1 Data protection at a glance
The following information provides a simple overview of what happens to your personal data when you visit this website.
We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
When you use our website, work with us or are interested in our services, various personal data are collected. Personal data is data with which you can be personally identified.
We would like to point out that data transmission via the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
2 General information
2.1 Name and address of the data controller
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
avato consulting ag
63755 Alzenau, Germany
Telephone: +49 6023 967490
Any data subject may contact us directly at any time with any questions or suggestions regarding data protection.
2.2 Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
3 Data collection
a) Description and scope of data processing
b) Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f DSGVO.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a DSGVO if the user has given his consent in this regard.
c) Purpose of the data processing
We require cookies for the following applications:
– Page navigation
The user data collected through technically necessary cookies are not used to create user profiles.
d) Duration of storage, possibility of objection and removal
3.2 E-mail contact and newsletter registration
a) Description and scope of data processing
It is possible to contact us via the e-mail address provided.
In this case, the user’s personal data transmitted with the e-mail will be stored.
Such personal data transmitted on a voluntary basis by a data subject to the controller shall be stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.
Likewise, it is possible to subscribe to our newsletter via a form.
b) Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
c) Purpose of the data processing
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
d) Duration of storage, possibility of objection and elimination
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
3.4 LinkedIn Plugin
Our website uses functions of the LinkedIn network. The operator is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website with you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.
4 Rights of the data subject
A “data subject” for the purposes of the GDPR, is any natural person whose personal data are processed and can determine.
a) Right to confirmation
Every data subject has the right granted by the European Directive and Regulation to obtain confirmation from the controller as to whether personal data relating to him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may contact us at any time.
b) Right of access
Any person concerned by the processing of personal data has the right granted by the European Directive and Regulation to obtain at any time from the controller, free of charge, information about the personal data stored about him or her and a copy of that information. Furthermore, the European Directive and Regulation has granted the data subject access to the following information:
- the purposes of the processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or in international organisations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or the restriction of processing by the controller, or a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the data subject: Any available information on the origin of the data
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Furthermore, the data subject has the right to be informed whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information on the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right of access, he or she may contact us at any time.
c) Right of rectification
Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to request the immediate rectification of any inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If a data subject wishes to exercise this right of rectification, he or she may contact us at any time.
d) Right to erasure (right to be forgotten)
Every person affected by the processing of personal data has the right granted by the European Directive and Regulation to demand from the controller that the personal data concerning him or her be erased without delay, provided that one of the following reasons applies and insofar as the processing is not necessary:
- The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject revokes his or her consent on which the processing was based pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing.
- The data subject objects to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) DSGVO.
- The personal data have been processed unlawfully.
- The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.
e) Right to restriction of processing
Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to obtain from the controller the restriction of processing where one of the following conditions is met:
The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data. The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data. The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the assertion, exercise or defence of legal claims. The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by the avato consulting ag, he or she may, at any time, contact us. The restriction of the processing will be arranged immediately.
f) Right to data portability
Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to receive the personal data concerning him or her, which have been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising the right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to obtain the direct transfer of personal data from one controller to another controller where technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.
g) Right to object
Every person affected by the processing of personal data has the right granted by the European Directive and Regulation-maker to object at any time, on grounds arising from his or her particular situation, to the processing of personal data relating to him or her which is carried out on the basis of Article 6(1)(e) or (f) DSGVO.
5 Change of our data protection regulations
We reserve the right to occasionally adapt this data protection statement so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection statement, e.g. when introducing new services. The new data protection statement will then apply to your next visit.