Data Privacy Notice – Alasco

This Data Protection Notice explains how Alasco uses your personal data and which rights and options you have in this respect.  It applies to Personal Data that you provide to Alasco or which are derived from your contractual relationship or other interaction with Alasco.  How we use information that is gathered by cookies or other web-tracking or analytics technologies is explained in our cookie-policy. Please note that where this notice explains applicable law and your rights, this applies only to personal data which is processed under the EU General Data Protection Regulation.  Where the processing of your personal data is not subject to this regulation, different rules may apply under your applicable law.

WHO is Responsible for your personal data?

We, Alasco GmbH, Leopoldstraße 21, 80802 Munich, Germany are the responsible controller for any personal data you provide to us in connection with our business relationship.

Which categories of Personal data Do We process?

Depending on the nature of our business relationship with you or your organization, we may collect and process in particular the following categories of personal data:

• Professional contact information, such as full name, title, address, position, telephone number, mobile phone number, and email address, your (digital) signature if applicable, and the IP address of your computer if you use our services online;
• Payment related data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
• Further business information necessarily processed in a business or other contractual relationship with Alasco or voluntarily provided by you, such as purchases, services and other business activities, product feedback and any other information you may provide to us;
• Information about your interests and other information obtained by website, newsletter or other analytics technology, in particular your activities when you use our websites, view newsletters or other electronic information or use our online products and services (such as downloadable content) which may include information about which content you download, click or view for how often and how long;
• Information we are legally required to collect to comply with our legal or regulatory obligations, which may include information about relevant and significant litigation or other legal proceedings against you or a third party related to you and interaction with you which may be relevant for antitrust purposes.
• Special categories of Personal Data.  In certain circumstances, where required or permitted by law or where you have expressly permitted us to do so, we may collect special categories of your personal data which are specifically protected under data protection law. Please note that, if you do not provide this information, we will not be able to take any respective precautions.

For which purposes do we use your personal data?

Depending on the nature of our business relation, we may process your personal data for the following purposes (“Permitted Purposes“):

• Planning, entering into, performing, managing and administering your (or a third party’s to whom you are related) contractual business relationship with Alasco Group, e.g. by entering into or performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, maintenance and providing support services or providing you with other services or things you may have requested;
• Maintaining and protecting the security of our products and services and of our IT systems, databases, websites or other digital infrastructure, preventing and detecting security threats, fraud or other criminal or malicious activities;
• Ensuring compliance with our legal and regulatory obligations. This may include sales and business record keeping obligations for tax or other purposes and sending required notices or other disclosures, compliance screening or recording obligations (e.g. under anti-money laundering (AML), know your customer (KYC), antitrust laws, export control laws, trade sanction and embargo laws or to prevent white-collar crimes).  In this context we may be required to conduct automated checks of your contact data or other information about your identity against applicable anti-money laundering or sanctioned-party lists and to contact you to confirm your identity in case of a potential match, to record interaction with you which may be relevant for antitrust purposes and to report to or support investigations by competent supervisory, law enforcement or other public authorities;
• Informing you, where permitted by applicable law, about Alasco’s products or services which are similar to products and services purchased or used by our or otherwise related to our business relationship with you or your organization; or
• to establish, exercise and defend legal claims.

Where you have given us your consent or otherwise legally permitted, we may process your personal data also for the following purposes:

• Communicating with you through the channels you have approved to keep you up to date on the latest announcements, special offers and other information about Alasco’s products, technologies and services (including marketing-related newsletters) as well as events and projects of Alasco;
• Administrating and performing customer surveys, marketing campaigns, market analysis, sweepstakes, contests or other promotional activities or events or
• Profiling and automated processing: Collecting information about your preferences on the basis of your activities when you use our websites and any products or services we offer to you online (such as downloadable content). On the basis of this information (e.g. which content is downloaded, clicked or viewed for how often and how long), we create a user profile to personalize and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics). The logic behind our profiling activities is to identify areas which may be useful or otherwise of interest for you and to inform you about such areas in a more effective and targeted way. The algorithms used apply this logic and automatically deliver the targeted content or information to you.

Please note: Under the European General Data Protection Regulation (Article 21 (2)) you have the right to object to the use of your personal data for direct marketing purposes, including the profiling described above.  Please refer to ” Your data protection rights” below for further explanation of your rights and how to exercise them.

Where your explicit permission is required for any marketing-related communication, we will only provide you with such information if you have opted in.  You may opt out at any time if you do not want to receive any further marketing-related types of communication from us.  We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.

If you have given us your explicit consent in each case, we may also use your special categories of personal data for the following purposes:

• in individual cases, for the execution of digital signatures under collection of biometric data within the scope of an advanced electronic signature (“advanced electronic signature”).

On which basis do we process your information?

We will process your personal data for the above Permitted Purposes only

• where it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into such a contract;
• where it is necessary for our or a third party’s legitimate interests, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. Our “legitimate interests” may include our commercial interests in operating our business in a professional, sustainable manner, in accordance with all relevant legal and regulatory requirements or expediting and facilitating a contract with you;
• for our compliance with our legal obligations;
• where it is necessary to protect your or another person’s vital interests;
• where we have obtained your specific or, where necessary, explicit consent to do so. We will in each case inform you about the processing of your data and your related rights prior to obtaining your consent.

The legal bases for processing of your personal data are set forth in Article 6 of the European General Data Protection Regulation.

How do we collect your personal data?

We may collect this personal data in various ways, including:

Directly from you when you interact with us (e.g., when you voluntarily submit information to our website, or send us an email or other written correspondence or otherwise provide us with information in the course of our business or other relationship).

Indirectly from other sources (e.g., from public records or from a counterparty, typically acting with your consent, who is in possession of the data).

Where do we process personal data?

Alasco is a globally active enterprise.  In the course of our business activities, we may transfer your personal data also to recipients in countries outside of the European Economic Area (“third countries”), in which applicable laws do not offer the same level of data protection as the laws of your home country. When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data, in particular by entering into the EU Standard Contractual Clauses which are available here and by applying other measures required by applicable law. You may contact us anytime using the contact details below if you would like further information on such safeguards.

How do we Protect Your personal data

We maintain physical, electronic and procedural safeguards in accordance with the technical state of the art and legal data protection requirements to protect your personal data from unauthorized access or intrusion.  These safeguards include implementing specific technologies and procedures designed to protect your privacy, such as secure servers, firewalls and SSL encryption.  We will at all times strictly comply with applicable laws and regulations regarding the confidentiality and security of personal data.

With Whom do we share your PERSONAL DATA?

We may share your personal data as follows:

• With our affiliates within Alasco Group worldwide if and to the extent required for the Permitted Purposes and legally permitted. In such cases, these entities will then use the Personal Data for the same purposes and under the same conditions as outlined in this Data Privacy Notice.
• We may also instruct service providers (so called data processors) within or outside of Alasco Group, domestically or abroad, e.g. shared service centers, cloud providers, digital signature portals, CRM system providers, database system providers, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only.  Alasco will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
• With courts, regulators, law enforcement or other competent authorities or legal advisors if legally permitted and necessary to comply with a legal obligation or for the establishment, exercise or defense of legal claims.
• With credit reference agencies and other companies for use in credit decisions, for fraud prevention and to collect debts.
• We may also share your personal data with third parties if we sell or buy any business or assets, in which case we may disclose personal data to the prospective seller or buyer of such business or assets, along with its professional advisers. If Alasco or substantially all of its assets are acquired by a third party, personal data held by us about customers and other contacts will be one of the transferred assets.

Otherwise, we will only disclose your personal data when you direct (e.g., if you instruct us to disclose your personal data to a specific third party) or give us (explicit) permission, when we are required by applicable law or regulations or judicial or official request to do so, or when we suspect fraudulent or criminal activities.

How long do we store PERSONAL DATA?

We will hold your personal data as long as required to provide you with the products, services or information you have requested and to execute and administer your business relationship with us.  If you have asked us not to communicate with you, we will hold this information as long as required to comply with your request.  We are also required to keep certain of your personal data (e.g. relating to business or tax relevant transactions) for certain retention periods under applicable law.  Your personal data will be promptly deleted when it is no longer required for these purposes.

YOUR RIGHTS

Subject to certain legal conditions, you may request access to, rectification, erasure or restriction of processing of your personal data.  You may also object to processing or request data portability.  In particular you have the right to request a copy of the personal data that we hold about you.  If you make this request repeatedly, we may make an adequate charge for this.  Please refer to Articles 15 to 22 of the EU General Data Protection Regulation for details on your data protection rights.

If you have given us your consent for the processing of your personal data, you may withdraw your consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal.  If you withdraw your consent, we will only continue processing your personal information where there is another legal ground or where we are legally required to do so.

For any of the above requests, please send a description of your personal data concerned and appropriate proof of identity (e.g. your customer number) to the contact details below.  We may require additional proof of identity to protect your personal data against unauthorized access.  We will carefully consider your request and may discuss with you how it can best be fulfilled.

If you have any concerns about how your personal data is handled by us or wish to raise a complaint on how we have handled your personal data, you can contact us at the contact details below to have the matter investigated.  If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the competent data protection supervisory authority in your country.

Are you required to provide personal data?

As a general principle, you will provide us with your personal data entirely voluntary; there are generally no detrimental effects on you if you choose not to consent or to provide personal data.  However, there are circumstances in which Alasco cannot take action without certain of your personal data, for example because this personal data is required to process your orders, provide you with access to a web offering or newsletter or to carry out a legally required compliance screening.  In these cases, it will unfortunately not be possible for Alasco to provide you with what you request without the relevant personal data.

Changes To This Notice

This Data Privacy Notice was last updated in Juli 2022.  From time to time, we may make change or amend it as required to reflect any changes to the way in which we use your personal data or changing legal requirements. So you may wish to check back from time to time or whenever you make available personal data to us.  Any amended Data Privacy Notice will apply from the date it is posted on our website.

How to get in touch with us

For any questions and comments or in case you want to assert your rights, please contact us directly at legal@alasco.de or our data protection officer: DataCo GmbH, Dachauer Straße 65, 80335 München, E-Mail: datenschutz@dataguard.de