Dealer Portal

Speak to the team +44 1642 853 650

Data protection declaration

We appreciate your interest in our company. The board of directors of thyssenkrupp Access Limited. takes data protection very seriously. Use of the websites of thyssenkrupp Access Limited is generally possible without the provision of personal data. Should an affected person wish to use special services of our company via our website, it may however be necessary for personal data to be processed. Should the processing of personal data be necessary and should no legal basis exist for such processing, we generally obtain the consent of the affected person. The processing of personal data, such as the name, address, email address or telephone number of an affected person always takes place in accordance with the GDPR and in compliance with the country specific data protection regulations which apply to thyssenkrupp Access Limited. By means of this data protection declaration, our company wishes to inform the public of the type, scope and purposes of the personal data which is gathered, used and processed by us. Furthermore, affected persons are being informed of their rights by means of this data protection declaration. thyssenkrupp Access Limited has implemented numerous technical and organisational measures as a responsible body for the processing, in order to ensure seamless protection of the personal data which is processed via this website as far as possible. However, Internet based data transfers generally demonstrate security risks, so that absolute protection cannot be guaranteed. For this reason, all affected persons are free to provide us with personal data via alternative channels, for example over the phone.

1. Definitions
The data protection declaration of thyssenkrupp Access Limited is based on the definitions which were used by the European issuer of directives and regulations when passing the General Data Protection Regulation (GDPR). Our data protection declaration is intended to be readable and understandable both for our customers and for our business partners. In order to ensure this, we wish to firstly explain the terms which have been used. We use the following terms in this data protection declaration amongst others:
a) personal data Personal data is all information which relates to an identified or identifiable natural person (hereinafter “affected person”). A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by means of allocation to an identifier such as a name, reference number, location data, online profile, or one or more special characteristics, such as the expression of the physical, physiological, genetics, psychic, economic, cultural or social identity of this natural person.
b) affected person An affected person is any identified or identifiable natural person whose personal data is processed by the body responsible for the processing.
c) processing Processing is any process which takes place with or without the assistance of automated procedures or any such process order in connection with personal data, such as gathering, recording, organisation, filing, saving, adjustment or alteration, reading, retrieval, use, disclosure by means of transfer, distribution or other form of provision, comparison or connection, restriction, deletion or destruction.
d) processing restriction Processing restriction is the marking of saved personal data with the purpose of restricting its processing in the future.
e) profiling Profiling is any type of automated processing of personal data which leads to this personal data being used in order to evaluate, analyse or forecast specific personal aspects which relate to a natural person, in particular relating to work performance, economic position, health, personal preferences, interests, reliability, behaviour, place of residence or changes to the place of residence of this natural person.
f) pseudonymisation Pseudonymisation is the processing of personal data in such a way where personal data can no longer be assigned to a specific affected person without consulting additional information, should this additional information be stored separately and be subject to technical and organisational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.
g) responsible body or body responsible for the processing The responsible body or the body responsible for the processing is the natural or legal person, authority, institution or other body which takes a decision alone or together with others concerning the purposes and means of the processing of personal data. Should the purposes and means of this processing be prescribed under EU law or the laws of the Member States, the responsible body and the specific criteria of its appointment can be determined under EU law or the laws of the Member States.
h) order processor An order processor is a natural or legal person, authority, institution or other body which processes personal data on behalf of the responsible body.
i) recipient a recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, regardless of whether this is a third party or not. Authorities which may receive personal data in the course of a specific investigation order under EU law or in accordance with the laws of the Member States are not however considered to be recipients.
j) third party A third party is a natural or legal person, authority, institution or other body apart from the affected person, the responsible body, the order processor and the persons who are authorised under the direct competence of the responsible body or order processor to process the personal data.
k) consent Consent is any notification of agreement issued voluntarily by the affected person for the specific case in an informed manner without any misunderstandings in the form of a declaration or other clear action of a confirming nature, by means of which the affected person states that he or she agrees to the processing of the personal data relating to him or her.

2. Name and address of the body responsible for the processing
The responsible body under the GDPR, other data protection laws which apply in the Member States of the European Union and other provisions equivalent to data protection laws is:
thyssenkrupp Access Limited.
Unit E3 De Havilland Avenue
Preston Farm Business Park
Stockton-on-Tees
TS18 3TB
Tel.: 0044 (0) 800 783 9551
E-Mail: dataprivacy@accessbdd.com
Website: https://www.accessbdd.com/

3. Name and address of the data protection officer
The data protection officer of the body responsible for the processing is:
Ian Chambers
thyssenkrupp Access Limited
Unit E3 De Havilland Avenue
Preston Farm Business Park
Stockton-on-Tees
TS18 3TB
Phone.: 0044 (0) 800 783 9551
E-Mail: dataprivacy@accessbdd.com
All affected persons can contact our data protection officer directly at any time with any queries or concerns relating to data protection.

4. Recipients
At thyssenkrupp Access Limited. and the thyssenkrupp group, only those areas which require access to data in order to provide the services of thyssenkrupp Access Limited have this entitlement. Data of customers and visitors is only passed on to subcontractors in order for these to be able to set up and install the products for the user. Our subcontractors are contractually obliged to comply with the requirements under data protection laws and to maintain confidentiality. Data of interested persons, customers and users will be passed on to other service providers who support thyssenkrupp Access Limited, for example in the following categories:
• IT services
• Logistics
• Printing services
• Archiving
• Post and telecommunications, consultancy, legal advice, auditing and assistance
• Compliance and data protection
• Sales
• Communications and customer service.

These service providers are contractually obliged to comply with the requirements under data protection laws and to maintain confidentiality. Under certain circumstances, data will be passed on to information agencies such as Schufa or Boniversum. More precise information concerning the data processing by the information agencies can be found in their data protection notices.

5. Cookies
The websites of thyssenkrupp Access Limited. use cookies. Cookies are text files which are deposited on a computer system and saved by an Internet browser. Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a clear identifier of the cookie. It is formed of a letter sequence, by means of which websites and servers can be assigned to the concrete Internet browser in which the cookie was saved. The enables the websites and servers which are being visited to differentiate between the individual browser of the affected person and other Internet browsers which contain different cookies. A specific Internet browser can be recognised again and identified via the clear cookie ID. By means of the use of cookies, thyssenkrupp Access Limited. can provide the users of this website with services which are more user friendly and which would not be possible without the setting of cookies. By means of a cookie, the information and offers on our website can be optimised for the user. As previously explained, cookies enable us to recognise the users of our website again. The purpose of this recognition is to make the use of our website easier for our users. The user of an website which uses cookies is not for example required to enter his or her login data again each time he or she visits the website, as this is carried out by the website and the cookie saved on the computer system of the user. A further example is the cookie of a shopping basket in an online shop. The online shop records the items which a customer has placed in the virtual shopping basket via a cookie. The affected person can prevent the setting of cookies via our website at any time by setting the used Internet browser accordingly and is therefore permanently objecting to the setting of cookies. In addition, cookies which have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all current Internet browsers. Should the affected person de-activate the setting of cookies in the used Internet browser, in certain cases not all functions of our website will be fully usable.

6. Recording of general data and information
The website of thyssenkrupp Access Limited. records a list of general data and information each time the website is visited by an affected person or an automated system. This general data and information is saved in the logfiles of the server. The following can be recorded: (1) the browser types used and the versions, (2) the operating system used by the accessing system, (3) the website from which an accessing system retrieves out website (so-called referrer), (4) the sub websites which are managed by an accessing system on our website, (5) the date and time of access to the website, (6) IP address, (7) the Internet service provider of the accessing system and (8) other similar data and information which serves the purpose of defending against risks in case of attacks against our IT systems. When using this general data and information, thyssenkrupp Access Limited. does not trace back the affected person. Rather this information is required in order to: (1) correctly deliver the content of our website, (2) optimise the content of our website and the advertising for this, (3) ensure the continued functionality of our IT systems and the technology of our website and (4) provide prosecution authorities with the necessary information for criminal proceedings in case of a cyber attack. This data which is gathered anonymously is therefore used statistically by thyssenkrupp Access Limited. on the one hand and also with the objective of increasing data protection and data security at our company, in order to ultimately ensure an optimal level of protection for the personal data which is processed by us. The anonymous data of the server logfiles is saved separately from all personal data provided by an affected person.

7. Registration on our website
The affected person has the option of registering on the website of the responsible body for the processing with the provision of personal data. The respective entry mask which is used for the registration states which personal data is transferred to the body responsible for the processing during this process. The personal data entered by the affected person is only gathered and saved for internal use by the body responsible for the processing and for its own purposes. The body responsible for the processing can have the data passed on to one or more order processors, for example a parcel company, which also only used the personal data internally in the way attributed to the body responsible for the processing. By means of registration on the website of the body responsible for the processing, the IP address assigned by the Internet service provider (ISP) of the affected person, the date and time of the registration will be saved. The saving of this data takes place on the understanding that only in this way can the misuse of our services be avoided and the data be used to clarify criminal acts which have been committed where necessary. To this extent, the saving of this data is necessary for protection of the body responsible for the processing. A passing on of this data to third parties doers not generally take place, unless a statutory obligation to pass the data on exists or if this takes place in the course of criminal prosecution. The registration of the affected person with the voluntary provision of personal data enables the body responsible for the processing to provide the affected person with content or services which can only be offered to registered users due to their nature. Registered persons have the option of altering the personal data provided during the registration at any time or to have it fully deleted from the data inventory of the body responsible for the processing. The body responsible for the processing will issue all affected persons with information on request at any time concerning what personal data it saves in relation to the affected person. Furthermore, the body responsible for the processing will correct or delete personal data following a request by or on the instructions of the affected person, unless statutory retention obligations prevent this. The affected person can contact the data protection officer named in this data protection declaration and all of the employees of the body responsible for the processing in this respect.

8. Subscription to our newsletter
On the internet site of thyssenkrupp Access Limited, the users have the option of subscribing to our company newsletter. The entry mask used during this process states which personal data is transferred to the body responsible for the processing when ordering the newsletter. thyssenkrupp Access Limited informs its customers and business partners at regular intervals of products and services of the company through the newsletter. The newsletter of our company can generally only be received by the affected person if (1) he or she owns a valid email address and (2) he or she registers for the sending of the newsletter. For legal reasons, a confirmation email will be sent to the email address entered by an affected person for the first time for the sending of the newsletter (double opt in procedure). This confirmation email allows us to check whether the owner of the email address as the affected person has authorised the receipt of the newsletter. When registering for the newsletter, we also save the IP address of the computer system used by the affected person at the time of registration which is issued by the Internet service provider (ISP), as well as the date and time of the registration. The gathering of this data is necessary in order to be trace the (possible) misuse of the email address of an affected person in the future and therefore legally covers the body responsible for the processing. The personal data gathered in the course of the registration for the newsletter will only be used in order to send our newsletter. Furthermore, subscribers to the newsletter can be informed by email, should this be necessary in order to operate the newsletter service or should registration be necessary in this respect, which may be so in the case of changes to the newsletter service or in case of technical alterations. The personal data which is gathered within the framework of the newsletter service is not passed on to third parties. The subscription to our newsletter can be terminated by the affected person at any time. The consent to the saving of personal data which the affected person issued to us for the sending of the newsletter can be revoked at any time. For the purpose of revocation of the consent, a corresponding link can be found in each newsletter. In addition, there is the option of also de-registering from the sending of the newsletter directly on the website of the body responsible for the processing or to notify the body responsible for the processing of such a decision via alternative means.

9. Newsletter tracking
The newsletters of thyssenkrupp Access Limited. contain so-called number pixels. A number pixel is a miniature graphic which is included in such emails which are sent in HTML format, in order to enable the saving any analysis of the logfile. By means of this, a statistical evaluation of the success or lack of success of online marketing campaigns can be carried out. On the basis of the incorporated number pixel, thyssenkrupp Access Limited. can recognise whether and when an email was opened by an affected person and what links which are contained in the email were clicked on by the affected person. Such personal data which is gathered via the number pixels contained in the newsletters is saved an evaluated by the body responsible for the processing, in order to optimise the sending of the newsletter and to adjust the content of future letters to the interests of the affected person in an even better way. This personal data is not passed on to any third parties. Affected persons have the right at all times to revoke the separate declaration of consent which was issued via the double opt in procedure. Following the revocation, this personal data will be deleted by the body responsible for the processing. De-registering for the receipt of the newsletter will be automatically considered by thyssenkrupp Access Limited to be a revocation.

10. Contact options via the website
In accordance with legal regulations, the website of thyssenkrupp Access Limited. contains information which enables speedy electronic contact initiation with our company, as well as direct communication with us, which also includes an email address. Should an affected person get in touch with the body responsible for the processing by email or via a contact form, the personal data provided by the affected person will be automatically saved. Such personal data which is provided to the body responsible for the processing by the affected person on a voluntary basis will be saved for processing purposes or in order to get in touch with the affected person. This personal data will not be passed on to third parties.

11. Routine deletion and blocking of personal data
The body responsible for the processing processes and saves personal data of the affected person only for the period of time which is necessary in order to attain the purpose of the saving or if this was prescribed by the European issuer of directives and regulations or another legislator in laws or regulations to which the body responsible for the processing is subject. Should the purpose for saving data no longer apply or should a storage period prescribed by the European issuer of directives and regulations or issued by another competent legislator expire, the personal data will be routinely blocked or deleted in accordance with the statutory regulations.

12. Rights of the affected person
a) right of confirmation
Every affected person has been granted the right by the European issuer of directives and regulations to request confirmation from the body responsible for the processing as to whether personal data relating to him or her is being processed. Should an affected person wish to claim this right of confirmation, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time.
b) right to information
Any person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations to receive free-of-charge information at any time from the body responsible for the processing concerning the personal data relating to his or her person which is saved, as well as a copy of this information. Furthermore, the European issuer of directives and regulations has granted the affected person the right to receive information concerning the following:
• the purposes of the processing
• the categories of personal data which are processed
• the recipients or categories of recipients to whom the personal data has been disclosed or will be disclosed, in particular in case of recipients in third countries or at international organisations
• where possible, the planned duration of the saving of the personal data or, should this not be possible, the criteria for determining this period of time
• the existence of a right of correction or deletion of the personal data relating to him or her or to restriction of the processing by the responsible body or the right to raise an objection to this processing
• the existence of the right to complain to a supervisory authority
• should the personal data not be gathered from the affected person: all available information concerning the origin of the data
• the existing of automated decision making, including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and, at least in these cases, detailed information concerning the involved logic and the breadth and intended effects of such processing for the affected person
furthermore, the affected person also has the right to be informed whether personal data has been transferred to a third country or an international organisation. Should this be the case, the affected person also has the right to receive information concerning the suitable guarantees in connection with the transfer.
Should an affected person wish to claim this right of information, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time.

