privacy policy

I. Controller responsible for data processing

AAA Dienstleistungs GmbH
12529 Schönefeld
Telephone: +49 30 - 263 750 42
E-mail: headoffice@aaa-security-consulting.com

II. Purpose and legal basis of processing, data sources

1. we process personal data that we receive from customers as part of the business relationship. In addition, we process personal data that we legitimately obtain from publicly accessible sources (e.g. commercial and association registers, press, Internet) or that are legitimately transmitted to us by other third parties, insofar as this is necessary for the provision of services.

2 We process your personal data in accordance with the relevant data protection provisions of the EU General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG):

a) To fulfill contractual obligations (Art. 6 para. 1 lit. b) DSGVO)
you make a request for one of our services, we need the information you provide for our offer. If the contract is concluded, we and the third parties commissioned by us may process the following data to implement the contractual relationship
- Personal details (name, address, telephone and e-mail address),
- Bank details (IBAN, bank, account holder) and payment

-Payment information (turnover data in payment transactions),
- other necessary data that primarily depends on the respective service. Please refer to the relevant contractual documents and terms and conditions of the respective services for further details.
The conclusion of the contract or the realization of our services is not possible without the processing of your personal data.

b) As part of the balancing of interests (Art. 6 para. 1 lit. f) DSGVO)
In order to offer our customers relevant and optimized services, we use your customer, contact, payment and operational data as well as your contract history. We process your data in order to protect our legitimate interests or those of third parties. This may be necessary in particular
- to ensure IT security and IT operations,
- for measures for business management and further development of services,
- to check and optimize procedures for needs analysis for the purpose of direct customer contact
- for advertising or market and opinion research, provided you have not objected to the use of your data.
In order to prevent duplication and to keep only one data record for you, we compare your customer data with our customer database.
c) On the basis of your consent (Art. 6 para. 1 lit. a) DSGVO)

If you have given us your consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. Any consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to DSD before the DSGVO came into force, i.e. before May 25, 2018. The withdrawal of consent does not affect the lawfulness of the data processed prior to the withdrawal.
d) Due to legal requirements (Art. 6 para. 1 lit. c) DSGVO) or in the public interest (Art. 6 para. 1 lit. e)DSGVO)
We process your personal data to fulfill legal obligations such as SGB's, commercial and tax retention obligations and regulatory requirements.

III Disclosure of data, recipients

1. we give access to your data to those departments that need it to fulfill our contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for these purposes if they maintain data secrecy.

2. with regard to the transfer of data to recipients outside of us, it should be noted that they are contractually obliged to maintain confidentiality about all customer-related facts and evaluations of which we have gained knowledge.

3. we may only pass on information about you if:

- you have given your express consent to this in accordance with Art. 6 para. 1 lit. a DSGVO or

- the disclosure pursuant to Art. 6 para. 1 lit. f DSGVO is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data or

- in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c DSGVO or

- in the event that the disclosure is in the public interest pursuant to Art. 6 para. 1 lit. e DSGVO,

- this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b DSGVO.

4. under these conditions, recipients of personal data may be, for example, to the extent permitted by law (as described above under II.)

- IT service providers for the maintenance of our IT infrastructure.

- Public bodies and institutions (e.g. Federal Employment Agency, social security institutions, police, public prosecutor's office, supervisory authorities) if there is a legal or official obligation.

- Certification bodies or comparable institutions to which we have to transmit personal data in order to carry out the business relationship with you.

5. other data recipients may be those bodies for which you have given us your consent to data transfer or for which you have released us from data secrecy in accordance with the agreement or consent.

IV. Data transfer to a third country

1. data transfers to countries outside the European Union and the European Economic Area (third countries) are generally possible. The following must be given:

- The transfer is generally permissible because a legal authorization is fulfilled or you have consented to the data transfer and

- the special requirements for a transfer to a third country are met. In particular, an adequate level of data protection is guaranteed in accordance with the EU standard contractual clauses for the transfer of personal data to data processors in third countries.

2. we currently do not transfer any data to a third country.

V. Duration of data storage

1. we process and store your personal data as long as it is necessary for the fulfillment of contractual and legal obligations.

2. we therefore store your data for the period of the existing contract and after its termination until your personal data is no longer required for the purposes mentioned under II. They are then regularly deleted, unless their (temporary) storage and/or further processing is necessary for the following purposes:

- Fulfillment of commercial and tax law verification and retention obligations, which are defined by the German Commercial Code (e.g. Section 257) and the German Fiscal Code (e.g. Section 147), among others. The retention and documentation periods specified there are two to ten years. We then delete this data.

- Preservation of evidence within the framework of the statutory statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to thirty years, whereby the regular limitation period is three years. We will then delete this data.

VI. Information on your rights as a data subject

1. you have the right at any time

- Pursuant to Art. 15 DSGVO, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details.

- In accordance with Art. 16 DSGVO, to immediately request the correction of incorrect or the completion of your personal data stored by us.

- In accordance with Art. 17 DSGVO, to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

- In accordance with Art. 18 DSGVO, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 DSGVO.

- In accordance with Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller.

The restrictions under Sections 34 and 35 BDSG apply to the right to information and the right to erasure.

2. if we process your data on the basis of your consent, you can revoke your consent to us at any time in accordance with Art. 7 para. 3 DSGVO. As a result, we may no longer continue the data processing that was based on this consent in the future. Processing that took place before the withdrawal is not affected by this.

3. you also have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 DSGVO in conjunction with Section 19 BDSG. As a rule, you can contact the data protection supervisory authority of Berlin; the State Commissioner for Data Protection, or your usual place of residence or workplace.

VII. Right to object

1. you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) DSGVO (data processing in the public interest) and Article 6(1)(F) DSGVO (data processing on the basis of a balancing of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

2. in individual cases, we process your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. Your objection can be made in any case without form. An e-mail to headoffice@aaa-security-consulting.com is sufficient.

VIII. Data security

1. we use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website.

2. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

IX. Use of our website and its contact form

1. when you visit my website aaa-securtiy-consulting.com, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted

- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the accessed file,
- the website from which access was made (referrer URL)
- browser used and, if applicable, the operating system of your computer and the name of your provider.

2 We process the aforementioned data for the following purposes:
- Ensuring a smooth connection to the website,
- Ensuring a comfortable use of our website,
- evaluation of system security and stability and
- for other administrative purposes.

3. the legal basis for data processing is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. We also use cookies and analysis services when you visit our website. You will find more detailed explanations on this under X. of this data protection notice.

4 For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide your full name, a valid telephone number and e-mail address so that we know who sent the request and can answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 lit. a DSGVO on the basis of your voluntary consent. The personal data collected by us for the use of the contact form will be deleted after your inquiry has been dealt with.

X. Cookie information

1. we use cookies on our website. A cookie is a short data packet that is exchanged between internet servers and browsers. The server sends the data packet to the browser of your end device, which sends it back to the server each time you access a file when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity.

2. the use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our website.

3. in addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

4. on the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see under XI.). These cookies enable us to automatically recognize that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time.

5. the data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f DSGVO.

6 Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.

XI. Links, web analysis and tracking services

1. the links, web analysis and tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 lit. f DSGVO to safeguard our legitimate interests. With the web analysis and tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use these measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.

2 The respective data processing purposes and data categories can be found in the corresponding tracking services.

Facebook social plugins (e.g. “Share” button)

Our website uses so-called social plugins (“plugins”) of the social network Facebook, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are marked with a Facebook logo or the addition “Social plugin from Facebook” or “Facebook Social Plugin”. You can find an overview of the Facebook plugins and their appearance here: http://developers.facebook.com/plugins

When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook profile. 

 If you interact with the plugins, for example by clicking the “Share” button or leaving a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook's data protection information: http://www.facebook.com/policy.php
If you do not want Facebook to assign the data collected via our website directly to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plugins with add-ons for your browser, e.g. with the “Facebook Blocker”
https://wlabs.de/689/browser-addon-facebookblocker/

Privacy policy for the use of Google Analytics:

This website uses Google Analytics, a web analytics service provided by Google Inc.
Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Use of the information collected:
In addition to the uses explained above, the information you provide will be used in accordance with the applicable Google privacy policy. Google may publish summarized statistics about the +1 activities of users or pass them on to users and partners, such as publishers, advertisers or associated websites.
References: Privacy policy for Google Analytics: http://www.google.com/intl/de_de/policies/privacy/

XII. Up-to-dateness and amendment of this data protection notice
This data protection notice is dated 01.05.2024/Vers.01.2
You can access and print out the current data protection information at any time on our website at https://aaa-security-consulting.com/legal-notice/privacy-policy