• Service on Demand
    • Service on Demand -
      IT in Time

    • System-, network- and safety analysis in order to optimize your EDP-landscape
    • EDP-consulting and project management on the basis of more than 20 years of EDP-experience
  • Projekte
    • Project Management -
      IT with Concept

    • System-, network- and safety analysis in order to optimize your EDP-landscape
    • EDP-consulting and project management on the basis of more than 20 years of EDP-experience
  • Rechenzentrum
    • Data Processing Center -
      Your IT - Solution

    • System-, network- and safety analysis in order to optimize your EDP-landscape
    • EDP-consulting and project management on the basis of more than 20 years of EDP-experience
  • Helpdesk
    • Helpdesk -
      Immediate Help for Your IT

    • System-, network- and safety analysis in order to optimize your EDP-landscape
    • EDP-consulting and project management on the basis of more than 20 years of EDP-experience
  • Solutions
    • Solution -
      IT Solved in Person

    • System-, network- and safety analysis in order to optimize your EDP-landscape
    • EDP-consulting and project management on the basis of more than 20 years of EDP-experience

Privacy Policy

We take the protection of your personal data seriously. This privacy policy informs users about the manner, the extent and the purpose for the collection and usage of personal data by abass GmbH (hereinafter referred to as website operator) on this website. Your data are protected in the manner intended by the statutory rules, inter alia the Federal Data Protection Act and the new TeleMedia Act.

 

I.      Information on the collection of personal data

1.         Personal data

The following provides information on the collection of personal data during the use of our website. Personal data is data that relates to you personally, such as your name, address, email addresses and user behaviour.

2.      Controller within the meaning of the GDPR

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

ABASS GmbH

Weserstraße 14

63225 Langen, Germany

Telephone: 06103/4045660

Fax: 06103/4045666

Email:

A link to the disclaimer is required here

You can contact our Data Protection Officer at or via our postal address, including a reference to "The Data Protection Officer".

3.      Notes on establishing contact

When you contact us by email or using a contact form, we store the data that you provide (your email address, where necessary, also your name and telephone number) in order to respond to your questions. We delete the data collected in this respect once its storage is no longer required, or restrict its processing, if statutory retention obligations exist.

4.        External service providers

If we use service providers for individual functions of our offer, or would like to use your data for advertising purposes, we will immediately inform you of the relevant processes. We will also specify the defined criteria relating to the storage period.

5.      SSL and TLS encryption

This website uses SSL and TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can identify an encrypted connection in that the browser's address bar changes from "http://" to "https://" and by the lock symbol in your browser bar.

 

 

II.      General information on data processing

1. Scope of the processing of personal data

We essentially only process the personal data of our users to the extent that this is required to provide a functional website as well as our content and services. We normally only process the personal data of our users after the users have provided their consent. An exception exists in cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

If we obtain the data subject's consent to process personal data, Art. 6 (1) point a of the EU General Data Protection Regulation (GDPR) is the legal basis.

When processing personal data required to perform a contract, where the data subject is the contracting party, Art. 6 (1) point b GDPR is the legal basis. This also applies for processing operations that are required to take steps prior to entering into the contract.

If the personal data is processed to comply with a legal obligation to which our company is subject, Art. 6 (1) point c GDPR is the legal basis.

In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6 (1) point d GDPR is the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1) point f GDPR is the legal basis for the processing.

3. Data erasure and retention period

The personal data of the data subject is erased or blocked as soon as the purpose for the storage no longer applies. Storage may also take place if this is provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The blocking or erasure of data also takes place if one of the retention periods prescribed by the relevant standards expires, unless a requirement for further storage of the data exists for the conclusion or performance of a contract.

 4. Data transmission upon conclusion of a contract for services and digital content

We only forward personal data to third parties, if this is necessary as part of the performance of the contract, such as to the bank assigned to process the payment.

Any further transmission of the data does not take place, or only if you have provided your express consent to this transmission. Your data is not forwarded to third parties without your express consent, such as for marketing purposes.

The basis for the data processing is Art. 6 (1) point b GDPR, which permits the processing of data to perform a contract or to take steps prior to entering into a contract.

III.     Provision of the website and the creation of logfiles

. Description and scope of the data processing

Whenever you access our website, our system automatically collects data and information from the accessing computer system.

The following data is collected:

(1)  The user's IP address

(2)  Date and time of access

The data is also stored in our system's logfiles. This data is not stored together with other personal user data.

2. Legal basis of the data processing

The legal basis for the temporary storage of the data and logfiles is Art. 6 (1) point f GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To do so, the user's IP address must be stored for the duration of the session.

The storage in logfiles takes place to ensure the correct functioning of the website. The data is also used to optimise the website and to ensure the security of our IT systems. The data is not evaluated for marketing purposes in this respect.

 These purposes also represent our legitimate interest in data processing in accordance with Article 6 (1) point f GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case once the relevant session has come to an end.

If the data is saved in logfiles, this is the case after no more than seven days. Additional storage is possible. In this case, the users' IP addresses are deleted or altered so that they can no longer be assigned to the accessing client.

5. Opportunity to object and eliminate

The collection of data to provide the website and store the data in logfiles is essential for the operation of the website. As a result, the user has no possibility of objection.

VI.      Newsletter

1. Description and scope of the data processing

Our website provides the opportunity to subscribe to a free newsletter. In this case, the data from the input screen is transmitted to us when subscribing to the newsletter.

Salutation, title, first name, surname, company, email

The following data is also collected:

  1. Date and time of registration

To process the data, your consent is obtained and reference is made to this privacy policy as part of the registration process.

 

The newsletter is sent by the provider Evalanche (see Section V.6 below). The data is not passed on to any other third parties.

 2. Legal basis of the data processing

The legal basis for processing the data after the user registers for the newsletter is Article 6 (1) point a GDPR if the user has provided their consent.

3. Purpose of the data processing

The user's email address is collected to send the newsletter.

The collection of other personal data as part of the registration process is used to prevent the services or the email address used from being abused.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's email address is stored for as long as the subscription to the newsletter is active.

Any other personal data collected as part of the registration process is generally deleted after a period of seven days.

5. Opportunity to object and eliminate

The subscription to the newsletter may be terminated at any time by the relevant user. The newsletter contains a corresponding link for this purpose.

 This also enables the consent to store the personal data collected during the registration process to be revoked.

 6. Newsletter delivery by Evalanche

We use Evalanche to deliver our newsletter. Evalanche will not pass the data indicated here on to third parties.

Evalanche is an analysis service of SC-Networks GmbH, Enzianstr. 2, 82319 Starnberg, Germany. Evalanche uses "cookies", text files that are stored on your computer and which enable an analysis of your use of the newsletter. The information on your use of the newsletter (including your IP address) generated by the cookie is exported and transmitted to a server in Germany.

The newsletters contain tracking pixels. This is a miniature graphic that lets us know whether you have or have not opened a newsletter. The tracking pixel, as well as the links contained in the newsletters, are linked to the ID assigned to you by the aforementioned cookie, which is also assigned to your email address. This data allows us to create a user profile, which lets us provide a newsletter that aligns to your interests.

V.          Contact form and email contact

Description and scope of the data processing

Our website contains a contact form that can be used for electronic contact. If the user uses this option, the data entered in the input screen is transmitted to us and stored. This following data is transmitted:

Name, company name, street, no., postcode, city, country, phone number, email, message

The following data is also stored at the time the message is sent:

Date and time of registration

To process the data, your consent is obtained and reference is made to this privacy policy as part of the dispatch process.

Alternatively, you can contact us using the email address provided. In this case, the user's personal data provided with the email is stored.

No data is passed on to third parties in this respect. The data is exclusively used to respond to the conversation.

2. Legal basis of the data processing

The legal basis for processing the data is Article 6 (1) point a GDPR if the user has provided their consent.

The legal basis for the processing of the data that is transmitted as part of an email is Art. 6 (1) point f GDPR. If the email contact relates to the conclusion of a contract, the legal basis for the processing is also Art. 6 (1) point b GDPR.

3. Purpose of the data processing

The personal data from the input screen is only processed to respond to the contact. In the event of email contact, this occurs based on the legitimate interest in processing the data.

The other personal data processed during the dispatch process is used to prevent the abuse of the contact form and to ensure the security of our IT systems.

 4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data from the input screen of the contact form and the data that is sent by email, this is the case once the conversation with the user has come to an end. The conversation has come to an end, if the circumstances indicate that the relevant matter has been fully resolved.

The additional personal data collected during the dispatch process is deleted after a period of no more than seven days.

5. Opportunity to object and eliminate

The user has the opportunity to revoke their consent to the processing of their personal data at any time. If the user contacts us, they may object to the storage of their personal data at any time.

An informal notification by email or post/fax using the contact details specified in Section I. is sufficient for this purpose. The lawfulness of the data processing that occurred up to the date of revocation remains unaffected by the revocation.

The conversation cannot be continued if the storage of data has been revoked.

In this case, all personal data that was stored as part of the contact is deleted.

VI. Rights of the data subject

If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights in relation to the controller:

1. Right of access

You have the right to obtain confirmation from the controller as to whether we are processing any personal data concerning you.

If such processing exists, you can request the following information from the controller:

(1)       the purposes for which the personal data is being processed;

(2)       the categories of personal data concerned;

(3)       the recipients or categories of recipient to whom the personal data have been or will be disclosed;

(4)       the envisaged period for which the personal data will be stored, or, if specific information is not available, the criteria used to determine that period;

(5)       the existence of the right to request that the controller rectify or erase the concerned personal data, a right to restrict the processing by the controller or a right to object to such processing;

(6)       the right to lodge a complaint with a supervisory authority;

(7)       where the personal data is not collected from the data subject, any available information as to its source;

(8)       the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to be informed of whether your personal data is being transmitted to a third country or an international organisation. In this respect, you may request to be informed of appropriate safeguards pursuant to Art. 46 GDPR in connection with the transmission.

2. Right to rectification

You have the right to rectification and/or completion in relation to the controller, if the processed personal data is incorrect or incomplete. The controller must immediately perform this rectification.

3. Right to restriction of processing

You can request the restriction of the processing of the concerned personal data where one of the following applies:

(1)       if you contest the accuracy of your personal data, for a period enabling the controller to verify the accuracy of the personal data;

(2)       the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3)       the controller no longer needs the personal data for the purposes of the processing, but you require this data for the establishment, exercise or defence of legal claims, or

(4)       if you have objected to processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your legitimate grounds.

Where the processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing is restricted in accordance with the aforementioned requirements, the controller will inform you before the restriction is lifted.

4. Right to erasure

a) Erasure obligation

You can demand that the controller immediately erase your personal data and the controller is obliged to immediately erase this data if one of the following grounds apply:

(1)       your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

(2)       you withdraw your consent on which the processing is based according to Art. 6 (1) point a or Art. 9 (2) point a GDPR, and there is no other legal ground for the processing;

(3)       you object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR;

(4)       your personal data has been unlawfully processed;

(5)       your personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(6)       your personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

b) Information to third parties

Where the controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

c) Exceptions

The right to erasure does not apply to the extent that processing is necessary

(1)       for exercising the right of freedom of expression and information;

(2)       for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3)       for reasons of public interest in the area of public health in accordance with Art. 9 (2) points h and i as well as Art. 9 (3) GDPR;

(4)       for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5)       for the establishment, exercise or defence of legal claims.

5. Right of notification

If you have asserted the right to rectification, erasure or restriction of the processing in relation to the controller, the controller is obliged to notify all recipients, to which your personal data has been disclosed, of this rectification or erasure of the data or restriction of the processing, unless this proves to be impossible or involves disproportionate effort.

You have the right to be informed of these recipients by the controller.

6. Right to data portability

You have the right to receive your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:

(1)       the processing is based on consent pursuant to Art. 6 (1) point a GDPR or Art. 9 (2) point a GDPR or on a contract pursuant to Art. 6 (1) point b GDPR; and

(2)       the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.

The right to data portability does not apply for the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, to the processing of your personal data which is based on Article 6 (1) point e or f GDPR at any time; this also applies for profiling based on these provisions.

The controller will no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object, at any time, to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to the processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent for data processing

You have the right to withdraw your consent for data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1)       is necessary for entering into, or performance of, a contract between you and the controller;

(2)       is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3)       is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2) point a or g GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the data controller must implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

You also have the right to raise a complaint about our processing of your personal data with a data protection supervisory authority. Our competent supervisory authority is: The Hessian State Data Protection Officer, Prof. Dr Michael Ronellenfitsch, Gustav-Stresemann-Ring 1, Phone: 0611 1408-0, Fax: 0611 408-900 or -901, email: