Data protection principles
for our Website

Data protection principles of www.atr.de pursuant to Art. 13 GDPR

The following data protection principles inform you about the collection, processing and use of personal data by the data controller within the scope of visiting this website.

1. Data controller within the meaning of art. 4 (7) GDPR

Main data controller:

ATR International AG
Other data controllers:
Auto-Teile-Ring GmbH
ATR SERVICE GmbH
​​​​​​​ATR Digitisation GmbH

(hereinafter referred to as ATR)

Marie-Curie-Strasse 3
73770 Denkendorf
Germany

Phone: + 49 711 918979-0
E-mail: datenschutz@atr.de
Website: www.atr.de

Purpose of the data processing/ Legal basis: Any personal information you provide to us when filling out contact forms, by telephone or in e-mails will be treated confidentially. We use your data exclusively for the purpose of processing your enquiry. The legal basis for the data processing is Art. 6 para. 1 f) GDPR. The justified interest on the part of ATR results from the interest to answer the enquiries sent by our customers and visitors to this website and to maintain and promote customer satisfaction.

Recipients/ Categories of recipients: We exclude any transfer of data to third parties outside the ATR group of companies. In exceptional cases, data is processed on our behalf by contract processors. These are carefully selected, audited by us and contractually bound pursuant to Art. 28 GDPR. Furthermore, it may be necessary for us to pass on extracts of your enquiry to contractual partners (e.g. suppliers for product-specific enquiries) in order to process your enquiry. In these cases, however, the request will be anonymized beforehand so that the third party cannot establish any reference to you. If, in individual cases, the disclosure of your personal information should be necessary, we will inform you of this in advance and obtain your consent.

Storage duration/ Criteria for determining the storage duration: All the personal data that you provide to us in enquiries (suggestions, praise or criticism) via this website or by e-mail will be deleted or securely anonymized by us at the latest 90 days after the final reply has been given to you. The reason for the storage period of 90 days is that, occasionally, you as a customer may contact us again about the same matter after a reply has been sent out and we must then be able to refer to the previous correspondence. Experience has shown that, as a rule, after 90 days there are no more questions relating to our replies.

Authorized persons may use the Extranet for shareholders and business partners on this website.

Purpose of the data processing/ Legal basis: We need an e-mail address to create the access. Your e-mail address is used solely as a user name for the use of and login into our website www.atr.de.

The legal basis for the data processing within the scope of the use of the Extranet by you is Art. 6 para. 1 f) GDPR. The justified interest on the part of ATR results from the interest in being able to provide the business partner with the desired and necessary information required for the partnership.

Processing of your access data beyond this purpose will not take place without your consent.

Recipients/ Categories of recipients: Within the ATR group of companies, the data of your Extranet account can only be used by the responsible departments for the technical administration of the Extranet accounts. Transfer to third parties outside of ATR does not take place.

Storage duration/ Criteria for determining the storage duration: Your Extranet account will generally remain stored indefinitely unless you delete your account, your partnership with ATR ends or you request us to delete it. The data will then be removed from our system if there are no retention periods or if the data is not still required in individual cases (for example, in the case of open claims to collect the claims).

Purpose of the data processing/ Legal basis: On our website, you can take part in various ATR competitions. Unless otherwise stipulated in the specific data protection principles of the respective competition or unless you have given us further express consent, the personal details you provide to us in connection with participation in the competition will be used exclusively for the purpose of processing the competition (determining the winner, notifying the winner, sending the prize). The legal basis for the data processing within the framework of competitions is, should you participate, article 6 para. 1 f) GDPR. The justified interest on the part of ATR results from the interest in being able to carry out the promoted competition.

In the event of the submission of a declaration of consent going beyond this in the context of a competition, Art. 6 para. 1 a) GDPR is the legal basis for data processing based on the consent. If you have given your consent in the context of a raffle, you can revoke this consent at any time with effect for the future. In such cases, further details are set out in the specific data protection principles of the competition concerned.

