We take data protection seriously (Version: August 2022)
Protecting your privacy when processing personal data is important to us. Therefore, we would like to provide you with the following information.
Data controller in Austria:
Data controller in Germany:
The data controllers manage this website for all companies in the ACP Group. You can find an overview of the companies here. If required, your data will be exchanged within the ACP Group (for example, in order to pass your query onto the relevant employee).
Personal data concerns data about you. This includes your name, address and email address. You do not need to provide any personal data to visit our website. In certain cases, we will need your name and address, as well as additional information in order to provide you with the requested services.
The same applies if you would like us to provide you with information material or in order to respond to your queries. In such cases, we will always inform you. Furthermore, we only store the data which you have provided to us automatically or voluntarily.
When you use one of our servers, we generally only collect data which is required in order to provide you with our service. We may ask you for additional information, but this is voluntary. Whenever we process personal data, we do so in order to provide our service or to pursue business objectives.
If you provide us with data using the contact form, this data will be stored on our servers as part of the data storage process. Your data will only be used in order to process your request and, in certain cases, it may be passed on internally within the ACP Group. Your data is processed in a strictly confidential manner. It will not be passed onto third parties.
We use the software Hubspot to send our newsletter. As part of this, we use a so-called double opt-in procedure (i.e. we will only send you a newsletter if you have explicitly requested that we activate the newsletter service for you). We will then send you a notification email, asking that you click on the link in the email to confirm that you would like to receive our newsletter. When signing up to our newsletter, we store your IP address and the sign-up date. This information is stored solely in the event of third party misuse of your email address to sign up to the newsletter without your knowledge or consent. The legal basis for this is your consent, according to art. 6, para. 1, lit a of the GDPR. If you unsubscribe from the newsletter and there is no commercial relationship between us and you, your data will be deleted immediately.
If you wish to unsubscribe from our newsletter at a later date, you can do so at any time without incurring any cost other than the data transmission costs at your standard tariff (e.g. when clicking on the unsubscribe link in the email).
User Account (User Profile)
On our website, we give users the option to register for a user account using their personal details. Following registration on the website, you will receive a confirmation email from us, which will be sent to the email address provided by you.
The legal basis for processing this data is art. 6, para. 1, lit b of the GDPR. The registration data will not be passed on to third parties.
We store this data for the purpose of setting up and providing the user account. Your application(s) and applicant profile will be stored in this account.
As part of your registration on the ACP applicant portal, you can also sign up to a job newsletter for future ACP job vacancies. You can unsubscribe at any time via your applicant profile or through an integrated link in the job newsletter. You always have the option to download and correct the stored data. We delete your user account and the data stored in it when you request its deletion or when you explicitly withdraw the submitted application(s).
If the data is required for contractual reasons or to conduct pre-contractual measures, the data can only be deleted prematurely if there are no contractual or legal obligations to the contrary. Furthermore, we process your data until the conclusion of any legal disputes whereby the data is required as evidence.
Online applications (to a job vacancy or unsolicited applications)
On our website, we offer applicants the option to apply to the job vacancies online or to submit a speculative application. In doing so, the data will be entered/uploaded into an input screen and then transmitted to our systems, where it is stored. A user account is required to apply to a job offer or to send a speculative application.
Once an application has been sent, an automated email will be sent to the email address you provided.
The application data stored in your user account can be viewed, changed or deleted at any time.
For the purpose of reviewing and processing your application and in order to get in touch, your data may be viewed by the person(s) responsible for the respective job vacancy/speculative application.
When looking for the best applicants and workplaces, we take your applicant data into account for open vacancies in your region. For this reason, we pass your applicant data onto our companies within the ACP Group.
Under no circumstance will your applicant data be passed onto third parties outside the ACP Group.
The legal basis for processing your data is your consent, given especially prior to sending your application via the corresponding form on our website. (art. 6, para. 1, lit a of the GDPR, possibly in connection with art. 9, para. 2, lit a of the GDPR insofar as special personal data is included in your application).
It may be necessary to pass your data onto third parties where legally required, e.g. in order to pursue prosecution or to implement intellectual property laws. The legal basis in such cases is art. 6, para. 1, lit c of the GDPR.
We delete the application data you have provided from our systems if you explicitly withdraw your consent and/or if you delete your account.
We will also delete your data 6 months after the end of the application process, insofar as we do not suggest another vacancy to you or if you consent to us storing your application on file data for an additional 12 months. One month prior to the expiration of the retention period, you will receive an email offering you the option to extend the storage of your application data on file by a further 12 months. This consent can be withdrawn at any time in your user/application account.
You cannot delete the data if it is required to fulfil a contract or to conduct pre-contractual measures. Premature deletion of the data is only possible if there are no contractual or legal obligations preventing deletion. Furthermore, we process your data until the conclusion of any legal disputes whereby the data is required as evidence.
For each customer, we setup password-protected direct access to the core data we store on them (customer account). Here, you can view the data on completed orders and you are obliged to treat the personal access data with confidentiality, preventing access to the data from third parties. We cannot accept liability for the misuse of passwords, unless we are responsible for the misuse.
We collect, store and process your data for the entire purchase process. Your personal data will only be passed on or otherwise transmitted to third parties where this is required in order to process the contract or for billing purposes. As part of the order process, the service providers we use (for example shipping and logistics companies) will receive the required data for the order and contract processing. Such data may only be used by our service providers in order to fulfil their task. Any other use of the information is not permitted and this also applies to our trusted service providers.
For your order, we require your correct and complete company name, address and VAT identification number for the purpose of billing. We need your email address in order to assign your order in our goods management system and to communicate with you. We also use this to identify you (customer login).
Your personal data will be deleted if the statutory retention obligations have been met and you have made a claim for deletion, if the data is no longer required to fulfil the purpose of storage or if the storage is otherwise not legally permitted.
Automatically stored data
When you visit our website, our internet servers generally store your internet service provider IP, the website from which you visited us, the webpages you visit on our site and the date and duration of the visit. This information is required for the technical transfer of webpages and the secure operation of the server. This data is not evaluated personally.
Server log files
The website provider automatically collects and stores information in so-called server log files, which your browser sends to us automatically. These are:
- The date and time of the request
- The name of the required files
- The page from which the file was requested
- The access status (file transfer, file not found etc.)
- The web browser and operating system used
- The complete IP address of the device making the request
- The data volume transmitted
This data is not merged with other data sources. Processing takes place in accordance with art. 6, para. 1, lit f of the GDPR on the basis of our legitimate interest in the improvement of our website’s stability and functionality.
For technical security reasons, in particular to defend against attempted attacks on our web servers, this data is stored by us temporarily. It is not possible to trace a person’s identity based on this data. After no later than seven days, the data is anonymised using an abbreviated IP address at domain level, so that it is no longer possible to trace the individual user. The data is then processed in anonymised format for statistical purposes; the data is not compared with other components or passed on to third parties, even in excerpts.
We have taken technical and administrative security measures in order to protect your personal data against loss, destruction, manipulation and unauthorised access. All of our employees and active service providers are obliged to comply with the data protection laws.
Whenever we gather and process personal data, it will be encrypted before it is sent. This means that your data cannot be misused by third parties. Our security measures are subject to a constant process of improvement and our data protection declarations are constantly updated. Please ensure that you have consulted the most recent version.
Additionally, when visiting our website for the first time, we request that you consent to cookies used to improve our website or for marketing purposes. Only if you agree to this will such cookies be stored. The legal basis for this shall then be your consent, in accordance with art. 6, para. 1, lit a of the GDPR.
