Privacy policy


Data protection has a particularly high priority for our company. In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.


Who is responsible for data processing? 


This data protection information applies to data processing by: 

ALUCA GmbH 
Westring 1 
74538 Rosengarten 
Managing Director: Frédéric Straß, Felix Falk 


Who can I contact with questions about data protection? 


You can reach our company data protection officer at: 

 ALUCA GmbH 
Westring 1 
74538 Rosengarten 
Germany E-Mail: [email protected] 


What is personal data? 


Any information relating to an identified or identifiable natural person. Personal data is information about an identified or identifiable person and thus all information that makes a person identifiable. Statistical data that cannot be associated with your person are not included here.

What personal data do we process, as well as the type and purpose of use? 


When visiting the website: 

 
For most of our service offerings, no processing of personal data is required. You can therefore visit our website without telling us who you are. 
We only collect and process access data that your Internet browser automatically transmits to us for technical reasons to provide the website. Depending on the access protocol used, the protocol data record contains general information with the following contents:
 
  • Your browser version 
  • your operating system 
  • the website you were previously on, if it contains a link to the ALUCA website. 

If our website uses cookies, the web server also stores this information. This also applies if you access our website with a mobile device, such as the browser of a cell phone. As a rule, this data does not allow any direct inference to your person and is processed to improve our website offering. The legal basis for the processing of your personal data is a legitimate interest, Art. 6 para. 1 letter f DS-GVO. We have a legitimate interest in presenting you with a website optimized for your browser and in enabling communication between our server and your terminal device 


 When using the contact form: 


Purpose of data processing 
The processing of personal data serves us to process the contact request. If your request is for the conclusion of a contract or in connection with an already concluded contract, then the processing of the personal data serves us exclusively for the fulfillment or initiation of the contract. 

The following data is collected: 
  • First name, 
  • last name 
  • Postal code 
  • City 
  • E-mail 
  • Telephone number (optional) 
  • Your message 

Legal basis for data processing 
The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO (legitimate interest). The legitimate interest lies in ensuring that your request is processed promptly by our company. 
If the request is directed towards the conclusion of a contract or if the request is related to an already concluded contract, the legal basis for the data processing of the personal data processed in the course of sending a request via our contact form is Art. 6 para. 1 p. 1 lit. b DSGVO (implementation of pre-contractual measures/fulfillment of a contract). 
For personal data that you provide to us voluntarily, Art. 6 para. 1 lit. a DSGVO (consent) is the legal basis. You can revoke your consent at any time with effect for the future. 

Duration of storage 
The above data will be deleted as soon as they are no longer required to achieve the purpose of their processing. For the personal data sent by e-mail or the contact form provided, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been conclusively clarified. 
If the legal basis for data processing is consent, the data will also be deleted if you have revoked your consent. 

To whom do we transfer your data 
To process your contact request, we transmit your request internally at the responsible party to the relevant departments. If you also inform us of the country that concerns you, we can process your inquiry even faster by forwarding your contact request to the distribution partner or group company responsible for this country. 
The legal basis for the data transfer to the distribution partner or group company is your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO, as you indicate your country voluntarily. You can revoke your consent at any time with effect for the future. 
If your contact request serves to initiate a contract or concerns contractual issues, the legal basis for the data transfer is Art. 6 para. 1 p. 1 lit. b DSGVO. 

When ordering a newsletter: 

If you are interested in our newsletters, you have the option to voluntarily give your consent to receive newsletters. We apply the double opt-in procedure. This means that we will only send you the newsletter if, after sending a confirmation link to the e-mail address you provided, you confirm by means of a link contained in this e-mail that you wish to subscribe to our newsletter. After delivery of a confirmation link by e-mail (double opt-in) to the e-mail address you have provided, we will use your e-mail address exclusively for sending our newsletter. 

The following data will be collected by us in the process: 

  •  Salutation 
  • First name and last name 
  • E-mail address 

Purpose of data processing 
The sole purpose of processing the personal data is for us to provide our newsletter to your specified e-mail address in order to inform you about news and offers. 
Legal basis for data processing The legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO (consent). You can revoke your consent at any time and without giving reasons. 

