Privacy

Privacy Policy

1. INTRODUCTION

With the following information, we would like to give you an overview of the collection, use and processing of your personal data and your rights under data protection laws. If you wish to make use of special services of our company via our website, a processing of personal data is necessary. If there is no legal basis for such processing, we generally obtain your consent.

The processing of personal data, such as your name, address, or e-mail address, is always in line with the EU General Data Protection Regulation, and in accordance with the data protection regulations applicable to the aconso AG.
Information on the protection of your data:

As the responsible party for processing, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are also free to transmit personal data to us by alternative means, for example by telephone or by mail. You can also take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. For this reason, we would like to provide you with some information on the secure handling of your data:

  • Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with strong passwords.
  • Only you should have access to the passwords.
  • Make sure you only ever use your passwords for one account (login, user or customer account).
  • Do not use one password for different websites, applications or online services.
  • Especially when using publicly accessible or shared IT systems, be sure to log out each time you log in to a website, application or online service.
  • Passwords should consist of at least 10 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common words from everyday life, your own name or names of relatives, but upper and lower case, numbers and special characters.

2. NAME AND ADDRESS OF THE RESPONSIBLE PARTY

The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other provisions under data protection law is:

aconso AG
Theresienhöhe 28
80339 Munich
Germany
Tel.: +49 (0)89-516186-0
E-mail: contact@hr-document-box.com
Website: www.hr-document-box.com
Managing Directors: Dr. Martin Grentzer, Olaf Harms, Ulrich Jänicke, Thomas Schäfer

 

3. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

The data protection officer of the responsibility party is:

Carsten Knoop
audatis Consulting GmbH
Luisenstr. 1
32052 Herford
Germany
Tel.: +49 (0)5221 85496-90
E-Mail: datenschutz@hr-document-box.com

You can contact our data protection officer at any time with all questions and suggestions regarding data protection.

 

4. WEB HOSTING

Our website is operated on a web server of Host Europe GmbH (Hansastrasse 111, 51149 Cologne, Germany, www.hosteurope.de). Any access to the data that may be required is carried out exclusively on behalf of aconso AG as part of the technical support of the website. Your data will not be passed on under any circumstances. With regard to the secure order processing of your personal data, there is a legally valid order data processing agreement with Host Europe GmbH.

4.1 Data Collected

When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (in so-called “server log files”). Our website collects a series of general data and information with each call of the page by you or an automated system. This general data and information is stored in the server log files.

The following can be recorded:

  • browser types and versions used,
  • the operating system used by the accessing system,
  • the website from which an accessing system arrives at our website (so-called referrer),
  • the sub-websites that are accessed via an accessing system on our website,
  • the date and time of an access to the Internet site,
  • an Internet protocol address (IP address),
  • the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. Rather, this information is required in order…

  • to deliver the contents of our website correctly,
  • to optimize the content of our website as well as the advertising for it,
  • to ensure the long-term functionality of our IT systems and the technology of our website, and
  • to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

4.2 Purpose of Collection by the Hoster

The hoster uses the collected data to operate the website and to ensure IT security. In case of concrete indications, the log data may be analyzed subsequently.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f of the GDPR. Our legitimate interest follows from the listed purposes for data collection.

4.3 Duration of Storage

Data stored by the hoster is automatically deleted after four weeks. The data of the server log files are stored separately from any personal data provided by a data subject and are automatically deleted after 7 days.

 

5. CONTENT OF OUR WEBSITE

5.1 Contact / Contact form

When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after final processing of your request, this is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no legal storage obligations to the contrary.

5.2 Registration / Login

You have the option of registering on our website by providing personal data. Which personal data is transmitted to us in the process is determined by the respective input mask used for registration. The personal data you enter is collected and stored exclusively for internal use by us and for our own purposes. We may arrange for it to be passed on to one or more order processors, for example a parcel service provider, who will also use the personal data exclusively for an internal use attributable to us.

By registering on our website, the IP address assigned by your Internet service provider (ISP), the date and the time of registration are also stored. This data is stored because it is the only way to prevent misuse of our services and, if necessary, to enable us to investigate crimes that have been committed. In this respect, the storage of this data is necessary for our protection. As a matter of principle, this data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.

Your registration with voluntary provision of personal data also enables us to offer you content or services which, due to their nature, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from our database.

