ALIVE - SEAM

Privacy

Thank you for visiting our website and for your interest in our services.

1. Subject matter and scope of the privacy statement

The protection of your data is important to us! We would therefore like to provide you with comprehensive, transparent and understandable information on the handling of personal data by fka GmbH („fka“) within the scope of the following explanations. With the help of our privacy policy, you can find out for what purposes, to what extent and in what way we process personal data about you and what rights you are entitled to as a person affected by data processing.

This data protection declaration also fulfils our information obligations under Articles 13 and 14 of the General Data Protection Regulation (GDPR).

This information refers not only to data processing processes in connection with the use of our website, but also to other processing processes for which we refer to this data protection declaration.

Under sections 2, 3, 4 and 5 you will find general information regarding data protection law. If you require specific information, in particular regarding data processing in connection with the use of our website, communication with fka or the application procedure or communication with fka, you will find this under sections 6- 9. "Our website" in the sense of this data protection declaration refers to the main page available at www.project-alive.eu and all websites under it without externally linked third-party websites over whose content we have no influence.

2. Terms used

Within the scope of this privacy policy we use, as far as possible, the definitions defined in Article 4 GDPR by the European regulator. In order to make the explanations in this privacy policy as simple as possible, we would like to introduce the most important definitions below.

Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third Party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Name and contact details of the controller

“Controller“ in the sense of data protection law, i.e. the body which alone or jointly with others decides on the purposes and means of processing personal data, is in this case the:

fka GmbH
Steinbachstraße 7
52074 Aachen
Germany

Phone: +49 241 8861 0
Fax: +49 241 8861 110
E-mail: info@project-alive.eu
Website: http://www.project-alive.eu/index.php?content=imprint

fka GmbH is represented by its managing director Dr. Markus Bröckerhoff.

For the purposes of this privacy policy, "we" always refers to the aforementioned controller.

4. Contact data of the data protection officer

We have appointed data protection officers:

Herrn
Harald Krischke
Krischke IT Service

The easiest way to contact our data protection officer is by telephone:

Steinbachstraße 7
52074 Aachen
E-mail: dsb@fka.de

If you have any questions or other concerns regarding data protection, please do not hesitate to contact our data protection officer at any time using the contact details given above.

5. General information on data protection

The following explanations provide you with general information on data protection law, in particular on which legal bases we may rely on the processing of personal data (cf. Section 5.1) and which rights data subjects have (cf. Section 5.5).

This information applies generally and in all cases in which we process personal data.

5.1. Legal basis for the processing of personal data

Any processing of personal data is only legal if it can be based on a legal basis which allows such processing. The European regulator has provided the following legal bases for the processing of personal data. We would like to give you an overview of these in the following. In any case, we provide information on the respective legal basis on which we base concrete processing.

5.1.1. Consent

According to Article 6 (1)(a) GDPR, we are entitled to process personal data if we have obtained the data subject's consent for one or more specific processing purposes.

5.1.2 Fulfilment of contract and pre-contractual measures

Article 6(1)(b) of the GDPR allows us to process personal data if this is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject's request.

This legal basis is particularly relevant for enquiries in connection with the provision of services, in particular in connection with the implementation of research and development contracts.

5.1.3. Fulfilment of a legal obligation

Processing of personal data is also permitted under Article 6(1)(c) of the GDPR if this is necessary for processing in order to fulfil a legal obligation to which we are subject as data controllers.

These include in particular tax obligations.

5.1.4. Vital interest

Article 6(1)(d) GDPR allows the processing of personal data when necessary to protect the vital interests of the data subject or another natural person.

We may use this legal basis to process personal data in special cases, e.g. if we pass on personal data to third parties, in particular rescue services, in the event of accidents.

5.1.5. Assignment in the public interest or exercise of sovereignty

In accordance with Article 6 (1) (e) GDPR, we may exceptionally also process personal data if this is necessary for the performance of a task in the public interest or in the exercise of official authority delegated by the controller.

This would be the case, for example, if we are entrusted with a public task and process personal data in carrying out this task.

