col­lect­ed from the data sub­ject, any avail­able infor­ma­tion as to their source;
    • the exis­tence of auto­mat­ed deci­sion-mak­ing, includ­ing pro­fil­ing, referred to in Arti­cle 22(1) and (4) of the GDPR and, at least in those cas­es, mean­ing­ful infor­ma­tion about the log­ic involved, as well as the sig­nif­i­cance and envis­aged con­se­quences of such pro­cess­ing for the data sub­ject.

    Fur­ther­more, the data sub­ject shall have a right to obtain infor­ma­tion as to whether per­son­al data are trans­ferred to a third coun­try or to an inter­na­tion­al organ­i­sa­tion. Where this is the case, the data sub­ject shall have the right to be informed of the appro­pri­ate safe­guards relat­ing to the trans­fer.

    If a data sub­ject wish­es to avail him­self of this right of access, he or she may, at any time, con­tact any employ­ee of the con­troller.

  • c) Right to rectification

    Each data sub­ject shall have the right grant­ed by the Euro­pean leg­is­la­tor to obtain from the con­troller with­out undue delay the rec­ti­fi­ca­tion of inac­cu­rate per­son­al data con­cern­ing him or her. Tak­ing into account the pur­pos­es of the pro­cess­ing, the data sub­ject shall have the right to have incom­plete per­son­al data com­plet­ed, includ­ing by means of pro­vid­ing a sup­ple­men­tary state­ment.

    If a data sub­ject wish­es to exer­cise this right to rec­ti­fi­ca­tion, he or she may, at any time, con­tact any employ­ee of the con­troller.

  • d) Right to erasure (Right to be forgotten)

    Each data sub­ject shall have the right grant­ed by the Euro­pean leg­is­la­tor to obtain from the con­troller the era­sure of per­son­al data con­cern­ing him or her with­out undue delay, and the con­troller shall have the oblig­a­tion to erase per­son­al data with­out undue delay where one of the fol­low­ing grounds applies, as long as the pro­cess­ing is not nec­es­sary:

    • The per­son­al data are no longer nec­es­sary in rela­tion to the pur­pos­es for which they were col­lect­ed or oth­er­wise processed.
    • The data sub­ject with­draws con­sent to which the pro­cess­ing is based accord­ing to point (a) of Arti­cle 6(1) of the GDPR, or point (a) of Arti­cle 9(2) of the GDPR, and where there is no oth­er legal ground for the pro­cess­ing.
    • The data sub­ject objects to the pro­cess­ing pur­suant to Arti­cle 21(1) of the GDPR and there are no over­rid­ing legit­i­mate grounds for the pro­cess­ing, or the data sub­ject objects to the pro­cess­ing pur­suant to Arti­cle 21(2) of the GDPR.
    • The per­son­al data have been unlaw­ful­ly processed.
    • The per­son­al data must be erased for com­pli­ance with a legal oblig­a­tion in Union or Mem­ber State law to which the con­troller is sub­ject.
    • The per­son­al data have been col­lect­ed in rela­tion to the offer of infor­ma­tion soci­ety ser­vices referred to in Arti­cle 8(1) of the GDPR.

    If one of the afore­men­tioned rea­sons applies, and a data sub­ject wish­es to request the era­sure of per­son­al data stored by the Alpa­Suri GbR B. Bruns & W. Stamp, he or she may, at any time, con­tact any employ­ee of the con­troller. An employ­ee of Alpa­Suri GbR B. Bruns & W. Stamp shall prompt­ly ensure that the era­sure request is com­plied with imme­di­ate­ly.

    Where the con­troller has made per­son­al data pub­lic and is oblig­ed pur­suant to Arti­cle 17(1) to erase the per­son­al data, the con­troller, tak­ing account of avail­able tech­nol­o­gy and the cost of imple­men­ta­tion, shall take rea­son­able steps, includ­ing tech­ni­cal mea­sures, to inform oth­er con­trollers pro­cess­ing the per­son­al data that the data sub­ject has request­ed era­sure by such con­trollers of any links to, or copy or repli­ca­tion of, those per­son­al data, as far as pro­cess­ing is not required. An employ­ees of the Alpa­Suri GbR B. Bruns & W. Stamp will arrange the nec­es­sary mea­sures in indi­vid­ual cas­es.