Duration of storage 
We store your personal data at the longest until you revoke your consent. To whom do we transfer your data The newsletter dispatch is carried out by the service provider: Sendinblue GmbH (formerly Newsletter2Go). 
This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Newsletter2Go is a service with which, among other things, the sending of newsletters can be organized and analyzed. The data you enter for the purpose of receiving newsletters is stored on Sendinblue's servers in Germany. 
If you do not want Sendinblue to analyze your data, you must unsubscribe from the newsletter. You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. 
For more details, please refer to the privacy policy of Sendinblue at: https://www.sendinblue.com/legal/privacypolicy/ 

Data analysis by Sendinblue 
With the help of Newsletter2Go, it is possible for us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often. 
In addition, we can see whether certain previously defined actions were performed after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter. 
Sendinblue also allows us to subdivide ("cluster") newsletter recipients based on various categories. In this way, the newsletters can be better adapted to the respective target groups. 
For detailed information on the Sendinblue features, please see the following link: https://www.sendinblue.com/information-for-email-recipients/ 
We have concluded an order processing agreement with this service provider to protect your data.

Applications 


You can apply to our company electronically, e.g. via e-mail. Please note that e-mails sent unencrypted will not be protected against unauthorized access. 
 Your details will be used for processing your application and deciding whether to establish an employment relationship. The legal basis is § 26 para. 1 in conjunction with. Abs. 8 S.2 BDSG. Furthermore, your personal data may be processed insofar as this should be necessary for the defense of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 p.1 lit. f DSGVO. The stated purposes also constitute the legitimate interest in the processing. 
 Insofar as an employment relationship arises between you and us, we may, in accordance with Section 26 (1) BDSG, further process the personal data already received from you for the purposes of the employment relationship if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the employee representation resulting from a law or a collective agreement, a company or service agreement (collective agreement).
 Your application data will not be processed beyond the described use. Your personal data will be deleted after completion of the application process after 6 months at the latest, provided that no other legitimate interests on our part oppose deletion or you have not given us your consent for longer storage. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Is there any data transfer to third parties? 


A transfer of your personal data to third parties does not take place in principle, unless we are legally obliged to do so, or the data transfer is necessary for the implementation of the contractual relationship or you have previously expressly consented to the transfer of your data. 
 External service providers and partner companies, such as online payment providers or a shipping company commissioned with the delivery, only receive your data to the extent that this is necessary to process your order / your order. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers process your personal data on our behalf, we ensure within the framework of order processing pursuant to Art. 28 DSGVO that they comply with the provisions of data protection laws in the same manner. 
 Please also note the data protection notices of the respective providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness. 
 We attach importance to processing your data within the EU / EEA. However, it may happen that we use service providers who process data outside the EU / EEA. Insofar as data is processed outside the EU / EEA and there is no adequacy decision by the EU Commission, we have concluded the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 DSGVO with the service provider in order to establish a secure level of data protection, which allow the transfer of personal data to a third country in individual cases.

We use cookies 


What are cookies 

Cookies are small text files that allow the web server to recognize a website visitor and store information about the visited web pages in the web browser. Cookies can be divided into "session cookies" and "persistent cookies". Session cookies are all those cookies that expire when a session is closed, i.e. they are only stored for the duration of the session. Persistent cookies, on the other hand, store the collected information for a longer period of time. Cookies can be set by website providers, but also by third parties.
 We may store cookies on your browser if they are absolutely necessary for the operation of the website. For all other categories of cookies, we require your consent to use cookies.


 Necessary cookies 

Some cookies are necessary to provide core functionality. This website will not function properly without these cookies and they are enabled by default.. 


 Analytical cookies 

Analytical cookies help us improve our website by collecting and reporting information about your usage.


 Marketing cookies 

Marketing cookies are used to track visitors to websites so that publishers can serve relevant ads. 
You can change or revoke your cookie setting preferences at any time on our website. 


 Cookie settings in your browser 

We would also like to point out that, irrespective of the issue of granting/not granting consent, you can prevent cookies from being stored altogether by setting your browser to accept cookies only if you agree to this.

Cookie consent with cookie notice 

Our website uses Cookie Notice for GDPR to obtain your consent to store certain cookies on your terminal device and to document this in a data protection compliant manner. 

Cookie Notice is installed locally on our servers, so it does not connect to third-party servers. Cookie Notice & Compliance for GDPR stores a cookie in your browser in order to be able to assign the consents granted to you or their revocation. The cookie is deleted after the end of the session. 

Cookie Notice is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. f DSGVO. The purpose of the data processing is the user-friendly and legally compliant design of our website. We want to make it as easy as possible for you to give or withdraw consent and increase the transparency of data processing using cookies, pixels, tag or similar on our website. In the purpose of data processing also lies our legitimate interest. 

For more information, please visit the page: https://legal.hubspot.com/cookie-policy

What cookies do we use? 