You can change your cookie settings here at any time:Ihre Cookie Einstellungen
This website uses Tawk.to to provide a live chat. This website uses consultants from thomashutter.com and hutter-consult.com, an external platform for managing chats. The chat is integrated via a script in the source text on thomashutter.com and hutter-consult.com. By using the chat, you will automatically use the services of Tawk.to. The data is transmitted there for the purpose of security and documentation for thomahutter.com and hutter-consult.com. The data collected includes: The chat content, given name, IP address at the time of the chat and the country of origin. This data is not passed onto third parties and only serves the purpose of protection and internal statistics. By using the chat, you agree to consent. Here, you can find further information on Tawk.to! Please read them carefully. Please note, however, that the page is only available in English: https://www.tawk.to/privacy-policy/
Lead-Scoring in HubSpot
Lead scoring is a process by which a contact can be qualitatively assessed on the basis of a pre-defined points system. This allows any contact with a concrete interest in a topic, service or product or with a concrete intention to purchase to be identified.
Explicit and implicit data is used as evaluation criteria.
Explicit contact data, i.e. any data which a contact provides themselves, can be collected by, for example, filling out a form on our website. For example, such explicit data provided can include:
- Company size
- Job descriptions
Implicit information can also be used. This primarily concerns information obtained by using our website, emails and other channels, which assigns contact with HubSpot. Examples of such implicit interactions for collecting data include:
- The number of website sessions
- Form submissions (such as newsletter or contact queries and the number of these)
- The number of email ‘openings’ and ‘clicks’
- Interactions on social media
The evaluation of this data helps us to determine your interests more precisely, to provide you with targeted information and to optimise our website for you.
SOCIAL PLUGINS FROM FACEBOOK, TWITTER, INSTAGRAM, PINTREST, XING, ADDTHIS AND WHATSAPP
Our website uses social buttons from social networks. This are just HTML links embedded in the page, so simply accessing our website does not yet establish a connection with the servers of the respective providers. Clicking on one of the buttons will open the website of the respective social network in a new window on your browser. There, you can, for example, click on the like or share button.
ONLINE PRESENCE ON FACEBOOK, TWITTER, INSTAGRAM, LINKEDIN, XING
Facebook Custom Audiences Pixels
If you wish to object to the connection with Facebook described above, you can do this as follows:
USE OF GOOGLE SERVICES
We use the following technologies by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland (“Google”). The information on your use of our website automatically collected by the Google technology is usually sent to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. The European Commission has not taken a decision on the USA’s adequacy. Our cooperation is based on the European Union’s standard data protection clauses.
If your IP address is collected using Google technology, it will be abbreviated prior to storage on the Google servers by using an IP anonymisation process. Only in exceptional cases will the full IP address be sent to a Google server and abbreviated there. Unless otherwise stated for the individual technologies, the data processing takes place on the basis of an agreement concluded between the data controller and the respective technologies, in accordance with art. 26 of the GDPR. You can find detailed information on data processing at Google in Google’s privacy policies: https://policies.google.com/privacy?hl=de.
Google Tag Manager
Our website provides marketing space for third party advertising using AdSense. These advertisements are displayed to you in different locations on this website. The so-called DoubleClick cookie allows the display of targeted advertising by collecting and processing data (IP address, time of visit, device and browser information and information on your use of our website), as well as the automatic designation of a pseudonymised UserID. This determines the interests of visitors to this and other websites.
In order to visually display geographical information, Google Maps sends data to Google, which processes data about your use of the maps function, in particular your IP address and location data. We have no influence over the subsequent data processing.
To improve the comfort and quality of our service, we use conversion tracking and retargeting technology, both webservices by Adform ApS, Wildersgade 10B, 1, 1408 Copenhagen K, Denmark.
This website uses conversion tracking by Adform. The temporary cookie for conversion tracking is set when a user contacts an advertisement using Adform.
Users who do not wish to take part in tracking can deactivate the Adform or Google cookie in their internet browser. They can also object to data collection and storage at any time with future effect by clicking here. Cookies already stored on your computer can be deleted in your browser or removed by deleting temporary websites.
