Data privacy statement

Content

1. Data controller
2. Processing of personal data
3. Protection of your personal data
4. Purpose limitation when processing personal data
5. Data that is automatically collected when visiting our website
6. Cookies
7. Use of Google Analytics
8. Google AdWords conversion tracking
9. YouTube button (social media plugins)
10. Use of Google Maps
11. Security
12. Amendment of our data protection provisions
13. Consent
14. Contact form
15. Use of Cognito Forms
16. Use of Celonis Make
17. Newsletter
18. Customer account registration
19. Placing an order
20. Use of Salesforce
21. Job applications
22. Data subject rights
23. Questions, feedback, complaints to external data protection officers
24. Right to lodge a complaint with the supervisory authority


Afag Holding AG Privacy Statement
We are pleased to welcome you to the Afag website and appreciate your interest in our company. We wish to ensure that during your visit to our website you also feel secure with regard to the protection of your data. Ultimately, Afag takes the protection of your personal data very seriously. Compliance with provisions of the GDPR and German Federal Data Protection Act (Bundesgesetz über den Datenschutz [DSG]) in the respectively applicable version is a matter of course for us.


1. Data controller
The following companies are responsible for this website (https://www.afag.com) within the meaning of the European General Data Protection Regulation (GDPR):

  • Afag Holding AG, Luzernstrasse 32, 6144 Zell (LU), Switzerland (T +41 62 959 86 86, Email: sales@afag.com)
  • Afag Automation AG, Luzernstrasse 32, CH-6144 Zell, Switzerland (T +41 62 959 86 86, Email: sales@afag.com)
  • Afag GmbH, Wernher-von-Braun-Straße 1, D-92224 Amberg, Germany (T +49 9621 650 27-0, Email: sales@afag.com)
  • Afag Engineering GmbH, Gewerbestraße 11, D-78739 Hardt, Germany (T +49 7422 56003-0, Email: sales@afag.com)
  • Afag Automation Technology (Shanghai) Co., Ltd., Room 102, 1/F, Bldg. 56, City Of Elite, No.1000, Jinhai Road, Pudong New District, Shanghai, 201206, China (T +86 021 58958065, Email: shanghai@afag.com)

Enquiries regarding data privacy should be addressed to Afag Holding AG (see also Section 18).


2. Processing of personal data
Personal data in accordance with the GDPR means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as name, address, telephone number, email address, IP address, location data, or factors specific to, for example, the genetic, economic or social identity of that natural person).


Processing means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means; specifically including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


In essence, use of our website does not require disclosure of your personal data. However, upon accessing the websites certain data are always automatically collected (see below). This is necessary for technical reasons. In certain cases we also require your name, address and other details in order to be able to provide the requested services.

The same applies, for example, to cases in which you want us to send you information or goods you ordered or if you want us to answer specific questions. Whenever this is required, we will notify you accordingly. Moreover, we only process data voluntarily provided by you and, if necessary, data that are automatically collected upon accessing our website (e.g. IP address, names of pages that you accessed, the browser you are using, your operating system, date and time of access, search engines used, names of downloaded files).


Data processing is performed exclusively for the purpose of rendering the requested service and to safeguard our legitimate business interests.


3. Protection of your personal data
We have implemented technical and organizational measures to ensure that data protection regulations are observed by both ourselves and our external service providers. Our employees as well as service provider companies commissioned by us are obliged to maintain secrecy and comply with all provisions of the GDPR and DSG in the respectively applicable version.
Within the scope of our duty to provide information, our aim is to make this data privacy statement as transparent as possible. To this end, the following sets out the purpose limitation in relation to the processing of your data, the use of tracking/analysis tools, use of cookies and of social media plugins.


4. Purpose limitation when processing personal data
We process data provided by you in accordance with the principles of data economy and purpose limitation. The principle of purpose limitation stipulates that data may only be collected for specified, explicit and legitimate purposes and may be further processed solely in a manner that is compatible with those purposes.
In essence, we process your data for the purpose of answering your questions, processing your orders or to afford you access to certain information or offers. In the interests of maintaining customer relations, we or a service provider company commissioned by us may require the use of such data to notify you of product offers or carry out online surveys for the purpose of improving our response to customer requests and requirements.
Data provided by you online will only be processed for the purposes stated to you. Your personal data are not forwarded to third parties without your express consent.
Data will only be collected and transferred to state institutions and authorities entitled to receive such data within the scope of applicable law or where we are obliged to do so by court order.
Naturally, we respect your position should you choose not to provide your data for the purpose of supporting our customer relations (specifically for direct marketing or market research purposes). We will not sell your data to third parties or otherwise market such without your consent.