  • e) Right of restriction of processing

    Each data sub­ject shall have the right grant­ed by the Euro­pean leg­is­la­tor to obtain from the con­troller restric­tion of pro­cess­ing where one of the fol­low­ing applies:

    • The accu­ra­cy of the per­son­al data is con­test­ed by the data sub­ject, for a peri­od enabling the con­troller to ver­i­fy the accu­ra­cy of the per­son­al data.
    • The pro­cess­ing is unlaw­ful and the data sub­ject oppos­es the era­sure of the per­son­al data and requests instead the restric­tion of their use instead.
    • The con­troller no longer needs the per­son­al data for the pur­pos­es of the pro­cess­ing, but they are required by the data sub­ject for the estab­lish­ment, exer­cise or defence of legal claims.
    • The data sub­ject has object­ed to pro­cess­ing pur­suant to Arti­cle 21(1) of the GDPR pend­ing the ver­i­fi­ca­tion whether the legit­i­mate grounds of the con­troller over­ride those of the data sub­ject.

    If one of the afore­men­tioned con­di­tions is met, and a data sub­ject wish­es to request the restric­tion of the pro­cess­ing of per­son­al data stored by the Alpa­Suri GbR B. Bruns & W. Stamp, he or she may at any time con­tact any employ­ee of the con­troller. The employ­ee of the Alpa­Suri GbR B. Bruns & W. Stamp will arrange the restric­tion of the pro­cess­ing.

  • f) Right to data portability

    Each data sub­ject shall have the right grant­ed by the Euro­pean leg­is­la­tor, to receive the per­son­al data con­cern­ing him or her, which was pro­vid­ed to a con­troller, in a struc­tured, com­mon­ly used and machine-read­able for­mat. He or she shall have the right to trans­mit those data to anoth­er con­troller with­out hin­drance from the con­troller to which the per­son­al data have been pro­vid­ed, as long as the pro­cess­ing is based on con­sent pur­suant to point (a) of Arti­cle 6(1) of the GDPR or point (a) of Arti­cle 9(2) of the GDPR, or on a con­tract pur­suant to point (b) of Arti­cle 6(1) of the GDPR, and the pro­cess­ing is car­ried out by auto­mat­ed means, as long as the pro­cess­ing is not nec­es­sary for the per­for­mance of a task car­ried out in the pub­lic inter­est or in the exer­cise of offi­cial author­i­ty vest­ed in the con­troller.

    Fur­ther­more, in exer­cis­ing his or her right to data porta­bil­i­ty pur­suant to Arti­cle 20(1) of the GDPR, the data sub­ject shall have the right to have per­son­al data trans­mit­ted direct­ly from one con­troller to anoth­er, where tech­ni­cal­ly fea­si­ble and when doing so does not adverse­ly affect the rights and free­doms of oth­ers.

    In order to assert the right to data porta­bil­i­ty, the data sub­ject may at any time con­tact any employ­ee of the Alpa­Suri GbR B. Bruns & W. Stamp.

  • g) Right to object

    Each data sub­ject shall have the right grant­ed by the Euro­pean leg­is­la­tor to object, on grounds relat­ing to his or her par­tic­u­lar sit­u­a­tion, at any time, to pro­cess­ing of per­son­al data con­cern­ing him or her, which is based on point (e) or (f) of Arti­cle 6(1) of the GDPR. This also applies to pro­fil­ing based on these pro­vi­sions.

    The Alpa­Suri GbR B. Bruns & W. Stamp shall no longer process the per­son­al data in the event of the objec­tion, unless we can demon­strate com­pelling legit­i­mate grounds for the pro­cess­ing which over­ride the inter­ests, rights and free­doms of the data sub­ject, or for the estab­lish­ment, exer­cise or defence of legal claims.

    If the Alpa­Suri GbR B. Bruns & W. Stamp process­es per­son­al data for direct mar­ket­ing pur­pos­es, the data sub­ject shall have the right to object at any time to pro­cess­ing of per­son­al data con­cern­ing him or her for such mar­ket­ing. This applies to pro­fil­ing to the extent that it is relat­ed to such direct mar­ket­ing. If the data sub­ject objects to the Alpa­Suri GbR B. Bruns & W. Stamp to the pro­cess­ing for direct mar­ket­ing pur­pos­es, the Alpa­Suri GbR B. Bruns & W. Stamp will no longer process the per­son­al data for these pur­pos­es.

