Data protection principles of www.atr.de pursuant to art. 13 GDPR
The following data protection principles inform you about the collection, processing and use of personal data by the data controller within the scope of visiting this website.
1. Data controller within the meaning of art. 4 (7) GDPR
Main data controller:
ATR International AG
Other data controllers:
ATR SERVICE GmbH
(hereinafter referred to as ATR)
Purpose of the data processing/ Legal basis: Any personal information you provide to us when filling out contact forms, by telephone or in e-mails will be treated confidentially. We use your data exclusively for the purpose of processing your enquiry. The legal basis for the data processing is art. 6 para. 1 f) GDPR. The justified interest on the part of ATR results from the interest to answer the enquiries sent by our customers and visitors to this website and to maintain and promote customer satisfaction.
Recipients/ Categories of recipients: We exclude any transfer of data to third parties outside the ATR group of companies. In exceptional cases, data is processed on our behalf by contract processors. These are carefully selected, audited by us and contractually bound pursuant to art. 28 GDPR. Furthermore, it may be necessary for us to pass on extracts of your enquiry to contractual partners (e.g. suppliers for product-specific enquiries) in order to process your enquiry. In these cases, however, the request will be anonymized beforehand so that the third party cannot establish any reference to you. If, in individual cases, the disclosure of your personal information should be necessary, we will inform you of this in advance and obtain your consent.
Storage duration/ Criteria for determining the storage duration: All the personal data that you provide to us in enquiries (suggestions, praise or criticism) via this website or by e-mail will be deleted or securely anonymized by us at the latest 90 days after the final reply has been given to you. The reason for the storage period of 90 days is that, occasionally, you as a customer may contact us again about the same matter after a reply has been sent out and we must then be able to refer to the previous correspondence. Experience has shown that, as a rule, after 90 days there are no more questions relating to our replies.
Authorized persons may use the Extranet for shareholders and business partners on this website.
Purpose of the data processing/ Legal basis: We need an e-mail address to create the access. Your e-mail address is used solely as a user name for the use of and login into our website www.atr.de.
The legal basis for the data processing within the scope of the use of the Extranet by you is art. 6 para. 1 f) GDPR. The justified interest on the part of ATR results from the interest in being able to provide the business partner with the desired and necessary information required for the partnership.
Processing of your access data beyond this purpose will not take place without your consent.
Recipients/ Categories of recipients: Within the ATR group of companies, the data of your Extranet account can only be used by the responsible departments for the technical administration of the Extranet accounts. Transfer to third parties outside of ATR does not take place.
Storage duration/ Criteria for determining the storage duration: Your Extranet account will generally remain stored indefinitely unless you delete your account, your partnership with ATR ends or you request us to delete it. The data will then be removed from our system if there are no retention periods or if the data is not still required in individual cases (for example, in the case of open claims to collect the claims).
Purpose of the data processing/ Legal basis: On our website, you can take part in various ATR competitions. Unless otherwise stipulated in the specific data protection principles of the respective competition or unless you have given us further express consent, the personal details you provide to us in connection with participation in the competition will be used exclusively for the purpose of processing the competition (determining the winner, notifying the winner, sending the prize). The legal basis for the data processing within the framework of competitions is, should you participate, article 6 para. 1 f) GDPR. The justified interest on the part of ATR results from the interest in being able to carry out the promoted competition.
In the event of the submission of a declaration of consent going beyond this in the context of a competition, art. 6 para. 1 a) GDPR is the legal basis for data processing based on the consent. If you have given your consent in the context of a raffle, you can revoke this consent at any time with effect for the future. In such cases, further details are set out in the specific data protection principles of the competition concerned.
Recipients/ Categories of recipients: The data collected for competition purposes is generally only accessible by the department within the ATR group of companies that carried out the specific competition. The data will only be passed on to third parties if this is absolutely necessary for the execution of the competition or the sending of the prize (e.g. prize dispatch by the sponsor of a competition) or if you have given us express permission to do so.
Storage duration/ Criteria for determining the storage duration: After the end of the competition and the announcement of the winners, the data of the participants will be deleted. The data of the winners will be kept for the duration of the statutory warranty claims in the case of material prizes, in order to arrange for rectification or exchange in the event of a defect in the prize.
When you log into our website in the Extranet ("myATR"), a cookie is set on your device.
These cookie is a standard TYPO3 session cookies. With a user login, each cookie stores the session ID with which the logged-in user is recognized and granted access to protected areas. The cookie is deleted at the end of the browser session and does not remain on your computer. If you leave our pages, the temporary cookie is also discarded (session cookies).
The legal basis for this data processing is art. 6 para. 1 f) GDPR. The justified interest results from the interest in offering you a particularly user-friendly and transparent website.
Storage duration/ Criteria for setting the storage duration for cookies:
Session cookies are deleted after the end of your Internet session (closure of the browser).
We embed map services on our website that are not stored on our servers. In order to ensure that calling up our web pages with embedded map services does not automatically lead to third-party content being loaded, we only display locally saved preview images of the maps in a first step. This does not provide the third party provider with any information.
