Data protection

In general

‍
As the operator of this website and as a company, we come into contact with your personal data. This means all data that says something about you and with which you can be identified. In this privacy policy, we would like to explain to you how, for what purpose and on which legal basis we process your data.

‍
Responsible for data processing on this website and in our company is:
ACHIEFERS GmbH
Emmeramsplatz 6
93047 Regensburg
germany
Telephone: +49 160/99400311
email: info@achiefers.de

‍
General notes

SSL- bzw. TLS-Verschlüsselung

When you enter your data on websites, place online orders or send emails over the Internet, you must always expect unauthorised third parties to access your data. There is no complete protection against such access. However, we do everything we can to protect your data in the best possible way and to close the security gaps as far as possible.

An important protective mechanism is the SSL or TLS encryption of our website, which ensures that data that you transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the entered Internet address in your browser and by the fact that our Internet address starts with https://and not with http://.

‍
How long do we store your data?

At certain points in this privacy policy, we will inform you how long we or the companies that process your data on our behalf will retain your data. If no such information is provided, we will retain your data until the purpose for which it was processed no longer applies, you object to the processing, or you withdraw your consent to the processing.

In the event of an objection or revocation, however, we may continue to process your data if at least one of the following conditions is met: We have compelling legitimate grounds for continuing the data processing that outweigh your interests, rights, and freedoms (only in the case of an objection to data processing; if the objection is directed against direct marketing, we cannot provide any legitimate grounds). The data processing is necessary to assert, exercise, or defend legal claims (does not apply if your objection is directed against direct marketing). We are legally obliged to retain your data. In this case, we will delete your data as soon as the condition(s) no longer apply.

‍

‍
Transfer of data to the USA

We also use tools from companies on our website that transfer your data to the USA, where they store it and, if necessary, process it further. The European Commission has adopted an adequacy decision for the EU-US data protection framework. This determines that the USA ensures an adequate level of protection for personal data from the EU that is transferred to US companies. This decision is based on new safeguards and measures introduced by the USA to meet data protection requirements. The adequacy decision includes, among other things, restrictions and safeguards regarding US intelligence services' access to data. Binding safeguards have been introduced to limit US intelligence services' access to what is necessary and proportionate to protect national security. In addition, increased oversight of the activities of the US intelligence services has been established to ensure that restrictions on surveillance activities are adhered to. An independent redress mechanism has also been established to process and resolve complaints from European citizens about access to their data. The EU-US Data Protection Framework thus allows European companies to transfer data to certified US companies without having to implement additional data protection safeguards. A list of all certified companies can be found at the following link. A change to the European Commission's decision cannot be ruled out.

‍

‍
Your rights

Objection to data processing

‍
IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS IN PROCESSING YOUR DATA AND THEREFORE DO SO IN ACCORDANCE WITH ART. 6 PARA. 1 SENTENCE 1 LIT. F) GDPR, YOU HAVE THE RIGHT TO FILE AN OBJECTION UNDER ARTICLE 21 GDPR. THIS ALSO APPLIES TO PROFILING BASED ON THE ABOVE PROVISION. THE PREREQUISITE IS THAT YOU GIVE REASONS FOR THE OBJECTION ARISING FROM YOUR PARTICULAR SITUATION. A JUSTIFICATION IS NOT REQUIRED IF THE OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT MARKETING.

THE RESULT OF THE OBJECTION IS THAT WE ARE NO LONGER ALLOWED TO PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING REQUIREMENTS IS MET:

WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS.
THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTED AGAINST DIRECT ADVERTISING OR AGAINST PROFILING ASSOCIATED WITH IT.

‍
More rights

Withdrawal of your consent to data processing

Many data processing operations are based on your consent. You give this consent, for example, by checking the appropriate box on online forms before submitting them or by allowing certain cookies when you visit our website. You can revoke your consent at any time without giving reasons (Art. 7 (3) GDPR). From the time of revocation, we are no longer permitted to process your data. The only exception: We are legally obliged to retain the data for a certain period of time. Such retention periods exist, in particular, in tax and commercial law.

‍

‍
Right to lodge a complaint with the competent supervisory authority

If you believe that we are violating the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority under Article 77 GDPR. You can contact a supervisory authority in the Member State of your residence, place of work, or the place where the alleged violation occurred. This right of complaint exists alongside administrative or judicial remedies.

‍

‍
Right to data portability

‍
We must provide you or a third party with data that we process automatically based on your consent or in fulfillment of a contract in a common machine-readable format upon your request. We can only transfer the data to another controller if this is technically feasible.

‍
Right to access, delete and correct data

‍
According to Art. 15 GDPR, you have the right to receive information free of charge about what personal data we have stored about you, where the data comes from, to whom we transmit the data, and for what purpose it is stored. If the data is incorrect, you have the right to rectification (Art. 16 GDPR); under the conditions of Art. 17 GDPR, you may request that we delete the data.

‍
Right to restrict processing

In certain situations, according to Art. 18 GDPR, you can request that we restrict the processing of your data. The data may then – apart from storage – only be processed as follows:

with your consent
to assert, exercise or defend legal claims
to protect the rights of another natural or legal person
for reasons of important public interest of the European Union or a Member State
‍

The right to restrict processing exists in the following situations:

You have denied the accuracy of your personal data stored by us and we need time to verify this. The right exists here for the duration of the examination.
The processing of your personal data is wrongfully or was unlawful in the past. As an alternative, you have the right to delete the data here.
We no longer need your personal data, but you need it to exercise, defend or assert legal claims. As an alternative, you have the right to delete the data here.
You have filed an objection in accordance with Article 21 (1) GDPR and now your interests and ours must be weighed against each other. The law exists here as long as the result of the consideration has not yet been determined.

‍
Hosting und Content Delivery Networks (CDN)

‍
External hosting

Our website is located on a server from the following provider of Internet services (hoster):

Webflow, Inc.
398 11th Street
2nd Floor
San Francisco, CA 94103, USA

‍
Has an order processing contract been concluded with the host or are standard contractual clauses (SCC) used?

‍
yes

‍
How do we process your data?

The host stores all data from our website. This includes all personal data collected automatically or through your input. This can include, in particular, your IP address, pages accessed, names, contact details and requests, as well as metadata and communication data. When processing data, our host adheres to our instructions and only processes the data to the extent necessary to fulfill its service obligations to us.

‍
Auf welcher Rechtsgrundlage verarbeiten wir Ihre Daten?

‍
Since we address potential customers and maintain contact with existing customers via our website, the data processing by our host serves to initiate and fulfill the contract and is therefore based on Art. 6 (1) (b) GDPR. Furthermore, it is our legitimate interest as a company to provide a professional internet offering that meets the necessary requirements for security, speed, and efficiency. In this respect, we also process your data on the basis of Art. 6 (1) (f) GDPR.

Data collection on this website
‍
server log files

‍
Server log files record all requests and accesses to our website and record error messages. They also contain personal data, in particular your IP address. However, this is anonymized by the provider after a short time, so we cannot assign the data to you personally. The data is automatically transmitted from your browser to our provider.

‍
How do we process your data?

Our provider stores the server log files so that we can track the activity on our website and find errors. The files contain the following data:

Browsertyp und -version
operating system used
referrer URL
host name of the accessing computer
Time of server request
IP address (anonymized if applicable)

We do not combine this data with other data, but only use it for statistical evaluation and to improve our website.

‍
On which legal basis do we process your data?

‍
We have a legitimate interest in ensuring that our website runs error-free. It is also our legitimate interest to obtain an anonymous overview of access to our website. Data processing is therefore lawful in accordance with Article 6 (1) (f) GDPR.

‍
Contact form

‍
You can send us a message using the contact form on this website.

‍
How do we process your data?

‍
We save your message and the information from the form so that we can process your request, including follow-up questions. This also applies to the contact details provided. We will not share the data with other people without your consent.

‍
How long do we store your data?

‍
We delete your data as soon as one of the following occurs:

Your request was finally processed.
You are asking us to delete the data.
You withdraw your consent to storage.

This only does not apply if we are required by law to store the data.

‍
On which legal basis do we process your data?

‍
If your request is related to our contractual relationship or serves to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process inquiries addressed to us. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the legal basis. In this case, you can withdraw your consent at any time with effect for the future.

Request by e-mail, telephone or fax

You can send us a message by e-mail or fax or give us a call.

‍
How do we process your data?

We save your message as well as the contact details you have provided yourself and the telephone number you have provided so that we can process your request, including follow-up questions. We will not share the data with other people without your consent.

‍
How long do we store your data?

‍
We delete your data as soon as one of the following occurs:

Your request was finally processed.
You are asking us to delete the data.
You withdraw your consent to storage.

This only does not apply if we are required by law to store the data.

On which legal basis do we process your data?

Microsoft Bookings

What is Microsoft Bookings?

Scheduling tool

Who processes your data?

