Data protection

Overview

Overview

Thank you for visiting our website and your interest in our company. The protection of your personal data is important to us and is a high priority for AST. We therefore treat your personal data confidentially and in compliance with the statutory data protection regulations. The following data protection declaration provides an overview of what happens to your personal data during processing by AST. It contains information on what data we collect in detail and for what purpose. In addition, you can see which cookies, plug-ins and tools are used on our website and what data is collected in the process. You will also be informed about the legal basis for this and what rights you have in connection with the processing of your personal data by us. In the following sections you will find detailed information on the respective topic of the data protection area.

Responsible party for data processing

Responsible party for data processing

The person responsible for data processing (i.e. the controller) on this website is:

AST Kunststoffverarbeitung GmbH
Mühlenweg 9, D - 57339 Erndtebrück
Telephone: +49 (0) 27 53 - 5 96 20 – 0
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

If you have any questions or suggestions on the subject of data protection, please feel free to contact us as the controller or our data protection officer at any time.

Data protection officer

Data protection officer

We have appointed as data protection officer:

Mr. Sven Berger
c/o Dokuworks GmbH
Birlenbacher Str. 20, D - 57078 Siegen
Telephone: +49 (0) 271 7 72 37- 10
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

If you have any questions or suggestions on the subject of data protection, please feel free to contact us as the controller or our data protection officer at any time.

Data collection on our website

Data collection on our website

In the following, we explain what data we collect through our website, why we collect it, and the legal basis for doing so. We use server log files, several plug-ins and tools on our website as well as various cookies required for their function.

Server log files

When you visit the website, information is automatically collected by the calling computer (hereinafter referred to as "access data"). These access data include server log files, which usually consist of information on the browser type and version, the operating system, the Internet service provider, the date and time of use of the website, the previously visited websites and websites newly accessed via the website and the IP address of the computer. With the exception of the IP address, the server log files are not personal data. An IP address is only personal if a court order is used to identify the user by the provider. Without such a decision, IP addresses are not personally identifiable by us.

Purpose and legal basis of the processing of server log files
When using this general data and information, we do not draw any conclusions about the person concerned. This information is rather used for a technically error-free presentation and optimisation of our website - for this purpose the recording of server log files is essential. Processing is carried out in accordance with Art. 6 Para. 1 letter f GDPR on the basis of our justified interest in improving the stability and functionality of our website.

Plug-ins and tools

Which plugins and tools are used?
This site uses Google Analytics, Google Search Engine and Cloudflare. In the following you will be informed about what we use these services for and how your data is protected.

Custom Google Search

We have integrated the Google plug-in for custom searches on our website. Google is the largest and most popular search engine in the world and is operated by the US company Google Inc. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the European area. Through the custom Google search, data can be transferred from you to Google. The custom Google search plug-in is a Google search bar directly on our website. The search takes place in the same way as on www.google.com, except that the search results focus on our contents and products or on a limited search circle.

Why do we use custom Google search on our website?
Google Search allows you to search our website for the content you need. This is to provide you with a more enjoyable and efficient website experience. The built-in Google plug-in therefore improves the overall quality of our website and makes it easier for you to search.

What data is stored by custom Google Search?
Custom Google Search only transfers data from you to Google when you actively use the Google search built into our website. This means that only when you enter a search term in the search bar and then confirm this term (e.g. by clicking on "Enter") is your IP address sent to Google in addition to the search term, stored and processed there. On the basis of the cookies set (such as 1P_JAR) it can be assumed that Google also receives data on your website use. If you search for content during your visit to our website using the built-in Google search function and are logged in with your Google account at the same time, Google can also assign the data collected to your Google account. As the website operator, we have no influence on what Google does with the collected data or how Google processes the data. You will find an overview of the cookies used when using the Google search engine under the "Cookies" tab.

How long and where is the data stored?
The Google servers are distributed all over the world. Since Google is an American company, most of the data is stored on American servers. At https://www.google.com/about/datacenters/inside/locations/?hl=de you can see exactly where the Google servers are located. Your data is distributed on various physical data carriers. This means that the data can be accessed more quickly and is better protected against possible manipulation. Google also has appropriate emergency programs for your data. If, for example, there are internal technical problems at Google and servers are no longer functioning as a result, the risk of service interruption and loss of data remains low. Depending on the data in question, Google stores this data for different periods of time. Some data can be deleted by you, others are automatically deleted or anonymised by Google. However, there are also data that Google stores for longer if this is necessary for legal or business reasons.

