PRIVACY POLICY

Who is responsible and how do I reach you?

Responsible for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

ACE International GmbH
Sandweg 2-6
55543 Bad Kreuznach
Germany

What is it about?

This privacy policy meets the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior when visiting a website. Information for which we cannot (or can only with a disproportionate effort) establish a reference to your person, e.g. by anonymization, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data are deleted as soon as the purpose of the processing has been achieved and there are no legitimate grounds for further storage of the data. We will inform you in the individual processing operations about the specific storage periods or criteria for storage. Irrespective of this, we store your personal in individual cases for the assertion, exercise or defense of legal claims and if there are statutory retention obligations.

Who gets my data?

We only disclose your personal data that we process on our website to third parties if this is necessary for the fulfillment of the purposes and is covered by the legal basis in the individual case (e.g. consent or safeguarding legitimate interests). In addition, we disclose personal data to third parties in individual cases if this serves the assertion, exercise or defense of legal claims. Possible recipients may then be, for example, law enforcement agencies, lawyers, auditors, courts, etc.

Insofar as we use service providers for the operation of our website, who process personal data on our behalf within the scope of commissioned processing pursuant to Art. 28 GDPR, they may be recipients of your personal data. For more information on the use of processors and web services, please refer to the overview of the individual processing operations.

Do you use cookies?

Cookies are small text files that are sent by us to the browser of your end device during your visit to our website and stored there. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to perform various analyses, so that we are able, for example, to recognize the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly from your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing operations. You can find detailed information about the cookies used in the cookie settings or in the Consent Manager of this website.

What are the rights?

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

• Information according to Art. 15 GDPR about the data stored about you in the form of meaningful information about the details of the processing and a copy of your data;
• Correction according to Art. 16 GDPR of incorrect or incomplete data stored by us;
• Deletion pursuant to Art. 17 GDPR of the data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
• Restriction of processing pursuant to Art. 18 GDPR, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you object to their deletion because you need them for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR.
• Data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data within the scope of consent pursuant to Art. 6 (1) a GDPR or on the basis of a contract pursuant to Art. 6 (1) b GDPR and these have been processed by us with the aid of automated processes. You will receive your data in a structured, common and machine-readable format or we will transfer the data directly to another responsible party, insofar as this is technically feasible.
• Objection according to Art. 21 GDPR against the processing of your personal data, insofar as this is based on Art. 6 para. 1 lit. e, f GDPR and there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding compelling legitimate grounds for the processing are demonstrated or the processing is carried out for the assertion, exercise or defense of legal claims. Where the right to object does not exist for individual processing operations, this is indicated there.
• Revocation according to Art. 7 para. 3 GDPR of your given consent with effect for the future.
• Complaint pursuant to Art. 77 GDPR to a supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

How is my data processed in detail?

In the following, we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.

Provision of the website

Nature and scope of processing

When you call up and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is stored temporarily in a so-called log file:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which the access is made (referrer URL)
• Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our website is not hosted by ourselves, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.

Purpose and legal basis

The processing is carried out to protect our overriding legitimate interest to display our website and ensure security and stability on the basis of Art. 6 para. lit. f GDPR. The collection of data and storage in log files is mandatory for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 (1) GDPR. Insofar as the further storage of log files is required by law, the processing is based on Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, however, calling up our website is technically not possible without providing the data.

Storage duration

The aforementioned data will be stored for the duration of the website display and for technical reasons beyond that for a maximum of 14 days.

Presence on social media platforms

We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers also within social networks and to offer you further ways to contact us and to inform yourself about our offers. In the following, we inform you about which data we or the respective social network process from you in connection with the call and use of our fan pages/accounts.

Data that we process from you
If you wish to contact us via messenger or direct message via the respective social network, we generally process your user name via which you contact us and, if necessary, store other data provided by you insofar as this is required to process/respond to your request.

The legal basis is Art. 6 para. 1 sentence 1 f) GDPR (processing is necessary to protect the legitimate interests of the controller).

(Static) usage data that we receive from the social networks
We receive automated statistics regarding our accounts via Insights functionalities. The statistics include, among other things, the total number of page views, likes, page activity and post interactions, reach, video views, and the percentage of men/women among our fans/followers.

The statistics only contain aggregated data that cannot be related to individual persons. You are not identifiable to us through this.

What data the social networks process from you
In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and, in this respect, no user account for the respective social network is required.

Please note, however, that the social networks also collect and store data from website visitors without a user account when the respective social network is called up (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies, over which we have no control. Details on this can be found in the privacy policy of the respective social network (see the corresponding links above)

Insofar as you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our postings/contributions and/or contact us via messenger functions, prior registration with the respective social network and the provision of personal data is required.

We have no influence on the data processing by the social networks within the scope of their use by you. To our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behavior (using cookies, pixels/web beacons and similar technologies), on the basis of which advertising based on your interests is played both within and outside the respective social network. It cannot be ruled out that your data will be stored by the social networks outside the EU/EEA and passed on to third parties.

Information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use of the social networks can be found in the privacy policy/cookie policy of the social networks. There you will also find information on your rights and objection options.

LinkedIn page

LinkedIn is a social network of LinkedIn Inc. based in Sunnyvale, California, USA, which enables the creation of private as well as professional profiles of natural persons and company profiles. Users can maintain their existing contacts and make new ones within the social network. Businesses and other organizations can create profiles that upload photos and other company information to present themselves as employers and hire employees. Other LinkedIn users have access to this information and can write their own articles and share this content with others. The network’s focus is on professional exchanges on specialized topics with people who share the same professional interests.

When using or visiting the network, LinkedIn automatically collects data from the users or visitors during the use or visit, for example user name, job title and IP address. This is done with the help of various tracking technologies. LinkedIn provides benefits with information, offers and recommendations based on the data collected in this way, among other things.

We collect your data via our company profile only to realize a possible provision for communication and interaction with us. This collection usually includes your name, message content, comment content, and the profile information you provide “publicly”.

The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 para. 1 f GDPR. Should you, as a user, have given your consent to the data processing vis-à-vis the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 a, Art. 7 GDPR.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to fully access your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.

We are jointly responsible with LinkedIn for the personal content of our company profile. Data subject rights can be asserted with LinkedIn Inc. as well as with us. We do not make any decisions regarding the data collected on LinkedIn’s site using tracking technologies.

For more information on LinkedIn, visit: https://about.linkedin.com.

For more information about privacy at LinkedIn, please visit: https://www.linkedin.com/legal/privacy-policy.

Further information on storage duration/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use on LinkedIn can be found at: https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy.

Google Tag Manager

Nature and scope of processing

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through one interface and allows us to control the exact integration of services on our website.

This allows us to flexibly integrate additional services to evaluate user access to our website.

Purpose and legal basis

The use of Google Tag Manager is based on your consent pursuant to Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Storage duration

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Google Analytics

Nature and scope of processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of views of our online offer, visited subpages and the length of stay of visitors.

Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users.

This information is used, among other things, to compile reports on website activity.

Purpose and legal basis

The use of Google Analytics is based on your consent pursuant to Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision of the European Commission exists (e.g. in the USA), we have agreed with the recipients of the data on other appropriate safeguards within the meaning of Art. 44 et seq. GDPR. These are – unless otherwise stated – standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, before such a third country transfer, we obtain your consent pursuant to Art. 49 (1) sentence 1 lit. a. GDPR, which you provide via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers there may be unknown risks in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

Storage duration

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

Data Protection Notice for the Use of “Web Conference Tools” of ACE International GmbH

We would like to inform you below about the processing of personal data in connection with the use of “Zoom”, “Teams” or similar services.

Purpose of processing

We use tools such as “Zoom”, “Teams” or similar services to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”).

Responsible

The data controller for data processing directly related to the conduct of “Online Meetings” is
ACE International GmbH.

Note: Insofar as you call up the website of “Zoom”, the provider of “Zoom” is responsible for data processing. However, calling up the Internet page is only necessary for the use of “Zoom” in order to download the software for the use of “Zoom”.

You can use “Zoom” or “Teams” if you enter the respective meeting ID and, if necessary, further access data for the meeting directly in the “Zoom” or “Teams” app.

If you do not want to or cannot use the “Zoom” app, then the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.

What data is processed?

When using “Zoom”, “Teams” or similar services, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.

The following personal data are subject to processing:

User details: first name, last name, phone (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional), department (optional).

Meeting metadata: Topic, description (optional), attendee IP addresses, device/hardware information.

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, a text file of the online meeting chat.

When dialing in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

 Text, audio and video data: You may have the option of using the chat, question or survey functions in an “online meeting”. To this extent, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Zoom” applications.

To participate in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.

Scope of processing

We use “Zoom” “Teams” or similar services to conduct “Online Meetings”. If we want to record “online meetings”, we will transparently communicate this to you in advance and – if necessary – ask for consent. If a recording of the meeting takes place, this will additionally be displayed to you in the “Zoom” as well as “Teams” app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up webinars.

If you are registered as a user at “Zoom” or “Teams”, then reports on “Online Meetings” (meeting metadata, phone dial-in data, questions and answers in webinars, survey function in webinars) can be stored at “Zoom” for up to one month.

The option of software-based “attention monitoring” (“attention tracking”) that exists in “Online Meeting” tools such as “Zoom” is deactivated.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

Legal bases of data processing

Insofar as personal data of employees of ACE International GmbH is processed, Section 26 BDSG is the legal basis for the data processing. If, in connection with the use of “Zoom” or “Teams”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of “Zoom”, Art. 6 (1) f) GDPR is the legal basis for data processing. In these cases, our interest is in the effective implementation of “online meetings”.

Incidentally, the legal basis for data processing when conducting “online meetings” is Art. 6 (1) lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here, too, our interest is in the effective implementation of “online meetings”.

Recipient / passing on of data

Personal data processed in connection with participation in “online meetings” will not be disclosed to third parties as a matter of principle unless it is specifically intended for disclosure. Please note that the content of “online meetings”, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: The provider of “Zoom” necessarily obtains knowledge of the above data to the extent provided for in our order processing agreement with “Zoom”.

Data processing outside the European Union

“Zoom” is a service provided by a provider from the USA. A processing of personal data therefore also takes place in a third country.

An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses.