This privacy statement sets out the nature, scope and purpose of our processing of your personal data (in the following referred to for short as "data") as part of our online offering and the associated web pages, functions and content, as well as through our external online presence, such as our social media profiles (in the following referred to collectively as our "online offering"). With regard to the terms used, including "processing" and "data controller", please refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
AEG Industrial Engineering Aktiengesellschaft Hohenzollerndamm 152 D-14199 Berlin
Usage data (e.g. websites visited, interest shown in content, access times)
Metadata/communication data (e.g device information, IP addresses)
Categories of persons affected
Visitors to and users of the online offering (in the following we also refer to the affected persons collectively as "users").
Purpose of processing
Provision of the online offering, its functionality and content
Responding to contact enquiries and communicating with users
"Personal data" is any information relating to an identified or identifiable natural person (in the following referred to as 'affected persons'). A natural person is classed as identifiable where he or she can be identified directly or indirectly, in particular by means of matching to an identifier such as a name, to an identifying number, to location data, to an online identifier (such as a cookie) or to one or more special features which represent an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of the said natural person.
"Processing" is any action or sequence of actions carried out with or without the aid of automated means in connection with personal data. The term is far-reaching, and covers practically all handling of data.
The "data controller" is the natural person or legal entity, public authority, institution or other body who determines the purposes and means of processing personal data, either alone or in conjunction with others.
Pursuant to Art. 13 GDPR, we hereby advise you of the legal basis for our processing of data. Where the legal basis is not cited in the privacy statement, the following provisions apply: The legal basis for obtaining consent is Art. 6 (1) lit. a and Art. 7 GDPR; the legal basis for processing of data in order to fulfil our supplies and services and execute measures under contracts, as well as in responding to enquiries, is Art. 6 (1) lit. b GDPR; the legal basis for processing of data in order to fulfil our legal obligations is Art. 6 (1) lit. c GDPR; and the legal basis for processing of data in order to protect and preserve our legitimate interests is Art. 6 (1) lit. f GDPR. Where vital interests of the affected person or of another natural person necessitate processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.
Cooperation with data processors and third parties
Where we disclose data to other persons and organisations (data processors or third parties), transmit data to them or allow them access to the data in any other way in the course of our processing, we shall do so only to the extent allowed by law (such as where transmission of data to third parties, including to payment service providers, is essential to fulfilment of the contract pursuant to Art. 6 (1) lit. b GDPR), where you have given your consent, where we are legally obliged to do so, or on the basis of our legitimate interests (such as when engaging representatives, web hosters, etc.). Where we engage third parties as data processors on the basis of a data processing agreement, we shall do so on the basis of Art. 28 GDPR.
Transmission of data to third countries
Where we process data in a third country (that is to say, a country outside the European Union (EU) or the European Economic Area (EEA)), or we do so in the course of utilising services from third parties or in the disclosure or transmission of data to third parties, we shall do so only in order to fulfil our (pre-)contractual obligations, on the basis of your consent, in fulfilment of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permission, we shall process data, or arrange for processing of data, in a third country only if the special preconditions laid down in Art. 44 ff. GDPR are met. That is to say, for example, processing shall take place on the basis of special guarantees, such as official recognition of a data security level corresponding to that of the EU (e.g. based on the Privacy Shield in the USA) or in compliance with officially recognised special contractual obligations (so-called "standard contract terms").
Rights of affected persons
You have the right to demand confirmation as to whether relevant data is being processed, and to receive information concerning the said data as well as further information and copies of the data in accordance with Art. 15 GDPR. In accordance with Art. 16 GDPR, you have the right to demand that data relating to you be supplemented if incomplete, or be corrected if inaccurate. In accordance with Art. 17 GDPR, you have the right to demand that relevant data be immediately deleted, or alternatively pursuant to Art. 18 GDPR that processing of the said data be restricted.
You have the right in accordance with Art. 20 GDPR to demand that data relating to you which you have provided to us be returned to you, and that it be transmitted to other data controllers.
You further have the right in accordance with Art. 77 GDPR to submit a complaint to the competent regulatory authority.
Right to revoke consent
You have the right to revoke consent you have granted in accordance with Art. 7 (3) GDPR with effect for the future.
Right to object
You can object to the future processing of the data relating to you in accordance with Art. 21 GDPR at any time. You can object in particular to the processing of your data for direct marketing purposes.
Cookies and right to object to direct marketing
Cookies are small files which are stored on users' computers. Cookies can contain a range of different data. The primary purpose of a cookie is to record data on a user (and details of the device on which the cookie is stored) during – or also after – his or her visit to an online offering. Session cookies, also known as transient cookies, are cookies which are deleted after a user has left an online offering and closes his or her browser. Cookies of this kind may, for example, record the content of a shopping basket on an online shop or a login status. Permanent, or persistent, cookies remain stored after the browser is closed. This means a user's login status is retained if he or she returns to the site days later. A cookie of this kind may also record a user's interests for reach measurement or marketing purposes. Third-party cookies are installed by vendors other than the data controller who operates the online offering (otherwise, if only the data controller's cookies are installed, these are called first-party cookies). We may make use of both session cookies and permanent cookies, and provide details on this in our privacy statement.
Furthermore, the storing of cookies can be prevented by disabling them in the browser settings. Please note that you will then possibly not be able to utilise the full functionality of the online offering.
