Privacy policy
- General information
ASPRIVA GmbH (hereinafter "ASPRIVA"), as the operator of the website www.aspriva.de, takes the protection of personal data very seriously. We treat personal data confidentially and in accordance with the statutory data protection regulations and on the basis of this data protection declaration. The legal basis can be found in particular in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
When you use this website, various personal data is processed depending on the type and extent of use. Personal data is information that relates to an identified or identifiable natural person (hereinafter "data subject"). A natural person is considered identifiable if he or she can be identified directly or indirectly (e.g. by assignment to an online identifier). This includes information such as name, address, telephone number and date of birth.
This privacy policy informs you in accordance with Art. 12 ff. GDPR about how we handle your personal data when you use our website. In particular, it explains which data we collect and what we use it for. It also informs you how and for what purpose this happens.
This privacy statement refers explicitly to the website-specific data processing procedures when you visit our website at www.aspriva.de. Even beyond the website-specific data processing procedures, ASPRIVA attaches great importance to the protection of personal data.
- Responsible
The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.). The controller within the meaning of the GDPR and the applicable national data protection laws (in particular the Federal Data Protection Act) as well as other data protection regulations is:
ASPRIVA GmbH
Represented by the Managing Director Mr. Antonio Brissa
Tel.: +49 (0) 6221 18 74 85 80
Email: hallo@aspriva.com
- Purposes and legal bases of data processing
- Accessing and visiting our website – server log files
For the purpose of the technical provision of the website, it is necessary that we process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically recorded each time our website is accessed and automatically saved in so-called server log files. These are:
- Browser type and version
- operating system used
- Website from which access is made (referrer URL)
- Hostname of the accessing computer
- Date and time of access
- IP address of the requesting computer
The storage of the aforementioned access data is necessary for technical reasons in order to provide a functional website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under other conditions, can at least theoretically enable it to be assigned to you personally. In addition to the purposes mentioned above, we use server log files exclusively to design and optimize our website to meet your needs, purely statistically and without drawing any conclusions about you personally. This data is not merged with other data sources, nor is the data evaluated for marketing purposes.
The access data collected when using our website is only stored for the period for which this data is required to achieve the above purposes. Your IP address is stored on our web server for a maximum of 7 days for IT security purposes.
If you visit our website to find out about our range of products and services or to use them, the legal basis for the temporary storage and processing of access data is Art. 6 Paragraph 1 Clause 1 Letter b of GDPR, which permits the processing of data to fulfill a contract or to carry out pre-contractual measures. In addition, Art. 6 Paragraph 1 Clause 1 Letter f of GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.
- contact form
If you send us inquiries via the contact form, your message/communication (comment) including the contact details you provide there will be stored by us and processed accordingly for the purpose of processing and answering your inquiry and in the event of follow-up questions. We do not pass this data on to third parties unless this is necessary in order to process and answer your contact request or you have given us your consent to do so.
If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of processing and answering your contact request in accordance with Art. 6 Paragraph 1 Clause 1 Letter b GDPR (legal basis). Furthermore, to protect our legitimate interests in accordance with Art. 6 Paragraph 1 Clause 1 Letter f GDPR to respond appropriately to customer/contact inquiries.
The data you enter in the contact form will remain with us until the purpose for storing/processing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.
- Use of cookies and related functions/technologies
3.1 Cookies We sometimes use so-called cookies on our website. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies are used to make our service more user-friendly, effective and secure and to enable the provision of certain functions. Cookies are small text files that are stored on your computer and saved by your browser. A cookie contains a characteristic string of characters that enables your browser to be uniquely identified when you visit the website again.
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit or browser session (so-called transient cookies). Other cookies remain stored on your device for a specified period of time or until you delete them (so-called persistent cookies). These cookies enable us to recognize your browser the next time you visit. We are happy to provide further information on the functional cookies used upon written request. Please then use the contact details above.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. You can regularly find out how to deactivate cookies via the "Help" function of your Internet browser. If cookies are deactivated, the functionality and/or the full availability of this website may be restricted. For further cookie-specific setting and deactivation options, please see the individual explanations below of the cookies and associated functions/technologies specifically used when visiting our website.
Some of the cookies we use on our website come from third parties who help us analyze the impact of our website content and the interests of our visitors, measure the performance of our website, or place needs-based advertising and other content on our or other websites. As part of our website, we use both first-party cookies (only visible from the domain you are currently visiting) and third-party cookies (visible across domains and regularly set by third parties).
Cookie-based data processing is carried out on the basis of your consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR (legal basis) or on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR (legal basis) to protect our legitimate interests. Our legitimate interests lie in particular in being able to provide you with a technically optimized, user-friendly and needs-based website and in ensuring the security of our systems. You can revoke any consent you have given us at any time, e.g. by deactivating the cookie-based tools/plugins listed in detail in the following overview. You can also object to processing based on legitimate interests by making the appropriate settings.