5. Data automatically collected when visiting our website
Upon accessing our website, the provider of the pages in question automatically collects and saves information in so-called server log files, which are transferred to us by your browser. This information includes:

  • Server name
  • IP address
  • Operating system
  • Device type
  • Browser name and version
  • Date and time of the server request

These data cannot be associated with specific persons and are not combined with other data sources. Log files are saved in order to guarantee website functionality and safeguard the security of our information technology systems. Such interests encompass our legitimate interest pursuant to Art. 6 (1) (f) GDPR, which serves as the legal basis for data processing.
The data in question will only be stored for as long as necessary to achieve the purpose for which collected. Accordingly, the data will be erased following each log out. Storage of the log files is a mandatory requirement for operation of the website and you are therefore not afforded an option to raise an objection.


6. Cookies
This website uses cookies. Cookies are text files that are stored by your browser on the operating system of your device when you access our website. Cookies do not cause damage to your computer and do not contain viruses.
Most of the cookies we use are so-called ‘session cookies’, which are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit. This allows us to save certain settings (such as language or country settings) so you will not need to enter these details again upon a later visit to the website.
We use cookies to enhance the user-friendliness, efficiency and security of our website. Use of cookies and the associated processing of your data is effected on the legal basis of our legitimate interests in the specified purposes pursuant to Art. 6 (1) (f) GDPR.

 

Right to object
The cookies are stored on your computer. You therefore have full control over the use of cookies. You can delete all cookies or deactivate or limit the transmission of such by changing the settings in your browser. Deactivation of cookies relating to our website may mean that some functions of the website can only be used to a limited extent.

 

7. Use of Google Analytics

Our website uses Google Analytics, a service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google uses cookies that are saved on your device and that enable you to conduct an analysis of the website. The information generated by the cookie about your use of the website, such as browser type, the operating system used, the referrer URL (the previously visited page), IP address and time of the service inquiry is transmitted to a Google server in the USA where it is then stored. The IP address used in this context by your browser is not merged with other data from Google. Furthermore, we have supplemented Google Analytics on this website with the code ‘anonymizeIP’. This ensures that all data is recorded anonymously. It is only in exceptional cases that the entire IP address is transmitted to a Google server in the USA where it is then abbreviated. When required, Google can send this information to third parties, to the extent that legislation permits this, or to the extent that these third parties are processing that data on behalf of Google. The Privacy Shield Treaty applies in the USA. Google is certified in accordance with this Treaty.

At Google Analytics, Google uses the data on our behalf to evaluate your use of the website, to compile reports about website activities and to deliver other services associated with website usage and use of the Internet. The use of Google Analytics is founded upon the legal basis of our legitimate interests in the analysis of customer behavior on our website. This enables us to improve our services and is compliant with Art. 6 Abs. 1 lit. f GDPR.

 

Right of cancellation

You can prevent the saving of cookies by adapting the settings in your browser in the appropriate manner. However, we draw your attention to the fact that, in this case, you may not be able to make use of the full scope of all functions of this website. You can also disable Google Analytics by downloading and installing the browser add-on from http://tools.google.com/dlpage/gaoptout?hl=de

Further information on the treatment of user data by Google Analytics is provided in the Google privacy statement: https://support.google.com/analytics/answer/6004245?hl=de.

On our website, we use Google Analytics with the functions of Universal Analytics. This enables us to analyze activities on our website right across all devices (e.g. if access is made by laptop, then at a later point in time by smartphone). This is made possible by a pseudonym assignment of a user ID to a user. This takes place, for example, when you register for a customer account or when you log into your customer account. No personal details are forwarded to Google. These additional functions of Universal Analytics do not restrict the previously mentioned legislative data protection measures such as the anonymization of the IP address or the scope for appealing against the use of Google Analytics.

The data captured in the context of Google Analytics is stored as long as is required for analysis of the website. After no more than 50 months, the data is deleted automatically.

 

8. Google AdWords conversion tracking

If you have accessed our website via a Google ad, a cookie will be placed on your computer using Google AdWords conversion tracking for the purposes of tracking and stipulation of performance. No information is collected that could enable identification of the user. Our legitimate interests regarding stipulation of performance serve as the legal basis in compliance with Art. 6 (1) (f) GDPR. The cookies are automatically deleted after 90 days.
 

Right to object
If you do not wish to participate in the tracking process you can prevent storage of the requisite cookies by selecting the appropriate settings in your browser.
Further information on Google AdWords and Google conversion tracking is available from the Google data privacy provisions: https://www.google.de/policies/privacy/.