    In addi­tion, the data sub­ject has the right, on grounds relat­ing to his or her par­tic­u­lar sit­u­a­tion, to object to pro­cess­ing of per­son­al data con­cern­ing him or her by the Alpa­Suri GbR B. Bruns & W. Stamp for sci­en­tif­ic or his­tor­i­cal research pur­pos­es, or for sta­tis­ti­cal pur­pos­es pur­suant to Arti­cle 89(1) of the GDPR, unless the pro­cess­ing is nec­es­sary for the per­for­mance of a task car­ried out for rea­sons of pub­lic inter­est.

    In order to exer­cise the right to object, the data sub­ject may con­tact any employ­ee of the Alpa­Suri GbR B. Bruns & W. Stamp. In addi­tion, the data sub­ject is free in the con­text of the use of infor­ma­tion soci­ety ser­vices, and notwith­stand­ing Direc­tive 2002/58/EC, to use his or her right to object by auto­mat­ed means using tech­ni­cal spec­i­fi­ca­tions.

  • h) Automated individual decision-making, including profiling

    Each data sub­ject shall have the right grant­ed by the Euro­pean leg­is­la­tor not to be sub­ject to a deci­sion based sole­ly on auto­mat­ed pro­cess­ing, includ­ing pro­fil­ing, which pro­duces legal effects con­cern­ing him or her, or sim­i­lar­ly sig­nif­i­cant­ly affects him or her, as long as the deci­sion (1) is not is nec­es­sary for enter­ing into, or the per­for­mance of, a con­tract between the data sub­ject and a data con­troller, or (2) is not autho­rised by Union or Mem­ber State law to which the con­troller is sub­ject and which also lays down suit­able mea­sures to safe­guard the data subject’s rights and free­doms and legit­i­mate inter­ests, or (3) is not based on the data subject’s explic­it con­sent.

    If the deci­sion (1) is nec­es­sary for enter­ing into, or the per­for­mance of, a con­tract between the data sub­ject and a data con­troller, or (2) it is based on the data subject’s explic­it con­sent, the Alpa­Suri GbR B. Bruns & W. Stamp shall imple­ment suit­able mea­sures to safe­guard the data subject’s rights and free­doms and legit­i­mate inter­ests, at least the right to obtain human inter­ven­tion on the part of the con­troller, to express his or her point of view and con­test the deci­sion.

    If the data sub­ject wish­es to exer­cise the rights con­cern­ing auto­mat­ed indi­vid­ual deci­sion-mak­ing, he or she may, at any time, con­tact any employ­ee of the Alpa­Suri GbR B. Bruns & W. Stamp.

  • i) Right to withdraw data protection consent

    Each data sub­ject shall have the right grant­ed by the Euro­pean leg­is­la­tor to with­draw his or her con­sent to pro­cess­ing of his or her per­son­al data at any time.

    If the data sub­ject wish­es to exer­cise the right to with­draw the con­sent, he or she may, at any time, con­tact any employ­ee of the Alpa­Suri GbR B. Bruns & W. Stamp.

9. Data protection for applications and the application procedures

The data con­troller shall col­lect and process the per­son­al data of appli­cants for the pur­pose of the pro­cess­ing of the appli­ca­tion pro­ce­dure. The pro­cess­ing may also be car­ried out elec­tron­i­cal­ly. This is the case, in par­tic­u­lar, if an appli­cant sub­mits cor­re­spond­ing appli­ca­tion doc­u­ments by e-mail or by means of a web form on the web­site to the con­troller. If the data con­troller con­cludes an employ­ment con­tract with an appli­cant, the sub­mit­ted data will be stored for the pur­pose of pro­cess­ing the employ­ment rela­tion­ship in com­pli­ance with legal require­ments. If no employ­ment con­tract is con­clud­ed with the appli­cant by the con­troller, the appli­ca­tion doc­u­ments shall be auto­mat­i­cal­ly erased two months after noti­fi­ca­tion of the refusal deci­sion, pro­vid­ed that no oth­er legit­i­mate inter­ests of the con­troller are opposed to the era­sure. Oth­er legit­i­mate inter­est in this rela­tion is, e.g. a bur­den of proof in a pro­ce­dure under the Gen­er­al Equal Treat­ment Act (AGG).

