ABONA Verwaltungs GmbH takes the protection of your personal data very seriously. For this reason, we would like to inform you here about the personal data we collect and how we handle it.
1. Name and address of the controller
The person responsible within the meaning of the Basic Data Protection Regulation and other applicable data protection laws of the Member States of the European Union is
ABONA Verwaltungs GmbH
Heinrich-Blanc-Straße 30 | 76646 Bruchsal Deutschland
Tel.: +49 7251 9760-0
2. Name and address of the Data Protection Officer
Data protection officer for the processing of data is
Data subjects can contact our data protection officer directly at any time with all questions and suggestions regarding data protection.
A data protection declaration must clearly indicate the handling of personal data on the website. To ensure this, we would like to explain the terms used in advance.
3.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address or cookies) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means. This basically includes any handling of personal data such as collection, storage, modification, use, transmission, dissemination, deletion or destruction, etc.
A controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. The controller shall ensure the permissibility of data processing by implementing technical and organisational measures which are to be regularly reviewed.
Pseudonymisation is the processing of personal data in such a way that the personal data cannot be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.
3.5 Order Processor
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under Union or national law shall not be considered as recipients.
3.7 Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
Consent is an expression of self-determination under data protection law. It is the voluntary, informed and unequivocal expression of will in the specific case, in the form of a declaration or any other clearly affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her. Any consent given may be withdrawn at any time.
4. General information on data processing
4.1 Scope of the collection of personal data
In general, we only collect data that we need to provide our services. The collection and use of your personal data is regularly only carried out with your consent or if the processing of the data is permitted by legal regulations.
4.2 On which legal basis we process your personal data
Paragraph 6 of the DSGVO provides for the processing of personal data only if certain conditions are met. This means that the processing of personal data is fundamentally unlawful unless consent has been given or the processing is permitted by a legally regulated reason for consent.
Should we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a DSGVO serves as the legal basis.
In the case of processing operations which are necessary for the performance of a contract concluded between you and us or for the implementation of pre-contractual measures, Art. 6 para. 1 lit. b DSGVO serves as the legal basis.
If the processing of personal data is necessary to fulfil a legal obligation to which we are subject, such as statutory retention and storage obligations, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or of another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO is the legal basis.
If the processing is necessary to safeguard our interests or the legitimate interests of a third party and if your interests, fundamental rights and freedoms do not outweigh the first-mentioned interest, the processing of personal data is legitimised by Art. 6 para. 1 letter f DSGVO.
4.3 Transfer of your personal data to third parties and processors
In principle, your data will only be passed on to third parties with your express consent, unless it is a legal obligation which we must comply with.
In order to provide our network services, we use service providers who act within the framework of order processing on the basis of Art.28 DSGVO.
This means that our order processors are carefully selected and bound by our instructions.
4.4. Transfer of data to third countries
The DSGVO guarantees an equally high level of data protection within the European Union. Accordingly, we only permit a transfer of your personal data to a third country if the conditions of Article 44 DSGVO are met.
More precisely, this means that your data may only be processed if special guarantees are provided.
4.5 Deletion of data and storage duration
In accordance with the DSGVO, all personal data is deleted as soon as the purpose for which it was collected no longer exists. Unless there are reasons in accordance with Article 17 paragraph 3 DSGVO that prevent deletion.
4.6 Existence of automated decision making
We do without automatic decision making or profiling.
5. Rights of data subjects
If we process personal data from you, you are affected in the sense of the DSGVO. You have the following rights towards us, as the person responsible
5.1 Right to withdraw a declaration of consent under data protection law
If the processing of personal data is based on your consent, you have the right to revoke this consent at any time. This revocation will not affect the lawfulness of the processing carried out on the basis of the consent.
5.2 Right to information
You have the right to request information from us as to whether your data is being processed by us. If this is the case, you can request information about the following information:
- the purposes for which we process personal data
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed
- the planned storage period of your personal data;
- if the said data has not been collected from you, all available information about the origin of the data
We are tempted to provide you with a copy of the personal data being processed within one month of receiving your written request for information.