9. YouTube button (social media plugins)
This website uses plugins from the YouTube website operated by Google in the form of embedded videos and the YouTube button. The website operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The YouTube button is recognizable by the YouTube logo. By accessing one of our website pages featuring a YouTube plugin, a connection to the YouTube servers will be established. As a result, data containing information about the pages you have accessed on our website will be transferred to the YouTube server. If you are also logged on to your YouTube account, you are enabling YouTube to assign your browsing behavior directly to your personal profile. Forwarding of the data to the USA is governed by the Privacy Shield Agreement.


YouTube plugins are used in the interests of optically appealing presentation and improved dissemination of our offers. Accordingly, our legitimate interests in the stated interests serve as the legal basis in compliance with Art. 6 (1) (f) GDPR.


You can prevent the assignment of surfing behavior to your personal profile by logging out of your YourTube account. Additional information on the treatment of user data is provided in the YouTube privacy statement (https://www.google.de/intl/de/policies/privacy/).


10. Use of Google Maps
This website uses the Google Maps map service. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.


Use of the Google Maps function requires storage of your IP address. This information is generally transmitted to and stored by Google on a server in the USA. The operator of this website has no influence over this transfer of data.


We use Google Maps in the interests of a visually appealing presentation of our website and to aid navigation to the stated locations. Such interests also encompass our legitimate interests pursuant to Art. 6 (1) (f) GDPR, which serve as the legal basis for data processing. Forwarding of the data to the USA is governed by the Privacy Shield Agreement.


Further information on the treatment of user data is provided in the Google privacy statement:
https://www.google.de/intl/de/policies/privacy/.
The terms of service of Google Maps are available at:
https://www.google.com/intl/de_de/help/terms_maps.html


11. Security
We have introduced technical and organizational security measures in accordance with statutory provisions in order to protect your data against loss, destruction, manipulation or access by unauthorized persons. All our employees and all personnel involved in data processing are obliged to treat the data as confidential and comply with the GDPR and DSG in the respectively applicable version as well as all other data protection laws.
In addition, we also conclude commensurate agreements regarding order processing with the external service providers tasked with such.
Our security measures are regularly audited and continually revised in accordance with technological advancements.


12. Amendment of our data protection provisions
We reserve the right to amend our security and data protection provisions if this is required due to relevant technical developments. In these cases we will also amend our data protection information accordingly. Please therefore refer to the respectively current version of our data privacy statement.


13. Consent
We will obtain your consent wheresoever required for the processing of your data and will use your data for the purposes stated in connection with the respective consent. Your consent will be digitally documented.
You may withdraw your consent at any time with future effect. Please address any such request to Afag Holding AG, Luzernstrasse 32, 6144 Zell (LU), Switzerland, or send an email to sales@afag.com.


14. Contact form
If contacting us using our contact form you will be asked to provide various personal details. In order for us to respond to your inquiry you are required to provide a valid email address. Additional personal information can be given voluntarily.
Your requests will be further processed by email. The contact form is sent using end-to-end encryption. Your data will be stored on protected servers in Switzerland in compliance with pertinent data protection regulations.


We will use your data solely to the extent necessary to process your request and for any further correspondence with you. We store the data collected by us for use with the contact form for the purpose of processing the request and any follow-up questions; in the absence of an alternative statutory retention requirement, such data are then erased in accordance with data protection law following resolution of the issues raised by you.


Legal basis for the specified data processing is founded on your consent pursuant to Art. 6 (1) (a) GDPR, pre-contractual measures in accordance with Art. 6 (1) (b) GDPR and our legitimate interests in the response to the request. By clicking on the 'Send' button you give your consent for your contact information to be processed for the aforestated purposes. If you do not wish to provide your consent you will need to cancel the process. In this case, the contact form will not be sent and your data will not be processed.
You may withdraw your consent at any time with future effect.

 

15. Use of Cognito Forms
We use the Cognito Forms tool to create our web forms.  The recorded data of the forms created using Cognito Forms shall only be processed by systems of the Afag Group and its partners, and will not be transferred to Cognito Forms itself. This explanation is only intended for purposes of transparency.

Additional information on data protection pertaining to Cognito Forms can be found in the privacy policy: https://www.cognitoforms.com/legal/privacy

 

16. Use of Celonis Make
We use the Celonis Make software for the integration and interfaces of the various afag.com services with applications, databases and social media channels. This also involves the automatic transfer of personal data between individual services and provides synchronization to facilitate a comfortable user experience as well as anonymized user analyses. However, no data will be transferred to Integromat.