10. Data protection provisions about the application and use of Getty Images Photos

On this web­site, the con­troller has inte­grat­ed com­po­nents of the enter­prise Get­ty Images. Get­ty Images is an Amer­i­can pic­ture agency. A pic­ture agency is an enter­prise which pro­vides images and oth­er image mate­r­i­al on the mar­ket. Gen­er­al­ly, pic­ture agen­cies mar­ket pho­tographs, illus­tra­tions and footage. A pic­ture agency licens­es dif­fer­ent cus­tomers, in par­tic­u­lar Inter­net web­site oper­a­tors, edi­tors of print and tele­vi­sion media and adver­tis­ing agen­cies, the images used by them.

The oper­at­ing com­pa­ny of the Get­ty Images com­po­nents is Get­ty Images Inter­na­tion­al, 1st floor, The Her­bert Build­ing, The Park, Car­rick­mines, Dublin 18, Ire­land.

Get­ty Images allows the embed­ding of stock images (where pos­si­bly free of charge). Embed­ding is the inclu­sion or inte­gra­tion of any spe­cif­ic for­eign con­tent, e.g. text, video or image data pro­vid­ed by a for­eign web­site, and then appears on the own web­site. A so-called embed­ded code is used to embed. An embed­ded code is an HTML code that is inte­grat­ed into a web­site from a web­site own­er. When an embed­ded code is inte­grat­ed by a web­site own­er, the exter­nal con­tent of the oth­er web­site is dis­played by default imme­di­ate­ly, as long as a web­site is vis­it­ed. To dis­play third-par­ty con­tent, the exter­nal con­tent is loaded direct­ly from the oth­er Inter­net site. Get­ty Images pro­vides fur­ther infor­ma­tion about the embed­ded of con­tent under http://www.gettyimages.de/resources/embed.

Through the tech­ni­cal imple­men­ta­tion of the embed­ded code, which allows the image dis­play of the images of Get­ty Images, the IP address of the Inter­net con­nec­tion, through which the data sub­ject access­es our web­site, is trans­mit­ted to Get­ty Images. Fur­ther, Get­ty Images col­lects our web­site, brows­er type, brows­er lan­guage, and time and length of access. In addi­tion, Get­ty Images may col­lect nav­i­ga­tion infor­ma­tion, which is infor­ma­tion about which of our sub­pages have been vis­it­ed by the data sub­ject and which links have been clicked on, as well as oth­er inter­ac­tions that the data sub­ject has car­ried out when vis­it­ing our web­site. This data may be stored and ana­lyzed by Get­ty Images.

Fur­ther infor­ma­tion and the applic­a­ble data pro­tec­tion pro­vi­sions of Get­ty Images may be retrieved under https://www.gettyimages.de/company/privacy-policy.

11. Payment Method: Data protection provisions about the use of PayPal as a payment processor

On this web­site, the con­troller has inte­grat­ed com­po­nents of Pay­Pal. Pay­Pal is an online pay­ment ser­vice provider. Pay­ments are processed via so-called Pay­Pal accounts, which rep­re­sent vir­tu­al pri­vate or busi­ness accounts. Pay­Pal is also able to process vir­tu­al pay­ments through cred­it cards when a user does not have a Pay­Pal account. A Pay­Pal account is man­aged via an e-mail address, which is why there are no clas­sic account num­bers. Pay­Pal makes it pos­si­ble to trig­ger online pay­ments to third par­ties or to receive pay­ments. Pay­Pal also accepts trustee func­tions and offers buy­er pro­tec­tion ser­vices.

The Euro­pean oper­at­ing com­pa­ny of Pay­Pal is Pay­Pal (Europe) S.à.r.l. & Cie. S.C.A., 22–24 Boule­vard Roy­al, 2449 Lux­em­bourg, Lux­em­bourg.

If the data sub­ject choos­es “Pay­Pal” as the pay­ment option in the online shop dur­ing the order­ing process, we auto­mat­i­cal­ly trans­mit the data of the data sub­ject to Pay­Pal. By select­ing this pay­ment option, the data sub­ject agrees to the trans­fer of per­son­al data required for pay­ment pro­cess­ing.

The per­son­al data trans­mit­ted to Pay­Pal is usu­al­ly first name, last name, address, email address, IP address, tele­phone num­ber, mobile phone num­ber, or oth­er data nec­es­sary for pay­ment pro­cess­ing. The pro­cess­ing of the pur­chase con­tract also requires such per­son­al data, which are in con­nec­tion with the respec­tive order.

The trans­mis­sion of the data is aimed at pay­ment pro­cess­ing and fraud pre­ven­tion. The con­troller will trans­fer per­son­al data to Pay­Pal, in par­tic­u­lar, if a legit­i­mate inter­est in the trans­mis­sion is giv­en. The per­son­al data exchanged between Pay­Pal and the con­troller for the pro­cess­ing of the data will be trans­mit­ted by Pay­Pal to eco­nom­ic cred­it agen­cies. This trans­mis­sion is intend­ed for iden­ti­ty and cred­it­wor­thi­ness checks.

Pay­Pal will, if nec­es­sary, pass on per­son­al data to affil­i­ates and ser­vice providers or sub­con­trac­tors to the extent that this is nec­es­sary to ful­fill con­trac­tu­al oblig­a­tions or for data to be processed in the order.

The data sub­ject has the pos­si­bil­i­ty to revoke con­sent for the han­dling of per­son­al data at any time from Pay­Pal. A revo­ca­tion shall not have any effect on per­son­al data which must be processed, used or trans­mit­ted in accor­dance with (con­trac­tu­al) pay­ment pro­cess­ing.

The applic­a­ble data pro­tec­tion pro­vi­sions of Pay­Pal may be retrieved under https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

12. Payment Method: Data protection provisions about the use of Sofortüberweisung as a payment processor

On this web­site, the con­troller has inte­grat­ed com­po­nents of Sofortüber­weisung. Sofortüber­weisung is a pay­ment ser­vice that allows cash­less pay­ment of prod­ucts and ser­vices on the Inter­net. Sofortüber­weisung is a tech­ni­cal pro­ce­dure by which the online deal­er imme­di­ate­ly receives a pay­ment con­fir­ma­tion. This enables a trad­er to deliv­er goods, ser­vices or down­loads to the cus­tomer imme­di­ate­ly after order­ing.

The oper­at­ing com­pa­ny of Sofortüber­weisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gaut­ing, Ger­many.

If the data sub­ject choos­es “imme­di­ate trans­fer” as the pay­ment option in our online shop dur­ing the order­ing process, the data of the data sub­ject will be trans­mit­ted to Sofortüber­weisung. By select­ing this pay­ment option, the data sub­ject agrees to the trans­mis­sion of per­son­al data required for pay­ment pro­cess­ing.

In the case of pur­chase pro­cess­ing via direct trans­fer, the buy­er sends the PIN and the TAN to Sofort GmbH. Sofortüber­weisung then car­ries out a trans­fer to the online mer­chant after tech­ni­cal ver­i­fi­ca­tion of the account sta­tus and retrieval of addi­tion­al data to check the account assign­ment. The online trad­er is then auto­mat­i­cal­ly informed of the exe­cu­tion of the finan­cial trans­ac­tion.

The per­son­al data exchanged with Sofortüber­weisung is the first name, last name, address, email address, IP address, tele­phone num­ber, mobile phone num­ber, or oth­er data nec­es­sary for pay­ment pro­cess­ing. The trans­mis­sion of the data is aimed at pay­ment pro­cess­ing and fraud pre­ven­tion. The con­troller shall imme­di­ate­ly trans­fer oth­er per­son­al data, even if a legit­i­mate inter­est in the trans­mis­sion exists. The per­son­al data exchanged between Sofortüber­weisung and the con­troller shall be trans­mit­ted by Sofortüber­weisung to eco­nom­ic cred­it agen­cies. This trans­mis­sion is intend­ed for iden­ti­ty and cred­it­wor­thi­ness checks.

Sofortüber­weisung pro­vides per­son­al data to affil­i­at­ed com­pa­nies and ser­vice providers or sub­con­trac­tors as far as this is nec­es­sary for the ful­fill­ment of con­trac­tu­al oblig­a­tions or data in order to be processed.

The data sub­ject has the pos­si­bil­i­ty to revoke the con­sent to the han­dling of per­son­al data at any time from Sofortüber­weisung. A revo­ca­tion shall not have any effect on per­son­al data which must be processed, used or trans­mit­ted in accor­dance with (con­trac­tu­al) pay­ment pro­cess­ing.

The applic­a­ble data pro­tec­tion pro­vi­sions of Sofortüber­weisung may be retrieved under https://www.sofort.com/eng-DE/datenschutzerklaerung-sofort-gmbh/.

13. Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the legal basis for pro­cess­ing oper­a­tions for which we obtain con­sent for a spe­cif­ic pro­cess­ing pur­pose. If the pro­cess­ing of per­son­al data is nec­es­sary for the per­for­mance of a con­tract to which the data sub­ject is par­ty, as is the case, for exam­ple, when pro­cess­ing oper­a­tions are nec­es­sary for the sup­ply of goods or to pro­vide any oth­er ser­vice, the pro­cess­ing is based on Arti­cle 6(1) lit. b GDPR. The same applies to such pro­cess­ing oper­a­tions which are nec­es­sary for car­ry­ing out pre-con­trac­tu­al mea­sures, for exam­ple in the case of inquiries con­cern­ing our prod­ucts or ser­vices. Is our com­pa­ny sub­ject to a legal oblig­a­tion by which pro­cess­ing of per­son­al data is required, such as for the ful­fill­ment of tax oblig­a­tions, the pro­cess­ing is based on Art. 6(1) lit. c GDPR.
In rare cas­es, the pro­cess­ing of per­son­al data may be nec­es­sary to pro­tect the vital inter­ests of the data sub­ject or of anoth­er nat­ur­al per­son. This would be the case, for exam­ple, if a vis­i­tor were injured in our com­pa­ny and his name, age, health insur­ance data or oth­er vital infor­ma­tion would have to be passed on to a doc­tor, hos­pi­tal or oth­er third par­ty. Then the pro­cess­ing would be based on Art. 6(1) lit. d GDPR.
Final­ly, pro­cess­ing oper­a­tions could be based on Arti­cle 6(1) lit. f GDPR. This legal basis is used for pro­cess­ing oper­a­tions which are not cov­ered by any of the above­men­tioned legal grounds, if pro­cess­ing is nec­es­sary for the pur­pos­es of the legit­i­mate inter­ests pur­sued by our com­pa­ny or by a third par­ty, except where such inter­ests are over­rid­den by the inter­ests or fun­da­men­tal rights and free­doms of the data sub­ject which require pro­tec­tion of per­son­al data. Such pro­cess­ing oper­a­tions are par­tic­u­lar­ly per­mis­si­ble because they have been specif­i­cal­ly men­tioned by the Euro­pean leg­is­la­tor. He con­sid­ered that a legit­i­mate inter­est could be assumed if the data sub­ject is a client of the con­troller (Recital 47 Sen­tence 2 GDPR).

14. The legitimate interests pursued by the controller or by a third party

Where the pro­cess­ing of per­son­al data is based on Arti­cle 6(1) lit. f GDPR our legit­i­mate inter­est is to car­ry out our busi­ness in favor of the well-being of all our employ­ees and the share­hold­ers.

15. Period for which the personal data will be stored

The cri­te­ria used to deter­mine the peri­od of stor­age of per­son­al data is the respec­tive statu­to­ry reten­tion peri­od. After expi­ra­tion of that peri­od, the cor­re­spond­ing data is rou­tine­ly delet­ed, as long as it is no longer nec­es­sary for the ful­fill­ment of the con­tract or the ini­ti­a­tion of a con­tract.

16. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data

We clar­i­fy that the pro­vi­sion of per­son­al data is part­ly required by law (e.g. tax reg­u­la­tions) or can also result from con­trac­tu­al pro­vi­sions (e.g. infor­ma­tion on the con­trac­tu­al part­ner).

Some­times it may be nec­es­sary to con­clude a con­tract that the data sub­ject pro­vides us with per­son­al data, which must sub­se­quent­ly be processed by us. The data sub­ject is, for exam­ple, oblig­ed to pro­vide us with per­son­al data when our com­pa­ny signs a con­tract with him or her. The non-pro­vi­sion of the per­son­al data would have the con­se­quence that the con­tract with the data sub­ject could not be con­clud­ed.