The data we process will be deleted, or its processing restricted, in accordance with Art. 17 and 18 GDPR. Unless explicitly specified in this privacy statement, the data held by us will be deleted as soon as it is no longer required for its intended purpose and no statutory retention periods apply which prohibit it from being deleted. If the data is not deleted because it is required for other legally admissible purposes, its processing will be restricted. That is to say, the data will be blocked, and not processed for other purposes. That is the case, for example, in respect of data which must be retained pursuant to commercial or tax law. German law stipulates retention periods of six years according to Article 257, paragraph 1 of the Commercial Code (HGB) (relating to commercial accounts, inventories, opening balances, annual financial statements, commercial correspondence, posting vouchers, etc.) and 10 years according to Article 147, paragraph 1 of the Fiscal Code (AO) (relating to books, records, management reports, posting vouchers, commercial and business correspondence, documents relevant to taxation, etc.). Austrian law stipulates retention periods of seven years according to Article 132, paragraph 1 of the Federal Fiscal Code (BAO) (accounting documents, vouchers/invoices, accounts, vouchers, business documents, statements of income and expenses, etc.), of 22 years in relation to real estate, and of 10 years for documents relating to electronic services, telecommunications, radio and television services provided to nonbusiness entities in EU member-states and for which the Mini-One-Stop-Shop (MOSS) is utilised.
We use hosting to provide the following services: Infrastructure and platform services; computing capacity; storage space and database services; security services; and technical maintenance services for the operation of our online offering. In this, we and/or our hosting providers process inventory data, contact details, content, contract data, usage data, metadata and communications data of customers, interested parties and visitors to our online offering on the basis of our legitimate interest in providing an efficient and secure online offering in accordance with Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (Processor).
We process data in performing administrative functions and organising our business operations, financial accounting and fulfilment of our legal obligations, such as archiving. In doing so, we process the same data which we process in providing our contractual services. The bases for processing of data are Art. 6 (1) lit. c. GDPR, Art. 6 (1) lit. f. GDPR. The processing relates to customers, interested parties, business partners and website visitors. The purposes of, and our interests in, the processing of data are for administration, financial accounting, office organisation and data archiving – that is to say, functions which serve to sustain our business operations, fulfil our tasks and deliver our products and services. The deletion of data in relation to contractual services and contract-related communications corresponds to the procedures set out in connection with the said processing activities.
In this, we disclose or transmit data to finance authorities, advisors such as accountants or auditors, as well as to other official bodies which collect levies and to payment service providers.
In pursuit of our commercial interests, we also store data relating to suppliers, event organisers and other business partners, in order to contact them subsequently for example. We store this mostly corporate data on a permanent basis as a matter of policy.
Commercial analyses and market research
In order to run our business efficiently, track market trends and identify customers' and users' wishes, we analyse the data we hold in relation to business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communications data, contract data, payment data, usage data and metadata on the basis of Art. 6 (1) lit. f. GDPR. This processing relates to customers, interested parties, business partners, visitors to and users of the online offering.
The analyses are carried out for the purposes of commercial evaluation, marketing and market research. In doing this, we may consider the profiles of registered users including data such as their purchase transactions. The analyses help us to optimise and enhance the userfriendliness of our offering, as well as to make it more economically efficient. The analyses benefit only ourselves, and are not disclosed to external parties, apart from in the form of anonymised analyses containing summary data.
Where the said analyses or profile relate to specific persons, they are deleted or anonymised when the users concerned give notice of termination; otherwise two years after signing of contracts. In other respects, macro-economic analyses and general trend analyses are compiled anonymously as far as possible.
When users contact us (such as using our contact form, by e-mail, telephone, or via social media), their details are processed in order to deal with their enquiries and requests in accordance with Art. 6 (1) lit. b) GDPR. User-related data may be stored in a Customer Relationship Management (CRM) system or comparable enquiry handling infrastructure.
We delete submitted enquiries when they are no longer required. We review the need to retain such enquiries every two years. They are also subject to the statutory archiving requirements.
Newsletter Mailing service provider
If newsletters are offered, they are sent by a mailing service provider. Such a mailing service provider is engaged in pursuit of our legitimate interests according to Art. 6 (1) lit. f GDPR and on the basis of a data processing contract in accordance with Art. 28 (3) p. 1 GDPR. The mailing service provider may use recipients' data in pseudonymised form – that is to say, without the ability to link it to a specific user – in order to enhance its own services, for example for the technical optimisation of its mailing operations and the presentation of the newsletter, or for statistical purposes. The mailing service provider will not, however, use the data of our newsletter recipients in order to contact them itself or to transmit their data to third parties.
Online presence in social media
We maintain an online presence in social networks and on platforms in order to communicate with customers, interested parties and users who utilise such media and to inform them of our products and services. When users access the networks and platforms in question, they are subject to the terms and conditions and data processing standards of the relevant operators.
Unless specified otherwise in our privacy statement, we will process users' data when they communicate with us through social networks and platforms, such as when they post on our online sites or send us messages.
Inclusion of third-party services and content
In pursuit of our legitimate interests (that is to say, our interest in analysing, optimising and cost-effectively operating our online offering under the terms of Art. 6 (1) lit. f. GDPR), we include content or services from third-party providers as part of our online offering, for example in the form of videos or fonts (in the following referred to collectively as "content").
This is always subject to the requirement that the third-party providers of the said content identify users' IP addresses, as without the IP addresses they might not be able to transmit the content to the users' browsers. The IP address is thus essential to the presentation of the said content. We make efforts to only include content from providers who use IP addresses solely to deliver the content. Moreover, third-party providers may use so-called pixel tags (invisible graphics, also termed "web beacons") for statistical or marketing purposes. Pixel tags enable information such as visitor traffic to this website to be evaluated. The pseudonymised information may also be stored in cookies on users' devices and may, among other data, contain technical information on the user's browser and operating system, linking websites, times of visits and other data relating to the use of our online offering, and may also be linked to such information from other sources.
We include videos from the YouTube platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.