We would like to inform you about how we process your personal data and what rights you have according to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). The responsibility for data processing lies with the organisation ATO FORM GmbH (hereinafter referred to as “we” or “us”).

Responsible for the processing of your personal data is:

ATO FORM GmbH
To the Lauterhecke 34
63877 Sailauf

Telephone: 06093 944 – 0
E-mail: info@ato-form.com

“Personal data” is any information relating to a specific person. We process this data in accordance with the applicable data protection laws, in particular the GDPR and the BDSG. We may only process personal data if we have legal permission to do so.

We process personal data only with your consent in order to enter into a contract with you or to respond to your enquiry in connection with a possible business relationship, to comply with legal obligations or to protect our legitimate interests, provided that this does not adversely affect your interests or fundamental rights and freedoms requiring the protection of personal data.

We only store your data for as long as is necessary to achieve the purpose of the processing or to fulfil our contractual or legal obligations, unless otherwise stated in the notes below. Legal storage obligations may result from commercial or tax law regulations. After the end of the calendar year in which we collected the data, we will retain personal data from our accounting for ten years and personal data from business letters and contracts for six years. In addition, we retain data in connection with consents requiring proof as well as complaints and claims for the duration of the statutory limitation periods. Data stored for advertising purposes will be deleted if you object to processing for this purpose.

If you wish to exercise your rights under Articles 15 to 22 of the GDPR, we will process the personal data you provide in order to exercise those rights and to be able to provide evidence thereof. We will process the data stored for the purpose of information and preparation solely for this purpose and for data protection control purposes and otherwise restrict the processing in accordance with Article 18 of the GDPR.

These processing operations are based on the legal basis of Article 6(1)(c) of the GDPR in conjunction with Articles 15 to 22 of the GDPR and Section 34(2) of the BDSG.

The General Data Protection Regulation (GDPR) guarantees every data subject certain rights in relation to their personal data. These include:

• The right of information: Any affected person has the right to obtain confirmation from us as to whether personal data are being processed, as well as access to these data and further information and copies thereof.
• The right to correction: Every affected person has the right to request that inaccurate personal data be corrected without delay.
• The right to erasure (“right to be forgotten”): Every affected person has the right to demand the immediate deletion of personal data concerning him or her.
• The right to restriction of processing: Every affected person has the right to request the restriction of the processing of personal data concerning him or her.
• The right to data portability: Every affected person has the right to receive the personal data concerning him or her that he or she has provided to us in a structured, common and machine-readable format.
• The right to object: Every affected person has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR. If we process personal data of the data subject for direct marketing purposes, the data subject may object to such processing in accordance with Article 21(2) and (3) of the GDPR.

The affected person also has the right to complain to a supervisory authority if he or she believes that the processing of personal data concerning him or her violates the GDPR.

The supervisory authority responsible for us is: The Bavarian State Commissioner for Data Protection

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, e.g. when you place orders or send us enquiries. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to the provider cannot be read by third parties.

We process your personal data to the extent necessary to fulfil the following purposes:

• Marketing and promotional purposes
• Appointment request: ensuring that the user’s appointment request is processed in a timely manner.
• Proper functioning of the website

The legal basis for the processing of your personal data for the above-mentioned purposes is/are

• Consent (Art. 6 para. 1 lit. a GDPR, Art. 7 GDPR)
• Fulfilment of contract (Art. 6 para. 1 lit. b GDPR)
• Legitimate interest (Art. 6 para. 1 lit. f GDPR)

Where personal data are not collected directly from the data subject, the controller is obliged to inform the data subject of the source of the data.

• Technical, automatic transmission
• Data collected by means of online tools/procedures

Where personal data are not collected directly from the data subject, the controller is obliged to inform the data subject of the categories of data concerned.

• Usage data
• Meta/communication data

The indication of the “legitimate interests” of the controller or the third party pursued with the processing of personal data refers to Art. 6 (1) S. 1 lit. f GDPR.

• Optimal user experience of the website for our customer.
• Marketing purposes

We will inform you about the duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration.

• Deletion at the end of necessity (e.g. for ongoing customer relationships, etc.)

The provision of personal data by the data subject may be required on a legal or contractual basis or may be necessary for the conclusion of a contract. There may also be a legal obligation to provide the data.

Failure to provide the personal data may result in the following:

• Possible incorrect display and restrictions in the use of our website.
• Contact via appointment request tool not possible

It is possible that third-party content, such as videos from YouTube, maps from Google Maps, RSS feeds or images/graphics from other websites are integrated within this online offer. This always requires that the providers of this content (hereinafter referred to as “third-party providers”) perceive the IP address of the user. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is thus necessary for the presentation of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence on whether the third-party providers store the IP address, e.g. for statistical purposes. Insofar as we are aware of this, we inform the users about this.