In detail, the following cookie-based tools/plugins are used on this website:
This website uses the functions of Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on the basis of your consent (Art. 6 Para. 1 Clause 1 Letter a of GDPR). You can voluntarily give us your consent when you visit our website by clicking the corresponding button in the "cookie banner". As part of the processing described below, data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Ireland Limited and Google LLC are hereinafter referred to jointly as "Google". Google Analytics uses cookies (first-party cookies) that enable an analysis of your use of the website. However, this does not mean that we thereby directly know your identity. Google uses the information generated by the cookies on our behalf to evaluate the use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. This enables us to improve the quality of our website and its content. Based on statistical analyses, we learn how the website is used and can therefore continually optimize our offering.
The information generated by the Google Analytics cookies about your use of this website (such as the time, location and frequency of your website visits, including your IP address) is transferred to a Google server in the USA and stored there. Google is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/eu-us-framework). We have set the storage period for corresponding data at Google at user and event level to 14 months (shortest possible setting option).
3.2 IP anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA, thus making it anonymous. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data relating to you.
3.3 Browser plug-in
You can prevent the storage of Google Analytics cookies by setting your browser software accordingly (see above). In addition, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
3.4 Objection to data collection
Alternatively, you can activate/deactivate the collection of your data by Google Analytics, especially on mobile devices, by clicking on the following link:
Deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de
If deactivated, a cookie will be set which prevents the collection of your data on future visits to this website.
Specifically, the following tracking cookies are used by Google Analytics:__utmz, __utma, __utmb, __utmc, __utmt.
You can find more information about how Google Analytics handles user data and its security and data protection principles as well as setting and objection options in Google's privacy policy, which can be accessed via the following link: https://support.google.com/analytics/answer/6004245?hl=de .
3.5 YouTube
Our website uses plugins from the YouTube video platform to embed videos and play them directly on our website. The operator of the video platform is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”). YouTube is a company affiliated with Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
The YouTube videos are integrated in the so-called "extended data protection mode", which, according to the provider, only starts saving user information when the video(s) is played. However, the extended data protection mode does not necessarily exclude the transfer of data to YouTube partners. YouTube therefore establishes a connection to the Google DoubleClick network - regardless of whether you watch a video.
If you activate embedded videos on our website, a connection is established to the YouTube servers and data transfer is started. We have no influence on the scope and content of the data that is transmitted to YouTube and possibly other YouTube partners by activating the plug-in. Among other things, the YouTube server is informed which of our pages you have visited. According to information from YouTube, this information is used, among other things, to record video statistics, improve user-friendliness and prevent abusive behavior. YouTube uses cookies to collect information about user behavior. The cookies remain on your device until you delete them. You can prevent YouTube from saving cookies by setting your browser software accordingly (see above).
If you are logged into your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button.
YouTube is used in the interest of an appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR.
Further information on how user data is handled can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.
3.6 Google Maps
This website uses the Google Maps map service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. As part of the processing described below, data is regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Ireland Limited and Google LLC are hereinafter referred to jointly as "Google". In order to use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
Google Maps is used in the interest of an attractive presentation of our online offers and to make the locations we specify on the website easy to find. This represents a legitimate interest within the meaning of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR.
You can find more information about how user data is handled in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/ .
- Use of the Aspriva shop
4.1 Orders: For orders in our ASPRIVA shop, it is necessary that you provide certain personal data that we need to conclude the contract and process your order. Necessary information is marked separately. The provision of further personal data is voluntary. We use the data you provide to process your order and in this context are entitled, among other things, to pass on your data to our bank or the payment service provider specified in the order. The legal basis for this is Art. 6 Para. 1 Sentence 1 b GDPR.
4.2 Customer account: You can voluntarily create a customer account in the ASPRIVA shop, as part of an order or separately, for the processing of your order or future orders. When you create a customer account, we store the data you provide revocably. If you no longer want your customer account, you can revoke your consent by email to hallo@aspriva.com or to the contact details listed in this privacy policy.
4.3 We process your personal data as a customer for the duration of our business relationship and beyond in accordance with applicable statutory retention and documentation obligations and protect them with appropriate organizational and technical measures.
- Further processing purposes
Compliance with legal regulations: We also process your personal data in order to fulfil other legal obligations that may apply to us in connection with our business activities. These include, in particular, retention periods under commercial, trade or tax law. We process your personal data in accordance with Art. 6 Paragraph 1 Clause 1 Letter c of GDPR (legal basis) to fulfil a legal obligation to which we are subject.
Legal enforcement: We also process your personal data in order to be able to assert our rights and enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data insofar as this is necessary to prevent or prosecute criminal offenses. We process your personal data to protect our legitimate interests in accordance with Art. 6 Para. 1 Clause 1 Letter f of GDPR (legal basis), insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offenses (legitimate interest).
Consent: If you have given us your consent to process personal data for certain purposes (e.g. sending information materials and offers), the legality of this processing is based on your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future and processing up to that point is not affected.
- Recipients of data
Within ASPRIVA, those departments that need your data to fulfill our contractual and legal obligations will have access to your data. Service providers and vicarious agents we employ (e.g. technical service providers, shipping companies) may also receive data for these purposes. We limit the sharing of your personal data to what is necessary, taking into account the data protection requirements. In some cases, the recipients receive your personal data as contract processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently with their own data protection responsibility and are also obliged to comply with the requirements of the GDPR and other data protection regulations.