c) right of correction
Any person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations to request immediate correction of incorrect personal data relating to him or her. Furthermore, the affected person has the right, taking the purposes of the processing into account, to request the completion of incomplete personal data, also by means of a supplementary declaration. Should an affected person wish to claim this right of correction, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time.
d) right of deletion (right to be forgotten)
Any person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations to request that the responsible body immediately deletes the personal data relating to him or her, should one of the following reasons be present and unless the processing is necessary:

• The personal data was gathered for such purposes or processed for such purposes which are no longer necessary.
• The affected person revokes his or her consent on which the processing was based in accordance with Article 6 Paragraph 1 Letter a) GDPR or Article 9 Paragraph 2 Letter a) GDPR and no other legal basis for the processing is present here.
• The affected person raises an objection to the processing in accordance with Article 21 Paragraph 1 GDPR and there are no legitimate reasons for the processing which take priority or the affected person raises an objection to the processing in accordance with Article 21 Paragraph 2 GDPR.
• The personal data was processed unlawfully.
• The deletion of the personal data is necessary to fulfil a legal obligation under EU law or the law of the Member States to which the responsible body is subject.
• The personal data was gathered in relation to services provided by the information company in accordance with Article 8 Paragraph 1 GDPR.

Should one of the reasons above be present and should an affected person wish to have personal data which is saved by thyssenkrupp Access Limited deleted, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time for this purpose. The data protection officer of thyssenkrupp Access Limited or another employee will ensure that the deletion request is complied with immediately.
Should the personal data have been made public by thyssenkrupp Access Limited. and should our company be obliged to delete the personal data as a responsible body in accordance with Article 17 Paragraph 1 GDPR, thyssenkrupp Access Limited. will take reasonable measures, also of a technical nature and taking the available technology and implementation costs into account in order to inform other responsible bodies who are processing the published personal data that the affected person has requested that this other body responsible for the data processing deletes all links to this personal data or copies or reproductions of this personal data, unless the processing is necessary. The data protection officer of thyssenkrupp Access Limited or another employee will ensure that the necessary actions are carried out in the individual case.

e) right to have the processing restricted
Any person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations to request that the responsible body restricts the processing, should one of the following reasons be present:

• the correctness of the personal data is disputed by the affected person for a period of time which enables the responsible body to check the correctness of the personal data
• the processing is unlawful, the affected person rejects the deletion of the personal data and instead requests that the use of the personal data be restricted
• the responsible body no longer requires the personal data for the purposes of the processing, however the affected person requires the personal data in order assert, exercise or defend legal claims
• the affected person has raised an objection to the processing in accordance with Article 21 Paragraph 1 GDPR and it is not yet clear if the legitimate reasons of the responsible body outweigh those of the affected person.

Should one of the reasons above be present and should an affected person wish to have personal data which is saved by thyssenkrupp Access Limited restricted, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time for this purpose. The data protection officer of thyssenkrupp Access Limited or another employee will ensure that the restriction to the processing is carried out.

f) right of data portability
Any person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations to receive the personal data relating to him or her which was provided to a responsible body by him or in in a structured, up-to-date and machine-readable format. He or she also has the right to transfer this data to another responsible body without hindrance on the part of the responsible body to whom the personal data was provided, should the processing take place under the consent issued in accordance with Article 6 Paragraph 1 Letter a) GDPR or Article 9 Paragraph 2 Letter a) GDPR or in accordance with a contract under Article 6 Paragraph 1 Letter b) GDPR and should the processing take place with the assistance of automated procedures, unless the processing is necessary in order to fulfil a task which is in the public interest or takes place by means of the exercising of public power which has been transferred to the responsible body. Furthermore, when exercising his or her right to data transferability in accordance with Article 20 Paragraph 1 GDPR, the affected person has the right to have the personal data sent directly from one responsible body to another responsible body, should this be technically possible and providing that the rights and freedoms of other persons are not impaired as a result. In order to claim the right to data portability, the affected person can contact the data protection officer appointed by thyssenkrupp Access Limited. at any time or another employee.

g) right to raise an objection
Any person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations to raise an objection at any time to the processing of the personal data relating to him or her which takes place under Article 6 Paragraph 1 Letters e) or f) GDPR for reasons connected to his or her specific situation. This also applies to any profiling based on these provisions. thyssenkrupp Access Limited no longer processes the personal data in case an objection is raised, unless we can prove mandatory protectable reasons for the processing which outweigh the interests, rights and freedoms of the affected person of the processing serves the purpose of asserting, exercising or defending legal claims. Should thyssenkrupp Access Limited. process personal data in order to carry out direct advertising, the affected person has the right to raise an objection to the processing of the personal data for the purposes of such advertising at any time. This also applies to the profiling, should it be connected to such direct advertising. Should the affected person raise an objection to the processing for the purposes of direct advertising with thyssenkrupp Access Limited, thyssenkrupp Access Limited. will no longer process the personal data for these purposes. In addition, the affected person has the right to raise an objection for reasons connected to his or her specific situation against the processing of personal data by thyssenkrupp Access Limited. which relates to him or her for scientific or historical research purposes or for statistical purposes in accordance with Article 89 Paragraph 1 GDPR, unless such processing is necessary in order to fulfil a task which is in the public interest. In order to claim the right to raise an objection, the affected person can contact the data protection officer appointed by thyssenkrupp Access Limited. at any time or another employee. The affected person is also free to exercise his or her right of objection by means of automated procedures which use technical specifications in connection with the use of services of the information company, regardless of Directive 2002/58/EC.

