Privacy Policy.

Data Protection Statement

The data protection statement below shall apply for using our online presence at www.amplitrain.de (hereinafter known Website).

We attach great importance to data protection. Your personal data (above all health data) is collected and processed in compliance with the data protection regulations in force, in particular with those in Article 9 Para 1 of the EU General Data Protection Regulations [DSGVO] when they came into force on 25 May 2018.

Responsible body

The body responsible for collecting, processing and using your personal data within the meaning of Article 4 No 7 GDPR [DSGVO] is

 

amplitrain GmbH
Besselstraße 2 – 4
68219 Mannheim

Tel: +49 (0) 621 150 216 0
E-mail: mail@amplitrain.de

 

Insofar as you wish to raise an objection to your data being collected, processed, and used by us in accordance with these data protection regulations, as a whole or for specific measures, you may send in your objection to the responsible body.

You may save and print out this data protection at any time and print it out.

General purpose of processing

We only use personal data for the purposes of running our Website and for setting up and carrying out all business relationships with potential customers and customers as part of our distance sales for our products.

 

Which data do we use and why

Hosting

The hosting services we avail ourselves of serve to provide the following services: Infrastructure and platform services, computer capacity, memory capacity and database services security services as well as technical maintenance services which we call in for the purpose of running our Website.

In doing so we, or our hosting provider, process existing data, contact data, content data, contract data, usage data, Meta data and communication data from customers, potential customers and visitors to our website on the basis of our justified interests in having an efficient and secure website available in accordance with Article 6 Para 1 P 1 f) GDPR [DSGVO] in conjunction with Article 28 GDPR [DSGVO].

Access data

We shall collect data from you if you use this Website. We automatically record information about your usage patterns and your interaction with us and register data about your computer or mobile device. We collect, save and use data about every visit to our Website (so-called server log files). The access data includes:

- Name and URL of the file downloaded

- Date and time of the download

- Volume of data transmitted

- Report confirming that the download has been successful (HTTP response code)

- Browser type and version

- Operating system

- Referrer URL (i.e. the last site visited)

- Websites visited via our website by the user’s system

- The user’s internet service provider

- IP address and the provider making an enquiry

We use this protocol data without allocating it to you in person or for other profiling for statistical reasons for the purposes of operating, optimising our website and making it safe, but also for recording the number of visitors to our website (traffic) on an anonymous basis  as well as for calculating the scope and type of use of our Website and services, and for invoicing purposes as well so that we can count the number of clicks received from partners we co-operate with.

On the basis of this information we are able to provide personalised and location-related information and analyse the data traffic, look for and eliminate defects and improve our services.

This is also our justified interest in accordance with Article 6 Para 1 P 1 f) GDPR [DSGVO].

We shall reserve the right to review the protocol data subsequently, if as a result of specific indications we have a legitimate suspicion of illegal use. We save IP addresses for a limited period of time in the log files, if this is required for security purposes or necessary to render the performance or to invoice a performance, e.g. if you use one of our offers. After the order procedure is terminated or after payment has been received we delete IP addresses, if they are no longer necessary for security purposes. We also save IP addresses if we harbour a firm suspicion that a criminal act has been committed in connection with the use of our website. Besides which, we save the date of your last visit (e.g. at registration, Login, clicking links etc.) as part of your account.

 

Cookies

We use so-called session cookies in order to fine tune our website. A session cookie is a small text file sent by the respective server when visiting a webpage and stored on your hard disc on a temporary basis. This file as such contains a so-called session ID, with which various enquiries made by your browser can be allocated to the common session. As a result of this your computer can be recognised again if you return to our website. These cookies are deleted after you shut down your browser. They serve, for example, to enable you to use the shopping basket function for several webpages from one page to another.

We also use persistent cookies to a lesser extent (also small text files deposited on your terminal), which remain on your terminal and enable us to recognise your browser again on the occasion of your next visit. These cookies will be saved on your hard disc and will delete themselves after the pre-determined length of time. Their operating life ranges from between 1 month and 10 years. This means that we are able to make our presentation easier to use, more effective and more secure for you, and, for example, are able to show you information specifically co-ordinated with your interests on the webpage.