Our website uses the bookmark service addthis.com. AddThis is a service provided by Clearspring Technologies Inc., 8000 Westpark Drive, Suite 625, McLean, VA 2210, USA. Each individual visit to our website equipped with an AddThis component causes the browser you are using to download a corresponding representation of the component from addthis.com. Through this process, addthis.com is made aware of the exact page you visit on our website. Furthermore, addthis.com obtains information about your IP address, browser type, browser language, the previously visited website, as well as the date and time of your visit to the website in order to create anonymised user profiles with the data. This data allows AddThis and its partner companies to provide visitors to our website with personalised, interest-related advertising. The integration of advertising material takes place on the basis of the browser cookie set by addthis.com, which analyses the user behaviour of the website visitor. You can permanently object to addthis.com placing this cookie by clicking on the following link and downloading and installing the opt-out cookie: http://www.addthis.com/privacy/opt-out.
To generate short URLs, we use the tool “Bitly” by bitly.inc (39 5th Avenue, New York, NY 10010, USA). Privacy statement and opt-out: https://bitly.com/pages/privacy?lang=en
To provide the relevant advertisements, we use the tool, Moat.
Moat is provided by Moat Inc., 228 Park Ave South #17953, New York NY 10003, United States.
Link to opt-out: https://www.oracle.com/legal/privacy/privacy-choices.html
Our website uses the service Microsoft Bookings (part of Microsoft 365) to book appointments online. This service is provided by Microsoft Ireland Operations Limited (hereinafter: “Microsoft”).
This software enables the booking of consultancy or event appointments. A connection to the service is only established if you click on a link or button for the online booking function on our website.
The legal basis for providing the “Microsoft Bookings” service is art. 6, para. 1, lit f of the GDPR (legitimate interest in data processing). The legitimate interest is based on our desire to provide you with a user-friendly website and to provide you the opportunity to book an appointment quickly and simply when you need it.
We wish to point out that you are not obliged to use Microsoft Bookings to book an appointment. If you do not wish to use the service, please contact us through our other channels to book an appointment. The legal basis for processing your data by sending the form is art. 6, para. 1, lit a of the GDPR (consent).
Data subject rights
You always have the right to information on and correction, deletion or restriction of the processing of your stored data, as well as a right to object to processing, to data portability and to submit a complaint in accordance with the provisions of the data protection act.
Right to information:
You can request information on whether and to what extent we process your data.
Right to correction:
If we process your data incompletely or incorrectly, you can request that we correct or complete your data at any time.
Right to erasure:
You can request the erasure of your data, insofar as we process the data unlawfully or if the processing disproportionately affects your legitimate interest in protection. Please note that there may be reasons to prevent an immediate erasure, e.g. in the event of statutory regulations on retention obligations.
Regardless of your perception of your right to erasure, we will erase your data immediately and in full insofar as there are no commercial legal or statutory retention obligations.
Right to restrict processing:
You can request a restriction to the processing of your data if
- You dispute the accuracy of the data for a period that allows us to check the accuracy of the data,
- The processing of data is unlawful but you refuse erasure and instead request a restriction to the use of your data,
- We no longer require the data for the intended purpose but you still require the data to assert or defend legal claims or
- You have submitted an objection to the processing of data.
Right to data portability:
You can request that we provide your data, that you have given us, to you in a structured, conventional and machine-readable format or that we send this data to another data controller without delay, insofar as
- we process this data on the basis of your issued and revocable consent or in order to fulfil a contract and
- the data is processed using automated means.
If technically feasible, you can request that we send your data to another data controller directly.
Right to object:
If we process your data due to a legitimate interest, you can submit an objection to data processing at any time; this would also apply to profiling on the basis of one of these provisions. We will then no longer process your data, unless we can prove compelling, protection-based reasons for processing which outweigh your interests, rights and freedoms or if the processing serves to assert, execute or defend legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without providing a reason.
Right to appeal:
If you believe that our processing of your data violates German or European data protection laws, we request that you contact us in order to clarify any queries. You have, of course, the right to appeal to the relevant supervisory authority at the respective state department for data protection supervision.
If you wish to assert one of the above rights to us, then please contact our data protection officer. If in doubt, we may also request additional information to confirm your identity
All interested parties and visitors to our website can contact us about data protection issues at:
Mr. Christian Volkmer