5.1.6. Prevailing interest of the controller or a third party

Finally, in accordance with Article 6(1)(f) GDPR, we may base the processing of personal data on the fact that this is necessary to safeguard our legitimate interests or those of a third party, unless the interests or fundamental rights or freedoms of the data subject, which require the protection of personal data, prevail, in particular where the data subject is a child.  According to the European regulator, a legitimate interest may arise in particular from an existing customer or employment relationship and the interest of the controller for direct advertising. The assessment decision shall in particular take into account whether the data subject can reasonably foresee, at the time when the personal data are collected and in view of the circumstances in which they are collected, that processing for this purpose may take place.

The following interests of the fka in particular are conceivable as legitimate interests for processing on the basis of the legal basis described:

  • Improving our products and services;
  • Planning, implementation and improvement of our marketing activities;
  • Addressing new customers.

5.2. Obligation to provide personal data; consequences of failure to provide such data

The European regulator provides for data subjects to be informed of existing obligations to provide personal data and of the consequences of failure to provide personal data when personal data are collected from the data subject. We inform about this individually in the specific case of processing.

Certain legal provisions may require the provision of personal data of the data subject. This may result in particular from tax regulations or regulations on money laundering prevention.

If necessary, contractual regulations may also prescribe the provision of personal data of the data subject or the provision of personal data is required for the conclusion of a contract. For the conclusion of a contract, for example, we need the name of the contractual partner. For the execution of a delivery we need a delivery address.

For certain legal reasons, you may be required to provide us with personal information. If this is the case, we will expressly point this out to you in individual cases. As a rule, there is no contractual obligation to provide personal data. In individual cases, however, you may be required by contract to provide personal data. We will expressly point this out to you in individual cases.

Failure to provide personal data can have legal disadvantages for you, such as the loss of legal positions. If there is a legal obligation to provide information, there may be the threat of legal disadvantages. A contractual obligation or requirement for the purpose of concluding a contract may have the consequence that a breach of contractual obligations exists or a contract cannot be concluded. We will explicitly inform you of this in each individual case.

If you have any questions, you can always contact our data protection officer, who can provide you with information on the existence of provision obligations and the consequences of nonprovision.

5.3. Origin of data

If we have not collected the personal data from the data subject, the European regulator provides for the data subject to be informed of the source of the data and, where appropriate, whether they come from publicly available sources.

We always provide information about the respective source of the data in the specific individual case. We use data from publicly accessible sources in particular when we check and correct obviously incorrect addresses with the help of an Internet search.

5.4. Recipients and categories of recipients of personal data

We only pass on personal data to third parties in justified cases. To this end, we have either obtained the consent of the person concerned in advance or base the disclosure on another legal basis, in particular for the execution of a contract or the necessity to safeguard our legitimate interests. We will inform you about this in the specific individual case.

Recipients of personal data who are generally considered in certain situations are:

  • The Institute for Automotive Engineering (ika) at RWTH Aachen University as our cooperation partner in connection with the implementation of projects;
  • Our partners in the project “ALIVE” as shown on the website;
  • Shipping service providers that we commission with the delivery of goods and other items;
  • Banks and other payment service providers we use to process payments.

5.5. Rights of the data subject

As the data subject, you have numerous rights granted by the European regulator, so-called “rights of data subjects”. We would like to present these to you in a transparent and comprehensible way. Please note that the following description is neither intended to replace the wording of the relevant regulations nor to restrict the rights to which you are legally entitled by the following explanations.

If you have any questions about the rights of data subjects or would like to exercise your rights, you can contact our data protection officer at any time using the contact details provided.

5.5.1. Right to confirmation and information

Any data subject has the right to request confirmation from the controller as to whether personal data concerning him/her are being processed and, if so, the right to request information on such personal data and on the following information:

  • the processing purposes;
  • the categories of personal data to be processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
  • the existence of a right of rectification or deletion of personal data concerning him/her or of a restriction on processing by the controller or of a right of opposition to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • if the personal data are not collected from the data subject, all available information on the origin of the data;
  • the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.