Cookies are small files that enable certain device-related information to be stored on the user’s access device (PC, smartphone or similar). They do not cause any damage to the user’s device. On the one hand, they serve the user-friendliness of websites and thus the users (e.g. storage of login data). On the other hand, they serve to collect statistical data on the use of the website and to be able to evaluate it for the purpose of improving the offer. Users can influence the use of cookies. Most browsers have an option to restrict or completely prevent the storage of cookies. However, it is pointed out that the use and in particular the user comfort will be restricted without cookies.

Cookies that are absolutely necessary to carry out the electronic communication process or to provide certain functions requested by the user (e.g. shopping cart function) are stored on the basis of Art. 6 (1) lit. f GDPR. As website operators, we have a legitimate interest in storing cookies for the technically error-free and optimised provision of our services.

Other cookies, which e.g. serve to measure the performance of our website, enable extended functions or the personalisation of the online offer or are used for marketing purposes, are only used if the user consents via the cookie window that appears (pursuant to Art. 6 para. 1 lit. a GDPR). If the user does not consent to the use of cookies, the website may not be able to perform all functions correctly.

Further information

The website contains so-called “external links” to other websites over whose content we have no influence. For this reason, we cannot assume any liability for these contents.
The respective provider of the linked website is responsible for the content and accuracy of the information. At the time of linking, no legal violations were apparent. If we become aware of any legal violations, we will remove such links immediately.

Videos from the online video platform YouTube are also embedded on this website. The operator of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

By using this website, a connection to the YouTube servers is established. The YouTube server is informed about the user’s visit. In addition, YouTube may store various cookies on the user’s terminal device or use corresponding technologies for recognition. In this way, YouTube can obtain information about the visitors to this website. This information is used, among other things, to compile video statistics, to improve user-friendliness and, if necessary, to prevent attempts at fraud.

YouTube is used in the interest of an appealing presentation of the provider’s online offer. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. Insofar as a corresponding consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR, whereby the user’s consent can be revoked at any time.

Further information on the handling of user data by YouTube can be found in YouTube’s privacy policy at: https://policies.google.com/privacy?hl=en.

If required, we place job advertisements on our website. Interested parties have the opportunity to send us their application. The processing of the transmitted data is of course subject to the Basic Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). In the following, we explain what data we receive from you and how we handle it.

We process your personal data to the extent necessary to fulfil the following purposes:

• Establishment, implementation and termination of employment relationships.

The legal basis for the processing of your personal data for the above-mentioned purposes is/are

• Fulfilment of contract (Art. 6 para. 1 lit. b GDPR)
• Legitimate interest (Art. 6 para. 1 lit. f GDPR)

Where personal data is not collected directly from the data subject, the controller is obliged to inform the data subject of the sources of that data.

• Voluntary self-disclosure

Where personal data are not collected directly from the data subject, the controller is obliged to inform the data subject of the categories of data concerned.

• Applicant data

The indication of the “legitimate interests” of the controller or the third party pursued with the processing of personal data refers to Art. 6 (1) S. 1 lit. f GDPR.

• Getting to know the applicants

We will inform you about the duration of the storage of the personal data or, if this is not possible, about the criteria for determining this duration.

• Deletion upon termination of contract/termination
• Deletion if no longer necessary (e.g. in the case of ongoing customer relationships, legal proceedings, etc.)
• 6 months according to § 61 b para. 1 ArbGG in conjunction with. § SECTION 15 AG

The provision of personal data by the data subject may be required on a legal or contractual basis or may be necessary for the conclusion of a contract. There may also be a legal obligation to provide the data.

Failure to provide personal data may result in the following:

• Without an application and the accompanying documents, it is not possible to employ the person.

Article 4(9) of the General Data Protection Regulation (GDPR) defines the term “recipient” as “the natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether or not a third party”.

• Tracking provider
• Google Ireland Limited

A transfer of personal data to an “international organisation” (as defined in Art. 4 No. 26 GDPR) or to controllers, processors or other recipients in a state outside the European Union (EU) and the European Economic Area (EEA) poses particular data protection risks from the perspective of the data subject.

We transfer personal data to the following recipients outside the European Union (EU) and the European Economic Area (EEA):

• A data transfer to a third country or to an international organisation does not take place and is not planned.

A transfer of personal data to a country outside the European Union (EU) and the European Economic Area (EEA) or to an international organisation is permitted if the European Commission has determined that the country, territory or one or more specified sectors within that country or the international organisation concerned ensures an adequate level of protection.

We transfer personal data to the following recipients outside the European Union (EU) and the European Economic Area (EEA) for which an adequacy decision has been made:

• Data transfers to a third country or to an international organisation for which an adequacy decision by the EU Commission exists do not take place and are not planned.