Upon request, we will provide you at any time with information about which personal data is stored about you. Furthermore, we will correct or delete personal data at your request, insofar as this does not conflict with any statutory retention obligations. A data protection officer named in this data protection declaration and all other employees are available to the data subject as contact persons in this context.

The processing of your data is carried out in the interest of a comfortable and easy use of our website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

5.3 Data processing when opening a customer account and for contract processing

Pursuant to Art. 6 para. 1 lit. b GDPR, personal data is collected and processed if you provide it to us for the performance of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. We store and use the data provided by you for the purpose of processing the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to a further use of your data or a legally permitted further use of data was reserved by our side, about which we inform you accordingly below.

5.4 Newsletter

On our website, you are given the opportunity to subscribe to our company’s newsletter. Which personal data are transmitted to us when ordering the newsletter, results from the input mask used for this purpose.

We inform our customers and business partners at regular intervals by means of a newsletter about our offers. The newsletter of our company can only be received by you if

  • you have a valid e-mail address and
  • you have registered to receive the newsletter.

For legal reasons, a confirmation e-mail will be sent to the e-mail address you entered for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation email serves to verify that you, as the owner of the email address, have authorized the receipt of the newsletter.

When you register for the newsletter, we also store the IP address of the IT system used by you at the time of registration, as assigned by your Internet service provider (ISP), as well as the date and time of registration. The collection of this data is necessary in order to be able to track the (possible) misuse of your e-mail address at a later date and therefore serves our legal protection.

The personal data collected in the context of a registration for the newsletter will be used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes in the technical circumstances. No personal data collected as part of the newsletter service will be passed on to third parties. The subscription to our newsletter can be cancelled by you at any time. The consent to the storage of personal data that you have given us for the newsletter dispatch can be revoked at any time. For the purpose of revoking the consent, you will find a corresponding link in each newsletter. Furthermore, it is also possible to unsubscribe from the newsletter mailing directly on our website at any time or to inform us of this in another way.

The legal basis for data processing for the purpose of sending newsletters is Art. 6 para. 1 lit. a of the GDPR.

 

6. COOKIES
We do not use cookies.

 

7. PLUGINS AND TOOLS

Google Fonts

This website uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.

Further information on Google Web Fonts can be found at 

https://developers.google.com/fonts/faq and in Google’s privacy policy: 

https://policies.google.com/privacy?hl=de.

 

8. YOUR RIGHTS AS A DATA SUBJECT

If you wish to exercise your rights as defined below, please contact our data protection officer at any time.

8.1 Right to confirmation
As a data subject, you have the right to request confirmation from us as to whether personal data concerning you are being processed.

8.2 Right to information, Article 15 GDPR

As a data subject, you have the right to obtain from us, at any time and free of charge, information about the personal data stored about you and a copy of this data.

8.3 Right to rectification, Article 16 GDPR

You have the right to request that inaccurate personal data concerning you be corrected. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

8.4 Deletion, Article 17 GDPR

You have the right to demand that we delete the personal data concerning you without undue delay, provided that one of the reasons provided for by law applies and to the extent that the processing is not necessary.

8.5 Restriction of processing, Article 18 GDPR

You have the right to demand that we restrict processing if one of the legal requirements is fulfilled.

8.6 Data portability, Article 20 GDPR

You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common, and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, insofar as the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have the personal data transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

8.7 Objection According to Article 21 GDPR

You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

In individual cases, we process personal data in order to conduct direct advertising. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling, insofar as it is related to such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you which is carried out by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89 (1) of the Data Protection Regulation, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

8.8 Withdrawal of Data Privacy Consent

You have the right to revoke consent to the processing of personal data at any time with effect for the future.

9. ROUTINE STORAGE, DELETION AND BLOCKING OF PERSONAL DATA

We process and store your personal data only for the period of time necessary to achieve the purpose of storage or as provided for by legal regulations to which our company is subject. If the purpose of storage no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Duration of the storage of personal data

The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract.

10. UP-TO-DATENESS AND AMENDMENT OF THE DATA PROTECTION DECLARATION

This privacy policy is currently valid and has the status: September 6, 2021.

Due to the further development of our websites and offers or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. You can access and print out the current data protection declaration at any time on the website at www.hr-document-box.com/en/privacy/

Scroll to Top