Additional information on data protection pertaining to Integromat can be found in the privacy policy: https://www.make.com/en/privacy-notice

 

17. Newsletter
Our website affords you the option of subscribing to a free newsletter containing information on new innovations, products and offers. Upon subscribing to the newsletter the following data are sent to us and stored:

  • Salutation
  • First name
  • Surname
  • Email address
  • Company

Subscription to our newsletter will only first be effected following receipt of an email requiring you to confirm your email address with an enclosed link. This allows us to prevent anyone registering a subscription using a third-party email address.

Your email address will be recorded and used to send the newsletter. Additional personal data serve to prevent misuse of the services or the email address used. By subscribing to the newsletter you agree to data processing within the scope of dispatching the newsletter. You therefore confirm your agreement for a newsletter to be regularly sent to the stated email address and to statistical analysis of user behavior for the purpose of optimizing the newsletter.  Accordingly, your consent serves to provide the commensurate legal basis pursuant to Art. 6 (1) (a) GDPR. We may share your data with third parties for the purposes of technical development of the newsletter.

Data provided to us within the scope of your subscription to the newsletter will be stored for as long as you are subscribed to the newsletter. If you unsubscribe from our newsletter, your data will be stored for as long as is necessary to register your subscription cancelation.

We use the CleverReach tool to distribute the newsletter. In order to enable you to receive targeted offers and newsletters, only your email address and interest categories will be forwarded to CleverReach. The processing is encrypted and carried out on secure, certified EU servers. The distribution of the newsletter is based purely on your own express consent. You can provide your consent to the distribution of the newsletter and offers through the corresponding website functions, or via the Opt-In tool in your customer account. You may revoke this consent at any time by removing the corresponding check mark in your customer account, or by accessing the link in the newsletter.

Additional information on data protection pertaining to CleverReach can be found at:

https://www.cleverreach.com/de/datenschutz/
https://www.cleverreach.com/de/datensicherheit/
https://www.cleverreach.com/de/funktionen/datenschutz-sicherheit/eu-dsgvo/


Right to object
You can withdraw your consent for receipt of the newsletter at any time with future effect and unsubscribe using the link in the newsletter. This will prevent you from receiving any further newsletter emails.
 

18. Customer account registration
On our website, you have the choice to register for a customer account. For this, we use the following data from you:

  • E-mail address
  • Password
  • First name
  • Surname
  • Company
  • Address
  • Postal code
  • City
  • Telephone
  • Fax (optional)

We require this data for managing your customer account and for processing any orders you placed in our online shop (see below). We can synchronize this information with the customer data you have already provided us with. If you want, we can also send you special offers and keep you up-to-date on our current offers and activities. For this purpose, we may employ the services of external service providers in certain cases. Your consent pursuant to Art. 6 (1) (a) GDPR or the execution of the contract pursuant to Art. 6 (1) (b) GDPR as well as our legitimate interests pursuant to Art. 6 (1) (f) GDPR serve as the legal basis for this. If the data is processed based on your  consent, you may revoke it at any time with future effect.


19. Order processing
If you would like to place an order with us, we will use your registration data (see above) to process the order. In certain circumstances, your data must be passed on to third parties during order processing. Therefore, the processing of your order's delivery requires your name and address to be communicated to the forwarder while the payment processing requires your payment details to be provided to the relevant financial service provider. Accordingly, the execution of the contract serves to provide the commensurate legal basis pursuant to Art. 6 (1) (b) GDPR.

 

20. Use of Salesforce
Following an inquiry or an order placement, your customer account data and/or contact form will be transferred to our Customer Relations Management System (CRM for short). The Afag Group utilizes the services of the cloud provider Salesforce for all matters pertaining to CRM.  All data that we require for processing your inquiry or order is recorded, stored and processed within the Salesforce CRM system. Access to this data is restricted to select Afag employees. All processing personnel are obligated to comply with the GDPR. The data will be retained exclusively on servers within European member states up until the conclusion of the customer-supplier relationship, while also being regularly backed up and checked for accuracy. The Afag Group and salesforce.com GmbH have agreed a data processing contract pursuant to Art. 28 GDPR.

Additional information on data protection pertaining to Salesforce can be found in the Salesforce privacy statement: https://www.salesforce.com/de/company/privacy/

 

21. Job applications
When you send us a speculative application or apply for an advertised job vacancy, we will process your submitted documentation and personal data.
For applications we require:

  • Name
  • Address and other contact details
  • Date and place of birth
  • Nationality
  • Qualification documents
  • Additional data volunteered by you in connection with the establishment of an employment relationship.

Data processing within the scope of job applications is carried out for the purpose of establishing and effecting an employment relationship. Accordingly, the respective pre-contractual measures serve to provide the commensurate legal basis pursuant to Art. 6 (1) (b) GDPR. In the event of unsuccessful application your data will be subsequently erased.  