Our justified interest in using the cookies in accordance with Article 6 Para 1 P 1 f) GDPR [DSGVO] is that we wish to make our website easier to use, more effective and more secure.

The following data and information will, for example, be saved in the cookies:

  • Log-In information
  • Language settings
  • Search terms submitted
  • Information about the number visits made to our Website plus the use of individual functions in our internet presentation.

When activating the cookie it will be assigned an identification number, but your personal data will not be allocated to this identification number. Your name, your IP address or similar data, making it possible for a cookie to be assigned to them will not be deposited in the cookie. Cookie technology allows us to obtain just pseudonymised information, for example, as to which pages in our shop are visited, which products have been looked at etc.

You may set your browser so that you are informed in advance about how cookies are set and in a given instance you may decide whether you wish to block cookies for specific circumstances or have a blanket ban or disable cookies completely. The function of the Website may be restricted as a result.

 

Data for fulfilling our contractual duties

We process personal data we need to have to fulfil our contractual obligations, such as name, address, e-mail address, products ordered, invoice and payment data. This data has to be collected to enter into a contract. If necessary, health data may have to be notified as well to co-ordinate the product with individual requirements.

Data will be deleted after the warranty cover and statutory safekeeping periods have expired. Data associated with a user account (see below), shall in all cases be retained for the length of time over which the account is kept.

The legal basis for processing this data is Article 6 Para 1 P 1 b GDPR [DSGVO], since this data is needed to enable us to fulfil our contractual duties towards you.

 

Our social media presentations

Data processing via social networks

We maintain publically accessible profiles in social networks. The individual social networks used by us are listed further down.

Social networks such as Facebook, Google+ etc. are, as a rule, able to analyse your usage patterns in detail, if you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). By visiting our social media presences a large number of data protection relevant processing operations are triggered off.  In particular:

If you have logged in to your social media account and visit our social media presence, the operator of the social media portal is able to allocate your visit to our user account. Your personal data may, under certain circumstances also be recorded however, in those cases in which you are not logged in or do not have an account with the respective social media portal. In this case the data will be recorded via cookies saved on your hard disc on your terminal or by logging your IP address.

With the assistance of the data logged in this way the operators of the social media portals are able to generate user profiles in which your preferences and interests are deposited. In this way you can be shown advertising relating to your interests both inside and outside the respective social media presence. Insofar as you do have an account with the respective social network the interest-related advertising may be shown on all devices to which you are or were logged in.

Please note, moreover, that we are not able to follow and understand all processing operations on social media portals. Depending upon supplier, other processing operations from the operators of social media portals may possibly be carried out. You may find details about this in the terms and conditions of use and data protection regulations of the respective social media portals.

Legal basis

Our social media website should ensure that our presence in the internet is as comprehensive as possible. This is a justified interest within the meaning of Article 6 Para 1 letter f GDPR [DSGVO]. The process of analysis initiated by the social networks may be based upon different a legal basis which have to be stated by the operators of the social networks (e.g. consent within the meaning of Article 6 Para 1 letter a GDPR [DSGVO]).

Responsible body and assertion of rights

If you visit one of our social media websites (e.g. Facebook) we are jointly responsible with the operator of the social media platform for the data processing processed triggered off by such a visit. You may, as a matter of principle, assert your rights (Information, correction, deletion, restriction of processing, data transferability and complaints) not only against us but also against the operator of the respective social media portal (e.g. against Facebook).

Please note that, in spite of being jointly responsible with the social media portal operators, we do not have total control of the data processing processes of the social media portals. Our options are determined by the relevant business policy of the respective provider.

Duration of storage

The data logged directly by us via the social media website will be deleted by our system as soon as the purpose for which it was saved no longer applies, you request that we delete it, you revoke your consent to store it, or the purpose for which the data was stored no longer applies. Saved cookies shall remain on your terminal until you delete them. Compulsory statutory regulations – in particular safekeeping periods – shall not be affected.