Microsoft Ireland Operations Limited One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland

Has an order processing contract been concluded with Microsoft Bookings?

‍
yes

Where can you find more information about data protection at Microsoft?

Link to more information

‍
On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

To make an appointment with us, you can use the Microsoft Bookings tool on our website. We use the data to plan, carry out and, if necessary, follow up on the appointment.

How long do we store your data?

We delete your data as soon as one of the following occurs:

The purpose of data processing has ceased to apply.
You are asking us to delete the data.
You withdraw your consent to storage. This only does not apply if we are required by law to store the data.

‍
On which legal basis do we process your data?

We have a legitimate interest in making appointments with customers and other interested parties as easily as possible. Data processing is therefore carried out on the basis of Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, the legal basis is exclusively Art. 6 para. 1 lit. a) GDPR. In this case, you can withdraw your consent at any time with effect for the future.

stalking

What is stalking?

We use Pirsch Analytics for web analysis. Pirsch Analytics is a cookie-free web analysis software that was developed according to the Privacy by Design principle. To analyze visitor flows, Pirsch Analytics generates a 16-digit number as a visitor ID when the page view is received using a hashing algorithm. The IP address, the user agent, the date and a salt are used as input values.

The visitor's IP address is not persisted in whole or in part and is completely and not reversibly anonymized by the hash. By including the date and using one salt per website, it is ensured that website visitors are not recognized for longer than 24 hours and cannot be tracked across multiple websites. A rough localization is carried out via a locally integrated database (country/city).

Who processes your data?

Emvi Software GmbH, Nickelstraße 1b, 33378 Rheda-Wiedenbruck, Germany

Has a contract for order processing been concluded with Pirsch?

yes

Where can you find more information about data protection at Pirsch?

https://pirsch.io/privacy

How do we process your data?

We are always interested in optimising our website for visitors to our website and placing advertising optimally. Pirsch, a tool that analyses user behavior and thus provides us with the necessary database for adjustments, helps us with this. The tool provides us with information about the origin of our visitors, their page views and their time spent on the pages, as well as the operating system they use. Pirsch does not store cookies on your device.

On which legal basis do we process your data?

As a website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed there. Data processing is therefore lawful under Article 6 (1) (f) GDPR. In the event that you have consented to data processing by Pirsch, the legal basis is exclusively Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

‍

onedrive

What is OneDrive?

cloud storage

Who processes your data?

Microsoft Corp., One Microsoft Way, Redmond, WA 98052-6399, United States of America

Has an order processing contract been concluded with OneDrive?

yes

Where can you find more information about OneDrive privacy?

Link to the information

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

You can upload files to our website. We use OneDrive cloud storage for this. The files are stored on the servers of the US company Microsoft. If you visit our website, a connection to OneDrive is also established. The cloud storage thus registers that our website was accessed via your IP address.

On which legal basis do we process your data?

We have a legitimate interest in offering a reliable upload area on our website. Your data is therefore processed on the basis of Art. 6 para. 1 lit. f) GDPR. If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

eCommerce

Customer and contract data

How do we process your data?

When we conclude a contract with you, we need certain personal data from you. We collect, process and use this data only insofar as it is necessary to establish our legal relationship, to design or change the content of it. If you can only use our services via our website or are the services billed via the website, we also collect usage data if this is necessary to enable you to use our offer or to bill for the service you have used.

How long do we store your data?

We store your data until our legal relationship comes to an end, unless we are required by law to keep the data for a longer period of time.

On which legal basis do we process your data?

We store your data in order to fulfill the contract with you or to carry out pre-contractual measures. The basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR.

‍
Audio and video conferences

As a company, we are in contact with many people: customers, business partners, service providers, etc. In addition to other means of communication, we also use so-called online conference tools for exchange. Data protection-relevant information about the provider (s) of the tools we use can be found at the end of this section. If you communicate with us via such a tool, not only we, but in particular the provider of the respective tool, process your personal data.

‍
How do we process your data?

Online conference tools collect and store various personal data to enable participation in an online conference and its smooth execution. In addition to registration, conference and technical data, this also applies to certain communication content.

Registration details: Your email address and/or telephone number and, if applicable, other information that you provide when registering for the conference.
Conference dates: The start, end and duration of your participation in the conference, the number of participants and other metadata about the conference.
Technical data: IP address, MAC address, device ID, device type, operating system and version, client version, camera type, microphone or speaker, and type of connection.
Communication content: cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards, and other information shared while using the service.

For details on data processing, please refer to the privacy policies of the respective conference tool provider.

How long do we store your data?