h) automated decision making in an individual case, including profiling
Any person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations not to be subject to a decision which is based solely on automated processing, including profiling which has legal effect for him or her or which otherwise significantly impairs him or her, unless the decision (1) is necessary to conclude or fulfil a contract between the affected person and the responsible body or (2) is permitted under legal regulations of the EU or the Member States to whom the responsible body is subject and these legal regulations contain legal measures to safeguard the rights and freedoms and legitimate interests of the affected person or (3) takes place with the express consent of the affected person. Should the decision (1) be necessary to conclude or fulfil a contract between the affected person and the responsible body or (2) take place with the express consent of the affected person, thyssenkrupp Access Limited will take reasonable measures in order to safeguard the legitimate interests of the affected person, whereby this includes as a minimum the right of intervention of a person on the part of the responsible body, the setting out of one’s own opinion and the right to contest the decision. Should an affected person wish to claim this right in relation to automated decision making, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time.

i) right to revoke consent under data protection laws
Any person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations to revoke consent which has been issued to the processing of personal data at any time. Should an affected person wish to claim this right to revoke consent which has been issued, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time.

13. Data protection in relation to applications and during the application process
The body responsible for the processing gathers and processes personal data of applicants in order to carry out the application process. The processing can also take place electronically. This is the case in particular if an applicant sends corresponding application documents to the body responsible for the processing electronically (for example by email or via a web form which is on the website). Should the body responsible for the processing conclude an employment contract with an applicant, the transferred data will be saved in order to perform the employment relationship, in compliance with the statutory regulations. Should no employment contract be concluded between the body responsible for the processing and the applicant, the application documents will be automatically deleted two months after the issuing of the rejection notice, unless other legitimate interests of the body responsible for the processing prevent the deletion. An example of a legitimate interest as referred to above would be a proof obligations in proceedings which take place under the German Law Relating to Equal Treatment (AGG).

14. Data protection provisions for the deployment and use of affilinet
The body responsible for the processing as integrated components of affilinet into this website. Affilinet is a German affiliate network, which offers affiliate marketing. Affiliate marketing is an Internet-based form of selling which enables commercial operators of websites, the so-called merchants or advertisers, to include advertising, which is usually paid for by click or sale commission on third party websites, i.e. those of sales partners who are also named affiliates or publishers. Via the affiliate network, the merchant makes an advert, such as a banner or other suitable means of Internet advertising available, which is then included by an affiliate on its own Internet page or is promoted via other channels, such as keyword advertising or email marketing. The operating company of Affilinet is affilinet GmbH, Sapporobogen 6-8, 80637 Munich, Germany. Affilinet uses a cookie on the IT system of the affected person. The nature of cookies is explained above. The tracking cookie of Affilinet does not save any personal data. Only the identification number of the affiliate is saved, i.e. of the partner which brokers the potential customer, as well as the reference number of the visitor to an website and the advert which is clicked on. The purpose of the saving of this data is the carrying out of commission payments between a merchant and the affiliate, which are handled via the affiliate network, i.e. Affilinet. The affected person can prevent the setting of cookies via our website as stated above at any time by setting the used Internet browser accordingly and is therefore permanently objecting to the setting of cookies. Such a setting of the Internet browser which is used would also prevent Affilinet being able to set a cookie on the IT system of the affected person. In addition, cookies which have already been set by Affilinet can be deleted at any time via an Internet browser or other software programs. The applicable data protection provisions of Affilinet can be viewed at https://www.affili.net/de/footeritem/datenschutz

