Privacy policy
Who is responsible for data processing?
Who can I contact with questions about data protection?
What is personal data?
What personal data do we process, as well as the type and purpose of use?
When visiting the website:
- Your browser version
- your operating system
- the website you were previously on, if it contains a link to the ALUCA website.
When using the contact form:
- First name,
- last name
- Postal code
- City
- Telephone number (optional)
- Your message
Legal basis for data processing
When ordering a newsletter:
- Salutation
- First name and last name
- E-mail address
Applications
Is there any data transfer to third parties?
We use cookies
What are cookies
Necessary cookies
Analytical cookies
Marketing cookies
Cookie settings in your browser
Google Maps Plug-In
Google Tag Manager
- Date and time of the visit to the website in question,
- Internet address or URL of the website called up,
- IP address, (start) address entered as part of route planning.
Google Maps is used in the interest of an appealing presentation of our online offers and to make it easy to find the places we indicate on the website. If you do not wish Google to process data via this service, you can deactivate the use of JavaScript in your browser settings. Please note that in this case the interactive map function of Google Maps cannot be used.
Privacy notice for the internal whistle-blowing system
Purposes of processing personal data
- Information that personally identifies the whistle-blower, e.g. first name and surname, gender, address, telephone number and email address;
- Employment status at ALUCA GmbH;
- Information about persons implicated, i.e. natural persons named in a report as being those who committed the breach or who are connected with the persons named. Such information includes, for example, first name and surname, gender, address, telephone number, email address and/or other information that enables identification;
- Information about breaches that may allow the indirect identification of a natural person.
Legal basis
- We will only process information that personally identifies the whistle-blower if the whistle-blower has given us their consent to do so pursuant to Art 6. (1a) of the GDPR. In accordance herewith, processing is only lawful if the data subject has given consent to the processing of their personal data for one or more specific purposes.
- We will process information on employment status, information on persons implicated and other information that indirectly identifies natural persons on the basis of Art. 6 (1f) of the GDPR. In accordance herewith, processing is lawful if necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Our legitimate interest – depending on the specific individual case to be reviewed – lies in processing reports in order to be able to take follow-up measures, such as measures to verify the validity of the claims made in the report and, where applicable, to take action in relation to the reported breach, including through internal enquiries, investigations, criminal prosecutions, measures to withdraw/recover funds and to conclude proceedings. It will be reviewed on a case-by-case basis, taking into account the breach concerned and other factors, whether interests or fundamental rights and freedoms of the data subject stand in opposition to processing of this kind. - We may process the personal data of employees on the basis of Sect. 26 (1) sentence 2 of the German Federal Data Protection Act (BDSG). In accordance herewith, the personal data of employees within the meaning of Sect. 26 (8) BDSG may be processed if there is a documented reason to believe the data subject has committed a crime while employed, the processing of such data is necessary to investigate the crime and is not outweighed by the data subject’s legitimate interest in not processing the data, and in particular the type and extent are not disproportionate to the reason.
General information on recipients/categories of recipients
Personal data will only be transferred to third parties if there is a legal basis for doing so. In particular, this is the case if data transfer serves the purpose of complying with legal requirements under which we are obligated to provide information or notifications or share data, if you have provided us with your consent to transfer the data or if data transfer is justified by a legitimate interest assessment.
Furthermore, external service providers, such as external data centres or telecommunications providers, will process personal data on our behalf as data processors.
Depending on the area of responsibility into which the report falls and in order to initiate follow-up measures effectively, personal data may also be shared with the in-house specialist departments responsible.
Under certain circumstances, we may also share personal data with national security and/or law enforcement agencies, other official agencies and/or to persons subject to a duty of confidentiality, e.g. auditors/lawyers.
What rights do you have?
External links
On our websites you will find various links to other websites. We have neither influence nor control over the content and privacy policies of these linked websites. We therefore recommend that you check the privacy policy of these websites when you access the links.