As your communication partner, we delete your data from our systems as soon as one of the following occurs:
‍

The purpose of data processing does not apply.
You are asking us to delete the data.
You withdraw your consent to storage.

This only does not apply if we are required by law to store the data. Cookies remain on your device until you delete them. Conference tool providers also store your data for their own purposes. Please ask the providers directly what this means for the duration of storage of your data.

On which legal basis do we process your data?

If we are already contractually bound or would you like to conclude a contract with us, we use conference tools to fulfill the contract or to inform you about our services or products. Data processing is therefore carried out on the basis of Art. 6 para. 1 lit. b) GDPR. Otherwise, the use of conference tools serves for easy and fast communication, without which we would not be able to run our company efficiently. We therefore also have a legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR. Another legal basis may be your consent. In this case, Art. 6 para. 1 lit. a) GDPR is relevant. This basis does not apply in the future if you withdraw your consent.

Which online conference tools do we use?

Microsoft Teams

What is Microsoft Teams?

Communication platform for team collaboration

‍
Who processes your data?

Microsoft Corp., One Microsoft Way, Redmond, WA 98052-6399, United States of America

Has an order processing contract been concluded with Microsoft Teams?

yes

Where can you find more information about data protection at Microsoft Teams?

Link to more information‍

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

‍

Data processing on social media

What is social media?

By social media, we mean the social networks on which we have created publicly available profiles. You can read below which social networks these actually are.

Who processes your data?

The respective operators of the social networks. The individual operators can be found below in the respective networks.

How is your data processed?

Social network operators are usually able to collect and evaluate comprehensive data about the behavior of visitors and users of the network. It is not possible for us to understand all processing operations in the social networks we use, which is why further processing operations that are not listed here may be carried out by the operators of the social networks. You can find more information about this in the terms of use and privacy policies of the respective social networks.

The processing of your data can be triggered by visiting the social network website or our profile page there. Even if you visit a website that uses certain content from the network, e.g. like or share buttons, data can already be transferred to the operators of the social network. If you yourself are a user of the social network and are logged into your user account, your visit to our profile page can be assigned to your account by the operator of the social network. Even if you have not registered a user account yourself or are not logged in, the network operator may still collect your personal data, e.g. by collecting your IP address or setting cookies. With this data, operators can create user profiles tailored to your behavior and interests and show you interest-based advertising within and outside the network. If you are a registered user of the network, interest-based advertising can also be displayed on all devices on which you are or were logged in.

What is the legal basis for processing your data?

Our profiles on social networks should ensure that our company has as extensive an online presence as possible. As a company, we have a legitimate interest in this. Data processing is therefore lawful under Article 6 (1) (f) GDPR.

The data processing and analyses carried out by social network operators themselves may be based on other legal bases. These must be provided by the operators of the social networks.

Who is responsible for processing your data and how can you assert your rights?

If you visit one of our profiles on social networks, we, together with the operator of the respective network, are responsible for the data processing processes triggered during this visit. In principle, you can assert your rights against both us and the operator of the respective network.

Despite joint responsibility with the operators of social networks, our influence on the data processing processes of the respective operator is limited and is primarily based on the operator's requirements.

How long is your data stored?

When we collect data via our profiles on social networks, it is deleted from our systems as soon as the purpose for storing it no longer applies, you ask us to delete it or you withdraw your consent to storage. Saved cookies remain on your device until you delete them. Mandatory legal provisions — in particular retention periods — remain unaffected.

We have no influence on how long social network operators store your data, which the operators collect for their own purposes. You can obtain information about this directly from the operator of the respective social network, e.g. in the respective privacy policy.

Which social media do we use?

What is LinkedIn?

A social network for business contacts

Who processes your data?

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Is your data transferred to third countries?

yes

Where can you find more information about privacy on LinkedIn?

Further link

Where can you, as a user, adjust your privacy settings?

As a registered LinkedIn user, you can adjust your privacy settings in your user account. To do so, click on the following link and log in: link

xing

What is Xing?

A social network for professional contacts

Who processes your data?

New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany

Is your data transferred to third countries?

Yes, to fulfill the contract with Xing, if you have given consent, if it is necessary to assert, exercise or defend legal claims, or if there is an adequacy decision under Article 45 EU GDPR or appropriate guarantees under Article 46 EU GDPR.

Where can you find more information about data protection at Xing?

Continuer link

Where can you, as a user, adjust your privacy settings?

As a registered Xing user, you can adjust your privacy settings in your user account. To do so, click on the following link and log in: link