Privacy Policy
1) Introduction and Contact Details of the Responsible Party
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data are all data that can be used to personally identify you.
1.2 The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Özge Cetinkaya Habich, An der Moschenmühle 18, 95032 Hof, Germany, Tel.: +49 9281 5406820, Email: info@afesto.com. The responsible party for processing personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data are all data that can be used to personally identify you.
1.2 The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Özge Cetinkaya Habich, An der Moschenmühle 18, 95032 Hof, Germany, Tel.: +49 9281 5406820, Email: info@afesto.com. The responsible party for processing personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
2) Data Collection When Visiting Our Website
2.1 When using our website purely for informational purposes, i.e., if you do not register or provide us with any information in another way, we only collect data that your browser transmits to the server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:
- The website you visited
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the site
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of persona l data and other confidential content (e.g., orders or inquiries to the responsible party). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser's address bar.
3) Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are deleted automatically when you close your browser (so-called "session cookies"), while others remain on your device for a longer period and allow you to store page settings (so-called "persistent cookies"). In the latter case, you can find out the storage duration in the overview of your web browser's cookie settings.
If individual cookies we use also process personal data, the processing is carried out in accordance with Art. 6 (1) lit. b GDPR either to fulfill the contract, according to Art. 6 (1) lit. a GDPR in the case of consent given, or according to Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a user-friendly and effective design of the site visit.
You can configure your browser to inform you about the setting of cookies and to decide individually on their acceptance or to exclude the acceptance of cookies for specific cases or generally.
Please note that the functionality of our website may be limited if you do not accept cookies.
4) Contacting Us
In the context of contacting us (e.g., via contact form or email), personal data is collected. Which data is collected when using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your inquiry or for contacting you and the associated technical administration.
The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6 (1) lit. f GDPR. If your contact aims at concluding a contract, then an additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after the final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.
5) Use of Customer Data for Direct Advertising
Sending the Email Newsletter to Existing Customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email. According to § 7 (3) UWG, we do not need to obtain separate consent from you for this. The data processing is based solely on our legitimate interest in personalized direct advertising in accordance with Art. 6 (1) lit. f GDPR. If you initially objected to the use of your email address for this purpose, no emails will be sent by us.
You have the right to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible party named at the beginning. You will only incur transmission costs according to the basic tariffs. Upon receipt of your objection, we will immediately cease using your email address for advertising purposes.
6) Web Analytics Services
6.1 Google Analytics 4
This website uses Google Analytics 4, a web analytics service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.
By default, when visiting the website, Google Analytics 4 sets cookies, which are small text snippets stored on your device and collect specific information. The scope of this information includes your IP address, which is truncated by Google to exclude direct personal references.
The information is transmitted to Google's servers and processed there. This may also involve transfers to Google LLC based in the USA.
Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activities for us, and provide further related services regarding website usage and internet usage. The IP address transmitted by your browser within the framework of Google Analytics and truncated will not be merged with other data from Google. The data collected during the use of Google Analytics 4 is stored for a duration of two months and then deleted.
All the aforementioned processing activities, especially the setting of cookies on the device used, are only carried out if you have given us your explicit consent in accordance with Art. 6 (1) lit. a GDPR. Without your consent, the use of Google Analytics 4 will not take place during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of withdrawal, please disable this service using the “Cookie Consent Tool” provided on the website.
We have entered into a data processing agreement with Google that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.
Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de, and https://policies.google.com/technologies/partner-sites.
Demographic Features
Google Analytics 4 uses the special function "demographic features" and can create statistics that make statements about the age, gender, and interests of website visitors. This is done by analyzing advertising and information from third parties. This allows target groups for marketing activities to be identified. However, the collected data cannot be assigned to a specific person and will be deleted after being stored for two months.
Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to generate cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google can analyze your usage behavior across devices, subject to your consent for the use of Google Analytics in accordance with Art. 6 (1) lit. a GDPR and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the "Personalized Ads" feature in your Google account settings. For instructions, please follow the directions on this page: https://support.google.com/ads/answer/2662922?hl=de. For more information on Google Signals, visit: https://support.google.com/analytics/answer/7532985?hl=de.
UserIDs
As an extension to Google Analytics 4, the "UserIDs" function can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 (1) lit. a GDPR, have set up an account on this website, and log in with this account on different devices, your activities, including conversions, can be analyzed across devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.
6.2 etracker
This website uses the web analytics service from the following provider: etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.
Using cookies and/or similar technologies (tracking pixels, web beacons, algorithms to read device and browser information), the service collects and stores pseudonymized visitor data, including information from the device used, such as the IP address and browser information, to evaluate the usage behavior on our website for statistical analyses and to create pseudonymized usage profiles. This also allows the evaluation of movement patterns (so-called heatmaps), showing the duration of page visits as well as interactions with page content (e.g., text entries, scrolling, clicks, and mouse-overs). The pseudonymization fundamentally excludes direct personal reference. There is no merging with other collected clear data about your person.
All the above processing activities will only take place if you have given us your explicit consent according to Art. 6 (1) lit. a GDPR. If you do not give your consent, the use of etracker will not take place.
You can revoke your consent at any time with effect for the future. To exercise your right of withdrawal, please disable this service using the “Cookie Consent Tool” provided on the website.
Further information can be found at https://www.etracker.com/de/datenschutz/.
7) Site Functionalities
7.1 Microsoft Teams
For the conduct of online meetings, video conferences, and/or webinars, we use this provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
The provider processes different types of data, depending on which data you provide before or during participation in an online meeting, video conference, or webinar. Your data as a communication participant is processed and stored on the provider's servers. This may include your login details (name, email address, phone number (optional), and password) as well as session data (topic, participant IP address, device information, description (optional)).
Additionally, visual and audio contributions from participants and spoken inputs in chats may be processed.
The legal basis for processing personal data necessary for fulfilling a contract with you (this also applies to processing operations necessary for carrying out pre-contractual measures) is Art. 6 (1) lit. b GDPR. To the extent that you have given us consent for the processing of your data, the processing is based on Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future.
Furthermore, the legal basis for data processing during the conduct of online meetings, video conferences, or webinars is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the effective conduct of the online meeting, webinar, or video conference.
We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
7.2 Zoom
For the conduct of online meetings, video conferences, and/or webinars, we use this provider: Zoom Video Communications Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.
The provider processes different types of data, depending on which data you provide before or during participation in an online meeting, video conference, or webinar. Your data as a communication participant is processed and stored on the provider's servers. This may include your login details (name, email address, phone number (optional), and password) as well as session data (topic, participant IP address, device information, description (optional)).
Additionally, visual and audio contributions from participants and spoken inputs in chats may be processed.
The legal basis for processing personal data necessary for fulfilling a contract with you (this also applies to processing operations necessary for carrying out pre-contractual measures) is Art. 6 (1) lit. b GDPR. To the extent that you have given us consent for the processing of your data, the processing is based on Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future.
Furthermore, the legal basis for data processing during the conduct of online meetings, video conferences, or webinars is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the effective conduct of the online meeting, webinar, or video conference.
We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
7.1 Microsoft Teams
For the conduct of online meetings, video conferences, and/or webinars, we use this provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
The provider processes different types of data, depending on which data you provide before or during participation in an online meeting, video conference, or webinar. Your data as a communication participant is processed and stored on the provider's servers. This may include your login details (name, email address, phone number (optional), and password) as well as session data (topic, participant IP address, device information, description (optional)).
Additionally, visual and audio contributions from participants and spoken inputs in chats may be processed.
The legal basis for processing personal data necessary for fulfilling a contract with you (this also applies to processing operations necessary for carrying out pre-contractual measures) is Art. 6 (1) lit. b GDPR. To the extent that you have given us consent for the processing of your data, the processing is based on Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future.
Furthermore, the legal basis for data processing during the conduct of online meetings, video conferences, or webinars is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the effective conduct of the online meeting, webinar, or video conference.
We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
7.2 Zoom
For the conduct of online meetings, video conferences, and/or webinars, we use this provider: Zoom Video Communications Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.
The provider processes different types of data, depending on which data you provide before or during participation in an online meeting, video conference, or webinar. Your data as a communication participant is processed and stored on the provider's servers. This may include your login details (name, email address, phone number (optional), and password) as well as session data (topic, participant IP address, device information, description (optional)).
Additionally, visual and audio contributions from participants and spoken inputs in chats may be processed.
The legal basis for processing personal data necessary for fulfilling a contract with you (this also applies to processing operations necessary for carrying out pre-contractual measures) is Art. 6 (1) lit. b GDPR. To the extent that you have given us consent for the processing of your data, the processing is based on Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future.
Furthermore, the legal basis for data processing during the conduct of online meetings, video conferences, or webinars is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the effective conduct of the online meeting, webinar, or video conference.
We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
8) Tools and Miscellaneous
8.1 Cookie Consent Tool
This website uses a so-called "Cookie Consent Tool" to obtain effective user consents for cookies and cookie-based applications that require consent. The "Cookie Consent Tool" is displayed to users upon page access in the form of an interactive user interface, where users can give consent for specific cookies and/or cookie-based applications by ticking boxes. By using the tool, all cookies/services that require consent are only loaded when the respective user grants the corresponding consents by ticking the boxes. This ensures that such cookies are only set on the user's device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this regard.