Where personal data are transferred to a third country or an international organisation, the data subject shall also have the right to be informed of the appropriate guarantees relating to the transfer.

The data subject also has the right to obtain from the controller a free copy of the personal data which are the subject of the processing, provided that the rights and freedoms of other persons are not affected.

In special cases, the right may also be limited by the provisions of Sections 27 (2), 28 (2), 29 (1) sentence 2 and 34 German Data Protection Act (BDSG).

Please contact our data protection officer if you wish to make use of these rights.

5.5.2. Right of rectification

A data subject shall have the right to request the controller to rectify any inaccurate personal data concerning him/her without delay and, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.

Please contact our data protection officer if you wish to make use of these rights.

5.5.3. Right of erasure („Right to be forgotten“)

Any data subject shall have the right to require the controller to delete personal data concerning him/her immediately, provided that one of the following reasons applies:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • the data subject withdraws his/her consent on which the processing referred to in Article 6(1)(a) or Article 9(2)(a) GDPR was based and there is no other legal basis for processing.
  • the data subject objects to processing under Article 21(1) GDPR and there are no overriding legitimate grounds for processing or the data subject objects to processing under Article 21(2) GDPR.
  • the personal data have been processed unlawfully.
  • the erasure of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • the personal data have been collected in relation to information society services provided in accordance with Article 8(1) GDPR.

Where the controller has made the personal data public and the controller is obliged to delete them for one or more of the above reasons, the controller shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform data processors who handle the personal data that a data subject has requested the erasure of all links to such data or of copies or replications of same.

The right to erasure according to the above description does not exist if the processing is necessary for certain reasons specified in Article 17 para. 3 GDPR (in particular, for example, to fulfil a legal obligation or to assert, exercise or defend legal claims).

The right may also be limited in special cases by the provision of § 35 BDSG.

If one or more of the above-mentioned reasons apply and you would like to have the data stored at fka deleted, please contact our data protection officer.

5.5.4. Right of restriction of processing

Any data subject shall have the right to require the controller to restrict processing if one of the following conditions applies:

  • the accuracy of the personal data is disputed by the data subject for a period which enables the controller to verify the accuracy of the personal data.
  • the processing is unlawful and the data subject refuses to have the personal data erased and instead requests that the use of the personal data be restricted.
  • the controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims.
  • if the data subject has lodged an objection to the processing referred to in Article 21(1) DSGVO until it has been established whether the controller justified grounds outweigh those of the data subject.

If you wish to exercise this right, please contact our data protection officer at the above contact details.

5.5.5. Right of data portability

Any data subject shall have the right to receive the personal data relating to him/her which he/she has provided to a controller in a structured, current and machine-readable format and shall have the right to transmit such data to another controller without interference by the controller to whom the personal data have been provided, on condition that  

  • processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and
  • processing is carried out using automated methods.

If the data subject exercises this right, he or she also has the right to have the personal data transferred directly by one data controller to another data controller, provided that this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.

The right of erasure (“right to be forgotten”) remains unaffected by the right to data portability. The right to portability of data shall not apply to processing necessary for the performance of a task in the public interest or carried out in the exercise of official authority delegated to the controller.

If you wish to exercise this right, please contact our data protection officer at the above contact details.

5.5.6. Right to object to processing

Any data subject has the right to object at any time to the processing of personal data concerning him/her on the basis of Article 6(1)(e) (task in the public interest or exercise of sovereign power) or f (prevailing interest of the controller or a third party) GDPR for reasons arising from his/her particular situation. This also applies to profiling based on these provisions.

In the event of an objection, the fka will no longer process the personal data unless it can prove compelling grounds for processing that outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims.

Where personal data are processed for the purpose of direct marketing, any data subject shall have the right to object at any time to the processing of personal data concerning him/her for the purpose of such advertising, including any profiling related to such direct marketing.

In addition, any data subject shall have the right to object to the processing of personal data concerning him/her for reasons arising from his particular situation, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, unless such processing is necessary for the performance of a task in the public interest.

In connection with the use of information society services, notwithstanding Directive 2002/58/EC, the data subject may exercise his/her right of objection by means of automated procedures using technical specifications (objection using technical means “by default”).

The right can be limited in special cases by the regulation of § 36 BDSG.

If you wish to exercise this right, please contact our data protection officer at the above contact details.

5.5.7. Rights relating to automated decisions in individual cases (including profiling)

Any data subject shall have the right not to be subject to a decision based solely on automated processing (including profiling) which has legal effect against him or her or significantly affects him or her in a similar manner. This does not apply if the decision

  • is necessary for the conclusion or performance of a contract between the data subject and the controller;
  • is admissible by law of the Union or of the Member States to which the controller is subject and that law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject; or
  • with the explicit consent of the data subject.

If the decision to conclude or perform a contract between the data subject and the controller is necessary or is taken with the express consent of the data subject, the fka as controller shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject. This includes at least the right to obtain the intervention of a person by the controller, to state his own position and to challenge the decision.

The right can be limited in special cases by the regulation of Section 37 BDSG.

If you wish to exercise this right, please contact our data protection officer at the above contact details.

5.5.8. Right to object to data protection consent

Any data subject has the right to object to the processing of personal data at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until withdrawal.

The objection can be declared by post, e-mail, fax or by any other means provided by fka (e.g. a corresponding link in an e-mail).

In the event of withdrawal, the stored data will be erased immediately unless the person concerned has expressly consented to further use of the data in this regard or a further use of the data has been reserved, which is legally permitted and about which fka has informed.

5.5.9. Right to lodge a complaint

Each data subject has the right to complain to a supervisory authority (see Article 51 GDPR) under Article 57(1)(f) and (2) GDPR.

Responsible for fka is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (Landesbeauftragte für Datenschutz- und Informationsfreiheit Nordrhein-Westfalen), Kavalleriestraße 2 - 4, 40213 Düsseldorf, Germany.

5.6. Duration of storage or criteria for determining the storage period

If we provide a specific storage period for certain personal data, we will inform you of this in the individual case. If we are unable to specify the concrete duration of the storage, we will inform you of the relevant criteria for determining the particular storage period.

In principle, the duration of the storage of personal data is measured according to the respective legal retention periods. For example, we store certain personal data for the duration of retention periods prescribed by commercial or tax law.

As far as personal data are required for the defense or enforcement of claims, they are stored until the expiry of relevant limitation periods, unless the reason for this no longer applies, or for other reasons a longer storage period is possible.

After expiry of these periods, the corresponding data will be routinely erased, unless they are no longer required for contract execution or contract initiation and/or if we have no legitimate interest in further storage, including in favor of a third party.

5.7. Automated decision making/Profiling

In principle, we do not use automated decision making processes/profilings

If, in exceptional cases, credit information is obtained about a natural person, we will inform the data subject separately.

5.8. Intended transfer to third countries

The European regulator provides that data subjects must be informed as to whether the controller intends to transfer the personal data to a recipient in a third country or an international organisation and whether an adequacy decision is available or lacking or there are equivalent guarantees, including information on how these can be obtained.

In principle, fka neither transfers personal data to a third country nor does it intend to do so. Should this deviate from the aforementioned principle in individual cases be intended or take place, we will inform the data subject separately.

6. Use of our website

In this section we would like to inform you in detail about which personal data we process for which purposes in the context of using our website.

6.1. General information on the processing of personal data on our website

As part of your informational visit to our website, i.e. if you do not use any of the registration functions provided or otherwise provide us with information, we only collect the technical information that your browser transmits to our server each time you visit the website. The following information can be collected:

  • Information about the accessing device: operating system, browser and version information;
  • If applicable: the website from which our website was redirected (referrer information);
  • Date and time of access;
  • IP (Internet Protocol) address of the device used to access our website; the IP address is recorded only to 2 bytes (e.g. "192.168.xxx.xxx");
  • file request.

The information is stored on our servers as part of an automatically generated log file. We do not draw any conclusions about the identity of the visitor from the information collected.

We use this information to optimize the presentation of our website, to optimize the functions and content and to statistically evaluate the number of visitors to our website or certain contents. In the event of a hacker attack on our website, necessary data may be made available to the law enforcement authorities.

The legal basis for processing the information includes the following:

  • Processing for the protection of legitimate interests (Article 6 para. 1 lit. f GDPR): Justified interests are the increase of the satisfaction of the visitors and improvement of the services and products of fka;
  • fulfilment of a legal obligation (Article 6 para. 1 lit. c GDPR), as far as we are obliged to surrender the data to criminal prosecution or regulatory authorities or on a civil law basis.

The recipients of the data may be criminal prosecution or regulatory authorities or similar bodies in order to defend against and prevent misuse of our Internet presence.

The provision of the information is not required by law or by contract or is necessary for the conclusion of a contract and there is no obligation to provide personal data. Please note, however, that information is collected automatically when you visit our website. If you prevent - for example with the help of appropriate tools - the provision of data (e.g. the transmission of the screen size, the device used or the browser used), certain functions of our Internet presence can no longer be displayed or used correctly.

Log files are automatically deleted after seven days, unless a longer storage period is required in the event of violations to clarify and enforce claims and for criminal prosecution.

Subject to the conditions specified in more detail, you are entitled to the rights of the data subjects referred to in Section 5.5.

6.2. Web analytics and cookies

We respect your right to privacy and, therefore, we do not use web analytics services and cookies.

7. Contact and general communication

Herewith you inform about the processing of your personal data, if you contact us about the possibilities offered on our website, in particular by e-mail, by fax or by telephone, or independently of this on the named ways (including postal correspondence).

When you contact us, we collect the data you have provided, in particular:

  • Inventory data (for example, name, address);
  • Contact details (e.g., e-mail, phone/fax number);
  • Content data (e.g., text input, photographs, videos);
  • Usage data (e.g., date and time of contact);
  • Contract data (for example, contract object, term, customer category);
  • Payment data (e.g., bank details).

We process the data generally for the execution of a contract or for pre-contractual measures in accordance with Article 6 (1) (a) DSGVO, if the information is communicated on the occasion of a contract or a contract initiation (for example a concrete inquiry for sending an offer or an e-mail notification with reference to a concrete project). In addition, the processing of your data for the protection of legitimate interests pursuant to Article 6 (1) (f) DSGVO may be considered as a legal basis. Our legitimate interest is to be seen in the provision of services and the possible expansion of our customer base.

We only process your data within our company and do not pass it on to third parties without your express consent. An exception to this is made, if the matter you contacted us with concerns one of our project partners. In this case, we may decide to forward your request to our project partners as shown on our website.

Your request will be forwarded to the appropriate department within our company. This can be, depending on the request to be able to work on, in particular the project responsible persons in the context of projects, the bookkeeping, the Controlling, the personnel department, the IT department, or PR/media. Within our company, only those persons have access to your data who need this for the proper answer to your request.

The provision of the information is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. There is also no provision obligation. If you do not provide us with certain information, we may not be able to process your request or only to a limited extent. Exceptionally, for legal reasons, it may be necessary for you to provide us with certain information in order to be able to process declarations with legally binding effect, for example for the conclusion or execution of a contract.

Data collected in the course of establishing contacts or inquiries will be stored for as long as their processing and any measures that may follow make this necessary. We delete the data after a storage is no longer necessary or limit the processing, if legal storage obligations exist.

Under the conditions described in more detail, they are entitled to the rights of the persons concerned mentioned in Section 5.5.

8. Use of personal data for direct advertising

Your contact data, which we have received from you in connection with the sale of goods or services by or from us (name, company, address, telephone and, if applicable, fax number, e-mail address), we use within the framework of the legal requirements according to § 7 para. 3 UWG, Article 6 para. 1 lit. f DSGVO to send you information about similar goods or services of fka.

If you do not wish to receive such information or no longer wish to receive it, you can object to the further use of your data for this purpose. You can send your objection by post, e-mail, fax or any other means provided by fka (e.g. a corresponding link in an E-Mail).

In the event of objection, we will delete the data immediately, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we have informed you or informed you.

As on: 24.05.2018

ALIVE - SEAM