Recipients/ Categories of recipients: The data collected for competition purposes is generally only accessible by the department within the ATR group of companies that carried out the specific competition. The data will only be passed on to third parties if this is absolutely necessary for the execution of the competition or the sending of the prize (e.g. prize dispatch by the sponsor of a competition) or if you have given us express permission to do so.

Storage duration/ Criteria for determining the storage duration: After the end of the competition and the announcement of the winners, the data of the participants will be deleted. The data of the winners will be kept for the duration of the statutory warranty claims in the case of material prizes, in order to arrange for rectification or exchange in the event of a defect in the prize.

On the Extranet "myATR" on our website, we use so-called "cookies". Cookies are small text files that are sent from our web server to your terminal device (PC, notebook, smartphone or tablet) when you visit this website and are stored there in the Internet browser you are using. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. We do not use these necessary cookies for analysis, tracking or advertising purposes.  

In some cases, these cookies only contain information about certain settings and are not personally identifiable. They may also be necessary to enable user guidance, security and implementation of the site.

We use these cookies on the basis of Art. 6 para. 1 p. 1 lit. f GDPR.

You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the appropriate browser setting and prevent the setting of new cookies. Please note that our websites may then not be displayed and some functions may no longer be technically available.

When you log in to the Extranet ("myATR") on our website, a cookie is set on your device. This cookie is a standard TYPO3 session cookie. With a user login, each cookie stores the session ID with which the logged-in user is recognized and granted access to protected areas. The cookie is deleted at the end of the browser session and does not remain on your computer. If you leave our pages, the temporary cookie will also be deleted (session cookies).

We embed map services on our website that are not stored on our servers. In order to ensure that calling up our web pages with embedded map services does not automatically lead to third-party content being loaded, we only display locally saved preview images of the maps in a first step. This does not provide the third party provider with any information.

Only after a click on the preview image third-party content will be loaded. This informs the third party that you have called up our site and provides the technically required usage data. We have no influence on further data processing by the third party provider. By clicking on the preview image, you give us your consent to reload the contents of the third-party provider.

The embedding takes place on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or § 15 Para. 3 S. 1 TMG, provided that you have previously given your consent by clicking on the preview image.

Please note that the embedding of some map services means that your data will be processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer to an insecure third country is based on Art. 49 para. 1 lit. a DSGVO.

Provider

Maximum storage period

Adequate level of data protection

Withdrawal of consent

Google LLC (USA)

 

No adequate level of data protection. The transmission is based on Art. 49 para. 1 lit. a GDPR.

If you clicked on a preview image, the contents of the third-party provider are immediately reloaded. If you do not wish such reloading on other sites, please do not click on the thumbnails anymore.

 

When you visit our websites, our web server temporarily stores so-called usage data for statistical and security-related purposes as a protocol to ensure the security and integrity of our websites. This record consists of

  • the page from which the file was requested,
  • the IP address
  • the name of the requested file,
  • the date and time of the query,
  • the amount of data transferred,
  • the access status (file transferred, file not found),
  • the description of the type of web browser used.

We store the IP address transmitted by your web browser strictly for the purpose of detecting, limiting and eliminating attacks on our websites for a period of thirty days. After this period, we delete or anonymize the IP address. The listed usage data does not allow any conclusions to be drawn about your person. An evaluation of the data takes place exclusively in anonymous form. At the point where it would hypothetically be possible to identify your person, such as with an IP address, we are responsible for ensuring that it is impossible to identify your person through anonymisation / pseudonymisation.

The legal basis for the processing of the aforementioned usage data is Art. 6 para. 1 p. 1 lit. f GDPR.

Analysis tool Matomo (formerly called Piwik):
As part of our extranet, we use the open source web analytics service Matomo. Matomo uses technologies that enable the cross-page recognition of the user for the analysis of user behaviour. The tracking of user behaviour is performed by a Java-Script applet and so-called tracking pixels, whose call in Matomo store the user behaviour in anonymised form. No data is stored on the user's terminal device. The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage. The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The information collected by Matomo about the use of this website will not be disclosed to third parties.

