Information with regard to the processing of Personal Data in accordance with Art. 13 of the General Data Protection Regulation (GDPR) of the European Union.
« The German version of this text is binding. The English version is a translation of the original and for information purposes only.”
This Data Security Declaration applies for the Websites of 3A Composites GmbH.
In particular it refers to personal information which is collected while using our websites. It does not apply to external websites accessed, e.g via links. In this case, the data protection declarations of the external sites apply.
References to the legal framework refer to the General Data Protection Regulation (GDPR) of the European Union in the version applicable on May 25th 2018 and to the German Federal Data Protection Act (Bundesdatenschutzgesetz/BDSG) in the version applicable as of November 26th 2019.
Personal Information ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Art. 4 GDPR). In addition, this declaration contains all relevant information with regard to the provision of our services.
The responsible entity for the processing of data on our websites and within the scope of the service provision is:
3A Composites GmbH
Alusingenplatz 1
78224 Singen
Germany
Phone: +49 7731 941 3500
E-Mail: info@3acomposites.com
Representative: Dr. Joachim Werner
We have appointed an external Data Protection Officer:
Pfeil Concepts GmbH
David Pfeil
Schloßstraße 28
04425 Taucha
Germany
Phone: +49 34298 158920
E-Mail: 3ac.datenschutz@3acomposites.com
4.1 Web-Hosting and Administration:
The web servers for the website https://www.display.3AComposites.com/trafficsolutions is provided by Mittwald CM Service GmbH & Co. KG.
Contact information:
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp
Germany
Phone: +49 5772293100
E-Mail: support@mittwald.de
Mittwald CM Service GmbH & Co. KG is a processor on behalf of our service provider com-a-tec GmbH. We refer to our contract with com-a-tec GmbH regulating the processing in accordance with Art. 28(3) GDPR.
The adminsitrative support of the websites https://www.display.3AComposites.com is provided by com-a-tec GmbH.
Contact information:
com-a-tec GmbH
Am Krebsgraben 15
78048 Villingen-Schwenningen
Germany
Phone: +49772198300
E-Mail: mail@com-a-tec.de
We have concluded a contract regulating the processing with com-a-tec GmbH in accordance with Art. 28 (3) GDPR.
4.2 SSL/TLS Encryption
This website uses SSL and/or TLS encryption for security reasons and in order to secure the transfer of personal data which you send to us as website operator. You can tell that the connection is secure and encrypted if the address line in your browser changes from “http://” to “https://” and a lock symbol appears. A third party is not able to read data which is transferred to our website if SSL or TLS encryption is enabled.
4.3 Processing of personal data when visiting our website
When visiting our website, selected personal data is automatically collected by our IT systems. This data is principally technical data (e.g. information about your internet browser, operating system or time you accessed the website.) This data is collected to ensure error-free functionality of our website. This data can also be used to analyse your user behaviour and to improve our services and products.
4.4 Cookies
Our websites uses cookies. Cookies do not cause any damage to your system and do not contain viruses. Cookies are used to make our website more user-friendly, to make it more effective and to improve security. Cookies are small text files which are stored on your device in your browser.
Most of the cookies we use are so-called “Session Cookies”. They are automatically erased after every session. Other cookies remain stored on your device until you erase them manually. These cookies enable us to recognize your browser on your next visit.
You can set your browser to inform you when cookies are being used and only allow cookies in individual cases, reject cookies in certain cases or in general, and activate the automatic erasure of cookies when the browser is closed. Disabling cookies, may restrict the website functionality.
Cookies required for the electronic communication process or for the provision of certain functions are processed on the basis of Art. 6(1)f GDPR. The website operator has a legitimate interest in storing cookies in order to provide technical error-free and optimized services.
4.5 Server log files
The website operator or provider collects and stores data about access to the site in so called server log files. Your browser collects the following data:
The data is used only for statistical purposes and to improve the website. However, the website operator reserves the right to check the server log files retrospectively if there are specific indications of unlawful use. This data is not merged with data from other sources.
The collection of this data is conducted on the basis of Art. 6(1)f GDPR. The website operator has a legitimate interest in the technical error-free presentation and optimisation of the website. Server log files must be collected for this purpose. After a maximum of 7 days the data is anonymised by shortening the IP address at domain level so that it is no longer possible to establish a link with the individual user.
4.6 Google Analytics
This website uses the services of Google Analytics, a web analytics service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so called « cookies ». These are small text files which are stored on your device allowing your user behaviour on the website to be analysed.
The following information is collected:
As a rule, the information on your user behaviour, generated by cookies, is transmitted to a Google server in the USA and stored there.
The storage of Google Analytics cookies and the use of this analytic tool are based on Art. 6(1)f GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to improve its web presentation and marketing.
To protect your personal data, we have enabled the IP anonymisation function for this website. Your IP address is shortened by Google in the member states of the European Union or in other contracting states in the European Economic Area, before being transferred to the U.S. Only in exceptional cases are complete IP addresses transferred to Google servers in the U.S. and shortened there.
Google uses the data on behalf of the operator of this website in order to evaluate your use of the website, to compile reports on website activity and provide other services related to the website activity and internet use to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
You can set your browser to prevent the storage of cookies. Please note that in this case you may not be able to use all the features and functionality of the website. You can also prevent Google from collecting and processing data generated by the cookie and regarding your use of our website (including your IP address) by downloading and installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en.
Additional information regarding the use of personal data by Google Analytics can be found in Google’s Data Protection Declaration: https://support.google.com/analytics/answer/6004245?hl=en.
User and event related data, stored by Google, which is linked to cookies, user identification (e.g.user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or erased after 14 months. The following link gives more details: https://support.google.com/analytics/answer/7667196?hl=en.
Google Inc. is certified in accordance with the “EU Privacy Shield“, which ensures the compliance with GDPR data protection standards applicable in the EU.
4.7 Google Fonts (local hosting)
Google Fonts are used on this website in order to ensure font consistency. Google Fonts are hosted locally on our web space. There is no connection to Google servers. For more information, please see the privacy statement for Google Fonts https://policies.google.com/privacy
Insofar as the internet services of 3A Composites GmbH provide the option to enter personal or business data, this data is entered by the user on a voluntary basis. To process your enquiry (e.g. in order to send brochures, samples, to respond to price enquiries or to register for online offers/seminars), we sometimes work with partners, distributors or service providers to whom we forward your data to facilitate a speedy response to your enquiry or to provide the services requested. All information is treated confidentially in accordance with the applicable data protection legislation regulations.
5.1 Processing purposes
Order processing, information regarding orders and delivery data, execution of logistic services, implementing orders and projects, recording contract and contact information required for the fulfilling of orders or in the preparation of orders, accounting, bookkeeping, credit and collection management/dunning, organization and execution of purchase and procurement, provision of online offers/seminars and other web/online-based information, sales and marketing, customer care, prospective customer and supplier relationships.
5.2 Legal basis
5.3 Categories of data subjects
Potential customers, customers and/or employees of customers, suppliers, potential suppliers, partners, intermediaries/agents, external service providers and freelancers.
5.4 Categories of personal data
We process personal data, which we receive from you in your function as representative or authorised agent of the legal entities (Prospective customers, customers, suppliers, external suppliers, partners, freelancers, employees of customers and intermediaries/agents).
In particular:
5.5 Categories of recipients
Internal entities which are principally involved in the fulfilment of business processes (e.g. purchasing, sales, marketing, administration, order processing, finance & accounting).
Public authorities such as social insurance agencies and fiscal authorities in the event of overriding mandatory provisions.
External contractors (processors as defined by Art. 4 & Art. 28 GDPR for the purposes mentioned above).
In addition, we will only disclose your personal data if you have given us your express consent to do so in accordance with Art. 6(1)a GDPR, or if there is a legal obligation to disclose the data in accordance with Art. 6(1)c GDPR, e.g. in the context of criminal prosecution or if the disclosure is necessary pursuant to Art. 6(1)f GDPR for the purpose of asserting or defending legal claims or exercising rights, and it cannot be assumed that the disclosure is contrary to an overriding interest of the data subject that merits protection.
5.6 Legal retention/erasure
When the legal retention period is over, we erase the respective personal data as long as the personal data is no longer needed for preparation or performance of a contract or when we no longer have a legitimate interest in storing the data.
Storage period of personal data:
5.7 Data transfer to third countries outside the EU
For the provision of product information and, if necessary, the dispatch of product samples (within the meaning of Art. 6(1)b GDPR), we pass on the contact information of customers and interested parties to partners or service providers as required.
In some cases, partners or service providers are located in third countries.
In principle, no other transfer of data to third countries takes place.
However, it can never be ruled out that data may be transferred via or to companies in a third country when using electronic communications via the internet.
You have the right to receive information free of charge and at any time about the origins, recipients and purposes for collecting your personal data. You also have the right to request that your personal data be corrected, erased or blocked, and in certain circumstances, you may also request that the processing of your personal data be restricted. To make this request or for further questions relating to data protection, contact the Controller or our external data protection officer at any time. You also have the right to lodge a complaint with the relevant supervisory authority.
6.1 Withdrawal of consent for data processing (Art.7 GDPR)
Many data processing functions are only possible with your express consent. You have the right to withdraw your consent at any time by sending us an informal communication by e-mail. The withdrawal of consent does not affect the lawfulness of data processing before consent was withdrawn.
6.2 Right to object to data processing in certain cases and for direct marketing purposes (Art. 21 GDPR )
If data processing is carried out on the basis of GDPR 6(1)e or f, you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation; this also applies to profiling based on those provisions. The applicable legal basis on which processing is based can be found in this Data Protection Declaration. If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
6.3 Right to lodge a complaint with the responsible supervisory authority (Art. 13 GDPR)
In the event of violations of the GDPR, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the member state of his or her habitual residence, place of work or place of the alleged infringement without prejudice to any other administrative or judicial remedy.
6.4 Right to data portability (Art. 20 GDPR)
You have the right to receive personal data, which we process automatically based on the consent you have provided or as part of a contract, delivered to you or to a third party in a structured, commonly used machine-readable format. If you request that the data be transferred directly to another responsible body, this will be done provided this is technically feasible.
6.5 Right to access, immediate rectification and immediate erasure (Art. 15,16,17 GDPR)
Within the framework of the applicable legal provisions, you have the right at any time and free of charge to get information about your stored personal data, its origins, recipients and the purpose of data processing and, if necessary, a right to rectification, blocking or erasure of this data. For this purpose, as well as for further questions on the subject of personal data, contact us at any time at the address given at the end of the website in the legal information.
6.6 Right to restriction of processing (Art. 18 GDPR )
You have the right to obtain restriction of processing your personal data. To do so, you can contact us any time at the address given at the end of the website in the legal information. The right to restrict processing your data is possible in the following cases:
Updated 02.2022