Before per­son­al data is pro­vid­ed by the data sub­ject, the data sub­ject must con­tact any employ­ee. The employ­ee clar­i­fies to the data sub­ject whether the pro­vi­sion of the per­son­al data is required by law or con­tract or is nec­es­sary for the con­clu­sion of the con­tract, whether there is an oblig­a­tion to pro­vide the per­son­al data and the con­se­quences of non-pro­vi­sion of the per­son­al data.

17. Serv­er log files and Webal­iz­er
When access­ing our offer, con­nec­tion data is stored. This means that each time a file is retrieved or attempt­ed to retrieve a file on this serv­er, by default for sys­tem secu­ri­ty and sta­tis­ti­cal pur­pos­es, the fol­low­ing data about this oper­a­tion is stored in a log file (serv­er log file):

  • full IP address
  • Time and method of the call
  • called URL
  • Ver­sion of the used HTTP pro­to­col
  • Result val­ue of the call
  • Size of the call in Kbytes
  • Page that was called before call­ing this page (refer­rer)
  • Infor­ma­tion about the brows­er and oper­at­ing sys­tem used

Based on this offer, the tool “Webal­iz­er”, a web analy­sis soft­ware for the sta­tis­ti­cal eval­u­a­tion of user access to the offer, is used. “Webal­iz­er” based on the data of the serv­er log files overviews for exam­ple, the num­ber of hits, file / page requests, vis­its, etc. A com­bi­na­tion of these eval­u­a­tions with oth­er data sources, in par­tic­u­lar per­son­al data is not made. The gen­er­at­ed infor­ma­tion is stored by the provider www.bytecamp.net in Ger­many. A dis­clo­sure to third par­ties does not occur.

18. Right of appeal to the com­pe­tent super­vi­so­ry author­i­ty
In the case of vio­la­tions of data pro­tec­tion law, the per­son con­cerned has the right of appeal to the com­pe­tent super­vi­so­ry author­i­ty. The com­pe­tent super­vi­so­ry author­i­ty for data pro­tec­tion issues is the state data pro­tec­tion offi­cer of the fed­er­al state in which our com­pa­ny is based. A list of the data pro­tec­tion offi­cers as well as their con­tact data can be tak­en from the fol­low­ing link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

19. Google Web Fonts
This site uses so-called web fonts, pro­vid­ed by Google, for the uni­form rep­re­sen­ta­tion of fonts. When you call up a page, your brows­er loads the required web fonts into your brows­er cache to dis­play texts and fonts cor­rect­ly.

To do this, the brows­er you use must con­nect to Google’s servers. As a result, Google learns that our web­site has been accessed via your IP address. The use of Google Web Fonts is in the inter­est of a con­sis­tent and attrac­tive pre­sen­ta­tion of our online ser­vices. This con­sti­tutes a legit­i­mate inter­est with­in the mean­ing of Art. 6 para. 1 lit. f DSGVO.

If your brows­er does not sup­port web fonts, a default font will be used by your com­put­er.

More infor­ma­tion about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s Pri­va­cy Pol­i­cy: https://www.google.com/policies/privacy/.

20. Google Maps
This site uses the map­ping ser­vice Google Maps via an API. Provider is Google Inc., 1600 Amphithe­ater Park­way, Moun­tain View, CA 94043, USA.

To use the fea­tures of Google Maps, it is nec­es­sary to save your IP address. This infor­ma­tion is usu­al­ly trans­mit­ted to and stored on a Google serv­er in the Unit­ed States. The provider of this site has no influ­ence on this data trans­fer.

The use of Google Maps is in the inter­est of an attrac­tive pre­sen­ta­tion of our online offers and an easy find­abil­i­ty of the places we have indi­cat­ed on the web­site. This con­sti­tutes a legit­i­mate inter­est with­in the mean­ing of Art. 6 para. 1 lit. f DSGVO.

For more infor­ma­tion on how to han­dle user data, please refer to Google’s Pri­va­cy Pol­i­cy: https://www.google.com/intl/en/policies/privacy/.

21. Existence of automated decision-making

As a respon­si­ble com­pa­ny, we do not use auto­mat­ic deci­sion-mak­ing or pro­fil­ing.

This Pri­va­cy Pol­i­cy has been gen­er­at­ed by the Pri­va­cy Pol­i­cy Gen­er­a­tor of the DGD — Your Exter­nal DPO that was devel­oped in coop­er­a­tion with Ger­man Lawyers from WILDE BEUGER SOLMECKE, Cologne.

Back To Top