Privacy policy

[This is a courtesy translation of the original German Privacy Policy. In the event of any discrepancies or differences in interpretation, the original German version shall prevail.]

Data protection statement

 

I. General information

ASPRIVA GmbH (hereinafter ‘ASPRIVA’), as the operator of the website www.aspriva.de, takes the protection of personal data very seriously. We treat personal data confidentially and in accordance with the statutory data protection regulations and on the basis of this data protection declaration. The legal basis can be found in particular in the General Data Protection Regulation (GDPR) and in the German Federal Data Protection Act (BDSG).

When you use this website, various personal data are processed depending on the type and extent of use. Personal data is information that relates to an identified or identifiable natural person (hereinafter referred to as ‘data subject’). A natural person is considered identifiable if they can be identified directly or indirectly (e.g. by means of assignment to an online identifier). This includes information such as your name, address, telephone number and date of birth. This privacy policy informs you in accordance with Art. 12 et seq. of the GDPR about how we handle your personal data when you use our website. In particular, it explains what data we collect and what we use it for. It also informs you about how and for what purpose this is done. This data protection declaration explicitly refers to the website-specific data processing when visiting our website at www.aspriva.com. Even beyond the website-specific data processing, ASPRIVA attaches great importance to the protection of personal data.

II. Controller

The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.). The controller within the meaning of the GDPR and the applicable national data protection laws (in particular the BDSG) and other data protection provisions is:

ASPRIVA GmbH
represented by the managing director Mr Antonio S. Brissa
Tel.: +49 (0) 6221 18 74 85 80
E-Mail: privacy@aspriva.com.

IV. Purposes and legal bases for processing data

1. Accessing and visiting our website – server log files

For the purpose of the technical provision of the website, it is necessary for us to process certain information that is automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically collected each time you access our website and automatically stored in so-called server log files.

These are:

- Browser type and browser version

- Operating system used

- Website from which access is made (referrer URL)

- Host name of the accessing computer

- Date and time of access

- IP address of the requesting computer

The storage of the aforementioned access data is necessary for technical reasons in order to provide a functional website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under further conditions, can at least theoretically enable it to be assigned to you. Beyond the purposes mentioned above, we use server log files exclusively for the purpose of designing and optimising our website to meet demand, purely statistically and without any reference to you. This data is not merged with other data sources, nor is it evaluated for marketing purposes.

The access data collected in the course of using our website is only stored for the period for which this data is required to achieve the above-mentioned purposes. For IT security purposes, your IP address is stored on our web server for a maximum of 7 days.

If you visit our website to find out about our range of products and services or to use them, the legal basis for the temporary storage and processing of the access data is Art. 6 (1) sentence 1 point (b) GDPR, which permits the processing of data for the fulfilment of a contract or for the implementation of pre-contractual measures. In addition, Art. 6 para. 1 sentence 1 lit. f DS-GVO serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to provide you with a technically functional and user-friendly website and to ensure the security of our systems.

2. Contact form

If you send us enquiries using the contact form, your message (comment), including the contact data you provided there, will be stored and processed by us for the purpose of processing and answering the enquiry and in the event of follow-up questions. We do not pass this data on to third parties unless this is necessary in the context of processing and answering your contact request or you have given us your corresponding consent.

If you contact us in the context of an existing contractual relationship or in advance to request information about our range of products or other services, the data and information you provide will be processed for the purpose of processing and answering your contact request in accordance with Art. 6 (1) (1) (b) GDPR (legal basis). Furthermore, in order to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f DS-GVO for the proper answering of customer/contact inquiries.

The data entered by you in the contact form will remain with us until the purpose for the data storage/processing no longer applies (e.g. after the processing of your enquiry has been completed). Mandatory legal provisions – in particular retention periods – remain unaffected.

3. Use of cookies and associated functions/technologies

3.1 Cookies

We use cookies on some pages of our website. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure, and enable the provision of certain features. Cookies are small text files that are stored on your computer and saved by your browser. A cookie contains a characteristic string of characters that enables your browser to be clearly identified when you return to the website.

Most of the cookies we use are so-called ‘session cookies’. They are automatically deleted after the end of your visit or your browser session (so-called transient cookies). Other cookies remain stored on your device for a predetermined period or until you delete them (so-called persistent cookies). These cookies enable us to recognise your browser the next time you visit. We will be happy to provide further information on the functional cookies used upon written request. Please contact us using the contact details above.

You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, accept cookies for specific cases or generally exclude them, and activate the automatic deletion of cookies when you close your browser. You can regularly obtain the procedure for deactivating cookies via the ‘Help’ function of your internet browser. If you deactivate cookies, the functionality and/or full availability of this website may be restricted. For further cookie-specific setting and deactivation options, please also see below the individual explanations of the cookies and associated functions/technologies specifically used when you visit our website.

