Thank you for your interest in our company. Protecting your data is of the highest priority for the ASAP Group. You can generally use the website of ASAP Holding GmbH without providing any personal data. However, processing personal data may become necessary if the individual concerned (the ‘data subject’) wishes to use special services provided by our company through our website. If we need to process personal data and there is no legal basis for such processing, we will usually request the data subject’s consent.

Personal data, such as the name, address, email address or phone number of a data subject is always processed in accordance with the European General Data Protection Regulation (GDPR) and in compliance with the data protection provisions applicable in Germany. The aim of this Privacy Policy is to provide visitors to our website with information about how we collect, use and process their personal data and inform them about the scope and purpose of these activities. In addition, this Privacy Policy informs the data subject about their rights.

As the data controller, ASAP Holding GmbH has implemented various technical and organisational measures to ensure that any personal data processed by this website is as fully protected as possible. However, the web-based transmission of data can never be 100 per cent secure and we can therefore not guarantee the absolute security of your data. This is why the data subject is free to use alternative means to provide us with their personal data, such as by phone or by post.

1 Terms and definitions
The Privacy Policy of ASAP Holding GmbH is based on the terminology used in the European General Data Protection Regulation (GDPR). We will start by explaining these terms so you can understand them better.

1.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is a person who can be identified, directly or indirectly, – in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.2 Data subject
Data subject means any identified or identifiable natural person whose personal data is being processed by the data controller.

1.3 Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.4 Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

1.5 Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

1.6 Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

1.7 Controller or data controller
Controller or data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for the designation of a controller may be provided for by Union or Member State law.

1.8 Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

1.9 Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular investigation in accordance with Union or Member State law are not regarded as recipients.

1.10 Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

1.11 Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.

2 Data controller
The data controller within the meaning of the General Data Protection Regulation, other data protection provisions applicable in the Member States of the European Union and other provisions related to data protection law is:
ASAP Holding GmbH Sachsstraße 1A | 85080 Gaimersheim, Germany
Phone: +49 8458 3389 0 | Fax: +49 8458 3389 199| holding@asap.de | www.asap.de
Directors: Michael Neisen, Robert Morgner

3 Data Protection Officer’s contact details
Any data subject may contact the Data Protection Officer of ASAP Holding GmbH directly with their questions or suggestions regarding data privacy.
The Data Protection Officer of ASAP Holding GmbH can be contacted by
phone on: +49 8458 3389 363 or by email at: datenschutz@asap.de

4 Cookies
Cookies are used on the web pages of ASAP Holding GmbH. Cookies are text files stored and saved on a computer system by a web browser.

Cookies are used by a large number of websites and servers. Many cookies contain a ‘cookie ID’. The cookie ID is the unique identifier of the cookie. It consists of a string of characters through which websites and servers can be associated with the specific browser on which the cookie was stored. This enables websites and servers visited by a data subject to distinguish the individual browser of that data subject from other browsers that contain other cookies. A specific web browser can be recognised and identified by the unique cookie ID.

Using cookies helps ASAP Holding GmbH provide users of this website with user-friendly services that could not be offered without using cookies. Cookies can be placed either by our website (first-party cookies) or by other websites whose content is displayed on our website (third-party cookies). ASAP Holding GmbH has no influence on cookies being placed by these other websites. For further information on their use of cookies please visit the websites of the third parties.

ASAP Holding GmbH uses 1tag to manage cookies. 1tag is a consent management system from Dentsu Germany GmbH. 1tag Consent Manager collects the consent given by you, as the website user, to load third-party pixels or other services on the website on behalf of the website operator. The consent infor-mation provided will be stored both in 1tag consent cookies and on the 1tag server, as well as on a Dentsu Germany GmbH server. The following information is stored in the 1tag consent cookies:

• Time stamp of the website visit
• Visitor’s ID
• Consent status per vendor
• Consent status per purpose

Using cookies allows us to optimise the information and services offered on our website for the benefit of our users. Cookies enable us to recognise the visitors to our website. The purpose of this recognition is to make using our website easier for users. For example, visitors to websites that use cookies do not need to input their data in forms every time they visit the website as this is done by the website and the cookie stored on the visitor’s computer system. The data subject may at any time prevent cookies being placed by our website by using the appropriate settings in their browser and thus permanently blocking the placement of cookies.

Moreover, cookies already placed can be deleted at any time via the web browser or other software programs. This is possible in all standard web browsers. If the data subject disables cookies in their web browser, some of the functions of our website may not work properly.

We use the following cookies:

*Category, i.e. depending on their function and purpose cookies can be grouped into the following categories: Required cookies, statistics cookies, marketing cookies.

4.1 Required cookies

Required cookies help to make a website usable by enabling basic functions such as site navigation and access to secure areas of the website. The website cannot function properly without these cookies.

4.2 Statistics cookies

Statistics cookies help website owners to understand how users interact with websites by anonymously gathering and reporting information. 

4.3 Marketing cookies

Marketing cookies are used to track visitors on websites. The purpose of these cookies is to display advertisements that are relevant and engaging to individual users and therefore more valuable for publishers and advertising third parties.

4.4 Third-party cookies

Third-party cookies are placed on our website by other websites.

5 Collection of general data and information

Each time a data subject or an automated system accesses the website of ASAP Holding GmbH, the website collects a set of general data and information. This general data and information is stored in the server’s log files. The following information may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system was sent to our website (called the “referral site”), (4) the sub-pages that an accessing system navigates to on our website, (5) the date and time of access to our website, (6) the Internet Protocol address (IP address), (7) the accessing system’s internet service provider and (8) any similar data and information that can be used to prevent and protect against attacks on our IT systems.

When using this general data and information ASAP Holding GmbH will never draw conclusions as to the data subject. Instead this information will be used to (1) correctly deliver the contents of our website, (2) optimise the contents of our website and the marketing for the website, (3) ensure the sustained functioning of our IT systems and the technical features of our website and (4) provide law enforcement authorities with the information they need for criminal prosecution in the event of a cyberattack. Therefore, ASAP Holding GmbH uses this data and information collected anonymously for statistical purposes on the one hand and, on the other, to improve data protection and data security in our company and, ultimately, to ensure that any personal data processed by us is protected in the best possible way. The anonymous data in the server’s log files is stored separately from any other personal data provided by the data subject.

6 Podcasts

All our podcast content can be heard without registration or login and thus, without disclosing personal da-ta. We use the podcast hosting service Podigee from the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. Podigee is responsible for loading and transmitting the podcasts. With each access to our podcasts, the browser sends a series of technical data that is recorded. All log data are without direct personal reference and are not used to personally identify the visitor. Podigee processes IP addresses and device information to enable podcast downloads/playback and to obtain statistical data such as polling numbers. Podigee anonymizes or pseudonymizes this data prior to storage in the database, if it is not nec-essary for the provision of the podcasts. The use of the podcast hosting service Podigee and the associat-ed data processing is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimization of our podcast offer in accordance with Art. 6 sec. 1 lit. f. GDPR. Further infor-mation and possible objections can be found in Podigee’s Privacy Policy: www.podigee.com/de/about/privacy

7 Newsletter subscription
7.1 Newsletter

The website of ASAP Holding GmbH offers users the opportunity to subscribe to our company’s newsletter. The entry fields used for this purpose show which personal data is transmitted to the data controller when a user takes out a subscription.

ASAP Holding GmbH uses a newsletter to inform its customers and business partners about the company’s services on a regular basis. The data subject will only be able to receive our company’s newsletter if (1) the data subject has provided a valid email address and (2) the data subject has registered for the newsletter service. For legal reasons, a double opt-in confirmation email is sent to the email address entered by the data subject when they first sign up for the newsletter. The aim of this confirmation email is to check whether the owner of the email address, as the data subject, has authorised the receipt of the newsletter.

When a data subject registers for the newsletter service, we also store the IP address assigned by the internet service provider (ISP) of the computer system that the data subject used for the registration, as well as the date and time of registration. Collecting this data is necessary to enable us to investigate any (potential) misuse of the data subject’s email address at a later time, and its purpose is therefore to provide the data controller with legal protection.

The personal data collected during newsletter registration will be used only for the purpose of sending our newsletter to the recipient. Moreover, newsletter subscribers may receive information via email where this is necessary for operating the newsletter service or for the corresponding registration process, such as in the event of changes to the newsletter service or to the technical set-up of the service. The personal data collected in connection with the newsletter service will not be transferred to any third parties. The data subject may cancel their newsletter subscription at any time. The data subject may, at any time, withdraw their consent to the storage of personal data which they have given in order to allow us to send the newsletter. Every newsletter contains a link which allows the data subject to exercise the right to withdraw their consent. Moreover, the data subject may go directly to the controller’s website in order to unsubscribe from the newsletter service or they may notify the controller in another way of their decision to withdraw consent.

