Aprojects GmbH Privacy Statement
Thank you for your interest in our company and services. The protection of personal data/information is a particularly important concern for us, which we take into account in our business processes. Data protection and information security are components of our corporate policy. With the following information we give you an overview of how your personal data is processed on our website (https://de.aprojects.com/en/), and on our company page on the social network Facebook (https://de-de.facebook.com/transtrading/), as well as your rights under data protection law.
- § 1 Definitions
(1) According to Art. 4 No. 1 GDRP, “personal data” means any information relating to an identified or identifiable natural person (“data subject” in the following); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(2) “Processing” means any operation or set of operations that is performed on personal data or on sets of personal data, with or without the use of automated procedures, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, querying, use, disclosure by transmission, dissemination or otherwise making available, comparison or combination, restriction, deletion, or destruction.
(3) “Pseudonymization” is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without consulting additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
(4) “Profiling” is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s work output, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
(5) “Controller” is the natural or juristic person, public authority, agency or other body which, alone or jointly with others, decides on the purposes and means for and by which personal data shall be processed.
(6) “Processor” is a natural or juristic person, public authority, agency, or other body that processes personal data on behalf of the controller.
(7) “Third party” is a natural or juristic person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, has been authorized to process the personal data;
- § 2 Controller/ Data Protection Officer
(1) Pursuant to Art. 4 No. 7 General Data Protection Regulation (GDPR)
+49 2154/4919-98 and -99
is responsible for the processing of the data.
(2) The Data Protection Officer of Aprojects GmbH is
c/o partners audit GmbH Wirtschaftsprüfungsgesellschaft
Am Sandtorkai 41
+49 44 19 60 01
- § 3 Processing of personal data
(1) Informational visit to our website
(a) When you visit our website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a “log file.” The following information will be collected without your intervention and stored until its automatic deletion:
- Name of the requested web page
- File, date and time of download
- Volume of data transferred
- Notification of successful download
- Browser type and version
- User’s operating system
- Referrer URL (previously visited page)
- IP address, and
- Requesting provider
(b) The above data will be processed by us for the following purposes:
- To ensure a smooth rendering of the website,
- To ensure convenient, easy use of our website,
- To evaluate the system’s security and stability
(c) In no event do we ever use the data collected during an informational visit to our website for the purpose of drawing conclusions about you as an individual.
(2) Contract fulfilment
We process the personal data of our contractual partners, business partners, customers and interested parties in accordance with Art. 6 Para. 1 letter b. GDPR in order to provide you with our contractual or pre-contractual services.
The personal data processed includes master data (e.g., names and addresses), contact data (e.g. email addresses and telephone numbers), contract data (e.g., services used, content of contracts, contract-related communications, names of contact persons), and payment data (e.g., bank details, payment history).
We do not process special categories of personal data unless they are part of commissioned or contractual processing, there is a legal obligation to process or you have given us permission to process them.
(3) Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as the organization of our business, financial accounting and compliance with legal obligations, such as archiving. The processing pertains to contractual partners, business partners, customers, interested parties, and website visitors. The purpose and our interest in the processing relates to the administration, financial accounting, office organization, archiving of data, i.e. tasks which serve the maintenance of our business activities, performance of our tasks, and provision of our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the data specified in these processing activities.
In our legitimate business interest, we store information on business partners, contractual partners, customers, and interested parties, e.g. for the purpose of making contact at a later date.
(4) Application procedure
We process applicant data only for the purpose and during the application procedure, in accordance with legal requirements. The processing of applicant data is carried out to fulfil our (pre-)contractual obligations as part of the application procedure – including to the extent that the data processing becomes necessary for us, e.g. in connection with legal proceedings.
The application procedure requires that applicants provide us with applicant data. The requisite applicant data can be found in the job descriptions. Generally, personal details, postal and contact addresses, and supporting documents for the application, such as cover letter, curriculum vitae, and certificates, are required. Beyond this, applicants may voluntarily provide us with additional information.
By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process, in the ways and to the extent specified in this privacy statement.
Applicants can send us their applications by email. Please note that emails are generally not sent in encrypted form and the applicants themselves must ensure that they are encrypted. Applicants are also free to submit their applications by mail.
In the event of a successful application, we may further process the data provided by the applicants for the purposes of the employment relationship. Otherwise, if an application in response to a job listing is unsuccessful, the applicant’s data will be deleted. Applicants’ data is also deleted if an application is withdrawn – which applicants are entitled to do at any time.