Google Analytics 

Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by means of the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. 

Due to IP anonymization, your IP address will be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. 

During your website visit, your user behavior is recorded in the form of "events". Events can be: 

  • Page views 
  • First visit to the website 
  • Start of session 
  • clicks on external links 
  • internal search queries 

Also recorded: 

  • your approximate location (region) 
  • your IP address (in shortened form) 
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • the referrer URL (via which website/ via which advertising medium you came to this website) 

Purposes of the processing 

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Recipients 

Recipients of the data are/may be Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO). Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA It cannot be ruled out that US authorities may access the data stored by Google. 

Third country transfer 

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities. 

Storage period 

The data sent by us and linked to cookies are automatically deleted 24 months. Data whose retention period has been reached is automatically deleted once a month. 

Legal basis 

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO.

Revocation 

You can revoke your consent at any time with effect for the future by clicking the "Revoke cookie consent" button below on the ALUCA website and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected. 

Alternatively, you can prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict functionalities on this and other websites. 

For more information on the terms of use of Google Analytics and data protection at Google, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/?hl=en

Google Tag Manager 

For reasons of transparency, we would like to point out that we use the Google Tag Manager of the provider Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager itself does not collect any personal data. The Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behavior, to record the impact of online advertising and social channels, to set up remarketing and targeting, and to test and optimize websites. We use the Tag Manager for the Google Analytics service. If you have made a deactivation, this deactivation will be taken into account by Google Tag Manager. 

For more information on the Google Tag Manager see:https://www.google.com/intl/de/tagmanager/use-policy.html

Google Maps Plug-In 


Google Tag Manager 

This site uses the mapping service Google Maps. Google Maps is a mapping service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. 
In order to use the functions of Google Maps, information, including the IP address as well as the address entered as part of the route function, may be transmitted to the provider's servers. This information is usually transferred to a Google server in the USA and stored there. When visiting a website that contains Google Maps, your browser establishes a direct connection with Google's servers, whereby the map content is sent to your browser and integrated by it. The provider of this site has no influence on this data transmission. According to current knowledge, this includes the following data: 
  •  Date and time of the visit to the website in question, 
  • Internet address or URL of the website called up, 
  • IP address, (start) address entered as part of route planning. 

Google Maps is used in the interest of an appealing presentation of our online offers and to make it easy to find the places we indicate on the website. If you do not wish Google to process data via this service, you can deactivate the use of JavaScript in your browser settings. Please note that in this case the interactive map function of Google Maps cannot be used. 
Insofar as data is processed outside the European Economic Area / the EU, where there is no level of data protection corresponding to the European standard, Google states that it uses standard contractual clauses. 
More information on the handling of user data can be found in Google's privacy policy: https://www.google.de/intl/en/policies/privacy/ 
The collection and storage of data only takes place after explicit consent according to Art. 6 para. 1 p. 1 lit. a) DSGVO. This can be revoked at any time with effect for the future.

Data protection information for the internal reporting system

Purposes of the processing of personal data

ALUCA GmbH processes the following types of personal data, among others, as part of the entry and processing of reports in the internal reporting system:

  • Information for personal identification of the whistleblower, such as first and last name, gender, address, telephone number and e-mail address;
  • Employment status at ALUCA GmbH;
  • Information on data subjects, i.e. natural persons designated in a report as a person who has committed the offence or with whom the designated person is associated. Such information includes, for example, first and last name, gender, address, telephone number and e-mail address or other information that enables identification;
  • Information about offences that may allow conclusions to be drawn about a natural person.

ALUCA GmbH processes the personal data for the purpose of investigating the reports in order to prevent or detect violations of applicable law or company guidelines and/or to take follow-up measures (such as measures to verify the validity of the allegations made in the report and, if necessary, to take action against the reported violation, including through internal enquiries, investigations, criminal prosecution measures, measures to (re)collect funds or conclude the proceedings).