7.2 Newsletter tracking

The newsletters of ASAP Holding GmbH contain “tracking pixels”. A tracking pixel is a miniature graphic embedded in such emails which are sent in HTML format to enable log file recording and log file analysis. This allows a statistical analysis of the success or failure of online marketing campaigns to be carried out. The embedded tracking pixel shows ASAP Holding GmbH if and when an email was opened by a data subject and which links included in the email were clicked on by the data subject.

This personal data collected with the help of tracking pixels embedded in the newsletters is stored and analysed by the controller in order to optimise the newsletter service and tailor the content of future newsletters more accurately to the data subject’s interests. This personal data will not be passed on to third parties. The data subject has the right to withdraw their consent to the use of tracking pixels, which they gave separately during the double-opt-in process, at any time. The controller will erase this personal data once consent has been withdrawn. ASAP Holding GmbH will automatically interpret a cancellation of the newsletter service as withdrawal of consent.

8 Contacting the company via the website

The website of ASAP Holding GmbH includes information which allows users to contact our company quickly and communicate directly with us (contact form, email). When a data subject contacts ASAP Holding GmbH via email or using a corresponding form, the personal data transmitted by the data subject will be stored. The purpose of storing such personal data sent voluntarily to ASAP Holding GmbH by the data subject is to process the enquiry or make contact with the data subject. To process the enquiry this data may be transferred to the companies affiliated with ASAP Holding GmbH. However, this personal data will not be transferred to any third parties outside the ASAP Group.

9 Data privacy in the context of job applications and the application process

The controller collects and processes personal data of job applicants (hereinafter referred to as “applicants”) for the purpose of implementing the application process. This may include electronic processing, in particular where an applicant sends the corresponding application documents electronically to the controller, for example by email or via the web form on the website.

It is important to us at ASAP Holding GmbH to ensure, by suitable technical and organisational measures, that personal data has the best possible protection during the application process.

To check the suitability of candidates for vacant positions we also transfer the personal data to companies affiliated with ASAP Holding GmbH and, where necessary, in a pseudonymised form to our customers. We give all applications thorough consideration and there will be no automated individual decision-making based on specific criteria.

Should ASAP Holding GmbH or one of its affiliated companies and the applicant enter into a contract of employment, we will continue to store the data transferred to us for the purpose of performing the employment contract in compliance with the statutory provisions. If no contract of employment is entered into with the applicant, the application documents will be erased no later than three months after the decision has been communicated to the applicant, provided that the erasure is not in conflict with any other legitimate interests of the controller. Such other legitimate interest within this meaning is, for example, a duty to provide evidence in proceedings under the German General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz, AGG).

If, during the application process, applicants have consented to a longer period of storage of their personal data so that they may be considered for other vacancies in the future, the applicant’s personal data will be stored for two years and erased after expiry of this period.

If the data subject decides to exercise their right to withdraw consent they may contact ASAP Holding GmbH, as the data controller, at any time to do so. The responsible persons at ASAP Holding GmbH will then arrange for this personal data to be erased. <br/><br/>

10 Legal bases of processing<br/>Art. 6 (1) (a) GDPR is our company’s legal basis for processing activities where we ask the data subject to give their consent for a particular purpose of processing or where the data subject has given their consent by entering their personal data voluntarily on our contact form or our application portal. If the processing of personal data is necessary in order to perform a contract to which the data subject is a party, such as processing activities that are necessary to enable us to deliver services, then the legal basis for these processing activities is Art. 6 (1) (b) GDPR. This applies also to such processing activities as are necessary to take steps prior to entering into a contract, for example when we receive enquiries about our services or during the application process. If our company has a legal obligation which requires us to process personal data, such as complying with our fiscal obligations, then the legal basis for processing is Art. 6 (1) (c). It may be necessary in some rare cases to process personal data in order to protect the vital interests of the data subject or another natural person. This could be the case for example where a visitor was injured on our premises and we would have to give the person’s name, age and health insurance details or other vital information to a physician, hospital or another third party. In this case the legal basis for processing would be Art. 6 (1) (d) GDPR. Finally, some processing activities may be based on Art. 6 (1) (f) GDPR. This is the legal basis for processing activities which are not covered by any of the legal bases referred to above if processing is necessary to protect a legitimate interest of our company or a third party unless the interests or fundamental rights and freedoms of the data subject override such an interest. Where the processing of personal data is based on Article 6 (1) (f) GDPR, our legitimate interest is performing our business activities as service provider for the automotive industry and ensuring that our IT systems are secure.

11 Profiling and automated decision-making

We do not apply any methods of automated decision-making nor do we engage in profiling.

12 Erasure and blocking of personal data

The controller will limit the processing and storage of the data subject’s personal data to the period that is necessary in order to achieve the intended purpose or that is required by law or by provisions to which the controller is subject.

If there is no longer a purpose for storing personal data or if the storage period required by law has expired, the personal data will be routinely erased or blocked.

13 Rights of the data subject

13.1 Right to confirmation
Any data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning them is being processed. If the data subject decides to exercise this right they may contact ASAP Holding GmbH, as the data controller, at any time to do so.

13.2 Right of access
All data subjects whose personal data is being processed have the right to obtain from the controller, at any time and free of charge, information about their personal data held by the controller and to receive a copy of this data. The data subject also has the right to obtain information about the following:

• the purpose of processing
• the categories of personal data processed
• the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of a right to rectify or erase the personal data concerning you, a right to restrict the processing by the controller or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• where the personal data is not collected from the data subject, any available information on the origin of the data
• the existence of an automated decision-making process, including profiling, as referred to in Article 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved, as well as the significance and envisaged consequences of such processing for the data subject

The data subject also has a right to be told whether personal data has been transferred to a third country or an international organisation. If this is the case the data subject is also entitled to information about the appropriate safeguards relating to the transfer. If the data subject decides to exercise this right they may contact ASAP Holding GmbH, as the data controller, at any time to do so.

13.3 Right to rectification
All individuals whose personal data is being processed have the right to request the immediate rectification of inaccurate personal data concerning them. The data subject also has the right to have incomplete personal data completed – including by means of providing a supplementary statement – taking into account the purposes of processing.

If the data subject decides to exercise this right they may contact ASAP Holding GmbH, as the data controller, at any time to do so.

13.4 Right to erasure (right to be forgotten)
All individuals whose personal data is being processed have the right to request from the controller that the personal data concerning them be erased without delay if one of the following reasons applies and processing is not necessary:

• The personal data was collected or otherwise processed for purposes for which it is no longer needed.
• The data subject withdraws their consent, which formed the legal basis for processing the data pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
• The data subject objects to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing as set out in Art. 21 (2) GDPR.
• The personal data has been processed unlawfully.
• The personal data must be erased for fulfilling a legal obligation in European Union law or the law of the member state to which the controller is subject.
• The personal data was collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

If one of the reasons listed above applies and the data subject decides to have their personal data held by ASAP Holding GmbH erased, this person may contact ASAP Holding GmbH, as the data controller, at any time to do so. ASAP Holding GmbH will comply with the erasure request without delay.

If the personal data was made public by ASAP Holding GmbH and if our company, as the controller, is obliged to erase the personal data pursuant to Art. 17 (1) GDPR, ASAP Holding GmbH, taking account of available technology and the cost of implementation will take reasonable steps, including technical measures, to inform other controllers who are processing the personal data that the data subject has requested these other controllers to erase any links to or copies or replication of that personal data unless the processing is necessary. The responsible persons at ASAP Holding GmbH will do what is necessary in each individual case.

13.5 Right to restriction of processing
All individuals whose personal data is being processed have the right to request from the controller that processing their data be restricted if one of the following applies:

• the data subject contests the accuracy of their personal data, in which case processing should be restricted for a period that enables the controller to verify the accuracy of the personal data;
• the processing activity is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
• the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims;
• the data subject has objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been verified whether the legitimate grounds of the controller override those of the data subject.

If one of the above applies and the data subject decides to request that their personal data held by ASAP Holding GmbH be erased, this person may contact ASAP Holding GmbH, as the controller, at any time to do so. The responsible persons at ASAP Holding GmbH will arrange for processing to be restricted.

13.6 Right to data portability
All individuals whose personal data is being processed have the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. The data subject also has the right to transmit that data to another controller, without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and where the processing is carried out by automated means unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

When exercising their right to data portability pursuant to Art. 20 (1) GDPR, the data subject also has the right to have their personal data transmitted directly from one controller to another, provided it is technically feasible and the rights and freedoms of other individuals are not adversely affected.