We take technical and organisational security measures in order to protect your data from unwanted access as comprehensively as possible. In addition to securing the operating environment, we use encryption procedures. The information you provide is transmitted in encrypted form using an SSL protocol (Secure Socket Layer) and authentication is checked to prevent misuse of the data by third parties. You can recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address bar begins with "https...".

You can apply for positions advertised by us via our website. You yourself determine the scope of the data that you wish to transmit to us as part of your online application. We process your personal data according to the valid data protection regulations on the basis of § 26 Para. 1 S. 1 of the Federal Data Protection Act (BDSG). We process the data that you disclose to us within the scope of your online application exclusively for the purpose of applicant selection. Data processing for other purposes does not take place.

You yourself determine the scope of the data that you wish to transmit to us as part of your application. Depending on how you sent your application to us, applications will be submitted electronically or as reference files to our personnel department, where they will be processed as quickly as possible. The electronic transmission of applications is always encrypted. As a rule, applications are forwarded to the relevant department. No other forwarding of your data takes place. Your data will be treated confidentially in our company. If your application is unsuccessful, your documents will be deleted after 3 months.

In the event that we also wish to consider your application for other or future job advertisements, we will obtain your separate consent. We will then process your data on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR.

If you participate in an online meeting as an external participant, you will receive an access link by e-mail from the host of the webinar. When registering for the online meeting, you will then have to enter your name and, if applicable, your e-mail address.

We use the tool "edudip" to conduct online webinars. For the data processing regarding contact persons of our shareholders and concept partners, the legitimate interest according to 6 para. 1 lit. f) GDPR is the legal basis. Our interest lies in the offering of webinars. Insofar as our contact person is a direct contractual partner and a natural person, Art. 6 para. 1 lit. b) GDPR is the legal basis. If recordings of the webinars are to be made, you will be informed separately and can give your consent to this voluntarily.   

The "edudip" tool is provided by edudip GmbH, headquartered in Aachen, Germany, as part of a contract processing pursuant to Art. 28 GDPR. 

As a matter of principle, we delete personal data when there is no requirement for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

If you participate in an online meeting as an external participant, you will receive an access link by e-mail from the host of the webinar. When you register for the online meeting, you will have to enter your login name and, if applicable, your e-mail address. Furthermore, metadata such as date, time, meeting-ID and IP addressip-adress are processed.

We use the tool "Microsoft Teams" to conduct online webinars. The legal basis for data processing regarding contact persons of our shareholders and concept partners is the legitimate interest according to Art. 6 para. 1 f) GDPR. Our legitimate interest lies in the offering of webinars. If our contact person is a direct contractual partner and a natural person, Art. 6 para. 1 b) GDPR is the legal basis. Recordings of the webinars will not be created in this context.

Microsoft Teams is part of Microsoft Office 365, a software from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

In principle, ATR does not process data outside the European Union (EU), as we have limited our storage location to data centresers in the European Union. However, we cannot exclude that the routing of data takes place via internet servers that are located outside the EU. This may be the case in particular if participants in "Online Meeting" are located in a third country.

However, the data is encrypted during transfer over the Internet and thus protected against unauthorized access by third parties.

Microsoft reserves the right to process customer data for its own legitimate business purposes and to pass it on to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. We have no control over this data processing by Microsoft. To the extent that Microsoft Teams processes personal data in connection with legitimate business purposes, Microsoft is the independent data controller for those data processing activities and, as such, is responsible for compliance with all applicable data protection laws. If you require information about Microsoft's processing, please refer to the relevant Microsoft statement (https://privacy.microsoft.com/de-de/privacystatement).
 

Pursuant to Art. 15 para. 1 GDPR, you have the right to request information free of charge on the personal data stored by ATR about you.