Only after a click on the preview image third-party content will be loaded. This informs the third party that you have called up our site and provides the technically required usage data. We have no influence on further data processing by the third party provider. By clicking on the preview image, you give us your consent to reload the contents of the third-party provider.
The embedding takes place on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO or § 15 Para. 3 S. 1 TMG, provided that you have previously given your consent by clicking on the preview image.
Please note that the embedding of some map services means that your data will be processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer to an insecure third country is based on Art. 49 para. 1 lit. a DSGVO.
Maximum storage period
Adequate level of data protection
Withdrawal of consent
Google LLC (USA)
No adequate level of data protection. The transmission is based on Art. 49 para. 1 lit. a DSGVO.
If you clicked on a preview image, the contents of the third-party provider are immediately reloaded. If you do not wish such reloading on other sites, please do not click on the thumbnails any more.
We store the IP address transmitted by your web browser, strictly for the purpose intended, for the duration of seven days in order to be able to recognize, limit and eliminate attacks on our website. After this period has expired, we delete or anonymize the IP address.
The legal basis for this and for the processing of the following usage data is art. 6 para. 1 sentence 1 lit. f GDPR.
When you visit our websites, our web server temporarily stores so-called usage data for statistical purposes as a protocol to improve the quality of our websites. This record consists of
- the page from which the file was requested,
- the name of the file,
- the date and time of the query,
- the amount of data transferred,
- the access status (file transferred, file not found),
- the description of the type of web browser used.
This information is used exclusively for the purpose of providing our services, and in no way allows conclusions to be drawn about you as a person.
An evaluation of the data takes place exclusively in anonymous form. At the point where hypothetical conclusions about your person would be possible, e.g. with an IP address, we must ensure that a reference back to you personally is impossible.
Analysis tool Matomo (formerly called Piwik):
When you log into our website in the Extranet ("myATR") the open source web analysis service Matomo is used on this website. Matomo uses technologies that make it possible to recognize the user across multiple pages with the aim of analyzing the user patterns (e.g. cookies or device fingerprinting). The information recorded by Matomo about the use of this website will be stored on our server. Prior to archiving, the IP address will first be anonymized. The use of this analysis tool is based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time. The information collected by Matomo concerning the use of this website shall not be shared with any third parties.
We take technical and organizational security measures in order to protect your data from unwanted access as comprehensively as possible. In addition to securing the operating environment, we use encryption procedures. The information you provide is transmitted in encrypted form using an SSL protocol (Secure Socket Layer) and authenticated to prevent misuse of the data by third parties. You can recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address bar begins with "https...".
You can apply for positions advertised by us via our website. You yourself determine the scope of the data that you wish to transmit to us as part of your online application. We process your personal data according to the valid data protection regulations on the basis of § 26 Para. 1 S. 1 of the latest version of the Federal Data Protection Act (BDSG). We process the data that you disclose to us within the scope of your online application exclusively for the purpose of applicant selection. Data processing for other purposes does not take place.
You yourself determine the scope of the data that you wish to transmit to us as part of your application. Depending on how you sent your application to us, applications will be submitted electronically or as reference files to our personnel department, where they will be processed as quickly as possible. The electronic transmission of applications is always encrypted. As a rule, applications are forwarded to the relevant department. No other forwarding of your data takes place. Your data will be treated confidentially in our company. If your application is unsuccessful, your documents will be deleted after [3 months].
In the event that we also wish to consider your application for other or future job advertisements, we will obtain your separate consent. We will then process your data on the basis of art. 6 para. 1 sentence 1 lit. a GDPR.
Pursuant to art. 15 para. 1 GDPR, you have the right to request information free of charge on the personal data stored by ATR about you.
In addition, you have a right to correction (art. 16 GDPR), deletion (art. 17 GDPR) and restriction of the processing (art. 18 GDPR) of your personal data if the legal requirements are met.
If the data processing is based on art. 6 para. 1 e) or f) GDPR, you have the right to object according to art. 21 GDPR. If you object to the data processing, this will not take place in the future, unless the data controller can prove compelling reasons worthy of protection for the further processing which outweigh the interest of the data subject in objecting.
If you have provided the processed data yourself, you have the right to data transfer in accordance with art. 20 GDPR.
If the data processing is based on consent pursuant to art. 6 para. 1 a) or art. 9 para. 2 a) GDPR, you may revoke the consent at any time with effect for the future without affecting the legality of the previous processing.
Please contact the data protection officer in writing or by e-mail in the aforementioned cases, for open questions or in the event of complaints.
In addition, you have the right to complain to a data protection supervisory authority. The data protection supervisory authority of the federal state in which you live or in which the data controller is based is responsible.
Unless otherwise stated in the previous chapters, the provision of personal data is not required by law or contract or necessary for the conclusion of a contract. You are not obliged to provide the personal data if no other information has been provided previously. Failure to provide your personal data may mean that we are unable to respond to your contact request or that participation in the application process is not possible.
Automated decision-making does not take place.
Datenschutz Süd GmbH
Data protection principles for business partners
We take the protection of your personal data very seriously and endeavour to give you comprehensive information about the way in which your personal data is processed. The following data protection information applies to you if you contact us, if contract negotiations take place with us and/or if contractual agreements exist with us and the data of natural persons is processed in connection with these. In particular, the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) serve as the legal basis. Which data is actually processed largely depends on the agreed services. Therefore, not all parts of this information will be relevant to you.
How do we collect your personal data and which data categories do we use?
We essentially collect your data from you.
However, it may also be necessary to process personal data that we receive from other companies, authorities or other third parties, such as credit agencies, tax offices or similar.
Relevant personal data can include: personal data (e.g. first/last name, address and other contact data, date and place of birth and nationality), identification and authentication data (e.g. extracts from the commercial register, identity-card data, specimen signature), data within the scope of our business relationship (e.g. payment data, data on orders), creditworthiness data, data on company structures and ownership as well as other data comparable with the aforementioned categories.
You always have the choice whether to communicate with us by e-mail or post. Communication by e-mail may be unencrypted for technical reasons.
Purposes and legal basis of the processing
In order to fulfil contractual obligations (art. 6 para. 1 letter b GDPR)
The purposes of the data processing result from the execution of pre-contractual measures, which precede a contractually regulated business relationship and in the fulfilment of the obligations from the concluded contract.
In order to fulfil a legal obligation (art. 6 para. 1 letter c GDPR)
The purposes of the data processing result in individual cases from statutory requirements. These statutory obligations include, for example, the fulfilment of storage and identification obligations, e.g. as part of the regulations for the prevention of money laundering, tax control and reporting obligations, and the data processing required as a result of enquiries from authorities.
In order to fulfil legitimate interests (art. 6 para. 1 letter f GDPR)
It may be necessary to process the personal data provided by you beyond the actual fulfilment of the contract. The legitimate interests here are in particular the selection of suitable business partners, assertion of legal claims, defence against liability claims, access or access controls, billing purposes (e.g. for seminars at Trainmobil), direct marketing purposes (e.g. postal advertising in the form of magazines), clarification of possible compliance violations, prevention of criminal offences and the settlement of damages resulting from the business relationship.
We use the credit rating data of the credit agencies to check creditworthiness. The credit agencies store data that they receive from banks or companies, for example, and this data includes in particular: surname, first name, date of birth, address and information on payment behaviour. Information on the data stored by you can be obtained directly from the credit agencies.
Who receives the personal data provided by you?
Within our company, the areas that need the data provided by you to fulfil their contractual or legal obligations or to fulfil their legitimate interests are given access to it. As part of the contractual relationship, we also commission contract processors or service providers who may have access to your personal data. Compliance with data protection regulations is contractually ensured.The data may also be transferred to companies within the ATR group of companies in order to fulfil contractual obligations.
How long will the data be kept?
Personal data will be kept for as long as is necessary to fulfil the above-mentioned purposes or until you have effectively objected to the processing within the meaning of Art. 21 GDPR. In particular, the statutory storage obligations from the German Commercial Code (HGB) and the Fiscal Code (AO), which provide for storage for up to twelve years, are relevant here.
Are you obliged to provide the data?
As part of our business relationship, you must provide us with the personal data necessary to establish, conduct and terminate a business relationship and to perform the duties associated therewith, which we are required to collect by law or have the right to do so in our legitimate interests. Without this data, we will usually not be able to enter into a business relationship with you.
Is data transferred to a third country?
If we transfer personal data to recipients outside the European Economic Area (EEA), this transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection, if an adequate level of data protection has been agreed with the data recipient (e.g. by means of EU standard contract clauses) or if we have received your consent to do so.
Which rights do you have?
You have the right, upon request and free of charge, to receive information about your personal data stored by us. In addition, you have a right to the correction and deletion of this personal data, a right to data transferability and a right to restriction of processing in accordance with the statutory provisions. If we process your personal data on the basis of your consent, you have the right to at any time revoke this consent with effect for the future. If data is collected on the basis of art. 6 para. 1 page 1 letter e (data processing for the fulfilment of official tasks or the protection of the public interest) or letter f (data processing for the safeguarding of legitimate interests), the data subject shall have the right to object to the processing at any time for reasons arising from their particular situation. We will then no longer process the personal data unless there are verifiable compelling legitimate grounds for processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims. In such cases, please contact us in writing or by e-mail at the following address: firstname.lastname@example.org.
Any data subject has the right to complain to a supervisory authority if they consider that the processing of data concerning them is in breach of data protection provisions. The right to complain can in particular be exercised before a supervisory authority in the Member State where the data subject is staying or where the alleged infringement took place. The competent supervisory authority in Baden-Württemberg is the following:
The State Commissioner for Data Protection and Freedom of Information
Postfach 10 29 32
Phone: +49 711/61 55 41 – 0
The responsible body is the company with which you are initiating or conducting a business relationship.
Contact details of the Data Protection Officer
datenschutz süd GmbH