Data protection at ABLE
Please read these statements regarding the use of this portal carefully. By using the website you are accepting these conditions.
Our data privacy statement makes use of terms defined in the EU General Data Protection Regulations (GDPR). We have explained these terms below in order to ensure legibility and comprehension of our data privacy statement:
According to the GDPR, personal data is all information referring to an identified or identifiable natural person. This refers to information such as your name, your date of birth, your address, your E-Mail address, your IP address or your telephone number, as well as your user behaviour. On the other hand, information not directly related to your real identity – such as websites generally preferred by all users or a website’s number of users – is not regarded as personal data.
The data subject is any identified or identifiable natural person whose personal data is used by the controller responsible for processing.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
Controller or controller responsible for processing
The controller or controller responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or member state law, the controller or the specific criteria for its nomination may be provided for by Union or member state law.
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or member state law shall not be regarded as recipients.
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.
- Name and address of the controller [Art. 4, Para. 7 of the GDPR]
The controller under the terms of the General Data Protection Regulation, other national data protection legislation of the member states and other provisions under data protection legislation is:
Tel.: +49 (0) 176 768 686 38
III. General information on data processing
Extent of personal data processing
As a basic principle, we collect and process our users’ personal data only to the extent required for providing a functional website and supplying our content and services. We process our users’ personal data regularly only if the respective users have given their consent. An exception applies in those cases where it is not actually possible to obtain prior consent and where data processing is permitted by law.
Legal basis for processing personal data
The data you transfer or collect shall only be collected, used, processed, stored and if necessary forwarded to third parties – where this is legally prescribed, contractually necessary or permitted within the framework of current legislation – within the framework of current data protection legislation (GDPR, the German Federal Data Protection Act and the German Broadcast Media Act).
Art. 6 of the GDPR is the respective legal basis for processing your personal data to which this data privacy statement refers:
Insofar as we obtain the data subject’s consent to process their personal data, Art. 6, Para. 1, lit. a of the EU General Data Protection Regulation (GDPR) shall apply as the legal basis for processing personal data.
Where it is necessary to process personal data for the purposes of fulfilling a contract and the data subject is the contracting party, Art. 6, Para. 1, lit. b of the GDPR shall apply as the legal basis. This shall also apply to processing which is required to carry out pre-contractual measures.
Where processing of personal data is necessary for our company to fulfil a legal obligation, Art. 6, Para. 1, lit. c of the GDPR shall apply as the legal basis.
Where processing of personal data is necessary for protecting the vital interests of the data subject, or those of another natural person, Art. 6, Para. 1, lit. d of the GDPR shall apply as the legal basis.
Where processing is necessary to protect our company’s or a third party’s legitimate interests, and such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6, Para. 1, lit. f of the GDPR shall apply as the legal basis for processing.
Erasure of data and duration of storage
The data subject’s personal data shall be erased or blocked as soon as the purpose for which it has been stored has been fulfilled. Data may be stored beyond this period if this is specified in European or national legislation from European Union Regulations, laws or other provisions to which the controller is subject. Data shall also be blocked or erased if a storage period specified in the above standards expires, unless conclusion or fulfilment of a contract requires the data to be stored for longer.
Providing the website and creating log files
The extent and manner of collection and use of your data differs, depending on whether you visit our website only to download information or whether you are making use of our offer – static links (VI):
Description and extent of data processing
Each time our website is accessed, our system automatically collects data and information from the accessing computer system.
The following data is collected:
- Information on the browser type and version used
- The user’s operating system
- The user’s IP address
- Date and time of access
- Websites from which the user’s system reaches our website
- Websites the user’s system accesses from our website
The data is also stored in our system’s log files. This data is not stored together with any of the user’s other personal data.
Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6, Par. 1, lit. f of the GDPR.
Purpose of data processing
The system needs to store the IP address temporarily in order to provide the website to the user’s computer. The user’s IP address must remain stored for the duration of the session for this purpose.
Storage in log files is carried out to guarantee the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. No data is evaluated for marketing purposes in this context.
The above purposes also constitute our legitimate interest in data processing under Art. 6, Para. 1, lit. f of the GDPR.
Duration of storage
The data shall be erased as soon as it is no longer required to achieve the purpose for which it was collected. When data is collected in order to provide the website, this is the case when the respective session is ended.
When data is stored in log files, this is the case after 7 days at the latest. Extended storage is possible. In this case, users’ IP addresses are erased or modified so that they can no longer be allocated to the accessing user.
Option to object and remove
It is absolutely essential to collect data in order to provide the website; it is necessary to store data in log files in order to operate the website. As a result, the user has no option to object.
Description and extent of data processing
Legal basis for data processing
The legal basis for processing personal data using technically necessary cookies is Art. 6, Par. 1, lit. f of the GDPR. The legal basis for processing personal data using cookies, provided that the user has given their consent to this effect, is Art. 6, Para. 1, lit. a of the GDPR.
Purpose of data processing
The user data collected by technically necessary cookies is not used to create user profiles. In these purposes we also have a legitimate interest in processing personal data in accordance with Art. 6, Para. 1, lit. f of the GDPR.
Duration of storage and option to object and remove
Static links to Facebook, Instagram, Twitter and LinkedIn
Our website makes use of static links to the social networks Facebook and Instagram, the microblogging service Twitter as well as a social platform LinkedIn. These services are offered by the companies Facebook Inc., Twitter Inc. and LinkedIn Corp. (“service providers”). Please inform yourself about the data privacy regulations of the various platforms.
VII. Rights of the data subject
If your personal data is processed then you are the data subject in the spirit of the GDPR and you have the following rights vis-a-vis the data controller:
Right of access
You can request confirmation from the controller as to whether we are processing personal data concerning you.
Right to erasure
- a) Obligation to erase
You can make a request to the controller that the personal data concerning you be erased without undue delay and the controller shall be obliged to erase this data without undue delay where one of the following grounds applies:
- The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which processing is based in accordance with Art. 6, Para. 1, lit. a or Art. 9, Para. 2, lit. a of the GDPR and there are no other legal grounds for processing.
- You object to processing pursuant to Art. 21, Para. 1 of the GDPR and there are no other overriding legitimate grounds for processing or you object to processing pursuant to Art. 21, Para. 2 of the GDPR.
- The personal data concerning you was processed unlawfully.
- The personal data concerning you must be erased for compliance with a legal obligation in Union or member state law to which the controller is subject.
- The personal data concerning you was collected in relation to the offer of information society services referred to in Art. 8, Para. 1 of the GDPR.
- b) Exceptions
The right to erasure shall not apply where processing is necessary:
- For exercising the right of freedom of expression and information;
- For compliance with a legal obligation which requires processing by Union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- For reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 Par. 2 as well as Art. 9 Par. 3 of the GDPR;
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in acordance with Art. 89 Par. 1 of the GDPR, in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- For the establishment, exercise or defence of legal claims.
Right to notification
If you have asserted your right to rectification, erasure or restriction of processing from the controller, the controller shall be obliged to inform all the recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You are entitled to receive information about these recipients from the controller.
Right to data portability
You have the right to receive the personal data concerning you, which you provided to the controller, in a structured, commonly used and machine-readable format.
In exercising this right, you further have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by the exercising of this right.
Right to object
You shall have the right, on grounds relating to your particular situation, to object at any time to processing of the personal data concerning you based on Art. 6, Para. 1, lit. e or f of the GDPR; this shall also apply to profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If the personal data concerning you is processed for direct marketing purposes, you shall have the right at any time to object to processing of the personal data concerning you for the purposes of such marketing; this shall also apply to profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you can exercise your right to object by automated means using technical specifications.
Right to withdraw your declaration of consent under data privacy legislation
You have the right to withdraw your declaration of consent under data privacy legislation at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.
VIII. Right of amendment
We reserve the right to amend this data privacy statement in order to adapt it to current regulations; the same applies to the offerings on our website.