How can I delete my data or prevent data storage?
Under European Union data protection law, you have the right to access, update, delete or restrict your data. There are some data that you can delete at any time. If you have a Google Account, you can delete data about your web activity or set it to be deleted after a certain period of time. We hope we have been able to provide you with the most important information about data processing by Google. If you want to learn more about this, we recommend Google's comprehensive data protection declaration at: https://policies.google.com/privacy?hl=de

Purpose and legal basis for the use of the custom Google search
The use of the user-defined Google search is in the interest of the greatest possible user-friendliness of our online offer and the easy findability of the website content searched for. The optimisation of our website for its visitors represents a legitimate interest in the sense of Art. 6 Para. 1 lit. f GDPR.

Google Analytics

On our website we use the analysis tracking tool Google Analytics (GA) of the American company Google Inc. For the European area the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, when you click on a link, this action is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics enable us to better tailor our website and services to your needs. In the following we will go into more detail about the tracking tool and inform you in particular about what data is stored and how you can prevent this.

Why do we use Google Analytics on our website?
The statistics and data from Google Analytics help us to offer you the best possible website. The statistically evaluated data give us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimise our site so that it can be found more easily by interested people on Google. On the other hand, the data helps us to better understand you as a visitor. We therefore know exactly what we need to improve on our website in order to offer you the best possible service.

Which data is stored by Google Analytics?
Google Analytics uses a tracking code to create a random, unique ID associated with your browser cookie. This enables Google Analytics to recognise you as a new user. The next time you visit our site, you will be recognised as a "returning" user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles. Labels such as cookies and app instance IDs are used to measure your interactions on our website. Interactions are all types of actions that you perform on our website. If you also use other Google systems (such as a Google account), data generated by Google Analytics can be linked to third-party cookies. Google does not pass on any Google Analytics data unless we as the website operator approve this. Exceptions may be made if required by law. The following is a brief overview of further functions of Google Analytics:

  • Heat maps: Google creates so-called heat maps. With Heatmaps you can see exactly those areas that you click on. This way we get information where you are "on the road" on our site.
  • Session duration: Google defines session duration as the time you spend on our site without leaving the site. If you have been inactive for 20 minutes, the session ends automatically.
  • Bouncerate: A bounce is when you only view one page on our website and then leave our website.
  • Account creation: When you create an account or place an order on our website, Google Analytics collects this information.
  • IP address: The IP address is only shown in abbreviated form so that no clear assignment is possible.
  • location: The IP address can be used to determine the country and your approximate location. This process is also known as IP location determination.
  • Technical information: Technical information includes your browser type, your internet provider or your screen resolution.
  • Source of origin: Google Analytics or us. Of course, we are also interested in which website or which advertisement brought you to our site.
  • Other data includes contact details, any ratings, playing media (e.g. when you play a video on our site), sharing content via social media or adding to your favourites. This list does not claim to be exhaustive and is only intended as a general orientation for data storage by Google Analytics.
You can see exactly which cookies are used by Google Analytics under "Cookies".

How long and where is the data stored?
The Google servers are located in data centres all over the world. However, most servers are located in America. For this reason, your data is also increasingly stored in the USA. Here you can find out exactly where the Google data centres are located: https://www.google.com/about/datacenters/inside/locations/?hl=de Google distributes the data on different data carriers. This means that the data can be retrieved more quickly and is better protected against any attempts at manipulation. We have set Google Analytics so that your data is deleted after 26 months. When the specified period has expired, the data is deleted once a month. This retention period applies to your data that is linked to cookies, user recognition and advertising IDs (e.g. cookies from the DoubleClick domain). Reporting results are based on aggregated data and are stored independently of user data. Aggregated data is a fusion of individual data into a larger unit.

How can I delete my data or prevent data storage?
Under European Union data protection law, you have the right to access, update, delete or restrict your data. You can use the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js) to prevent Google Analytics from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only deactivates data collection by Google Analytics. We hope we have been able to provide you with the most important information about data processing by Google. If you would like to learn more about this, we recommend Google's comprehensive data protection declaration at https://policies.google.com/privacy?hl=de.

Purpose and legal basis for the use of Google Analytics
The use of Google Analytics is in the interest of an appealing presentation of our online offers and of making our website easy to find and optimise. This represents a legitimate interest in the sense of Art. 6 Para. 1 letter f GDPR.

Cloudflare

We use Cloudflare from Cloudflare Inc. on this website (101 Townsend St., San Francisco, CA 94107, USA) to make our website faster and more secure. Cloudflare uses cookies and processes user data. One, as the company Cloudflare provides us with a so-called Content Delivery Network (CDN). This is a network of servers connected via the Internet. Cloudflare has distributed such servers all over the world, so that our website is available as quickly as possible, no matter from which part of the world you access it. In addition to faster website availability, Cloudflare also offers various security services, such as DDoS protection or firewalls.

Why we use Cloudflare on our website?
Cloudflare helps us to make our website faster and more secure. Cloudflare offers us web optimizations as well as security services like DDoS protection and web firewall. Providing content via a data centre near you and some web optimisations carried out there reduces the average loading time of a website by about half. Overall, this makes our website much more powerful and less vulnerable to spam or other attacks.

Which data is stored by Cloudflare?
Cloudflare generally only forwards data that is controlled by website operators. The content is therefore not determined by Cloudflare, but always by the website operator himself. In addition, Cloudflare may collect certain information about the use of our website and process data that is sent by us or for which Cloudflare has received appropriate instructions. In most cases Cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS protocol data and performance data for web pages derived from browser activity. For example, log data helps cloudflare to identify new threats. In this way, Cloudflare can guarantee a high level of security protection for our website. Cloudflare processes this data within the framework of the services in compliance with the applicable laws. Of course, this also includes the basic data protection regulation (GDPR). Cloudflare uses cookies to provide this data. You can see these further above under "Cookies". Cloudflare also works together with third party providers. These may only process personal data under instruction of Cloudflare and in accordance with the data protection guidelines and other confidentiality and security measures. Cloudflare will not pass on personal data without our explicit consent.

How long and where is the data stored?
Cloudflare stores your information mainly in the USA and the European Economic Area. Cloudflare can transfer and access the above described information from all over the world. In general Cloudflare stores user level data for domains business for less than 24 hours. However, if IP addresses trigger security alerts in Cloudflare, exceptions to the above retention period may occur.

How can I delete my data or prevent data storage?
Cloudflare keeps data logs only as long as necessary and in most cases these data are deleted within 24 hours. Cloudflare also does not store any personal data, such as your IP address. However, there is information that Cloudflare stores indefinitely as part of its permanent logs to improve the overall performance of Cloudflare Resolver and to identify any security risks. You can find out exactly which permanent logs are stored by visiting https://www.cloudflare.com/application/privacypolicy/. All data that Cloudflare collects (temporary or permanent) is cleansed of all personal data. All permanent logs are also anonymised by Cloudflare. You can find more information about data protection at Cloudflare on: https://www.cloudflare.com/de-de/privacypolicy/

Purpose and legal basis for the use of Cloudflare
The use of Cloudflare is in the interest of a quick presentation of our online offers and optimisation of our website. Furthermore, we intend to increase the protection of our website against hacker attacks. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.

Cookies

Like many other websites, we also use so-called "cookies". Cookies are small text files which are stored on your end device (laptop, tablet, smartphone or similar) and which your browser saves. Cookies serve to make our offer more user-friendly, effective and safer with the help of plug-ins and tools.

What types of cookies are there?
The question which cookies we use in particular depends on the services used and is explained in detail below. At this point we would like to briefly discuss the different types of HTTP cookies. One can distinguish between 4 types of cookies:

  • Absolutely necessary cookies
    These cookies are necessary to ensure basic functions of the website.
  • Functional cookies
    These cookies collect information about user behaviour and whether the user receives any error messages. These cookies also measure the loading time and the behaviour of the website in different browsers.
  • Targeted cookies
    These cookies ensure a better user experience. For example, entered locations, font sizes or form data are stored.
  • Advertising cookies
    These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user.
Usually, when you visit a website for the first time, you will be asked which of these types of cookie you wish to accept. And of course this decision is also stored in a cookie.

Which cookies do we use?
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device until you delete them. If you visit our site again, it is automatically recognised that you have already been with us. You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

The following cookies are set in your browser when you use the custom Google search:

Name: 1P_JAR
Value: 2020-01-27-13311197289-5
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to show users relevant advertisements.
Expiry date: after one month

Name: CONSENT
Value: WP.282f52311197289-9
Purpose: The cookie stores the status of a user's consent to use various Google services. CONSENT is also used for security purposes to verify users and protect user data from unauthorised attacks.
Expiry date: after 18 years

Name: NID
Value: 196=pwIo3B5fHr-8
Purpose: NID is used by Google to match ads to your Google search. Google uses the cookie to "remember" your search queries or your previous interaction with ads. So you always get tailor-made ads.
Expiry date: after 6 months

The following cookies are set in your browser due to the integration of Google Analytics:

Name: _ga
Value: 2.1326744211.152311197289-5
Purpose: By default, analytics.js uses the cookie _ga to store the user ID. Basically, it serves to differentiate between website visitors.
Expiry date: after 2 years

Name: _gid
Value: 2.1687193234.152311197289-1
Purpose: The cookie is also used to differentiate between website visitors.
Expiry date: after 24 hours

Name: _gat_gtag_UA_property-id
Value: 1
Purpose: Used to lower the request rate. If Google Analytics is provided via the Google Tag Manager, this cookie is given the name: _dc_gtm_property-id.
Expiry date: after 1 minute

Name: AMP_TOKEN
Value: not specified
Purpose: The cookie has a token with which a User ID can be retrieved from the AMP Client ID Service. Other possible values indicate a logout, a request or an error.
Expiry date: after 30 seconds up to one year

Name: __utma
Value: 1564498958.1564498958.1564498958.1
Purpose: This cookie can be used to track your behaviour on the website and measure performance. The cookie is updated each time information is sent to Google Analytics.
Expiry date: after 2 years

Name: __utmt
Value: 1
Purpose: The cookie is used like _gat_gtag_UA_property-id to throttle the request rate.
Expiry date: after 10 minutes

Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.
Expiry date: after 30 minutes

Name: __utmc
Value: 167421564
Purpose: This cookie is used to establish new sessions for returning visitors. This is a session cookie and is only stored until you close the browser.
Expiry date: After closing the browser

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: The cookie is used to identify the source of traffic to our website. In other words, the cookie stores where you came to our website from. This may have been another site or an advertising session.
Expiry date: after 6 months

Name: __utmv
Value: not specified
Purpose: The cookie is used to store user-defined user data. It is always updated when information is sent to Google Analytics.
Expiry date: after 2 years

The following cookie is set due to the integration of Cloudflare in your browser:

Name: cfduid
Value: (e.g.) d798bf7df9c1ad5b7583eda5cc5e78311197289
Purpose: This cookie stores the security settings for each individual visitor to our website. It does not process any personal data and cannot be deactivated.
Expiry date: 1 year

Purpose and legal basis for the use of cookies
We use cookies for the proper operation of the website, to provide basic functionalities, and to improve user-friendliness through the use of various plug-ins. The exact purpose of the individual plug-ins and the legal basis for their use can be found under "Plug-ins". The optimisation of our website in terms of functionality and user-friendliness represents a legitimate interest in the use of the necessary cookie in the sense of Art. 6 Paragraph 1 S.1 lit. f GDPR.

Data of business partners

Data of business partners

Within the scope of the business initiation and/or relationship with your company, we process personal data of you or your employees. Which data is processed in detail and in what way it is used depends largely on the service requested or agreed upon in each case. Therefore, not all statements contained here may apply to you.

Which data do we process?
In order to manage our business contacts, we process information about your company (in particular address, branch offices if applicable, persons authorised to represent you and their contact details, summarised below: company data) as well as information on the respective contact persons (in particular name, position, professional contact information, summarised below: contact data) and any communication with you. Within the framework of order fulfilment and invoicing, we record information on offers, orders and invoice items as well as details of bank details. Company and contact data can also be processed in this context. Depending on the occasion, we can obtain creditworthiness information from a credit agency. These enquiries are carried out by communicating the company data and help us to better assess liquidity in order to minimise default risks. For this purpose we work with Creditreform Siegen Ernst Hain GmbH & Co. KG. For information on data processing by the respective credit agency, please also refer to the separate information sheet pursuant to Art. 14 GDPR, at: https://www.creditreform.de/siegen/datenschutz

Purpose and legal basis for processing
We use this data to be able to reach the appropriate contact person when contacting us and to comply with our contractual or legal obligations within the framework of the business relationship. Within the scope of the contractual relationship, you must provide us with those personal data which are necessary for the commencement, implementation and termination of the contractual relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will not be able to conclude or execute the contract with you. The legal basis for data processing is Art. 6 Para. 1 lit. b GDPR.

Data of applicants

Data of applicants

We are pleased that you are interested in our company and that you are applying or have applied for a job. The protection of your data is very important to us. With the data protection notice we provide you with the following information on the processing of your personal data in connection with your application.

Purposes and legal basis of processing

Your data will be processed to process your application and will of course be treated confidentially. The processing of your data is based on your enquiry and is necessary for the implementation of pre-contractual measures. If an employment relationship is established, the processing is carried out to fulfil a contract to which you as the person concerned are a party. The legal basis in both cases is Art. 6 Para. 1 lit. b) GDPR, § 26 BDSG. In the event that your profile appears suitable for filling a vacant position in another company of the AST group, we would transfer your data to that company. The legal basis for the transfer is Art. 6 para. 1 lit. f) GDPR (legitimate interest: optimal filling of vacancies). It is not intended to transfer your personal data to a third country.

Storage period
We will store personal data for the duration of the application process and for a further 6 months. Afterwards the data will be deleted. In individual cases, this may lead to a longer storage period. The storage period is then based on the statutory storage obligations, such as the German Commercial Code (HGB) or the German Tax Code. This affects, for example, our confirmation of receipt to you (commercial letter, 6 years) or data in connection with travel expense reimbursements (10 years). This extended storage is based on Art. 6 Para. 1 lit. c) GDPR in conjunction with § 257 HGB. If your personal data are required beyond this (for example to assert or defend against civil law claims in connection with your application), they will be deleted as soon as further storage of the data is no longer required for these purposes. In this case, the storage is based on Art. 6 para. 1 lit. 1 f) GDPR.

If no recruitment has taken place, but your applicant profile could be of interest to us for possible future vacancies, we will expressly ask you for your consent. You can revoke this consent at any time for the future. The legality of the processing before the time of revocation remains unaffected.

Recipients / data transmission to third parties

Recipients / data transmission to third parties

In the first instance, your data will be processed internally by AST. Of course we will treat your data confidentially. Within the company, therefore, only those persons and bodies who need your personal data to fulfil our contractual and legal obligations receive it. If it is necessary for the execution of a contractual cooperation, we will pass on your personal data to external persons or organisations (e.g. tax consultants, tax office), hereinafter referred to as recipients, in order to fulfil our contractual and legal obligations. In these cases, the recipients are carefully selected and it is ensured that they offer sufficient technical and organisational measures in terms of expertise, reliability and resources to ensure that the security of the data processing is maintained.
In addition, further legal obligations to transfer data may exist under certain circumstances, but these obligations may not be general, but only arise in specific individual cases.

In addition, such service providers may also have access to data that provides the plug-ins and tools used on this website to assist us in the areas of computer processing or archiving and destruction. Separate contracts for order processing exist with these service providers. All service providers are thus contractually bound and in particular obliged to treat your data confidentially.

Duration of data storage / data deletion

Duration of data storage / data deletion

Your data will always be deleted after the purpose for which it was stored has been fulfilled, unless legal retention periods prevent deletion. These are partly derived from the BGB, the HGB or the AO and can amount to 2 - 30 years.
After the expiry of such a retention period, the data will then be permanently deleted. If the processing of your personal data is carried out in the legitimate interest of us or a third party, the data will be deleted as soon as this interest no longer exists.

Your privacy rights

Your privacy rights

If our company processes data relating to your person, you have a right to the respective legal scope:

  • Information, in particular on data stored by the data controller and their processing purposes (Art. 15 GDPR)
  • Correction of incorrect or completion of incomplete data (Art. 16 GDPR)
  • Deletion, for example of data processed unlawfully or no longer required (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Objection to the processing, in particular if it is carried out in order to safeguard the legitimate interests of the controller (Art. 21 GDPR) and
  • Data transmission, provided that the processing is based on consent or is carried out for the performance of a contract or by means of automated procedures (Art. 20 GDPR)

If processing is based on your consent, you have the right to revoke this consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent up to your revocation.

Furthermore, you have the possibility to submit complaints to our data protection officer or the competent supervisory authority. These can be reached at the following contact details:

Our data protection officer:
Mr. Sven Berger
c/o Dokuworks GmbH
Birlenbacher Str. 20, D - 57078 Siegen
Telephone : +49 (0) 271 77 237-10
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

State Commissioner for Data ProtectionKavalleriestrasse
Kavalleriestrasse 2-4, 40213 Düsseldorf
Telephone: +49 (0) 211 384 24-0
Telefax: +49 (0) 211 384 24-10
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Versioning

Versioning

This privacy policy was last updated on 02.10.2020. This privacy policy was partly created with the support of adsimple.de in cooperation with slashtechnik.de.