If, in individual cases, the processing of personal data (such as the IP address) occurs for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies, thus ensuring a legally compliant design of our website.
Another legal basis for processing is Art. 6 (1) lit. c GDPR. As controllers, we are legally obligated to make the use of technically non-essential cookies dependent on the respective user consent.
If necessary, we have concluded a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.
For more information about the operator and the configuration options of the Cookie Consent Tool, please refer directly to the corresponding user interface on our website.
8.2 Adobe Acrobat Sign
For the digital signing of documents, we use the services of the following provider:
Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West Business Campus, Dublin 24, Ireland.
The service enables the legally valid signing of documents by electronic signature from any device.
For this purpose, the service collects, stores, and transmits not only the electronic signature for verification and proof of signing but also usage data from the device used (particularly the IP address) and certain transaction data.
The processing occurs based on our legitimate interest in efficient and time-saving business management and customer-friendly and effective document management according to Art. 6 (1) lit. f GDPR.
We have concluded a data processing agreement with the provider that protects our visitors' data and prohibits disclosure to third parties.
8.1 Cookie Consent Tool
This website uses a so-called "Cookie Consent Tool" to obtain effective user consents for cookies and cookie-based applications that require consent. The "Cookie Consent Tool" is displayed to users upon page access in the form of an interactive user interface, where users can give consent for specific cookies and/or cookie-based applications by ticking boxes. By using the tool, all cookies/services that require consent are only loaded when the respective user grants the corresponding consents by ticking the boxes. This ensures that such cookies are only set on the user's device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this regard.
If, in individual cases, the processing of personal data (such as the IP address) occurs for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies, thus ensuring a legally compliant design of our website.
Another legal basis for processing is Art. 6 (1) lit. c GDPR. As controllers, we are legally obligated to make the use of technically non-essential cookies dependent on the respective user consent.
If necessary, we have concluded a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.
For more information about the operator and the configuration options of the Cookie Consent Tool, please refer directly to the corresponding user interface on our website.
8.2 Adobe Acrobat Sign
For the digital signing of documents, we use the services of the following provider:
Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West Business Campus, Dublin 24, Ireland.
The service enables the legally valid signing of documents by electronic signature from any device.
For this purpose, the service collects, stores, and transmits not only the electronic signature for verification and proof of signing but also usage data from the device used (particularly the IP address) and certain transaction data.
The processing occurs based on our legitimate interest in efficient and time-saving business management and customer-friendly and effective document management according to Art. 6 (1) lit. f GDPR.
We have concluded a data processing agreement with the provider that protects our visitors' data and prohibits disclosure to third parties.
9) Rights of the Data Subject
9.1 The applicable data protection law grants you the following rights as a data subject concerning the processing of your personal data by the controller (information and intervention rights), with reference to the respective legal basis for the conditions of exercise:
• Right of access according to Art. 15 GDPR;
• Right to rectification according to Art. 16 GDPR;
• Right to erasure according to Art. 17 GDPR;
• Right to restriction of processing according to Art. 18 GDPR;
• Right to notification according to Art. 19 GDPR;
• Right to data portability according to Art. 20 GDPR;
• Right to withdraw consents granted according to Art. 7 (3) GDPR;
• Right to lodge a complaint according to Art. 77 GDPR.
9.2 Right of objection
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS DUE TO OUR OVERWHELMING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THIS PROCESSING WITH FUTURE EFFECT.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING PROTECTIVE REASONS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA CONCERNING SUCH MARKETING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
10) Duration of Storage of Personal Data
The duration of the storage of personal data is based on the respective legal basis, the processing purpose, and – where applicable – additionally on the respective statutory retention period (e.g., commercial and tax retention periods).
In the case of processing personal data based on express consent according to Art. 6 (1) lit. a GDPR, the affected data will be stored until you withdraw your consent.
If there are statutory retention periods for data processed under contractual or contractual-like obligations based on Art. 6 (1) lit. b GDPR, these data will routinely be deleted after the retention periods expire, provided they are no longer necessary for the fulfillment of the contract or for the initiation of a contract, and/or we have no legitimate interest in further storage.
In the case of processing personal data based on Art. 6 (1) lit. f GDPR, these data will be stored until you exercise your right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
In the case of processing personal data for the purpose of direct marketing based on Art. 6 (1) lit. f GDPR, these data will be stored until you exercise your right to object under Art. 21 (2) GDPR.
Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.