Who is responsible for data processing?
Who can I contact with questions about data protection?
What is personal data?
What personal data do we process, as well as the type and purpose of use?
When visiting the website:
- Your browser version
- your operating system
- the website you were previously on, if it contains a link to the ALUCA website.
When using the contact form:
- First name,
- last name
- Postal code
- Telephone number (optional)
- Your message
Legal basis for data processing
When ordering a newsletter:
- First name and last name
- E-mail address
Is there any data transfer to third parties?
What are cookies
Cookie settings in your browser
Cookie consent with cookie notice
Our website uses Cookie Notice for GDPR to obtain your consent to store certain cookies on your terminal device and to document this in a data protection compliant manner.
Cookie Notice is installed locally on our servers, so it does not connect to third-party servers. Cookie Notice & Compliance for GDPR stores a cookie in your browser in order to be able to assign the consents granted to you or their revocation. The cookie is deleted after the end of the session.
For more information, please visit the page: https://legal.hubspot.com/cookie-policy
What cookies do we use?
Due to IP anonymization, your IP address will be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
During your website visit, your user behavior is recorded in the form of "events". Events can be:
- Page views
- First visit to the website
- Start of session
- clicks on external links
- internal search queries
- your approximate location (region)
- your IP address (in shortened form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- the referrer URL (via which website/ via which advertising medium you came to this website)
Purposes of the processing
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
Recipients of the data are/may be Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO). Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA It cannot be ruled out that US authorities may access the data stored by Google.
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
The data sent by us and linked to cookies are automatically deleted 24 months. Data whose retention period has been reached is automatically deleted once a month.
The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO.
You can revoke your consent at any time with effect for the future by clicking the "Revoke cookie consent" button below on the ALUCA website and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
Alternatively, you can prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict functionalities on this and other websites.
Google Tag Manager
For reasons of transparency, we would like to point out that we use the Google Tag Manager of the provider Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager itself does not collect any personal data. The Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behavior, to record the impact of online advertising and social channels, to set up remarketing and targeting, and to test and optimize websites. We use the Tag Manager for the Google Analytics service. If you have made a deactivation, this deactivation will be taken into account by Google Tag Manager.
For more information on the Google Tag Manager see:https://www.google.com/intl/de/tagmanager/use-policy.html
Google Maps Plug-In
Google Tag Manager
- Date and time of the visit to the website in question,
- Internet address or URL of the website called up,
- IP address, (start) address entered as part of route planning.
Privacy notice for the internal whistle-blowing system
Purposes of processing personal data
- Information that personally identifies the whistle-blower, e.g. first name and surname, gender, address, telephone number and email address;
- Employment status at ALUCA GmbH;
- Information about persons implicated, i.e. natural persons named in a report as being those who committed the breach or who are connected with the persons named. Such information includes, for example, first name and surname, gender, address, telephone number, email address and/or other information that enables identification;
- Information about breaches that may allow the indirect identification of a natural person.
- We will only process information that personally identifies the whistle-blower if the whistle-blower has given us their consent to do so pursuant to Art 6. (1a) of the GDPR. In accordance herewith, processing is only lawful if the data subject has given consent to the processing of their personal data for one or more specific purposes.
- We will process information on employment status, information on persons implicated and other information that indirectly identifies natural persons on the basis of Art. 6 (1f) of the GDPR. In accordance herewith, processing is lawful if necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Our legitimate interest – depending on the specific individual case to be reviewed – lies in processing reports in order to be able to take follow-up measures, such as measures to verify the validity of the claims made in the report and, where applicable, to take action in relation to the reported breach, including through internal enquiries, investigations, criminal prosecutions, measures to withdraw/recover funds and to conclude proceedings. It will be reviewed on a case-by-case basis, taking into account the breach concerned and other factors, whether interests or fundamental rights and freedoms of the data subject stand in opposition to processing of this kind.
- We may process the personal data of employees on the basis of Sect. 26 (1) sentence 2 of the German Federal Data Protection Act (BDSG). In accordance herewith, the personal data of employees within the meaning of Sect. 26 (8) BDSG may be processed if there is a documented reason to believe the data subject has committed a crime while employed, the processing of such data is necessary to investigate the crime and is not outweighed by the data subject’s legitimate interest in not processing the data, and in particular the type and extent are not disproportionate to the reason.
General information on recipients/categories of recipients
Personal data will only be transferred to third parties if there is a legal basis for doing so. In particular, this is the case if data transfer serves the purpose of complying with legal requirements under which we are obligated to provide information or notifications or share data, if you have provided us with your consent to transfer the data or if data transfer is justified by a legitimate interest assessment.
Furthermore, external service providers, such as external data centres or telecommunications providers, will process personal data on our behalf as data processors.
Depending on the area of responsibility into which the report falls and in order to initiate follow-up measures effectively, personal data may also be shared with the in-house specialist departments responsible.
Under certain circumstances, we may also share personal data with national security and/or law enforcement agencies, other official agencies and/or to persons subject to a duty of confidentiality, e.g. auditors/lawyers.
What rights do you have?