In addition, you have a right to correction (Art. 16 GDPR), deletion (Art. 17 GDPR) and restriction of the processing (Art. 18 GDPR) of your personal data if the legal requirements are met.

If the data processing is based on Art. 6 para. 1 e) or f) GDPR, you have the right to object according to Art. 21 GDPR. If you object to the data processing, this will not take place in the future, unless the data controller can prove compelling reasons worthy of protection for the further processing which outweigh the interest of the data subject in objecting.

If you have provided the processed data yourself, you have the right to data transfer in accordance with Art. 20 GDPR.

If the data processing is based on consent pursuant to Art. 6 para. 1 a) or Art. 9 para. 2 a) GDPR, you may revoke the consent at any time with effect for the future without affecting the legality of the previous processing.

Please contact the data protection officer in writing or by e-mail in the aforementioned cases, for open questions or in the event of complaints.

In addition, you have the right to complain to a data protection supervisory authority. The data protection supervisory authority of the federal state in which you live or in which the data controller is based is responsible.

Unless otherwise stated in the previous chapters, the provision of personal data is not required by law or contract or necessary for the conclusion of a contract. You are not obliged to provide the personal data if no other information has been provided previously. Failure to provide your personal data may mean that we are unable to respond to your contact request or that participation in the application process is not possible.

Automated decision-making does not take place.

Datenschutz Süd GmbH
E-mail: office@datenschutz-sued.de
Postal address:
Wörthstraße 15
97082 Würzburg
Germany

Data protection principles for business partners

Data protection principles for business partners

Dear Sir/Madam,

We take the protection of your personal data very seriously and endeavour to give you comprehensive information about the way in which your personal data is processed. The following data protection information applies to you if you contact us, if contract negotiations take place with us and/or if contractual agreements exist with us and the data of natural persons is processed in connection with these. In particular, the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) serve as the legal basis. Which data is actually processed largely depends on the agreed services. Therefore, not all parts of this information will be relevant to you.

How do we collect your personal data and which data categories do we use?

We essentially collect your data from you.

However, it may also be necessary to process personal data that we receive from other companies, authorities or other third parties, such as credit agencies, tax offices or similar.

Relevant personal data can include: personal data (e.g. first/last name, address and other contact data, date and place of birth and nationality), identification and authentication data (e.g. extracts from the commercial register, identity-card data, specimen signature), data within the scope of our business relationship (e.g. payment data, data on orders), creditworthiness data, data on company structures and ownership as well as other data comparable with the aforementioned categories.

You always have the choice whether to communicate with us by e-mail or post. Communication by e-mail may be unencrypted for technical reasons.

Purposes and legal basis of the processing

In order to fulfil contractual obligations (Art. 6 para. 1 letter b GDPR)

The purposes of the data processing result from the execution of pre-contractual measures, which precede a contractually regulated business relationship and in the fulfilment of the obligations from the concluded contract.

In order to fulfil a legal obligation (Art. 6 para. 1 letter c GDPR)

The purposes of the data processing result in individual cases from statutory requirements. These statutory obligations include, for example, the fulfilment of storage and identification obligations, e.g. as part of the regulations for the prevention of money laundering, tax control and reporting obligations, and the data processing required as a result of enquiries from authorities.

In order to fulfil legitimate interests (Art. 6 para. 1 letter f GDPR)

It may be necessary to process the personal data provided by you beyond the actual fulfilment of the contract. The legitimate interests here are in particular the selection of suitable business partners, assertion of legal claims, defence against liability claims, entry or access controls, billing purposes (e.g. for seminars at Trainmobil), direct marketing purposes (e.g. postal advertising in the form of magazines), clarification of possible compliance violations, prevention of criminal offences and the settlement of damages resulting from the business relationship.
We use the credit rating data of the credit agencies to check creditworthiness. The credit agencies store data that they receive from banks or companies, for example, and this data includes in particular: surname, first name, date of birth, address and information on payment behaviour. Information on the data stored by you can be obtained directly from the credit agencies.