Finally, in individual cases we transmit personal data to our advisors in legal or tax matters, whereby these recipients are obliged to maintain particular confidentiality and secrecy due to their professional status.
- Data transfer to third countries
When using the above-mentioned tools, e.g. Google, we may transfer your IP address to third countries (see above). The data transfer may be based, among other things, on an adequacy decision by the EU Commission in accordance with Art. 45 GDPR. Otherwise, we do not transfer your personal data to countries outside the EU or EEA or to international organizations, unless expressly stated otherwise in this data protection declaration.
VII. Duration of data storage
We initially process and store your personal data for the period for which the respective purpose of use requires corresponding storage (see above for the individual processing purposes). This may also include the periods of initiation of a contract (pre-contractual legal relationship) and the execution of a contract. On this basis, personal data is regularly deleted as part of the fulfillment of our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:
- Fulfillment of statutory retention obligations, which arise, for example, from the German Commercial Code (§§ 238, 257 para. 4 HGB) and the German Fiscal Code (§ 147 para. 3, 4 AO). The retention and documentation periods specified there are up to ten years.
- Preservation of evidence taking into account the statute of limitations. According to Sections 194 ff of the German Civil Code (BGB), these statutes of limitations can be up to 30 years, although the regular statute of limitations is three years.
VIII. Data security
We protect personal data using suitable technical and organizational measures to ensure an appropriate level of protection and to protect the personal rights of the persons concerned. The measures taken serve, among other things, to prevent unauthorized access to the technical facilities we use and to protect personal data from unauthorized access by third parties. In particular, this website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as your contact requests that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data that you send to us cannot be read by third parties. Nevertheless, we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is therefore not possible.
- Your rights as a data subject
Under the statutory requirements, you are entitled to the following rights as a data subject:
- Right to information : You are entitled at any time, within the scope of Art. 15 GDPR, to request confirmation from us as to whether we process personal data concerning you. If this is the case, you are also entitled, within the scope of Art. 15 GDPR, to receive information about this personal data and certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of transfer to a third country, the appropriate guarantees) and a copy of your data. The restrictions of Section 34 BDSG apply.
- Right to rectification : According to Art. 16 GDPR, you have the right to request that we correct the personal data stored about you if it is inaccurate or incorrect.
- Right to erasure : You are entitled to request that we immediately erase personal data concerning you under the conditions of Art. 17 GDPR. The right to erasure does not apply if the processing of personal data is necessary, e.g. to fulfill a legal obligation (e.g. statutory retention periods) or to assert, exercise or defend legal claims. In addition, the restrictions of Section 35 BDSG apply.
- Right to restriction of processing : You have the right to request that we restrict the processing of your personal data under the conditions of Art. 18 GDPR.
- Right to data portability : You have the right, under the conditions of Art. 20 GDPR, to request that we provide you with the personal data concerning you that you have made available to us in a structured, common and machine-readable format.
- Right to withdraw consent : You can withdraw your consent to the processing of personal data at any time. This also applies to the withdrawal of consent given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the withdrawal only applies to the future. Processing that took place before the withdrawal is not affected. To declare the withdrawal, an informal message to us, e.g. by email, is sufficient.
- Right of objection : You have the right to object to the processing of your personal data under the conditions of Art. 21 GDPR, so that we must stop processing your personal data. The right of objection only exists within the limits provided for in Art. 21 GDPR. In addition, our interests may conflict with the termination of processing, so that we are entitled to process your personal data despite your objection. We will take into account any objection to any direct marketing measures immediately and without re-weighing the existing interests.
- Information about your right of objection according to Art. 21 GDPR : You have the right to object at any time to the processing of your data which is carried out on the basis of Art. 6 Paragraph 1 Clause 1 Letter f GDPR (data processing on the basis of a balance of interests) or Art. 6 Paragraph 1 Clause 1 Letter e GDPR (data processing in the public interest) if there are reasons for doing so which arise from your particular situation.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
The objection can be made in any form and should, if possible, be addressed to: ASPRIVA GmbH Long Anger 7 69115 Heidelberg Email: datenschutz@aspriva.de |
- Right to lodge a complaint with a supervisory authority : Under the conditions of Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority. In particular, you can lodge a complaint with the supervisory authority responsible for us, the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Tel. 0711/61 55 41 – 0, email: poststelle@lfdi.bwl.de or another competent supervisory authority. A list of the data protection supervisory authorities and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .
Other concerns: Our data protection officer is available to answer any further data protection questions and concerns. If possible, corresponding enquiries and the exercise of your above rights should be sent in writing to our address given above or by email to datenschutz@aspriva.de.
- Obligation to provide data
In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to provide you with our website without restrictions or answer your enquiries. Personal data that we do not necessarily need for the processing purposes mentioned above is marked as voluntary information.
- Automated decision-making/profiling
We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).
XII. Current status and changes to this privacy policy
- This privacy policy is currently valid and is dated April 24, 2024.
- Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration.