This Data Privacy Statement applies to the collection, processing and use of your personal data when you use our website www.astora.de.
The issue of data protection has a high priority at astora GmbH (hereinafter referred to as “we” or “astora”). We therefore want to let you know how we implement data protection at our company, as well as about the information we record whenever you visit our website, how it is used, and what rights you have. Please note that your personal data will be used exclusively for the purposes described below and will not be processed otherwise or elsewhere without your consent.
I. General information
The controller responsible for processing your personal data is:
astora GmbH, Karthäuserstraße 4, 34117 Kassel; Telefon: +49 561 99858 3333; Fax: +49 561 99858 1436, E-Mail: firstname.lastname@example.org
2. Data Protection Officer
You can contact our Data Protection Officer at:
astora GmbH, Datenschutzbeauftragter (Data Protection Officer), Karthäuserstraße 4, 34117 Kassel; Telefon: +49 561 99858 3333; Fax: +49 561 99858 1436; E-Mail: email@example.com
3. What data do we process and from what sources?
We process personal data you provide voluntarily or is gathered as part of use of our website. You can find more information on this subject in Section II “Processing of personal data.”
4. For what purpose do we process your data and what is the legal basis for that?
We process your personal data in compliance with the relevant data protection regulations, in particular the General Data Protection Regulation (GDPR) and German Data Protection Act (BDSG), for various purposes. In principle, the purposes for which we process your data are: to perform contractual obligations (Article 6 paragraph 1 point (b) GDPR), to safeguard legitimate interests (Article 6 paragraph 1 point (f) GDPR), for processing subject to your prior consent (Article 6 paragraph 1 point (a) GDPR) and/or to comply with statutory obligations (Article 6 paragraph 1 point (c) GDPR).
You can find more information on this subject in Section II “Processing of personal data.”
5. Who obtains my data?
Service providers whom we engage to work on our behalf (termed “processors”; cf. Article 4 No. 8 GDPR) may obtain personal data. We use IT service providers as processors.
In principle, we do not pass on personal data to third parties who process personal data under their own responsibility (termed “controllers”; cf. Article 4 No. 7 GDPR).
You can find more details on this subject in Section II “Processing of personal data.”
astora can transfer personal data to affiliated companies within the meaning of Section 15 of the German Stock Corporation Act (AktG) inside the European Economic Area to a permissible extent, provided there are legitimate interests for doing so and statutory regulations are complied with. Those companies are: Gazprom Germania GmbH, WINGAS Sales GmbH, WINGAS Holding GmbH, WINGAS GmbH and Gazprom Marketing & Trading Ltd. Personal data is transferred to OOO Gazprom Export in Russia or PAO Gazprom in Russia as affiliated companies within the meaning of Section 15 of the German Stock Corporation Act (AktG) outside the European Economic Area (third country) on the basis of a standard data protection clause within the meaning of Article 46 GDPR. You can obtain a copy of that to inspect. To do so, please contact the controller or your Data Protection Officer specified in Section I, No. 1 and 2.
6. Data retention
We process your personal data only for as long as required to fulfill the purpose for which it is processed.
Moreover, we are subject to various retention and documentation obligations under legislation such as the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention periods under the law may be up to 10 years.
Finally, the storage duration is also governed by the statutory limitation periods, which may be up to thirty years under Sections 195 et seq. of the German Civil Code (BGB), for example, with the standard limitation period being three years.
astora uses technical and organizational security measures to ensure that the personal data you supply us with is protected against accidental or deliberate manipulation, loss, destruction and/or access by unauthorized persons. Whenever we collect and process personal data, the information is transmitted in encrypted form to prevent misuse of this data by third parties. Our security measures are subject to continual further development in line with technical advances.
8. Your rights
Every data subject has the right to access personal data and obtain information (Article 15 GDPR), the right to rectification of data (Article 16 GDPR), the right to erasure of data (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), and the right to data portability (Article 20 GDPR). You can get in touch with us under the contact data specified in Section I “General information”, No. 1 and No. 2, to exercise the aforementioned rights.
If you have given us consent to process your data, you can revoke it at any time without using a special form. Where possible, notice of revocation should be sent to us using the contact data specified in Section I “General information”, No. 1 or No. 2.
Furthermore, you have a right to issue a complaint with a data protection supervisory authority (Article 77 GDPR). The supervisory authority responsible for astora is:
The Hessian Data Protection Commissioner (HDSB)
You also have a right to object to the processing of your data, as explained in more detail at the end of this Data Privacy Statement.
II. Processing of personal data
2. Automatic collection of access data/server log files
Whenever you visit our website, the following data record is stored each time the site or a page is called:
- Your IP address
- The name of your Internet service provider
- The website from which you visit us
- The web pages you visit on our website
Personal data in log files is processed on the basis of Article 6 paragraph 1 point (f) GDPR. The purpose of processing your data and our legitimate interests are to simplify administration of our website and to enable us to detect and prosecute hacking. The information is ultimately analyzed in anonymized form.
3. Contacting us
You may contact us using the e-mail addresses provided. If you contact us via e-mail we collect the personal data you enter and send.
The personal data recorded comprises the master data you enter in the contact form if you use it (mandatory fields: form of address, name, surname, email address) and possibly further personal data you enter in the “Your message” box. If you contact us directly by e-mail, we record your e-mail address and, if applicable, any personal data from the e-mail’s text.
Data is processed on the basis of Article 6 paragraph 1 point (f) GDPR. The purpose of processing your data and our legitimate interests are to provide customer care and support, as well as to be able to answer messages and mails sent to us.
Information on your right to object to processing in accordance with Article 21 of the General Data Protection Regulation (GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 paragraph 1 point (f) GDPR (data processing based on a weighing of interests), including any profiling based on those provisions within the meaning of Article 4 No. 4 GDPR.
If you object, we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Your objection can be submitted without using a special form and, where possible, should be sent using the contact data specified in Section I “General information”, No. 1 and No. 2, of this Data Privacy Statement.
Ongoing development of the Internet means that we will need to amend this Data Privacy Statement from time to time. We reserve the right to make such changes at any time.
The following Data Privacy Statement describes how and for what purpose astora GmbH, Karthäuserstraße 4, 34117 Kassel, Germany (hereinafter also referred to as “astora” or “we”) processes personal data of its business partners and their employees.