Subject to a justified revocation by the applicant, deletion will take place after a period of six months so that we can answer any follow-up questions regarding the application and fulfil our obligations to provide evidence under the Equal Treatment Act.
(5) Making contact
When contacting us (e.g. by email, telephone or social media), the information provided by the enquirer will be processed for the purpose of processing the contact inquiry and processing it in accordance with Art. 6 Para. 1 lit. b) GDPR. User data can be stored in a customer relationship management system (CRM system) or comparable request organization system.
We will delete inquiries as soon as they are no longer needed. Their necessity is reviewed every two years; statutory archiving obligations also apply.
The hosting services we use serve the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, and the security services and technical maintenance services that we use for the purposes of operating this website.
In this connection, we (or our hosting provider) process inventory data, contact data, content data, contract data, usage data as well as the metadata and communications data of customers, interested parties, and visitors to this website on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 Para. 1 lit. f GDPR.
(7) Collection of access data and log files
On the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f) GDPR, we (or our hosting provider) collect data on each access to the server on which this service is located (“server log files”). These server log files includes the name of the website accessed, the file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the website previously visited), IP address, and the requesting provider.
Log file information is stored for security reasons (e.g. to investigate abuse or fraud) for up to a maximum of 7 days and is deleted afterwards. Any data, whose further storage is necessary for evidential purposes, is except from deletion until the respective incident has been finally settled.
(8) Online presences on social media
(a) We maintain a company page on the social network Facebook (https://de-de.facebook.com/transtrading/) in order to communicate with customers, interested parties, and users (also collectively referred to as “visitors” in the following) active there and to inform them about our products and services. In addition, we incorporate the font (“Google Fonts”) of Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04E5WS5, Ireland, into our corporate website (https://trans-trading.de/) for design and administration purposes.
In this context, we would also like to mention that when you visit our company page on the social network Facebook (at least part of the) personal data is processed in the USA. According to the case law of the European Court of Justice, however, there is no level of protection in the USA that is essentially equivalent to the DSGVO, and the legal protection options that the Charter of Fundamental Rights of the European Union guarantees EU citizens do not exist to the same extent in the USA. This applies in particular to legal protection against the processing of personal data. There is a risk that your data may be processed by US authorities for control and monitoring purposes without you being granted legal remedies.
Information about data collection and further processing by the social network Facebook can be found in Facebook’s data protection information: https://www.facebook.com/full_data_use_policy; https://www.facebook.com/about/basics; https://www.facebook.com/legal/terms/information_about_page_insights_data
Aprojects GmbH cannot track which user data is collected by the Facebook social network. Aprojects GmbH also does not have full access to the collected data or your profile data. Aprojects GmbH can only see the public information of your profile. You decide on the specific public information in your settings on the Facebook social network. Furthermore, you have the option to actively hide your “Likes” or not to follow a company page anymore. Then your profile will no longer appear in the list of fans or followers of this company page.
Aprojects GmbH receives anonymous statistics from Facebook on the use and usage of the company website. The legal basis for the use of this statistical data is Art. 6 Para. 1 Sentence 1 lit. f) GDPR. With regard to the company page on Facebook (https://de-de.facebook.com/transtrading/), Aprojects GmbH and Facebook Ireland Ltd. are jointly responsible for processing the statistical data based on the “Page Insights Controller Addendum” Controller Addendum in accordance with the Page Insights Controller Addendum (https://www.facebook.com/legal/terms/page_controller_addendum).
For example, the following information is made available as statistical data:
- Fans/followers: Number of people who follow the Aprojects GmbH company page on Facebook – including additions and development over a defined period of time.
- Reach: Number of people who see a specific post. Number of interactions on a post. From this it can be deduced, for example, which content is better received by the community.
- Advertisement performance: What does Aprojects GmbH charge for a click? How many people have seen an ad?
- Demography: Average age, gender, place of residence, language of visitors.
We use these statistics, from which we cannot draw conclusions about individual users, to constantly improve our online offering on the social network Facebook and to better respond to visitors’ interests. We cannot link the statistical data with our visitors’ profile data. You can use your settings on the social network Facebook to decide in which form targeted advertising is displayed to you.
Aprojects GmbH receives personal data via the social network Facebook if you actively communicate this to us via a personal message. We use your data (e.g. first name, surname, user name, email address) to answer your request. Your data will be stored until this purpose is fulfilled.
For a detailed representation of the respective processing steps and the possibilities of objection (opt-out), we refer to the following linked information from the providers.
Also, in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to users’ data and can directly take appropriate measures and provide information. If you still require assistance, please do not hesitate to contact us.
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Google (Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04E5WS5, Ireland) –
- § 4 Sources
We receive the personal data from our contractual partners, business partners, customers, applicants, and interested parties as part of our business relationships. Furthermore, we process – to the extent necessary for the provision of our services – personal data which we have received from partner companies or other third parties (e.g. banks) in a legally permissible context (e.g. for the performance of tasks, the fulfilment of contracts, or based on your consent).
Furthermore, we process the personal data that we have obtained in a permissible way from publicly accessible sources (e.g. debtor registers, land registers, commercial and association registers, press, media, internet) and are permitted to process.
- § 5 Purposes and legal basis of processing
We process the above-listed personal data in accordance with the provisions of the GDPR and Germany’s Federal Data Protection Act (BDSG):
(1) For the fulfilment of contractual obligations and pre-contractual measures, Art. 6 Para. 1 lit. b) GDPR
Personal data is processed in connection with
- the provision of forwarding services and services, as part of the fulfillment of corresponding contracts
- the implementation of pre-contractual measures that take place upon your request
- carrying out application procedures, and
- initiation and fulfillment of the services listed under § 2.
The purpose of the data processing depends primarily on the specific business relationship and subject matter. Further details on the purpose of data processing can be found in the respective contract documents and terms and conditions.
(2) In the context of the balancing of interests, Art. 6 Para. 1 lit. f) GDPR
To the extent necessary, we process your data beyond the actual fulfilment of the contract to protect our own legitimate interests or those of third parties. Examples:
- To review and optimize procedures for needs analysis and customer acquisition
- For the establishment, exercise or defense of legal claims
- To ensure the IT security and IT operation of Aprojects GmbH
- For business management measures and the further development of services and products
(3) On the basis of your consent, Art. 6 Para. 1 lit. a) GDPR
If you have given us your consent to process personal data for certain purposes for the performance/implementation of the contract, this processing is considered legal based on your consent. Consent, once given, can be revoked at any time. This applies likewise to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation only becomes effective in the future. There can be no retroactive revocation. Any processing that took place before the revocation remains unaffected by the revocation. You can request a status overview of the consents you have given, at any time.
(4) Based on statutory provisions, Art. 6 Para. 1 lit. c) GDPR
As a forwarding company, we are subject to various legal obligations, i.e. legal requirements (e.g. German Commercial Code, tax laws). We store your data to the extent necessary for fulfilling these legal obligations (for storage duration see § 9).
- § 6 Transmission of personal data
Within Aprojects GmbH, the functions that require your data in order to fulfil our contractual and legal obligations will have access to it. The service providers and vicarious agents we use may also receive data for this purpose.
External service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored by us. In accordance with Art. 28 Para. 1 GDPR, we only work with “contract processors” who offer sufficient guarantees that suitable technical and organizational measures are implemented in such a way that processing is carried out in accordance with the statutory regulations and the protection of your data is guaranteed.
Recipients of personal data outside Aprojects GmbH may include, for example: contractual partners, business partners, customers, interested parties, banks, service providers for contract and receivables management, debt collection agencies, lawyers, insolvency administrators, fleet managers, monitors, archive and forwarding service providers, agencies, software providers, professional associations, and government agencies (e.g. financial authorities, courts, public prosecutor’s office, and police).
- § 7 Transmission of personal data to a third country or an international organization
Transmission of data to countries outside the EU or the EEA (“third countries”) only occurs if this is necessary for the execution of your orders; if it is legally prescribed (e.g. tax reporting obligations); or if you have given us consent or in the context of order data processing. Wherever service providers are used in a third country, an adequacy decision pursuant to Art. 45 GDPR has been obtained or the service providers have provided suitable guarantees pursuant to Art. 46 Para. 2 lit. a) to f) or Para. 3 lit. a) and lit. b) GDPR for compliance with the level of data protection in Europe.
(1) This website uses transient and persistent cookies.
(2) Transient cookies, which include session cookies in particular, are automatically deleted when you close your browser. Session cookies store a “session ID” that allow for assigning multiple requests from your browser to a collective session. This will allow your device to be recognized when you visit our website. The session cookies used are deleted when you close your browser.
(3) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. The storage time of the cookies used varies. You can delete the persistent cookies in the security settings of your browser at any time – even before the storage period has expired.
(4) You can configure your browser settings according to your wishes and, for example, refuse to accept persistent cookies or all cookies. However, we would like to point out that you may then not be able to use all the functions of this website.
- § 9 Duration of processing and storage of personal data
We process and store your personal data as long as it is necessary for the purposes for which it is collected or otherwise processed, above all as long as it is necessary for the fulfilment of our contractual and legal obligations.
The following deadlines apply in particular to data storage for the fulfilment of legal obligations:
- Pursuant to § 257 Para. 4 of the German Commercial Code (HGB), 147 Para. 3 General Tax Act (AO): 10 years for trading books and accounting documents, beginning with the end of the calendar year in which the last entry in the trading book was made.
- Pursuant to § 257 (4) HGB, 147 (3) AO: 6 years for business letters beginning with the end of the calendar year in which the last entry was made in the trading book.
- Pursuant to § 8 (4) Money Laundering Act (GWG): 5 years for records and other supporting documents relevant to money-laundering law, beginning with the end of the calendar year in which the business relationship ends.
- § 10 Data protection rights
You have the following rights:
- To request information about your personal data that we process, Art. 15 GDPR. In particular, you may request information about the purposes of the processing; the category of personal data; the categories of recipient to whom your data has been or will be disclosed; the intended duration of the storage; the existence of a right of rectification, deletion, or restriction of processing; or to object to such processing; the existence of a right to lodge a complaint; the source of your data if it is not collected by us; and the existence of any automated decision-making, including profiling;
- To immediately request the rectification of incorrect or inaccurate personal data stored by us, Art. 16 GDPR;
- To request the deletion of your personal data stored by us, unless that processing is necessary for the exercise of the right to freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise or defense of legal claims, Art. 17 GDPR;
- To request the restriction of the processing of your personal data if you contest the accuracy of the data; the processing is unlawful, but you oppose its deletion; and we no longer need the data but you need it for the establishment, exercise or defense of legal claims; or you have objected to processing pursuant to Art. 21 GDPR, Art. 18 GDPR;
- To receive your personal data which you have provided to us in a structured, commonly used and machine-readable format;and to request transmission to another controller, Art. 20 GDPR;
- To revoke your consent given to us at any time, Art. 7 Para. 3 GDPR. As a result, we may no longer continue the data processing based on this consent in future;
- In the case of an automated decision-making (profiling), the right to present your point of view and to contest the decision, Art. 22 Para. 3 GDPR;
- The right to lodge a complaint with a supervisory authority, Art. 77 GDPR. Generally, you can contact the supervisory authority at your usual place of residence or workplace, or at our company’s domicile.
- § 11 Requirement to provide data
As part of a business relationship, you must provide us with the personal data that is required for establishing and conducting a business relationship and fulfilling the attendant contractual obligations, and/or that we are legally obliged to collect, Art. 13 Para. 2 e) GDPR. Without this data, we will generally have to refuse the conclusion of the contract or the execution of the order, or will no longer be able to execute an existing contract and may have to terminate it.
- § 12 Automated Decision-making (including profiling)
In principle, we do not use fully automated decision-making pursuant to Art. 22, Art. 13 Para. 2 f, Art. 14 Para. 2 g GDPR for establishing and conducting the business relationship. Should we use these procedures in individual cases, we will inform you of this separately provided this is required by law.
- § 13 Up-to-dateness and Amendment of this Privacy Statement
This privacy statement is dated October2020. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to amend this privacy statement. You can download and print out the latest version of the privacy statement at any time on our website at https://de.aprojects.com/en/privacy-statement.
Information about your right to object pursuant to Article 21 GDPR
1. Right of objection in individual cases
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you, which is based on Art. 6 Para. 1lit e) or f) GDPR, including profiling based on this provision within the meaning of Art. 4 Para. 4 GDPR.
If you file an objection, we will no longer process your personal data unless we can provide compelling legitimate reasons for processing that outweigh your interests, rights, and freedoms, or if the processing serves to establish, exercise or defend legal entitlements.
2. Right to object to the processing of data for marketing purposes
In individual cases, we process your personal data in order to implement direct-to-customer marketing. You have the right at any time to object to the processing of personal data concerning you for the purposes of such marketing, which includes profiling to the extent that it is related to such direct-to-customer marketing.
If you object to the processing for these purposes, we will no longer process your personal data for these purposes.
3. Right to object to processing for scientific or historical research purposes or statistical purposes
You have the right to object to the processing of your personal data for the purposes of scientific or historical research or for statistical purposes pursuant to Article 89(1) GDPR on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.