5.3 Right of rectification
You have the right to have incorrect personal data corrected immediately.
5.4 Right to deletion of personal data
We are obliged to delete personal data immediately if one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- They withdraw their consent on which the processing was based and there is no other legal basis for the processing.
- You object to the processing and there are no overriding legitimate reasons for the processing, or you object to the processing
- The personal data were processed unlawfully.
- The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States.
If the personal data concerning you has been made public by us, we are obliged, in the event of the requested deletion, to take appropriate measures, including technical measures, to ensure the deletion of your data, taking into account the available technologies and implementation costs.
You do not have the right of cancellation ("right to be forgotten") insofar as the processing is necessary:
- in order to comply with a legal obligation requiring processing under the law of the Union or of the Member States to which we are subject or in the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 DSGVO;
- for archival, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 Para. 1 DPA, insofar as the right of erasure is likely to render impossible or seriously prejudice the attainment of the purposes of such processing, or
- to assert, exercise or defend legal claims.
5.5 Right to limit processing
You have the right to ask us to limit the processing of your personal data if one of the following conditions is met:
- You contest the accuracy of the personal data concerning you for a period of time that allows us to verify the accuracy of the personal data;
- the processing is unlawful and you request instead of the deletion the restriction of the use of the personal data
- we no longer need the personal data for the purposes of the processing, but you do need the data to assert, exercise or defend legal claims, or
- You have lodged an objection to the processing as long as it is not yet clear whether our legitimate reasons outweigh your reasons.
If processing has been restricted in accordance with the above conditions, such personal data - apart from being stored - will be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of major public interest of the Union or a Member State.
If the restriction on processing is restricted in accordance with the above conditions, we will inform you before the restriction is lifted.
5.6 Right to data portability
You have the right to obtain the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer such data to another controller without hindrance from us, provided that the processing is based on consent or on a contract and is carried out using automated procedures.
5.7 Right of objection
You have the right to object at any time to the processing of personal data concerning you. We will then no longer process the personal data unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is related to such direct marketing. If you object to processing for the purposes of direct marketing, your personal data will no longer be processed for those purposes.
5.8 Right of appeal to a supervisory authority
You have the right to complain to the supervisory authority if you believe that the processing or storage of personal data concerning you violates the DSGVO.
6. Use of our online offers
We only collect information from you that we need to provide our online offer.
6.1 Data collection when visiting our websites
As long as you use our website purely for information purposes, only personal data is collected which is necessary for technical reasons in order to display our website and to guarantee stability and security.
The provider of the site processes information that your browser automatically transmits. These are
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
These data log files are explicitly not saved.
The legal basis for the data processing is Art. 6 para. 1 letter f) DSGVO. Our "interest" within the meaning of Art. 6 para. 1 lit. f) is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of data.
Our cookies are so-called "session cookies". They are automatically deleted at the end of your visit.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Cookies, which are required for the electronic communication process or for the provision of certain functions requested by you, are stored on the basis of Art. 6 para. 1 lit. f DSGVO. We as website operator have a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. No cookies are stored which track your surfing behaviour.
If you send us an e-mail, this data will be stored by us. These e-mails are archived by us and deleted after six years. The basis for this is Art. 17 Para. 3 lit. b) DSGVO and Art. 6 Para. 1 lit. f) DSGVO whereby our interest is the fulfilment of legal retention periods. Excluded from archiving:
Existing customers can receive our free e-mail newsletter. We will only send these newsletters with your consent. For this purpose we store your data as long as the subscription of the newsletter is active.
This processing of your data for the purpose of sending the newsletter requires your consent. In addition, you must confirm that you have read the data protection declaration. For this purpose we use the double opt-in procedure in the registration process. After successful registration you will receive an e-mail in which you must click on a link to confirm your registration. In this way we prevent unauthorised third parties from registering using your e-mail address. We log the registration process in order to be able to prove the process in accordance with legal requirements. The IP address of the calling terminal device, date and time of registration are stored.