15. Data protection provisions for the deployment and use of Facebook
The body responsible for the processing has integrated components of Facebook into this website. Facebook is a social network. A social network is a social meeting space, an online community operated on the Internet which generally enables users to communicate between themselves and to interact in the virtual room. A social network can be used to exchange opinions and experiences or enables the Internet community to make personal or commercial information available. Facebook enables the users of the social network to create private profiles, upload photos and create a network of friendships amongst others. The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The body responsible for the processing of personal data should an affected person live outside of the USA or Canada is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. By means of each instance of accessing one of the individual pages of this website which is operated by the body responsible for the processing and in which a Facebook component (Facebook plugin) is integrated, the Internet browser on the IT system of the affected person will automatically request via the respective Facebook component that an image of the corresponding Facebook component be downloaded by Facebook. You can find an overview of all Facebook components at https://developers.facebook.com/docs/plugins/ Within the framework of this technical procedure, Facebook is informed which concrete subpage of our website is being visited by the affected person. Should the affected person be logged in to Facebook at the same, each time our website is accessed by the affected person and for the entire duration of the respective visit, Facebook can recognise which concrete subpage of our website is being visited by the affected person. This information is collected by the Facebook component and assigned to the respective Facebook account of the affected person. Should the affected person click on one of the Facebook buttons integrated into our website, for example the “like” button or should the affected person submit a commentary, Facebook assigns this information to the personal Facebook user account of the affected person and saves this personal data. Via the Facebook component, Facebook is then informed that the affected person has visited our website, should the affected person be logged into Facebook at the same time that he or she accessed our website. This takes place regardless of whether the affected person clicks the Facebook component or not. Should the affected person not wish for this information to be transferred to Facebook in such a way, this can be prevented by logging out of the Facebook account prior to accessing our website. The data guidelines published by Facebook which can be accessed at https://de-de.facebook.com/about/privacy/ provide information concerning the gathering, processing and use of personal data by Facebook. In it also explained here as to what settings options are made available by Facebook in order to protect the private sphere of the affected person. In addition, various applications are available when enable the data transfer to Facebook to be prevented, for example the Facebook blocker of the provider Webgraph, which can be obtained from http://webgraph.com/resources/facebookblocker/ Such applications can be used by the affected person in order to prevent the transfer of data to Facebook.

16. Data protection provisions concerning the deployment and use of Google Analytics (with anonymisation function)
The body responsible for the processing has integrated components the Google Analytics components into this website. Google Analytics is a web analysis service. Web analysis is the gathering, collection and evaluation of data in relation to the behaviour of visitors to websites. Amongst others, a web analysis service records data as to from which website an affected person accessed a website (so-called referrer), which subpages of the website are viewed or how often and for how long a subpage was viewed. A web analysis service is generally used in order to optimise an website and to carry out a cost-benefit analysis of Internet advertising. The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The body responsible for the processing uses the additional reference “_gat._anonymizeIp” for the web analysis by means of Google Analytics. By means of this additional reference, the IP address of the Internet connection of the affected person is shortened and anonymised by Google, should the access to our websites take place from a Member State of the European Union or another Member State of the European Economic Area. The purpose of the Google Analytics component is to analyse visitor traffic on our website. Amongst others, Google uses the data and information which is obtained in order to evaluate the use of our website, to compile online reports for us which show the activities on our websites and to provide additional services connected to the use of our website. Google Analytics uses a cookie on the IT system of the affected person. The nature of cookies is explained above. By means of the setting of the cookie, Google is able to analyse the use of our website. By means of each instance of accessing one of the individual pages of this website which is operated by the body responsible for the processing and in which a Google Analytics component is integrated, the Internet browser on the IT system of the affected person will automatically request via the respective Google Analytics component that this data be transferred to Google for the purpose of the online analysis. Within the framework of this technical procedure, Google is informed of personal data such as the IP address of the affected person, which enables Google amongst others to trace the user and clicks and, by means of this, to calculate commission payments. By means of the cookie, personal information, such as the access time, the location from which the access originated and the frequency of the visits to our website by the affected person is saved. During each visit to our websites, this personal data (including the IP address of the Internet connection used by the affected person) is sent to Google in the USA. This personal data is saved by Google in the USA. Under certain circumstances, Google may pass on this personal data which is gathered through the technical procedure. The affected person can prevent the setting of cookies via our website as stated above at any time by setting the used Internet browser accordingly and is therefore permanently objecting to the setting of cookies. Such a setting of the Internet browser which is used would also prevent Google being able to set a cookie on the IT system of the affected person. In addition, cookies which have already been set by Google Analytics can be deleted at any time via an Internet browser or other software programs. Furthermore, the affected person has the option of objecting to and preventing the recording of the data generated by Google Analytics which relates to the use of this website, as well as the processing of this data by Google. In order to do so, the affected person needs to download and install a browser add on, which can be obtained from the following link: https://tools.google.com/dlpage/gaoptout This browser add on notifies Google Analytics via JavaScript that no data or information concerning the visits to websites may be transferred to Google. The installation of the browser add on will be considered by Google to represent an objection. Should the IT system of the affected person be deleted, formatted or re-installed at a later date, the affected person needs to carry out a repeat installation of the browser add on in order to deactivate Google Analytics. Once the browser add on is de-installed or deactivated by the affected person or another person authorised by the affected person, it is possible to re-install or re-activate the browser add on. Further information and the applicable data protection provisions of Google can be viewed at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html More information about Google Analytics be obtained via this link: https://www.google.com/intl/de_de/analytics/

17. Data protection provisions for the deployment and use of Google Remarketing
The body responsible for the processing has integrated services of Google Remarketing into this website. Google Remarketing is a function of Google AdWords which enables a company to have advertising blended in to websites which such Internet users have previously visited. The integration of Google Remarketing enables a company to create user targeted advertising and to display adverts which are of interest to the Internet user. The operating company of the services of Google Remarketing is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The purpose of Google Remarketing is the blending in of advertising which is of relevant interest. Google Remarketing enables us to show adverts via the Google advertising network or to have adverts shown on other websites which are tailored to the individual requirements and interests of Internet users. Google Remarketing uses a cookie on the IT system of the affected person. The nature of cookies is explained above. By means of the setting of the cookie, Google is able to recognise the visitor to our website once again, should the visitor then access websites which are also members of the Google advertising network. With each visit to an website in to which the Google Remarketing service has been integrated, the Internet browser of the affected person automatically identifies itself to Google. Within the framework of this technical procedure, Google obtains knowledge of personal data, such as the IP address or surfing behaviour of the user, which is used by Google in order to blend in advertising which is of interest, amongst other purposes. By means of the cookie, personal data such as the websites visited by the affected person is saved. During each visit to our websites, this personal data (including the IP address of the Internet connection used by the affected person) is sent to Google in the USA. This personal data is saved by Google in the USA. Under certain circumstances, Google may pass on this personal data which is gathered through the technical procedure. The affected person can prevent the setting of cookies via our website as stated above at any time by setting the used Internet browser accordingly and is therefore permanently objecting to the setting of cookies. Such a setting of the Internet browser which is used would also prevent Google being able to set a cookie on the IT system of the affected person. In addition, cookies which have already been set by Google Analytics can be deleted at any time via an Internet browser or other software programs. Furthermore, the affected person has the option of objecting to the provision by Google of advertising which is tailored to interests. For this purpose, the affected person must activate the link www.google.de/settings/ads in each browser used by him or her and carry out the requested settings there. Further information and the applicable data protection provisions of Google can be viewed at https://www.google.de/intl/de/policies/privacy/

18. Data protection provisions for the deployment and use of Google+
The body responsible for the processing has integrated the Google+ button into this website as a component. Google+ is a social network. A social network is a social meeting space, an online community operated on the Internet which generally enables users to communicate between themselves and to interact in the virtual room. A social network can be used to exchange opinions and experiences or enables the Internet community to make personal or commercial information available. Google+ enables the users of the social network to create private profiles, upload photos and create a network of friendships amongst others. The operating company of Google+ is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. By means of each instance of accessing one of the individual pages of this website which is operated by the body responsible for the processing and in which a Google+ button is integrated, the Internet browser on the IT system of the affected person will automatically request via the respective Google+ button that an image of the corresponding Google+ button be downloaded by Google. Within the framework of this technical procedure, Google is informed which concrete subpage of our website is being visited by the affected person. Further information concerning Google+ can be obtained at https://developers.google.com/+/. Should the affected person be logged in to Google+ at the same, each time our website is accessed by the affected person and for the entire duration of the respective visit, Google can recognise which concrete subpage of our website is being visited by the affected person. This information is collected by the Google+ button and assigned to the respective Google+ account of the affected person. Should the affected person click on one of the Google+ buttons integrated into our website and submit a Google+1 recommendation, Google assigns this information to the personal Google+ user account of the affected person and saves this personal data. Google saves the Google+1 recommendation of the affected person and makes this publicly accessible in accordance with the terms and conditions which have been agreed with the affected person in this respect. A Google+ recommendation carried out by the affected person on this website will then be saved and processed together with other personal data, such as the name of the Google+1 account used by the affected person and the photo stored in this in other Google services, such as the search engine results of the Google search engine, the Google account of the affected person or at other locations, such as on websites or in connection with adverts. Furthermore, Google is in the position of being able to connect the visit to this website with other personal data saved by Google. Google also records this personal information with the objective of improving or optimising the various services of Google. Via the Google+ button, Google is then informed that the affected person has visited our website, should the affected person be logged into Google+ at the same time that he or she accessed our website. This takes place regardless of whether the affected person clicks the Google+ button or not. Should the affected person not wish for this information to be transferred to Google, this can be prevented by logging out of the Google+ account prior to accessing our website. Further information and the applicable data protection provisions of Google can be viewed at https://www.google.de/intl/de/policies/privacy/ Further information about the Google+ button can be obtained at https://developers.google.com/+/web/buttons-policy

19. Data protection provisions for the deployment and use of Google AdWords
The body responsible for the processing has integrated Google AdWords into this website. Google AdWords is an Internet advertising service, which permits advertisers to display adverts in the search engine results of Google and in the Google advertising network. Google AdWords enables an advertiser to set certain key words in advance, by means of which an advert is only then shown in the search engine results of Google if the user accesses a search result in the search engine which is relevant to the key word. In the Google advertising network, the adverts are distributed amongst relevant websites by means of an automatic algorithm and in compliance with the key words which have been set in advance. The operating company of the services of Google AdWords is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The purpose of Google AdWords is the promotion of our website by the inclusion of advertising on the websites which is tailored to interests and in the search engine results of the Google search engine, as well as the inclusion of third party advertising on our website. Should an affected person come across our website via a Google advert, a so-called conversion cookie is set on the IT system of the affected person by Google. The nature of cookies is explained above. A conversion cookie ceases to be valid after thirty days and is not used to identify the affected person. Provided that the cookie has not yet expired, the conversion cookie shows whether certain subpages, such as the shopping basket of an online shop system were accessed on our website. By means of the conversion cookie, both ourselves and Google can see whether an affected person who came across our website via an AdWords advert generated a sale, i.e. purchased an item or terminated the transaction. The data and information which is generated through the use of the conversion cookie is used by Google in order to compile visit statistics for our Internet page. These visit statistics are then used by us in order to calculate the total number of users who were referred to us by AdWords adverts, i.e. the success or lack of success of the respective AdWords advert and in order to optimise our AdWords adverts in the future. Neither our company nor other advertising customers of Google receive information from Google which allows the affected person to be identified. By means of the cookie, personal data such as the websites visited by the affected person is saved. During each visit to our websites, this personal data (including the IP address of the Internet connection used by the affected person) is sent to Google in the USA. This personal data is saved by Google in the USA. Under certain circumstances, Google may pass on this personal data which is gathered through the technical procedure. The affected person can prevent the setting of cookies via our website as stated above at any time by setting the used Internet browser accordingly and is therefore permanently objecting to the setting of cookies. Such a setting of the Internet browser which is used would also prevent Google being able to set a conversion cookie on the IT system of the affected person. In addition, cookies which have already been set by Google AdWords can be deleted at any time via an Internet browser or other software programs. Furthermore, the affected person has the option of objecting to the provision by Google of advertising which is tailored to interests. For this purpose, the affected person must activate the link www.google.de/settings/ads in each browser used by him or her and carry out the requested settings there. Further information and the applicable data protection provisions of Google can be viewed at https://www.google.de/intl/de/policies/privacy/

20. Legal basis of the processing
Article 6 Letter a) GDPR is the legal purpose for the processing procedures carried out by our company for which we obtain consent for a specific purpose of processing. Should the processing of personal data be necessary in order to fulfil a contract where the contracting party is the affected person, which is for example the case with processing procedures which are necessary in order to deliver goods or provide other services or consideration, the processing is based on Article 6 Letter b) GDPR. The same applies to such processing procedures which are necessary in order to carry out pre-contractual measures, such as in the case of enquiries relating to our products or services. Should our company be subject to a legal obligation by means of which the processing of personal data becomes necessary, for example in order to fulfil tax obligations, the processing is based on Article 6 Letter c) GDPR. In rare cases, the processing of personal data may become necessary in order to protect vital interests of the affected person or of another natural person. For example, this would be the case if a visitor to our premises is injured and his or name, age, health insurance details and other vital information needs to be passed on to a doctor, hospital or other third party. The processing would then be based on Article 6 Letter d) GDPR. Finally, processing could be based on Article 6 Letter f) GDPR. Processing procedures are based on this legal provision which does not come under any of these referred to above when the processing is necessary to safeguard a legitimate interest of our company or of a third party, unless the interests, basic rights and basic freedoms of the affected person outweigh this. Such processing procedures are therefore permitted for us in particular because these were stated by the European legislator in special terms. To this extent, it was of the opinion that a legitimate interest could be assumed if the affected person is a customer of the responsible body (reason for opinion 45, sentence 2 GDPR).

21. Legitimate interests in the processing which are pursued by the responsible body or a third party
Should the processing of personal data be based on Article 6 Letter f) GDPR, our legitimate interest is the carrying out of our business activities for the wellbeing of all of our employees and shareholders.

22. Duration for which the personal data is saved
The criteria for the duration of the saving of personal data is the respective statutory retention period. Following the expiry of the period, the corresponding data is routinely deleted, unless still necessary in order to perform or initiate a contract.

23. Statutory or contractual regulations for the provision of the personal data, necessity in order to conclude the contract; obligation of the affected person to provide the personal data; possible consequences of failure to provide the personal data
We wish to point out that in some cases, the provision of personal data is required by law (for example tax regulations) or under contractual provisions (for example information concerning the contracting partner). In order to conclude a contract, it may be necessary for an affected person to provide us with personal data, which then needs to be processed by us. The affected person is for example obliged to provide us with personal data if our company concludes a contract with him or her. The non-provision of the personal data would mean that it would not be possible to conclude with contract with the affected person. Prior to the provision of personal data by the affected person, he or she must contact our data protection officer. Our data protection officer will provide the affected person with advice in the individual case as to whether the provision of personal data is required by law or contract or is necessary in order to conclude the contract, whether an obligation to provide the personal data exists and the consequences of non-provision of the personal data.

24. Existence of automated decision making
As a responsible company, we do not take part in automated decision making or profiling.

Would you like to speak to a member of our team?

If you need some advice, or have a problem we're just an email or a call away.

Call us on + 44 1642 853 650

or email us at info@accessbdd.com