Privacy Policy
1) Introduction and Contact Details of the Data Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. The following information explains how we handle your personal data when you use our website. Personal data is any information that can be used to identify you personally.
1.2 The data controller for the processing of personal data on this website in accordance with the General Data Protection Regulation (GDPR) is Özge Cetinkaya Habich, Ernst-Reuter-Straße 58, 95030 Hof, Germany, Tel.: +49 9281 5406820, Email: info[at]afesto.com. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
2) Data Collection When Visiting Our Website
2.1 When using our website for informational purposes only (i.e., without registering or providing us with other information), we only collect data that your browser transmits to the web server (so-called “server log files”). When you access our website, we collect the following data, which is technically required to display the website to you:
- The website you visited
- Date and time of access
- Amount of data transmitted in bytes
- Source/reference from which you accessed the page
- Browser used
- Operating system used
- IP address (possibly anonymized)
The processing is based on our legitimate interest in improving the stability and functionality of our website (Art. 6(1)(f) GDPR). The data will not be shared or used otherwise, though we reserve the right to review server log files retrospectively if there is evidence of unlawful use.
2.2 For security reasons and to protect the transmission of personal or confidential information (e.g., orders or inquiries), this website uses SSL/TLS encryption. You can recognize a secure connection by the “https://” and the lock symbol in your browser.
3) Cookies
To make visiting our website attractive and to enable the use of certain features, we use cookies – small text files stored on your device. Some cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device longer and allow your site settings to be saved (so-called “persistent cookies”). You can find the duration of storage in your web browser’s cookie settings overview.
If any of the cookies we use also process personal data, this is done in accordance with Art. 6(1)(b) GDPR for contract execution, Art. 6(1)(a) GDPR in case of given consent, or Art. 6(1)(f) GDPR to protect our legitimate interests in ensuring optimal website functionality and a user-friendly and effective website experience.
You can configure your browser to notify you about the use of cookies and to decide individually whether to accept them or to block cookies entirely or for specific cases.
Please note that if you do not accept cookies, the functionality of our website may be limited.
4) Contact
4.1 WhatsApp Business
You have the option to contact us via the WhatsApp messaging service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called “business version” of WhatsApp.
If you contact us via WhatsApp in connection with a specific transaction (for example, an order you have placed), we will store and use the mobile phone number you use on WhatsApp as well as—if provided—your first and last name in accordance with Art. 6(1)(b) GDPR to process and respond to your inquiry. On the same legal basis, we may ask you via WhatsApp to provide additional data (order number, customer number, address or email address) in order to assign your inquiry to a specific transaction.
If you use our WhatsApp contact for general inquiries (for example, regarding our range of services, availability, or our website), we store and use the mobile phone number you use on WhatsApp as well as—if provided—your first and last name in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in efficiently and promptly providing the information you request.
Your data will only be used to respond to your inquiry via WhatsApp. It will not be shared with third parties.
Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transfers stored phone numbers to a server of its parent company, Meta Platforms Inc., in the USA. For operating our WhatsApp Business account, we use a mobile device whose address book contains only the WhatsApp contact data of users who have contacted us via WhatsApp.
This ensures that every person whose WhatsApp contact data is stored in our address book has already consented—when first using the app on their device by accepting the WhatsApp Terms of Service—to the transfer of their WhatsApp phone number from the address books of their chat contacts in accordance with Art. 6(1)(a) GDPR. The transfer of data belonging to individuals who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.
For information about the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your related rights and privacy settings, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.
As part of the processing activities mentioned above, data may be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
4.2 When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected when using a contact form is indicated in the respective form. This data is used exclusively to respond to your inquiry and for the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted after your request has been fully processed, which is the case when it can be concluded that the matter has been completely resolved and no statutory retention obligations apply.
5) Use of Customer Data for Direct Marketing
Sending Email Newsletters to Existing Customers
If you have provided us with your email address when purchasing goods or services, we may send you regular offers for similar products or services from our range by email. According to § 7(3) UWG, we do not need to obtain separate consent from you for this. The processing of your data is based solely on our legitimate interest in personalized direct marketing in accordance with Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, no emails will be sent. You have the right to object at any time to the use of your email address for the aforementioned marketing purposes with effect for the future by notifying the data controller named above. Only standard transmission costs according to basic tariffs may apply. Upon receipt of your objection, the use of your email address for marketing purposes will be stopped immediately.
6) Web Analytics Services
6.1 Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which allows us to analyze how you use our website.
By default, Google Analytics 4 sets cookies when you visit the website. These cookies are small text files stored on your device that collect certain information, including your IP address, which Google anonymizes by shortening the last digits to prevent direct personal identification. The information is transmitted to Google servers and processed there. Transfers to Google LLC in the USA may also occur.
Google uses the collected information on our behalf to evaluate your website usage, compile reports on website activity for us, and provide other services related to website and internet usage. The shortened IP address transmitted by your browser to Google Analytics is not merged with other data held by Google. Data collected via Google Analytics 4 is stored for two months and then deleted.
All processing described above, including the setting of cookies on your device, occurs only with your explicit consent in accordance with Art. 6(1)(a) GDPR. Without your consent, Google Analytics 4 will not be used during your visit. You can revoke your consent at any time for the future via the “Cookie Consent Tool” provided on our website.
We have concluded a data processing agreement with Google to ensure the protection of our visitors’ data and to prevent unauthorized disclosure to third parties. Further legal information about Google Analytics 4 can be found here:
https://policies.google.com/privacy?hl=de&gl=de and https://policies.google.com/technologies/partner-sites
Demographic Features
Google Analytics 4 can use the “demographic features” function to create statistics about the age, gender, and interests of website visitors. This is done by analyzing advertising and information from third-party sources to identify target groups for marketing purposes. These data cannot be assigned to any specific individual and are stored for two months before deletion.
Google Signals
As an extension of Google Analytics 4, Google Signals may be used on this website to generate cross-device reports. If you have activated personalized ads and linked your devices to your Google account, Google may analyze your cross-device usage behavior with your consent under Art. 6(1)(a) GDPR and create models, including cross-device conversions. We do not receive personal data from Google, only aggregated statistics. To stop cross-device analysis, you can disable the “Personalized Ads” feature in your Google account settings:https://support.google.com/ads/answer/2662922?hl=de
Further information about Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de
UserIDs
As an extension of Google Analytics 4, the “UserIDs” feature may be used on this website. If you have consented to the use of Google Analytics 4 under Art. 6(1)(a) GDPR, created an account on this website, and log in on multiple devices with that account, your activities—including conversions—can be analyzed across devices.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with European data protection standards.
6.2 etracker
This website uses the web analytics service provided by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.
Using cookies and/or similar technologies (tracking pixels, web beacons, algorithms to read device and browser information), the service collects and stores pseudonymized visitor data, including information about the device used such as IP address and browser details. This data is used to perform statistical analyses of user behavior on our website and to create pseudonymized usage profiles. Among other things, this allows for the evaluation of movement patterns (so-called heatmaps), showing the duration of page visits and interactions with page content (e.g., text input, scrolling, clicks, and mouse-overs). The pseudonymization generally excludes direct personal identification, and no merging with other personal data collected by other means takes place.
All the processing described above, especially the reading or storage of information on your device, occurs only if you have given your explicit consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time for the future by disabling this service in the “Cookie Consent Tool” provided on the website.
We have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prevent unauthorized disclosure to third parties.
7) Site Functionality
7.1 Microsoft Teams
For conducting online meetings, video conferences, and/or webinars, we use the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
The provider processes various data, depending on the information you provide before or during participation in an online meeting, video conference, or webinar. Your data as a participant is processed and stored on the provider’s servers. This may include registration details (name, email address, phone number [optional], and password) and session data (topic, participant IP address, device information, optional description). Additionally, image and audio contributions from participants, as well as chat inputs, may be processed.
For the processing of personal data necessary to fulfill a contract with you (including pre-contractual measures), the legal basis is Art. 6(1)(b) GDPR. If you have given consent for processing, it is based on Art. 6(1)(a) GDPR. You can revoke your consent at any time for the future.
Otherwise, the legal basis for data processing in the context of online meetings, video conferences, or webinars is our legitimate interest under Art. 6(1)(f) GDPR in effectively conducting the online meeting, webinar, or video conference.
We have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prevent unauthorized disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with European data protection standards.
7.2 Zoom
For conducting online meetings, video conferences, and/or webinars, we use the following provider: Zoom Video Communications Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.
The provider processes various data, depending on the information you provide before or during participation in an online meeting, video conference, or webinar. Your data as a participant is processed and stored on the provider’s servers. This may include registration details (name, email address, phone number [optional], and password) and session data (topic, participant IP address, device information, optional description). Additionally, image and audio contributions from participants, as well as chat inputs, may be processed.
For the processing of personal data necessary to fulfill a contract with you (including pre-contractual measures), the legal basis is Art. 6(1)(b) GDPR. If you have given consent for processing, it is based on Art. 6(1)(a) GDPR. You can revoke your consent at any time for the future.
Otherwise, the legal basis for data processing in the context of online meetings, video conferences, or webinars is our legitimate interest under Art. 6(1)(f) GDPR in effectively conducting the online meeting, webinar, or video conference.
We have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prevent unauthorized disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with European data protection standards.
8) Tools and Others
8.1 Cookie Consent Tool
This website uses a so-called “Cookie Consent Tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The Cookie Consent Tool is displayed to users as an interactive interface when they visit the website, where they can give consent for specific cookies and/or cookie-based applications by ticking checkboxes. Through the use of this tool, all consent-required cookies/services are only loaded if the respective user has granted the corresponding consent via the checkboxes. This ensures that such cookies are only placed on the user’s device if consent has been given.
The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this context.
In individual cases, if personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies, and thus in a legally compliant design of our website.
Another legal basis for processing is Art. 6(1)(c) GDPR. As the controller, we are legally obliged to make the use of technically unnecessary cookies dependent on the respective user consent.
If necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
Further information about the operator and the configuration options of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.
8.2 Adobe Acrobat Sign
For the digital signing of documents, we use the services of the following provider:
Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West Business Campus, Dublin 24, Ireland.
This service enables the legally valid signing of documents via electronic signature from any device. For this purpose, the service collects, stores, and transmits, in addition to the electronic signature for verification and proof of signing, usage data of the device used (in particular, the IP address) as well as certain transaction data.
The processing is based on our legitimate interest in efficient and time-saving business management and customer-friendly, effective document administration, in accordance with Art. 6(1)(f) GDPR.
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits disclosure to third parties.
9) Rights of the Data Subject
9.1 The applicable data protection law grants you, in relation to the controller, the following rights as a data subject regarding the processing of your personal data (rights of access and intervention). The respective conditions for exercising these rights are based on the referenced legal provisions:
- Right of access according to Art. 15 GDPR;
- Right to rectification according to Art. 16 GDPR;
- Right to erasure (“right to be forgotten”) according to Art. 17 GDPR;
- Right to restriction of processing according to Art. 18 GDPR;
- Right to be informed according to Art. 19 GDPR;
- Right to data portability according to Art. 20 GDPR;
- Right to withdraw consent according to Art. 7(3) GDPR;
- Right to lodge a complaint according to Art. 77 GDPR.
9.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS AFTER WEIGHING INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING MAY BE PERMITTED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING PURPOSES. YOU CAN EXERCISE THIS RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
10) Duration of Storage of Personal Data
The duration of storage of personal data depends on the applicable legal basis, the purpose of processing, and—if applicable—any statutory retention periods (e.g., commercial and tax retention requirements).
For the processing of personal data based on explicit consent pursuant to Art. 6(1)(a) GDPR, the data will be stored as long as you do not withdraw your consent.
If statutory retention periods exist for data processed in connection with contractual or contract-like obligations pursuant to Art. 6(1)(b) GDPR, such data will be routinely deleted after the expiration of these retention periods, provided that they are no longer necessary for contract fulfillment or initiation and/or we have no legitimate interest in further storage.
For personal data processed based on Art. 6(1)(f) GDPR, the data will be stored until you exercise your right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.
For personal data processed for the purpose of direct marketing on the basis of Art. 6(1)(f) GDPR, the data will be stored until you exercise your right to object under Art. 21(2) GDPR.
Unless otherwise stated in this privacy policy regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.