We have no control over the length of time over which your data stored by the operators of the social networks is saved. Please contact the operators of the social networks directly (e.g. see their data protection statement below) for details about this.

 

Social networks – the details

Facebook

We maintain a profile on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified in accordance with the EU-US-Privacy-Shield.

We have entered into an agreement with Facebook about joint responsibility for processing data (Controller Addendum). This agreement specifies which data processing processes we or Facebook are responsible for if you visit our Facebook- Fanpage. This agreement may be read at the following link:
https://www.facebook.com/legal/terms/page_controller_addendum

 

You may adjust your advertisement settings yourself in your User account. To do so click on the following link and log in:
https://www.facebook.com/settings?tab=ads

You can find details in the Facebook data protection statement:
https://www.facebook.com/about/privacy/

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. You can read the details about how they handle your personal data on Instagram’s data protection statement:
https://help.instagram.com/519522125107875

Contact form

If you let us have enquiries through our contact form, your information in the enquiry form including the contact data entered by you will be saved by us so that we are able to deal with your enquiry and with any follow-up queries there may be. We shall not pass on this data without your consent.

This means that the data will only be entered in the contact form with your consent (Article 6 Para 1 letter a GDPR [DSGVO]). You may revoke this consent at any time. There is no set procedure required to do so. All you have to do is send us an e-mail to that effect. The legality of data processing up until that time will not be affected by revocation.

The data entered by you in the contact form shall be retained by us. Until you ask us to delete it, revoke your consent to it being saved or the purpose for which the data is being processed no longer applies, (e.g. after your enquiry has been dealt with). Compulsory statutory regulations – in particular safekeeping periods – shall not be affected.

Contactby telephone, Fax or E-mail

If you contact us by phone, tax or e-mail, we shall process your information so that we can handle your enquiry as well as for follow-up queries in the event that they arise.

If data is processed to carry out pre-contractual measures in response to a request by you, or if you are already a customer of ours, to carry out a contract, the legal basis for this data processing is Article 6 Para 1 P 1 b) GDPR [DSGVO]. We shall only process other personal data if you grant your consent to this (Article 6 Para 1 P 1 a) GDPR [DSGVO] or if we have a justified interest in processing your data (Article 6 Para 1 P 1 f) GDPR [DSGVO]). A justified interest would, for example, be responding to an e-mail from you.

Duration of data storage

Insofar as not specifically stated, we shall only save personal data for as long as necessary to fulfil the set objectives.

In some cases the legislative makes provision for personal data to be saved, under tax law or commercial law, for example. In these cases the data we shall only continue to save data for these statutory reasons, but we shall not process it for other objectives and after the statutory period of safekeeping has expired we shall delete it.

 

Google Web Fonts

This website uses so-called Web fonts to facilitate a standard presentation of fonts provided by Google. The Google fonts are installed locally. There is no link up to Google servers done when doing so.

Google Maps

This website uses the map service of Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Your IP address will have to be saved if you wish to use the Google Maps functions. This information will, as a rule, sent to a Google server in the USA and saved there. The provider of this website does not control this data transfer.

Google Maps is used in the interests of creating an appealing presentation for our online offers and to make it easy to find the places stated by us on the website. This constitutes a justified interest within the meaning of Article 6 Para 1 letter f GDPR [DSGVO].

You will find more information about how user data is used in Google’s data protection statement at: https://policies.google.com/privacy?hl=de.

 

Your rights as a party affected by data processing

Under the laws applicable you have various rights regarding your personal data. Should you wish to assert your rights, please send your enquiry by E-mail or by post stating clearly who you are to the address stated in Number 1.

You will find a summary of your rights below:

Right to confirmation and information

You are entitled to receive clear information about how your personal data is processed.

In particular:

You will at all times be entitled to receive confirmation from us as to whether personal data relating to you is being processed. If this is the case, you will be entitled to request information from us free of charge as to the personal data saved about you plus a copy of this data. You will, furthermore, be entitled to receive the following information:

  1. The reason for which the data is being processed;
  2. The categories of personal data being processed;
  3. The recipient or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third party countries or in international organisations;
  4. If possible, the length of time for which it is planned to save the personal data, or, if this is not possible, the criteria determining the length of time over which the data will be saved;
  5. The existence of a right to have personal data concerning you corrected or deleted or to have the processing of such data restricted by the responsible body or a right to raise an objection to such processing;
  6. The existence of a right to lodge a complaint with a supervisory body;
  7. If the personal data has not been collected from you, the right to receive all the information available about the origin of the data;
  8. The existence of automated decision making including profiling in accordance with Article 22 Para 1 and 4 GDPR [DSGVO] and – in these cases at least – meaningful information about the logic involved as well as the range of the and the sought-after impact of such processing for you.

If personal data is sent to a third country or to an international organisation, you will consequently be entitled to be informed of the suitable guarantees in accordance with Article 46 GDPR [DSGVO] In connection with the forwarding of your personal data in such circumstances.

 

Right to corrections

You will be entitled to request that errors in personal data relating to you are corrected and gaps in said personal data are filled in, if necessary.

In particular:

You will be entitled to request that incorrect personal data relating to you is corrected straightaway. Taking into consideration the purposes for which the personal data is being processed, you will be entitled to demand that incomplete personal data is completed – also by means of a supplementary statement.

 

Right to blocking

Under the statutory regulations currently in force you are entitled to have a block placed on your data. To have this done as well as raise any other questions you may have about personal data, you may contact us at any time at the address in our masthead.

 

Right to deletion ("Right to be forgotten")

In a number of cases we are obliged to delete personal data relating to you:

In particular:

You are entitled, in accordance with Article 17 Para 1 GDPR [DSGVO] to request that personal data relating to you is deleted straightaway, and we are obliged to delete personal data straightaway, insofar as one of the following reasons applies:

  1. The personal data is no longer needed for the purposes for which it was collected or processed by other means.
  2. You are revoking your consent on which processing relies in accordance with Article 6 Para 1 P 1 GDPR [DSGVO] or Article 9 Para 2 a) GDPR [DSGVO], and there is no other legal reason for processing it.
  3. You lodge an objection to processing in accordance with Article 21 Para 1 GDPR [DSGVO] and there are no overriding reasons justifying processing, or you lodge an objection to processing in accordance with Article 21 Para 2 GDPR [DSGVO].
  4. Personal data has been unlawfully processed.
  5. Personal data has to be processed to fulfil a legal obligation in accordance with European Union law or the law of the member states applicable to us.
  6. Personal data has been collected in connection with services offered by the information company in accordance with Article 8 Para 1 GDPR [DSGVO].

If we have publicised the personal data and we are obliged to delete it in accordance with Article 17 Para 1 GDPR [DSGVO], we shall consequently take reasonable measures, including technical ones, taking into consideration the technology available and the implementation costs to inform the body responsible for processing your personal data that you have requested that all links to your personal data or copies or replications thereof be deleted.

Right to restrict processing

In a number of cases you are entitled to request that the processing of your personal data is restricted by us.

In particular:

You are entitled to request that processing is restricted if one of the following preconditions has been satisfied:

  1. The accuracy of the personal data is disputed by you, and to be more precise, for a period of time making it possible for us to review the accuracy of the data;
  2. Processing is unlawful and you rejected the deletion of your personal data and instead have requested that the use of your personal data is restricted;
  3. We no longer need to have the personal data for the purposes of processing but you however do need to have it for asserting, exercising or mounting a defence against legal claims, or
  4. You have lodged an objection to processing in accordance with Article 21 Para 1 GDPR [DSGVO], for as long as it not certain whether the justified reasons our company outweigh yours.

Right to transfer data

You are entitled to receive, forward or have sent to you the personal data relating to you in machine-readable format.

In particular:

You are entitled to receive the personal data relating to you with which you have provided us in a structured, common and machine-readable format, and you are entitled to have this data sent by us to another responsible body, provided that

  1. The data processing is based upon consent in accordance with Article 6 Para 1 P 1 a) GDPR [DSGVO] or Article 9 Para 2 GDPR [DSGVO] or on a contract in accordance with Article 6 Para 1 P 1 b) GDPR [DSGVO] and
  2. Data processing is carried out with the assistance of an automated process.

When exercising your right to have data transferrable in accordance with Paragraph 1 above, you will have the right to have the personal data sent direct from us to another responsible body, provided that this is technically possible.

 

Right to raise an objection

You are entitled to raise an objection to having your personal data processed lawfully by us, if the reasons for this are the result of your specific circumstances and this is not overweighed by our interests in processing.

In particular:

You are entitled to raise an objection at any time against having personal data relating to you being processed on the basis of Article 6 Para 1 P 1 e) or f) GDPR [DSGVO] for reasons based upon your specific circumstances; this shall also apply for profiling based upon these provisions. We shall no longer process personal data, unless we are able to prove compulsory reasons for processing data which merit protection which outweigh your interests, rights and freedoms, or if processing the data serves the purpose of asserting, exercising or mounting a defence for legal claims.

If personal data is processed by us with the aim of sending out direct mail, you will be entitled to raise an objection at any time to having data relating to you processed for the purposes of such advertising. This shall also apply for profiling, provided that it is connected with such direct advertising.

You have the right to raise an objection to personal data relating to you being processed for scientific or historical research reasons or for statistical research reasons in accordance with Article 89 Para 1 GDPR [DSGVO] for reasons based upon your specific circumstances, unless processing is necessary to fulfil a task in the public interest.

 

Automated decision-making including profiling

You are entitled to not be subjected exclusively to a decision based upon automated processing – including profiling – having a legal effect regarding you or being highly detrimental to you by similar means. An automated decision will not be made on the basis of the personal data collected about you.

 

Right of revocation for consent granted in accordance with data protection law

You are entitled to revoke your consent to have your personal data processed at any time. There is no set procedure for doing so, simply let us know by phone, fax or e-mail.

 

Right to lodge a complaint with a supervisory authority

You are entitled to lodge a complaint with a supervisory body, in particular in the member state in which you are resident, your place of work is located or in the place in which the alleged breach took place, if you are of the opinion that processing the personal data concerning you is illegal.

 

Data security

We do everything we can to ensure that your data is safe in keeping with the data protection regulations in force and within the limits of what is technically feasible.

Your personal data will be encrypted when transferred. This shall apply for your orders and and for customer login. We use the SSL (Secure Socket Layer) encoding system, but we would however point out that, transferring data via the internet (e.g. by sending us an e-mail) may give rise to security vulnerabilities. It is not possible to provide data with total protection from third party access.

We maintain technical and organisational security measures satisfying Article 32 GDPR [DSGVO] to secure your data and we modify our security measures constantly to ensure that they remain state-of-the-art.

Besides which, we guarantee that our products will be available at specific times; breakdowns, interruptions or downtime cannot be ruled out. The servers used by us will be carefully backed-up on a regular basis.

 

Passing on data to third parties, no forwarding of data to countries outside the EU

As a matter of principle we only use your personal data within our company.

If, and insofar as we contract third parties in the course of fulfilling contracts (such as logistics service providers, for example), they shall only receive that personal data of yours they need to have to carry out their task.

In the event that we outsource some parts of data processing, (Order processing), we shall undertake to place order processors under a contractual commitment  only in accordance with the requirements of the data protection regulations and to guarantee that the rights of the persons concerned will be protected.

Data will not be transferred to bodies or persons outside the EU other than in the cases named in Number 4 of this declaration and there are no plans to do so.

 

Data Protection Officer

Should you still have any questions or reservations about data protection, please contact our data protection officer:

 

Dipl.-Jur. Yesim Ince LL.M.
Besselstr. 2 – 4
68219 Mannheim

Tel: 0621 150 216 29
E-mail: yesim.ince@amplitrain.de