Privacy Policy ARDEX Group

This policy describes for which purpose we may collect, store and process your personal data and how we use the data during your use of the publicly accessible parts of our website and services (Article 13 und 14 GDPR). The Privacy Policy of the ARDEX Group follows the EU General Data Protection Regulation (GDPR). If you have any questions about the processing of your personal data, please contact the ARDEX Data Protection Officer under the given contact details at Point 2 and 3.

Tables of Contents:

I. Overview
1.Scope
2.Responsibility
3.Data Protection Officer
4.Data Security

II. Data Processing in Detail
1.General Information about the Data Processing
2.Visit of our Website/Application
3.Customer Support
4.Tracking
5. Social Media Plug-Ins

III.Your Rights
1. Right of Objection
2. Right to Information
3. Right of Rectification
4. Right to Cancellation (“right to be forgotten”)
5. Right to Limitation of Processing
6. Right to Data Transferability
7. Right of Revocation in Case of Consent
8. Right of Appeal

I. Overview

In the following section we provide information about the scope, our responsibility of the data processing supervised by the data protection officer, and how we keep your data safe.

1. Scope
The data processing of the ARDEX Group can essentially be separated into two categories.
For the execution of a contract with the ARDEX Group, all required personal data will be processed. If external service providers are associated with the implementation of a contract, your personal data will be transferred as required.

A visit of our Homepage implies that information will be exchanged between your terminal device and our servers. Under certain circumstances, we may use your personal information. We will use your personal data for optimizing purposes of our website or for our advertisement services.

The Privacy Policy applies for our following offered services:
our website, which is available at www.ardex.com
for other offered services of the ARDEX Group (e.g. websites, subdomains, mobile applications, webservices or integration into third party websites) referring to this privacy policy.

2. Responsibility
All data processing and their use for certain purposes are within the responsibility of the following entity:
ARDEX GmbH
Friedrich-Ebert-Str. 45
58453 Witten, Germany
Tel.: +49 2302 664-0
Email: info@ardex.de

3. Data Protection Officer
The contact details of our data protection officer are:
https://www.dsextern.de/anfragen
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Bredkamp 53a
22589 Hamburg, Germany

4. Data Security
In order to be compliant with the required actions of Article 32 GDPR and for offering an appropriate protection level in relation to the risk, we established an Information Security Standard in our company according to VdS 3473.

II. Data Processing in Detail

In the following section of the Privacy Policy we provide information about the processing of personal data within our services. For a better overview we structure the information based on certain functions of our services. During the common usage of our website, various functions and therefore various processes may occur at once or one by one (e.g. Google Analytics as described below).

1. General Information about the Data Processing
The following applies for all the listed processes, unless indicated otherwise:

a. No Obligation for Providing Data
You are not obligated to provide personal data and there is neither a contractual nor statutory obligation.

b. Consequences of Non-Providing Data
In the case of not providing required data (data, which is marked as mandatory information in our services), consequently, we cannot provide the relevant service to you. In addition, the non-provision may lead to the fact that our services cannot be provided in the same form and quality.

c. Consent
In various cases, you will have the option of providing your consent (where applicable for a part of your data) for further processing which is described below. In this case, we will inform you specifically about all modalities, the scope of the consent and about the purposes, which we pursue with these processing steps at the time of data declaration and submission.

d. Transfer of Personal Data to Third Countries (outside the EU)
If we transfer your data to third countries, i.e. outside of the European Union, then the transfer takes place exclusively in compliance with the legally regulated admissibility requirements.
The admissible requirements are regulated by Article 44 -49 GDPR.

e. Hosting with External Service Providers
To a large extent, our data processing takes place with the involvement of hosting service providers, who provide storage space and processing capacities in their data centers and process personal data on our behalf according to our instructions. These service providers process data either exclusively in the EU or we have guaranteed an adequate level of data protection through the EU standard data protection clauses.

f. Transmission to State Authorities
We transfer personal data to state authorities (including law enforcement authorities) if necessary to fulfil a legal obligation (Art. 6 para. 1 c) GDPR) or if it is necessary to assert, exercise or defend legal claims (legal basis: Art. 6 para. 1 f) GDPR).

g. Storage Period
We do not store your data longer than we need for processing purposes. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be regularly deleted, unless its temporary storage is still necessary. Reasons for this could include the following:

  • The fulfilment of commercial and tax retention obligations
  • Obtaining evidence of legal disputes within the framework of the statutory statute of limitations

It is also possible for us to continue storing your data if you explicitly granted your permission.

h. Categories of Data

  • Account data: Login/user identification and password
  • Personal master data: Title, Title/Gender, First name, Last name, Date of birth
  • Address data: Street, number, address supplements (if applicable), postal code, city, country
  • Contact details: Telephone number(s), fax number(s), e-mail address(es)
  • Log-In Data\Credentials: Information about the service through which you have registered; dates and technical information on registration, confirmation and cancellation; data provided by you during registration
  • Ordering data: Ordered products, prices, payment and delivery information
  • Payment data: Account data, credit card data, data about other payment services such as Paypal
  • Access data: Date and time of the visit of our service; the site from which the accessing system came to our site; pages called up during use; data for session identification (session ID); in addition, the following information of the accessing computer system: Internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information.
  • Application data: Curriculum vitae, certificates, proofs, work samples, certificates, pictures
  • Data according to Article 9 GDPR: Data revealing racial and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data or data relating to a natural person’s sex life or sexual orientation.

i. Cookies
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy

2. Visit of our Website/Application
This section describes how we process your personal data when you access our services. We would like to point out that the transmission of access data to external content providers (see b.) is unavoidable due to the technical functioning of information transfer on the Internet.

a. Information about processing

Data categoryPurposeLegal basisPossibly justified interestStorage period
Access dataEstablishment of connection, presentation of the contents of the service, detection of attacks on our site based on unusual activities, error diagnosisArticle 6 Paragraph 1 f) GDPRproper functioning of the services, security of data and business processes, prevention of misuse, prevention of damage through interference in information systems7 days

b. Recipient of personal data

Recipient categoryData concernedLegal basis of the transmissionIf applicable, legitimate interest
External content providers who provide content (e.g. images, videos, embedded postings from social networks, advertising banners, fonts, update information) that is required to display the serviceAccess DataOrder processing (Article 28 GDPR)proper functioning of the services, (accelerated) presentation of content
IT security service providerAccess DataOrder processing (Article 28 GDPR)Prevention of attacks by exploiting security vulnerabilities / weak points
Share ThisAccess DataOrder processing (Article 28 GDPR)Share Content to Social Networks
Facebook ConnectAccess DataOrder processing (Article 28 GDPR)Tracks clicks from Facebook
Double ClickAccess DataOrder processing (Article 28 GDPR)Tracks clicks from Google Adwords

3. Customer Support
How we process your personal data when you contact our customer service, can be found here:

a. Information about processing

Data categoryPurposeLegal basisPossibly justified interestStorage period
Address data, contact data, Processing of customer enquiries and user complaintsProcessing of customer enquiries and user complaintsArt. 6 Para. 1 b) GDPRCustomer loyalty, improvement of our serviceProcessing of the request

4. Tracking
In this section we describe how your personal data is processed using tracking technologies to analyze and optimize our services, and for advertising purposes.
The description of the tracking procedures also includes information on how you can prevent, or object, to the processing of your personal data. Please note that the so-called “Opt-out”, i.e. the refusal of processing, is usually stored via cookies. If you use our services via a new terminal device or in another browser, or if you have deleted the cookies set by your browser, you must change to opt out again.
The shown tracking procedures process personal data only in a pseudonymous form. A connection with a specific, identifiable natural person, i.e. a merger of the data with information about a pseudonym, does not take place.
a. Tracking to analyze and optimize our services and their use, to measure the success of advertising campaigns and to optimize the display of advertisements

(1) Purposes of processing
The analysis of user behavior via tracking helps us to measure the effectiveness of our services, to optimize and adapt them to the needs of our users and to correct errors. In addition, it helps us to statistically determine characteristic values about the use of our services (range, usage intensity, user surfing behavior) based on uniform standard procedures and thus to obtain comparable values.
Tracking to measure the success of advertising campaigns serves to optimize our ads for the future and to enable marketers and advertisers to optimize their ads. The purpose of optimizing the displayed advertisement by tracking is to show users advertising tailored to their interests, to increase the success of advertising and thus also advertising revenues.

(2) Legal basis of the processing
Services that allow the identification of specific users require explicit consent of the user according to the GDPR.

(3) The used tracking procedures in detail

Description of serviceFunctioningPossibility of preventing processing (opt-out)Data transmission to non-EU countriesDecree on appropriateness, if necessary (Art. 45 DSGVO)Suitable guarantees, if necessary (Art. 46 DSGVO)
Google AnalyticsWeb AnalyticsDisable Google AnalyticsYesYes-
PIWIKWeb AnalyticsNoYes-
Google Tag ManagerCode Management SystemGoogle Tag Manager does not Track usersYesYes

5. Social Media Plug-Ins
This website may contain plugins from social networks such as: Facebook, Google+, Twitter or Pinterest, which are operated by third parties and which messages can be sent to the corresponding social network by using buttons in order to evaluate, recommend or share content, for example. In this way we pursue the purpose and legitimate interest of increasing the popularity of our services. We configure our services so that data transmission does not take place until you change to opt in. The legal basis for data transmission is Art. 6 I f) GDPR. The respective provider is responsible for processing the transmitted data in compliance with data protection regulations.

Description oft the serviceProviderData protection information of the provider
FacebookFacebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USAhttps://www.facebook.com/policy.php
Google+Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA https://www.google.com/+/policy/pagesterm.html
TwitterTwitter Inc., 539 Bryant Street, Suite 402, San Francisco, CA 94107, USAhttps://twitter.com/en/privacy
LinkedInLinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irlandhttps://www.linkedin.com/legal/privacy-policy

III. Your Rights

1. Right of Objection
If we process your personal data for direct marketing purposes, you have the right to object at any time against the processing of your personal data and against the use of your personal data for advertising purposes. This also applies to profiling, insofar as it is associated with such direct marketing.

You also have the right to object against the prospective processing of your personal data at any time when specific reasons exist in accordance with Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
You can execute your right of objection free of charge.
You can contact us via the contact details listed under I.2.

2. Right to Information
You have the right to know whether we process personal data concerning you, what personal data this may be, and further information in accordance with Art. 15 GDPR.

3. Right of Rectification
You have the right to request us to correct any incorrect personal data concerning you (Art. 16 GDPR). Considering the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

4. Right to Cancellation (“right to be forgotten”)
You have the right to request for us to delete personal data relating to you without delay, provided that one of the reasons stated in Art. 17 para. 1 GDPR applies and the processing is not necessary for one of the purposes regulated in Art. 17 para. 3 DGDPR.

5. Right to Limitation of Processing
You are entitled to demand a restriction on the processing of your personal data if one of the conditions laid down in Article 18, paragraph 1, letters a) to d) applies.

6. Right to Data Transferability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another responsible person without any hindrance by us or to arrange for direct transmission by us, if this is technically possible. This should always apply if the basis of data processing is consent or a contract and the data is processed automatically. This does not apply to data stored in paper form only.

7. Right of Revocation in Case of Consent
If the processing is based on your consent, you have the right to revoke the consent at any time. The legality of the processing based on the consent until the revocation is not affected by this.

8. Right of Appeal
You have a right of appeal to a supervisory authority.