The data you provide will be stored as long as the subscription to the newsletter is active. You can cancel the subscription at any time. For this purpose there is a corresponding unsubscribe link in every newsletter. This also allows you to revoke your consent. The legal basis for the processing of your data when you have given your consent to receive newsletters is Art. 6 para. 1 lit. a DSGVO.
You can object to this use of your data at any time by sending a message to the above-mentioned contact options or using the unsubscribe link in the advertising mail.
Our newsletters may contain so-called "tracking pixels", these are pixel-sized files that are retrieved from our server when the newsletter is opened. These tracking pixels contain no personal data and are only used for statistical purposes to determine whether and which links contained in the newsletters are clicked. This information cannot be assigned to individual newsletter recipients.
8. External Links
Our online offer contains links to other websites. We have no influence on whether their operators comply with the data protection regulations.
9. Online offers on social media platforms
We offer online services on various social media platforms in order to provide information there and to be able to contact you.
We have no influence on the processing of personal data by the respective platform operator. As a rule, when you visit our social media offers, the platform operator will store cookies in your browser, in which your usage behaviour or interests are stored for market research and advertising purposes. The user profiles obtained in this way - usually across different devices - are used by the platform operators to display personalised advertising to you. Persons who are not registered as users on the respective social media platform may also be affected by the data processing. Under certain circumstances, your data may be processed outside the area of the European Union, which may make it difficult to enforce your rights. However, when selecting such social media platforms, we make sure that the operators are committed to comply with the data protection standards of the EU.
The processing of your personal data when you visit one of our social media offers is based on our legitimate interest in a diverse external presentation of our company and the use of an effective information opportunity and communication with you. The legal basis for this is Art. 6 para. 1 lit. f DSGVO. Under certain circumstances, you may also have given your consent to a platform operator for data processing, in which case the legal basis is Art. 6 Para. 1 lit. a DSGVO.
Detailed information on data processing in connection with the use of our social media offers, opt-out options and the assertion of information rights can be obtained via the data protection declaration of the respective platform operator.
Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland
Our offer is basically directed at adults. Persons under 16 years of age may not transmit personal data to us without the consent of their parents or legal guardians.
11. Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your inquiry including all personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
The processing of this data is carried out on the basis of Art. 6 para. 1 lit. b DSGVO, if your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures.
In all other cases the processing is based on your consent (Art. 6 para. 1 lit. a DSGVO) and/or on our legitimate interests (Art. 6 para. 1 lit. f DSGVO), as we have a legitimate interest in the effective processing of the requests addressed to us.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies (e.g. after your request has been processed. Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
12. Job applications
We offer you the opportunity to apply for a job with us (e.g. by e-mail, by post or via online application form). In the following we will inform you about the scope, purpose and use of your personal data collected during the application process.
We assure you that the collection, processing and use of your data will be in accordance with the applicable data protection law and all other legal provisions and that your data will be treated in strict confidence.
12.1 Scope and purpose of data collection
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) to the extent that this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-neu under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b DSGVO (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a DSGVO. Consent may be revoked at any time. Within our company, your personal data will only be passed on to persons involved in the processing of your application.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b DSGVO for the purpose of carrying out the employment relationship.
12.2 Data retention period
If we are unable to make you a job offer, you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored or retained (retention period) for a maximum of 6 months after completion of the application process in order to be able to trace the details of the application process in the event of discrepancies (Art. 6 para. 1 lit. f DSGVO).
You can object to this storage if you have legitimate interests that outweigh our interests.
After expiry of the retention period, the data will be deleted, unless there is a legal obligation to retain the data or another legal reason for further storage.
If it is evident that the storage of your data will be necessary after the retention period has expired (e.g. due to an imminent or pending legal dispute), the data will only be deleted when it has become irrelevant. Other statutory retention obligations remain unaffected.