To exercise the right to data portability the data subject may contact ASAP Holding GmbH, as the controller, at any time.

13.7 Right to object
All individuals whose personal data is being processed have the right to object at any time, on grounds relating to their particular situation, to processing of their personal data which is based on Art. 6 (1) (e) or (f) GDPR. This includes any profiling based on those provisions.

If the data subject objects, ASAP Holding GmbH will no longer process their personal data unless we can demonstrate compelling legitimate grounds for the processing which override the data subject’s interests, rights and freedoms or unless the processing is for the establishment, exercise or defence of legal claims.

Where ASAP Holding GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of their personal data for such marketing. This includes any profiling to the extent that is related to such direct marketing. If the data subject objects to ASAP Holding GmbH processing their personal data for direct marketing purposes, ASAP Holding GmbH will no longer process their personal data for such purposes.

The data subject also has the right, on grounds related to their particular situation, to object to processing of their personal data which is processed by ASAP Holding GmbH for scientific or historical research or statistical purposes pursuant to Art. 89 (1) GDPR unless such processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object the data subject may contact ASAP Holding GmbH, as the controller, at any time.

13.8 Automated individual decision-making, including profiling
All individuals whose personal data is being processed have the right not to be subjected to a decision based solely on automated processing — including profiling — which produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller or (2) is authorised by law to which the controller is subject and this law lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or (3) is based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller or (2) is based on the data subject’s explicit consent, ASAP Holding GmbH will implement suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, granting them at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

If the data subject decides to exercise their rights concerning automated decision-making, they may contact ASAP Holding GmbH, as the data controller, at any time.

13.9 Right to withdraw consent under data protection law
All individuals whose personal data is being processed have the right to withdraw consent to the processing of their personal data at any time. If the data subject decides to exercise their right to withdraw consent, they may contact ASAP Holding GmbH, as the data controller, at any time to do so. 

If the data subject decides to exercise their right to withdraw consent, they may contact ASAP Holding GmbH, as the data controller, at any time to do so.

14 Use and application of social media
14.1 YouTube
The controller has integrated components of YouTube into this website. YouTube is an online video portal that enables video publishers to post video clips free of charge and other users to view, rate and comment on these videos, also free of charge. YouTube allows the publication of all types of videos, and both complete films and TV broadcasts as well as music videos, trailers or videos made by users can be accessed via the web portal. The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Each visit to one of the pages of this website which is operated by the controller and has an integrated YouTube component (YouTube video), automatically prompts the web browser on the data subject’s IT system to download a representation of the corresponding YouTube component from YouTube. For more information on YouTube please go to www.youtube.com/intl/de/yt/about/

As part of this technical process YouTube and Google receive the information that the data subject has visited the specific sub-page of the controller’s website. If the data subject is logged in to YouTube during their visit to the website and a sub-page with a YouTube video is accessed, YouTube is informed of the specific sub-page of the controller’s website that the data subject is using. This information is collected by YouTube and Google and assigned to the corresponding YouTube account of the data subject. Every time the data subject visits the website while also being logged in to YouTube, the YouTube component provides YouTube and Google with the information that the data subject has visited the controller’s website. This happens regardless of whether or not the data subject clicks on a YouTube video. If the data subject does not wish this information to be transmitted to YouTube and Google, they can prevent the transmission by logging out of their YouTube account before accessing the controller’s website. YouTube’s Privacy Policy is available at www.google.com/intl/de/policies/privacy/ and contains information about how YouTube and Google collect, process and use personal data.

15 Use and application of Google Maps
The controller uses maps from Google Maps – a service provided by Google, Inc. The interactive map is an integrated component of the ASAP Group’s website. The purpose of the map is to make it easier to locate individual sites of the ASAP Group and enable users to use the map function with ease. This application is downloaded directly from Google servers, which means that Google receives personal data such as IP address and location details. By visiting the website Google is informed of the fact that the user accessed the respective sub-page (www.asap.de/en/contact) of the website. The controller has no influence over whether and to what extent or for what period Google stores personal data and uses it internally. The legal basis for using this service is Art. 6 (1) (f) GDPR. If visitors to the website of the ASAP Group are registered with a Google service, Google is able to assign their visit to a personal account. Even if the user is not registered with Google or is not logged in to Google, it is still possible for Google to store personal data such as IP addresses and use it for profiling. Google stores the data collected as user profiles for market research and advertising purposes. The data is evaluated in particular – regardless of whether users are logged in or not – to display advertising in line with the user’s requirements and in order to inform other users of the social network about the user’s personal activities on the ASAP Group’s website. As the data controller, we wish to point out that users have the right to object to this user profiling by Google. Please also note that data may be processed by Google outside of Europe. For further information on data privacy at Google please go to: www.google.de/intl/de/policies/privacy/

16 Use and application of analysis tools
16.1 Google Analytics with anonymisation function
The controller uses the Google Analytics component (with anonymisation function) on this website. Google Analytics is a web analytics service. Web analysis is the process of collecting, collating and evaluating data on the behaviour of visitors to websites. A web analytics service collects various data including information on the website from which the data subject was sent to a website (called the “referral site”), which sub-pages of the site the data subject accessed and how often and for how long a sub-page was viewed. Web analysis is mainly used for website optimisation and for cost-benefit-analyses of web advertising. The operator of the Google Analytics component is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The controller uses the code „ga(’set‘, ‚anonymizeIp‘, true“ (in the analytics.js library) for web analysis by Google Analytics. This code shortens and anonymises the IP address of the data subject’s internet connection if the controller’s web pages are accessed from a member state of the European Union or from another state that is a signatory to the Agreement on the European Economic Area. The purpose of the Google Analytics component is to analyse visitor flows on the controller’s website. Among other things Google uses the data and information obtained to evaluate the use of the website in order to produce online reports for the controller which illustrate the activities on their website and to provide other services in connection with the use of the website. Google Analytics places a cookie on the IT system of the data subject. For more information on the use of cookies please see section 4. Placing the cookie enables Google to perform an analysis of how the controller’s website is used. With each visit to one of the pages of this website which is operated by the controller and has a Google Analytics component installed, the web browser on the data subject’s IT system is automatically prompted by the respective Google Analytics component to transfer data to Google for the purposes of online analysis. During this technical process Google is provided with personal data, such as the IP address of the data subject, which Google can use, among other things, to track the origin of visitors and their clicks and then use this information to calculate commission. The cookie is used to store personal information, such as the time of the visit, the location from where the visitor accessed the website and the frequency of visits to the controller’s website by the data subject. Google also collects data on the behaviour, demographic characteristics and interests of the data subject. Demographic data includes information such as age and gender of the website visitors. The data subject may change their demographic data in the settings for advertising (https://adssettings.google.com/authenticated).
Demographic characteristics and the categorisation of data subjects according to their interests allow us to tailor ads to specific target groups. The controller uses this service to make their Google campaigns more efficient and improve their marketing strategy. Website visitors can be categorised according to age, gender and interests. In addition, Google Analytics groups data subjects into segments such as users who are interested in sports and travel or individuals who wish to buy a car. The demographic characteristics and categories of interest correspond to those which are used for tailoring ads in the Google Display Network. With each website visit this personal data, including the IP address of the data subject’s internet connection, is transferred to Google in the United States of America. This personal data is then stored by Google in the United States of America. It is possible that Google may transfer this personal data collected via this technical process to third parties. The controller will routinely erase the data subject’s data as soon as it is no longer needed for the intended purpose. The storage period specified as standard in the controller’s system settings is 26 months. The controller has no influence on how long the data is stored by Google. The data subject may at any time prevent the placement of cookies by the controller’s website by selecting the appropriate setting in their browser and thereby permanently blocking the placement of cookies (see section 4). Such a setting in the web browser used by the data subject also prevents Google from placing a cookie on the data subject’s IT system. Moreover, cookies already placed by Google Analytics can be deleted at any time via the browser or with the help of other software programs. In addition, the data subject also has the option to object to and prevent the collection of data generated by Google Analytics regarding the use of this website as well as the processing of this data by Google. To do so, the data subject must download and install a browser add-on available from the following link: https://tools.google.com/dlpage/gaoptout.
This browser add-on informs Google Analytics via JavaScript that it is not allowed to transfer any data or information about website visits to Google Analytics. The installation of the browser add-on is regarded by Google as an objection to the collection of data. If the IT system used by the data subject is later deleted, formatted or re-installed, the data subject will have to re-install the browser add-on in order to disable Google Analytics. If the browser add-on is removed or disabled by the data subject or by another person within the data subject’s sphere of influence, it will still be possible to re-install or re-enable it. As an alternative option to the browser add-on, in particular for browsers on mobile devices, the data subject may prevent the collection of data by Google Analytics by clicking on the following link: Disable the collection of data by Google Analytics for this website. This places an opt-out cookie, which prevents the collection of data during future visits to this website. The opt-out cookie applies only to this browser and only to this website and is stored on the data subject’s device. If the data subject deletes the cookies in this browser, the opt-out cookie must be placed again. For further information and Google’s Privacy Policy please go to https://www.google.de/intl/de/policies/privacy/ and to http://www.google.com/analytics/terms/de.html. For a more detailed description of Google Analytics please follow this link: https://www.google.com/intl/de_de/analytics/.
The controller uses Google Analytics Audience for analysing website visitors in order to improve their marketing results. As a data management platform, Google Audience is part of Google Analytics and collects and organises the data of visitors to this website to enable us to find, expand and reach target groups with the right message at the right time. These target groups are directly and repeatedly addressed by the website’s controller in remarketing. For a more detailed description of Google Analytics Audience please follow this link: https://www.google.com/analytics/audience-center/.
16.2 Use of Google Remarketing
The controller uses services from Google Remarketing on this website. Google Remarketing is a function of Google AdWords which enables companies to show ads to internet users who browsed the company’s website before. By integrating Google Remarketing in their website, companies can create user-related advertisements allowing them to show ads to internet users that are more relevant to their interests. The operator of the Google Remarketing service is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The purpose of Google Remarketing is to show ads that are relevant to the user’s interests. Google Remarketing enables the controller to show ads that are tailored to the individual needs and interests of internet users across the Google marketing network or on other websites. Google Remarketing places a cookie on the IT system of the data subject. By placing this cookie Google is able to recognise visitors to the ASAP Group’s website when they visit other websites afterwards which are also members of the Google marketing network. Each time a web page is visited on which the Google Remarketing service is implemented, the data subject’s browser automatically sends its identification to Google. During this technical process, Google is provided with personal data, such as the IP address or browsing behaviour of the user, which Google uses, among other things, for showing interest-based ads. The cookie is used to store personal information, such as the websites visited by the data subject. Therefore, each time the controller’s website is visited, personal data, including the IP address of the data subject’s internet connection, is transferred to Google in the United States of America. This personal data is then stored by Google in the United States of America. It is possible that Google may transfer this personal data collected via this technical process to third parties. The data subject may at any time prevent cookies being placed by the controller’s website by using the appropriate settings in their browser and thereby permanently blocking the placement of cookies. Such a setting in the web browser used by the data subject would also prevent Google from placing a cookie on the data subject’s IT system. Moreover, cookies already placed by Google Analytics can be deleted at any time via the browser or with the help of other software programs. Moreover, the data subject can object to interest-based advertising by Google. To do so, the data subject must click on the following link from each of the browsers they use: www.google.de/settings/ads and then select the preferred settings. For further information and Google’s Privacy Policy please go to https://www.google.de/intl/de/policies/privacy/.

17 Data processing by Google and transmission to the USA

Data is also transmitted to the United States of America and stored on servers located there using cookies in connection with corresponding Google services such as Google Analytics. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used and information on usage times. The abbreviated IP addresses of the users are also stored. Google may link this data to other data of the user, such as the search history, personal accounts, the usage data of other devices and any other available data that Google has on the user, and use it for any of its own purposes. Although no ‘real ID (of a person)’ was collected at first, the link to a possibly existing Google account also makes it possible to iden-tify and assign it directly to the user.  The data stored on Google servers in the USA are subject of access by the state authorities in the USA according to national law. In its judgement of 16.072020, the ECJ has determined a lack of appropriate guarantees, enforceable rights and effective remedies against intelligence requests for the disclosure of personal data of EU citizens processed or transmitted in the US. If you do not want to transfer data to Google in the USA, select “Reject all” from the cookie settings.

Information about the creation of this document
This Privacy Policy was created using the privacy policy generator of DGD Deutsche Gesellschaft für Datenschutz GmbH [The German Association for Data Protection], acting as External Data Protection Officer for Schweinfurt, Germany, in cooperation with the Privacy Lawyer Christian Solmecke.