Who receives the personal data provided by you?

Within our company, the areas that need the data provided by you to fulfil their contractual or legal obligations or to fulfil their legitimate interests are given access to it. As part of the contractual relationship, we also commission contract processors or service providers who may have access to your personal data. Compliance with data protection regulations is contractually ensured.The data may also be transferred to companies within the ATR group of companies in order to fulfil contractual obligations.

How long will the data be kept?

Personal data will be kept for as long as is necessary to fulfil the above-mentioned purposes or until you have effectively objected to the processing within the meaning of Art. 21 GDPR. In particular, the statutory storage obligations from the German Commercial Code (HGB) and the Fiscal Code (AO), which provide for storage for up to twelve years, are relevant here.

Are you obliged to provide the data?

As part of our business relationship, you must provide us with the personal data necessary to establish, conduct and terminate a business relationship and to perform the duties associated therewith, which we are required to collect by law or have the right to do so in our legitimate interests. Without this data, we will usually not be able to enter into a business relationship with you.

Is data transferred to a third country?

If we transfer personal data to recipients outside the European Economic Area (EEA), this transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection, if an adequate level of data protection has been agreed with the data recipient (e.g. by means of EU standard contract clauses) or if we have received your consent to do so.

Which rights do you have?

You have the right, upon request and free of charge, to receive information about your personal data stored by us. In addition, you have a right to the correction and deletion of this personal data, a right to data transferability and a right to restriction of processing in accordance with the statutory provisions. If we process your personal data on the basis of your consent, you have the right to at any time revoke this consent with effect for the future. If data is collected on the basis of Art. 6 para. 1 page 1 letter e (data processing for the fulfilment of official tasks or the protection of the public interest) or letter f (data processing for the safeguarding of legitimate interests), the data subject shall have the right to object to the processing at any time for reasons arising from their particular situation. We will then no longer process the personal data unless there are verifiable compelling legitimate grounds for processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims. In such cases, please contact us in writing or by e-mail at the following address: datenschutz@atr.de.

Any data subject has the right to complain to a supervisory authority if they consider that the processing of data concerning them is in breach of data protection provisions. The right to complain can in particular be exercised before a supervisory authority in the Member State where the data subject is staying or where the alleged infringement took place. The competent supervisory authority in Baden-Württemberg is the following:

The State Commissioner for Data Protection and Freedom of Information
Postfach 10 29 32
70025 Stuttgart
Germany
Phone: +49 711/61 55 41 – 0
E-mail: poststelle@lfdi.bwl.de

Responsible body

The responsible body is the company with which you are initiating or conducting a business relationship.

Contact details of the Data Protection Officer

E-mail: office@datenschutz-sued.de
Postal address:
datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
Germany

Data protection principles for trade fair events

The following data protection principles inform you about the collection, processing and use of personal data by the responsible party in the context of a trade fair event.

Responsible party within the meaning of Art. 4 No. 7 GDPR

ATR International AG
Auto-Teile-Ring GmbH
ATR SERVICE GmbH
ATR Digitisation GmbH

Marie-Curie-Strasse 3
73770 Denkendorf
Germany

Phone: + 49 711 918979-0
E-mail: datenschutz@atr.de
Website: www.atr.de

Purposes of data processing/legal basis: 

Contract initiation

We process your personal data in the context of trade fair events for the purpose of initiating or maintaining contractual relationships. The legal basis for data processing in this regard is Art. 6 (1) b) GDPR.

Sending of information material

In addition to discussions at trade fair stands, we will send you information material by post or e-mail at your request so that you can obtain further comprehensive information about ATR's services after the trade fair.  The legal basis for sending the information material is your consent in accordance with Art. 6 Para. 1 a) DSGVO, which you give us when providing us with your contact details.