Some of the cookies we use on our website come from third parties who help us to analyse the impact of our website content and the interests of our visitors, to measure the performance and efficiency of our website or to place targeted advertising and other content on our or other websites. As part of our website, we use both first-party cookies (only visible from the domain you are currently visiting) and third-party cookies (visible across domains and regularly set by third parties).

The cookie-based data processing is carried out on the basis of your consent in accordance with Art. 6 (1) (a) GDPR (legal basis) or on the basis of Art. 6 (1) (f) GDPR (legal basis) to protect our legitimate interests. Our legitimate interests in this regard lie, in particular, in our desire to provide you with a technically optimised and user-friendly website that is designed to meet your needs, as well as to ensure the security of our systems. You can revoke any consent you have given us at any time, e.g. by deactivating the cookie-based tools/plugins listed in detail in the following overview. You can also object to processing based on legitimate interests by making the appropriate settings. The following cookie-based tools/plugins are used on this website:

This website uses the functions of Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on the basis of the consent you have given us (Art. 6 para. 1 sentence 1 lit. a DS-GVO). You can voluntarily give us your consent by clicking on the corresponding button in the ‘cookie banner’ when you access our website. As part of the processing described below, data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Ireland Limited and Google LLC are hereinafter jointly referred to as ‘Google’. Google Analytics uses cookies (first-party cookies) that enable an analysis of your use of the website. However, this does not mean that we immediately become aware of your identity. Google uses the information generated by the cookies on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website and internet use. This enables us to improve the quality of our website and its content. We use statistical analyses to learn how the website is used and thus constantly optimise our services.

The information generated by the Google Analytics cookies about your use of this website (e.g. time, place and frequency of your visits to our site, including your IP address) is transmitted to a Google server in the United States and stored there. Google is certified under the Privacy Shield agreement (https://www.privacyshield.gov/eu-us-framework). We have set the storage period for corresponding data at Google to 14 months at the user and event level (shortest possible setting option).

3.2 IP anonymization

We have activated the IP anonymisation function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area before it is transmitted to the USA and thus anonymised. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. According to Google, the IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data about you.

3.3 Browser Plugin

You can prevent the storage of Google Analytics cookies by selecting the appropriate settings on your browser (see above). You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

3.4 Objection to data collection

Alternatively, you can activate/deactivate the collection of your data by Google Analytics, in particular on mobile devices, by clicking on the following link:

Deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de

If you deactivate it, a cookie will be set that prevents the collection of your data during future visits to this website.

Specifically, the following tracking cookies are used by Google Analytics: __utmz, __utma, __utmb, __utmc, __utmt.

For more information about how Google Analytics handles user data, the security and privacy principles, as well as configuration and opt-out options, please refer to Google's privacy policy, available at the following link: https://support.google.com/analytics/answer/6004245?hl=de.

3.5 YouTube

Our website uses plugins from the video platform YouTube to embed videos and play them directly on our website. The operator of the video platform is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (‘YouTube’). YouTube is a company affiliated with Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ‘Google’).

YouTube videos are embedded in the so-called ‘extended data protection mode’, which, according to the provider, only initiates the storage of user information when the video(s) are played. However, the extended data protection mode does not necessarily exclude the transfer of data to YouTube partners. For example, YouTube connects to the Google DoubleClick network regardless of whether you are watching a video or not.

If you activate embedded videos on our website, a connection to the YouTube servers is established and data transmission is started. We have no influence on the scope and content of the data that is transmitted to YouTube and possibly other YouTube partners when the plug-in is activated. Among other things, the YouTube server is informed which of our pages you have visited. According to information from YouTube, this information is used, among other things, to collect video statistics, improve user-friendliness and prevent abusive practices. YouTube uses cookies to collect information about user behaviour. The cookies remain on your device until you delete them. You can prevent YouTube from storing cookies by adjusting the settings in your browser software (see above).

If you are logged into your YouTube account, you enable YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account before activating the play button.

YouTube is used in the interest of presenting our online offers in an appealing way. This constitutes a legitimate interest within the meaning of Article 6 (1) (f) GDPR.

For more information on how user data is handled, please refer to YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

3.6 Google Maps

This website uses the mapping service Google Maps. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the processing described below. Google Ireland Limited and Google LLC are hereinafter jointly referred to as ‘Google’. To use the Google Maps features, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.

You can find more information about how user data is handled in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

4. Using the Aspriva shop

4.1 Orders: To place orders in our ASPRIVA shop, you must provide certain personal data that we need to conclude the contract and process your order. Necessary information is marked separately. The provision of further personal data is voluntary. We use the data you provide to process your order and, in this context, we are entitled, among other things, to pass on your data to our bank or the payment service provider specified in the order. The legal basis for this is Art. 6 Para. 1 Sentence 1 b DS-GVO.

4.2 Customer account: You can voluntarily create a customer account in the ASPRIVA shop, either as part of an order or separately, for the purpose of processing your order or future orders. When you create a customer account, we store the data you provide on a revocable basis. If you no longer wish to have a customer account, you can send a request to revoke your consent by email to privacy@aspriva.com or to our contact details listed in this data protection declaration.

4.3 We process your personal data as a customer for the duration of our business relationship and beyond in accordance with applicable statutory retention and documentation obligations and protect it with appropriate organisational and technical measures.

5. Newsletter

If you subscribe to our company newsletter, the data in the respective input mask will be transmitted to the data controller. Registration for our newsletter is done in a so-called double opt-in procedure. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with another person's e-mail address. When registering for the newsletter, the user's IP address and the date and time of registration are stored. This is to prevent misuse of the services or the e-mail address of the person concerned. The data will not be passed on to third parties. An exception to this is if there is a legal obligation to pass on the data. The data will be used exclusively for sending the newsletter. The data subject can cancel their subscription to the newsletter at any time. Likewise, consent to the storage of personal data can be withdrawn at any time. For this purpose, there is a corresponding link in each newsletter. The legal basis for the processing of data after the user has registered for the newsletter is the consent of the user in accordance with Article 6 (1) (a) of the GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) of the German Unfair Competition Act (UWG).

1.1 Use of rapidmail

Description and purpose: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. rapidmail is used, among other things, to organise and analyse the sending of newsletters. The data you enter to subscribe to our newsletter is stored on rapidmail servers in Germany. If you do not want your usage of the newsletter to be analysed by rapidmail, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. For the purpose of analysis, e-mails sent with rapidmail contain a so-called tracking pixel that connects to the rapidmail servers when the e-mail is opened. This makes it possible to determine whether a newsletter message has been opened. Furthermore, with the help of rapidmail, we can determine whether and which links in the newsletter message are clicked. Optionally, links in the e-mail can be set up as tracking links, which can be used to count your clicks.

Legal basis: The legal basis for the data processing is Art. 6 (1) point a GDPR.

Recipient: The recipient of the data is rapidmail GmbH.

Transfer to third countries: The data will not be transferred to third countries.

Duration: The data stored by us for the purpose of the newsletter as part of your consent will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and the servers of rapidmail after you unsubscribe from the newsletter. Data that we have stored for other purposes (e.g. e-mail addresses for the members area) remain unaffected.

Right of withdrawal: You have the right to withdraw your consent to data processing at any time with effect for the future. The legality of the data processing operations already carried out remains unaffected by the withdrawal.

Further data protection information: For more details, please refer to the data protection information of rapidmail at: https://www.rapidmail.de/datensicherheit. For more information on the analysis functions of rapidmail, please refer to the following link: https://www.rapidmail.de/wissen-und-hilfe

6. Further processing purposes

Compliance with legal requirements: We also process your personal data in order to fulfil other legal obligations that may apply to us in connection with our business activities. These include, in particular, retention periods under commercial, trade or tax law. We process your personal data in accordance with Art. 6 (1) 1 lit. c GDPR (legal basis) for the fulfilment of a legal obligation to which we are subject.

Law enforcement: We also process your personal data in order to assert our rights and enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offences. In this context, we process your personal data to protect our legitimate interests in accordance with Art. 6 (1) (1) (f) GDPR (legal basis), insofar as we assert legal claims or defend ourselves in legal disputes or prevent or investigate criminal offences (legitimate interest).

Consent: Insofar as you have given us consent to process personal data for specific purposes (e.g. sending information material and offers), the lawfulness of this processing is based on your consent. Consent that has been given can be withdrawn at any time. This also applies to the withdrawal of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation is only effective for the future and that processing up to that point is not affected.

V. Recipients of data

Within the ASPRIVA company, those departments that need access to your data in order to fulfil our contractual and legal obligations will receive access to it. Service providers and vicarious agents employed by us (e.g. technical service providers, shipping companies) may also receive data for these purposes. We limit the disclosure of your personal data to what is necessary, taking into account data protection requirements. In some cases, recipients receive your personal data as processors and are then strictly bound by our instructions when handling your personal data. In some cases, recipients act independently under their own data protection responsibility and are also obliged to comply with the requirements of the GDPR and other data protection provisions.

Finally, in individual cases, we transfer personal data to our consultants in legal or tax matters, whereby these recipients are obliged to maintain special confidentiality and secrecy due to their professional legal position.

VI. Data transfer to third countries

As part of the use of the above-mentioned tools, e.g. Google, we may transfer your IP address to third countries (see above). The data transfer may, among other things, be based on an adequacy decision of the EU Commission pursuant to Art. 45 GDPR. Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organisations, unless expressly stated otherwise in this data protection declaration.

VII. Duration of data storage

We initially process and store your personal data for the period for which the respective purpose of use requires such storage (see above for the individual processing purposes). This may also include the periods of time during which a contract is being negotiated (pre-contractual legal relationship) and during which a contract is being performed. On this basis, personal data is regularly deleted in the course of fulfilling our contractual and/or legal obligations, unless its further processing for a limited period is necessary for the following purposes:

Fulfilment of legal retention obligations, which arise, for example, from the German Commercial Code (Sections 238, 257 (4) HGB) and the German Fiscal Code (Section 147 (3), (4) AO). The periods for retention and documentation specified there are up to ten years.

Preservation of evidence, taking into account the statutes of limitation. According to §§ 194 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

VIII. Data security

We use appropriate technical and organisational measures to protect personal data in order to ensure an adequate level of protection and to safeguard the personal rights of the persons concerned. The measures taken serve, among other things, to prevent unauthorised access to the technical facilities we use and to protect personal data from unauthorised access by third parties. In particular, this website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the contact requests you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties. Nevertheless, we would like to point out that data transmission over the internet (e.g. when communicating by email) can have security gaps. It is therefore not possible to provide seamless protection of data against access by third parties.

IX. Your rights as a data subject

You have the following rights as a data subject under the statutory conditions:

1. Right of access: You have the right at any time, within the scope of Art. 15 GDPR, to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you are also entitled, within the scope of Art. 15 GDPR, to receive information about this personal data and certain other information (including the purposes of processing, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third-country transfers, the appropriate safeguards) and to receive a copy of your data. The restrictions of § 34 BDSG apply.

2. Right to rectification: You have the right, in accordance with Art. 16 GDPR, to request that we rectify the personal data stored about you if it is inaccurate or incomplete.

3. Right to erasure: You have the right, under the conditions set out in Art. 17 of the GDPR, to demand that we erase personal data concerning you without undue delay. The right to erasure does not apply, among other things, if the processing of the personal data is necessary, e.g. to fulfil a legal obligation (e.g. statutory retention requirements) or to establish, exercise or defend legal claims. Furthermore, the restrictions of Section 35 BDSG shall apply.

4. Right to restriction of processing: You are entitled, under the conditions of Art. 18 DS-GVO, to demand that we restrict the processing of your personal data.

5. Right to data portability: You have the right, under the conditions set out in Article 20 of the GDPR, to request that we provide you with the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.

6. Right to withdraw consent: You have the right to withdraw your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. An informal message to us, e.g. by email, is sufficient to explain the revocation.

7. Right to object: You have the right to object to the processing of your personal data under the conditions set out in Art. 21 GDPR, so that we must stop processing your personal data. The right to object exists only within the limits provided for in Art. 21 GDPR. In addition, our interests may conflict with a termination of the processing, so that we are entitled to process your personal data despite your objection. We will take into account any objection to direct marketing measures immediately and without further consideration of the existing interests.

8. Information about your right to object under Article 21 of the GDPR: You have the right to object at any time to the processing of your data based on Article 6(1)(1)(f) of the GDPR (data processing on the basis of a balancing of interests) or Art. 6 (1) sentence 1 lit. e GDPR (data processing in the public interest), on grounds relating to your particular situation.

If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection, which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

The objection can be made without observing any formal requirements and should be addressed to:

ASPRIVA GmbH
Langer Anger 7
69115 Heidelberg
Email: datenschutz@aspriva.com

9. Right to lodge a complaint with a supervisory authority: Under the conditions of Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. In particular, you can contact the supervisory authority responsible for us, the State Commissioner for Data Protection and Freedom of Information for Baden-Württemberg, Tel. 0711/61 55 41 – 0, E-Mail: poststelle@lfdi.bwl.de or any other competent supervisory authority. A list of data protection authorities and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Other concerns: Our data protection officer is available to answer any further data protection questions and concerns. Such enquiries and requests to exercise your rights as described above should, if possible, be sent in writing to our address given above or by email to privacy@aspriva.com.

X. Obligation to provide data

In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to provide you with unrestricted access to our website or respond to your enquiries. Personal data that we do not necessarily require for the above-mentioned processing purposes is marked as voluntary information.

XI. Automated decision-making/profiling

We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).

XII. Updating and amending this data protection declaration

1. This data protection declaration is currently valid and was last updated on 24 April 2024.

2. It may be necessary to amend this data protection declaration as a result of further development of our website and offers on it or due to changes in legal or official requirements.