 

22. Data subject rights
The following provides a list of your rights in relation to your processed data.

 

Right of access
You may request confirmation of whether personal data that concern you are processed by us.
Should this be the case, you may request details of the following information:

  • The purposes for which personal data are processed.
  • The categories of personal data concerned.
  • The recipients or categories of recipients to whom your personal data are or will be disclosed.
  • The planned period of retention of your personal data, or where specific information regarding this is not available, the criteria for determining the retention period.
  • The existence of the right to rectification, erasure, restriction of processing or objection to the processing of data concerning you.
  • The existence of a right to lodge a complaint with a supervisory authority.
  • Any available information about the origin of the data if the personal data have not been obtained from you.
  • The existence of an automated decision including profiling and meaningful information about the logic involved and the envisaged consequences for you of such processing.

You are also entitled to request information about whether your personal data are transmitted to other countries or international organizations. In this case you have the right to be informed about appropriate guarantees in connection with the respective transmission.


Right to rectification
You have the right to rectification and/or completion of your personal data where such data are inaccurate or incomplete.
 

Right to erasure
You may request the erasure of your personal data where one of the following conditions is met:

  • Your personal data are no longer required for the purposes for which they were collected or processed.
  • You withdraw your consent upon which the collection or processing of your personal data was based and there is no other legal ground for the processing.
  • You lodge a complaint on grounds relating to your particular situation and there are no overriding legitimate grounds for the processing of your personal data or you lodge a complaint against the processing of your personal data for the purposes of direct marketing (cf. requirements for objection under respective right to object).
  • The personal data concerning you have been unlawfully processed.
  • Erasure of the personal data concerning you is required for compliance with a legal obligation.

Where your personal data have been made public and you are entitled to the erasure of such in accordance with the aforestated cases, the respective data controller will be notified of your request for the erasure of all links to your personal data and copies or duplications of such data; provided, however, that erasure is possible and reasonable given the available technologies and the commensurate costs incurred on our part are proportionate.
The right to erasure shall not apply to the extent that processing is necessary:

  • To exercise the right of freedom of expression.
  • For the performance of a legal obligation or to safeguard a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • For reasons of public interest in the area of public health.
  • For archiving purposes in the public interest or for scientific, historical research or statistical purposes.
  • For the establishment, exercise or defense of legal claims.

Right to restriction of processing
You may request that the processing of your personal data be restricted under the following conditions:

  • Where you dispute the accuracy of your personal data for a period that allows us to verify the accuracy of the personal data.
  • Where personal data concerning you have been unlawfully processed and you reject erasure of the data in favor of requiring the restricted use of such.
  • Where your personal data are no longer needed for the purposes of processing, but are required by you for the establishment, exercise or defense of legal claims.
  • Where you lodge a complaint against processing for reasons relating to your particular situation and it is not yet apparent whether the controller's legitimate grounds outweigh your grounds (cf. requirements for objection under respective right to object).

Where processing of your personal data has been restricted, this data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
Where processing has been restricted in accordance with the aforestated provisions, you will be notified in advance of any removal of the restriction.


Right to object
You have the right to object at any time on grounds relating to your own particular situation to the processing of personal data concerning you and collected on the basis of Art. 6 (1) (e) or (f) GDPR.
Your personal data will no longer be processed, save for where there are demonstrable, compelling legitimate grounds for the processing which override your interests, rights and freedoms or where processing serves the establishment, exercise or defense of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of the personal data concerning you for such marketing, which includes profiling to the extent related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.


Right to data portability
You have the right to obtain your personal data in a structured, commonly used and machine-readable format and may transmit such data to another controller insofar as

  • the processing is based on consent or a contract and
  • the processing is carried out by automated means.

Where technically feasible, you may request that the data be transferred to another controller. This right shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.


Right to withdraw privacy consent
You have the right to withdraw your consent for processing of your personal data at any time without prejudice to any lawful processing up to the time of commensurate withdrawal.
 

23. Questions, feedback, complaints to external data protection officers
If you have any questions regarding information provided by us in relation to data privacy or the processing of your personal data, questions can be addressed directly to our data protection officer:

ER Secure GmbH
Mr Marcel Felgenhauer
In der Kackenau 4
82031 Grünwald
Germany

datenschutzbeauftragterersecurede
+49 89 552 94 870

https://www.er-secure.de/

The data protection officer is also your contact person if you require information or have suggestions or complaints.

21. Right to lodge a complaint with a supervisory authority
Please be advised that without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation.
A list of supervisory authorities (non-public sector) including addresses is available at:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html