Photographs 

In the course of a trade fair, photographs (individual and/or group photos) may be taken of you. If we do not take these photos ourselves, they will be provided to us by the respective photographer of the trade fair. We will use the photographs for internal documentation purposes and, if necessary, publish them on our social media channels to illustrate our trade fairs. 

If you actively make yourself available for a photograph, we will consider this as your consent to the processing of the photographs for the aforementioned purposes. Accordingly, the processing of the photographs is based on Art. 6 (1) a) GDPR.

If photographs merely reflect the overall events at a trade fair and you as a person are relegated to the background, we process the photographs for the aforementioned purposes on the basis of our legitimate interest in documenting the trade fair in accordance with Art. 6 (1) f) GDPR. 

Who receives the personal data you provide?

Within our company, the areas that receive access to the data you have provided are those that need it to fulfil contractual or legal obligations or to fulfil legitimate interests. If we publish your personal data (photographs) on our website, these can be accessed by third parties who have Internet access. Within the framework of contractual relationships, we also commission processors or service providers who may have access to your personal data. Compliance with data protection regulations is contractually ensured in this regard.

The data may also be transferred to companies within the ATR group of companies in order to fulfil contractual obligations.

How long will the data be stored?

The personal data will be stored for as long as is necessary to fulfil the above-mentioned purposes or until you have effectively objected to the processing within the meaning of Art. 21 GDPR or have revoked your consent in accordance with Art. 7 Para. 3 GDPR. In this context, the statutory retention obligations from the German Commercial Code (HGB) and the German Fiscal Code (AO), which provide for retention for up to twelve years, are particularly relevant. Please note that when photos are published on the Internet, there is always a risk that they will be disseminated without our intervention and can therefore no longer be deleted. This applies accordingly to photos published on the Internet that can be located and retrieved by Internet search engines in Germany and abroad.

Are you obliged to provide the data?

As part of our business relationship, you must provide us with the personal data necessary to establish, conduct and terminate a business relationship and to perform the duties associated therewith, which we are required to collect by law or have the right to do so in our legitimate interests. Without this data, we will usually not be able to enter into a business relationship with you.

Is data transferred to a third country?

If we transfer personal data to recipients outside the European Economic Area (EEA), this transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection, if an adequate level of data protection has been agreed with the data recipient (e.g. by means of EU standard contractual clauses) or if we have received your consent to do so.

Which rights do you have?

Pursuant to Art. 15 para. 1 GDPR, you have the right to request information free of charge on the personal data stored by ATR about you.

In addition, you have a right to correction (Art. 16 GDPR), deletion (Art. 17 GDPR) and restriction of the processing (Art. 18 GDPR) of your personal data if the legal requirements are met.

If the data processing is based on Art. 6 para. 1 e) or f) GDPR, you have the right to object according to Art. 21 GDPR. If you object to the data processing, this will not take place in the future, unless the data controller can prove compelling reasons worthy of protection for the further processing which outweigh the interest of the data subject in objecting.

If you have provided the processed data yourself, you have the right to data transfer in accordance with Art. 20 GDPR.

If the data processing is based on consent pursuant to Art. 6 para. 1 a) or Art. 9 para. 2 a) GDPR, you may revoke the consent at any time with effect for the future without affecting the legality of the previous processing.

Please contact the data protection officer in writing or by e-mail in the aforementioned cases, for open questions or in the event of complaints.
In addition, you have the right to complain to a data protection supervisory authority. The data protection supervisory authority of the federal state in which you live or in which the data controller is based is responsible.

The competent supervisory authority in Baden-Württemberg is as follows: 

The State Commissioner for Data Protection and Freedom of Information
Postfach 10 29 32
70025 Stuttgart
Germany
Phone: +49 711/61 55 41 – 0
E-mail: poststelle@lfdi.bwl.de

Responsible body

The responsible body is the company with which you are initiating or conducting a business relationship.

Contact details of the Data Protection Officer

E-mail: office@datenschutz-sued.de
Postal address:
datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
Germany