Legal basis

  1. We only process information for the personal identification of the whistleblower if the whistleblower has given us consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. According to this, processing is only lawful if the data subject has given their consent to the processing of their personal data for one or more specific purposes.
  2. We process information on employee status, information on data subjects and other information that allows conclusions to be drawn about natural persons on the basis of Art. 6 para. 1 lit. f GDPR. Accordingly, processing is lawful if processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Depending on the specific individual case to be examined, our legitimate interest lies in the processing of reports in order to be able to carry out follow-up measures, such as measures to verify the validity of the allegations made in the report and, if necessary, to take action against the reported violation, including through internal enquiries, investigations, criminal prosecution measures, measures to (re)recover funds or conclude the proceedings. Whether the interests or fundamental rights and freedoms of the data subject conflict with such data processing is examined on a case-by-case basis, including with regard to the breach.
  3. We may process personal data of employees on the basis of Section 26 (1) sentence 2 BDSG. Accordingly, personal data of employees within the meaning of Section 26 (8) BDSG may be processed to uncover criminal offences if there are factual indications to be documented that justify the suspicion that the person concerned has committed a criminal offence in the employment relationship, the processing is necessary for detection and the employee's legitimate interest in the exclusion of processing does not outweigh this, in particular the type and extent are not disproportionate with regard to the occasion.

General information on the recipients or categories of recipients

The personal data processed as part of a notification is processed by lawcode GmbH, Universitätsstraße 3, 56070 Koblenz, Germany, on behalf of and in accordance with the instructions of ALUCA GmbH.
Personal data will only be transferred to third parties if there is a legal basis for this. This is particularly the case if the transfer serves to fulfil legal requirements according to which we are obliged to provide information, report or pass on data, if you have given us your consent to do so or if a weighing of interests justifies this.
In addition, external service providers, such as external data centres or telecommunications providers, process personal data on our behalf as processors.
Depending on the focus of responsibility of the report and for the effective initiation of follow-up measures, the personal data may be passed on to our relevant specialist departments.
Under certain circumstances, we may also pass on the personal data to state security and/or law enforcement authorities, other competent authorities and/or persons obliged to maintain confidentiality, such as auditors/lawyers.

General information about the retention period

Data is generally stored until the follow-up measures have been completed. As a rule, the data from a report is deleted after 2 months after the procedure has been finally concluded, unless the initiation of further legal steps requires further storage (e.g. initiation of criminal proceedings or disciplinary proceedings). Personal data in connection with reports will be deleted by us immediately if we consider them to be manifestly unfounded.

Information pursuant to Art. 13 para. 2 lit. e GDPR


What rights do you have? 


Right to information 
In accordance with Art. 15 DSGVO, you are entitled to request confirmation from the controller at any time as to whether personal data relating to you is being processed. To do so, you can use the form available at this link. 
Right of rectification 
Pursuant to Art. 16 DSGVO, you are entitled to demand that the controller rectify any inaccurate personal data concerning you without undue delay. This right also includes, depending on the purpose, the completion of incomplete personal data. 
Deletion 
If the personal data you have provided above is no longer necessary for the purpose of processing, the consent you have given for processing is revoked and there is no other reason for further processing, you may exercise your right to erasure in accordance with Article 17 of the GDPR and if there are no overriding legitimate grounds for further processing, you may request that your data be erased. 
Restriction of processing 
If the accuracy of the personal data processed by you is contested, the processing is unlawful, and in case of other grounds referred to in Art. 18 DSGVO, you may request the controller to restrict the processing. 
Data portability 
In accordance with Art. 20 DSGVO, you may request the controller to transfer the data you have provided to it in a structured, common and machine-readable format to you or to a third party. Right of objection Pursuant to Art. 21 (1) DSGVO, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) p. 1 lit. e (public interest) or f (legitimate interest); this also applies to profiling based on these provisions. We will no longer process the data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. 
If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Article 21 (2) of the GDPR; this also applies to profiling insofar as it is related to such direct marketing. You can lodge your objection by mail at the address to ALUCA GmbH, Westring 1, 74538 Rosengarten or at [email protected]
Revocation of consent 
You may revoke any consent you have given at any time, without giving any reason, by sending a written notice to ALUCA GmbH, Westring 1, 74538 Rosengarten or by sending an e-mail to [email protected]. To do so, you can use the form available under this link. 
The lawfulness of the processing of your personal data, which was processed on the basis of the consent up to the time of the revocation, is not affected by the revocation. 
Right of appeal 
If you believe that the processing of personal data concerning you violates legal provisions, you have the right to lodge a complaint with a supervisory authority.

 

External links

On our websites you will find various links to other websites. We have neither influence nor control over the content and privacy policies of these linked websites. We therefore recommend that you check the privacy policy of these websites when you access the links.


Up-to-dateness and amendment of the privacy policy

Due to further developments of our website and offers on it, as well as changed legal regulations and/or requirements, it may become necessary to change this privacy policy. The current privacy policy can be found here.

This privacy policy is currently valid and is dated November 2024.


Optout for LXP

Optout for Matomo