Privacy

Privacy protection statement

All personal data will be treated as confidential. Our data protection practice is in compliance with the Federal Data Protection Act (AVG) and the General Data Protection Regulation (AVG). We are providing the details on data protection to you below:

Person responsible in the sense of the AVG

CRESTA INTERNATIONAL B.V.

Sniep 73 – 1112 AJ Diemen – The Netherland
Tel + 31 36 3 030 063
Chamber of commerce Amsterdam registration number – 63656574

 

1.         Reasons for data collection

We collect and process your data for the provision of our website and to provide you with the best possible service with convenient access to our services.

2.         Which data is collected, processed or used?

2.1       Visiting our website

When you access our website, your servers automatically collect general information, especially for the purpose of establishing a connection, functionality and system security. This includes the type of the browser that is used, the utilized operating system, the domain name of the Internet Service Provider (ISP), the connection data of the utilized computer (IP address), the website from which you are visiting us (referrer URL), the pages you visit on our website and data and duration of the visit. Because of a pseudonymization, we are unable to draw conclusions to a specific person. This data is not combined with any other data sources.

2.2       Contact form

When you contact us using a contact form, personal information will be collected. For a list of data that is collected, refer to the contact form. The data is stored to process your inquiry. Mandatory information is marked with an asterisk (*). All other information is voluntary. We will delete all data that was collected in the context of the contact form after the storage is no longer required or limit processing if legal obligations to retain data apply. The legal basis for processing of your personal data is Art. 6 Sect. 1 lit. b) DSGVO when you are contacting us within the framework of a contract conclusion. Otherwise, it is our lawful interest in answering your inquiries so that Art. 6 Sect. 1 lit. f) DSGVO constitutes the legal basis.

3.       Integration of YouTube videos

We have incorporated YouTube videos in our online offer, which are stored at https://www.youtube.com and can be played back directly from our website. All of them are incorporated in an “expanded data protection mode”, i.e., no information of you as the user is transmitted to YouTube when you do not play back the videos. The data listed below is not transmitted until you play the videos. We have no influence on this data transmission. By visiting the website, YouTube receives information that you accessed the corresponding subpage of our website. The IP address, date and time of the inquiry, time zone difference to Greenwich Mean Time (GMT), content of the request (concrete page), access status/HTTP status code, respective transmitted data volume, website, from which the request was received, browser, operating system and its interface, language and version of the browser software are transmitted. This happens regardless of whether YouTube provides a user account through which you are logged in or if no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not want your profile to be assigned to YouTube, you have to log out before activating the button. YouTube stores your data as use profiles and utilizes it for purposes of advertising, market research and/or other needs based design of its website. Such analysis especially occurs (even for users who are not logged in) to provide needs-based advertising to inform other users of the social network about you activities on our website.

You have the right to object to the creation of these user profiles, whereby you have to address YouTube to exercise this right.

For more information about the purpose and volume of the data collection and its processing by YouTube, refer to the Privacy Protection Statement. It also provides additional information about your rights and options for settings to protect your privacy:
https://www.google.de/intl/de/policies/privacy. Google process also processes your personal data in the USA and has subjected itself to the US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

The legal basis for processing is Art. 6 Sect. 1 lit. f) DSGVO.

4.         Integration of Google Maps

On this website, we are utilizing the offer of Google Maps. This allows us to display interactive cards for you directly on the website and provide you with the convenient use of the Map function. By visiting the website, Google receives information that you accessed the corresponding subpage of our website. Additionally, the IP address, date and time of the inquiry, time zone difference to Greenwich Mean Time (GMT), content of the request (concrete page), access status/HTTP status code, respective transmitted data volume, website, from which the request was received, browser, operating system and its interface, language and version of the browser software are transmitted. This happens regardless of whether Google provides a user account through which you are logged in or if no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not want your profile to be assigned to Google, you have to log out before activating the button. Google stores your data as use profiles and utilizes it for purposes of advertising, market research and/or other needs based design of its website. Such analysis especially occurs (even for users who are not logged in) to provide needs-based advertising to inform other users of the social network about you activities on our website.

You have the right to object to the creation of these user profiles, whereby you have to address Google to exercise this right.

For more information about the purpose and volume of the data collection and its processing by the plug-in provider, refer to the Privacy Protection Statements of the provider. It also provides additional information with regard of your respective rights and options for settings to protect your privacy:
http://www.google.de/intl/de/policies/privacy. Google process also processes your personal data in the USA and has subjected itself to the US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

The legal basis for processing is Art. 6 Sect. 1 lit. f) DSGVO.

5.         Contests

From time to time, you have the option to participate in contests on our website. As part of these contests, personal information (e-mail address, name, address and, where applicable, additional data that is required for the contest) can be collected and stored. The personal information you forwarded to us is exclusively used for the contest (e.g., for the determination of win, notification of win and handover of the winnings. As part of the contest, we will specifically notify the respective participant about any data that is processed for the concrete contest. Upon conclusion of our contests, the participants’ data will be deleted.

6.         Deletion

Personal data is deleted or blocked, as soon as the purpose of the storage no longer applies or you request the deletion. A deletion of the data also occurs in the event , that a retention period that is required by the specified standard  , unless ,  a requirement for the continued storage of the data exists for a contract conclusion or fulfilment of a contract  or you have given your consent to that respect  .

7.         Cookies

Cookies are used to design the use of the websites and preferences of the website visitors attractively. For example, this causes your information to be saved for the selection of the language. Cookies are text files that are created on your hard drive to allow an identification of the browsers with repeated access to the website.

You can prevent the storage of cookies on your hard drive with the corresponding browser settings. Already set cookies can be deleted at any time. For information about how to delete cookies or prevent their storage, refer to the respective browser instructions. If you don’t accept cookies, it may impair the use of our Internet offer.

The legal basis for processing of cookies is Art. 6 Sect. 1 lit. f) DSGVO.

8.         Data security

We protect our website and other systems with technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. The transmission of the data is dependent of the browser that is used with an SSL encryption from 128 bits to 256 bits. In spite of regular checks and consistent improvement of our security measures, a complete protection against all dangers is not possible.

9.         Use of Google Analytics for web analysis

This website makes use of Google Analytics, a web analysis service provided by Google Inc. (www.google.com). Google Analytics uses “cookies”, which are text files that are stored on your computer and which enable your visit and use of the website to be analysed. The information generated by the cookie concerning your use of this website is normally transmitted to a Google server in the USA and saved there. In the event that IP anonymisation has been activated on this website, your IP address will, however, be abbreviated beforehand by Google within Member States of the European Union or other states which are party to the Agreement on the European Economic Area. Your full IP address will only be sent to a Google server in the USA and saved there in exceptional circumstances. IP anonymisation technology is active on this website. Google uses this information on behalf of the operator of this website to evaluate your use of the website, to compile reports about website activity and to perform additional services associated with the use of the website and internet for the benefit of the operator. Google cannot combine the IP address transmitted by your browser as part of the Google Analytics service with any other data. You can block websites from saving cookies by adjusting the settings in your web browser software as appropriate; we would, however, like to point out that in doing so you will not be able to use the complete array of functions available on this website to their full extent.

You can also prevent cookies from collecting data relating to your use of this website (including your IP address) as well as prevent them from being sent to and processed by Google by downloading and installing the browser plugin available by clicking on the following link:  https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Alternatively to the browser plugin, you can click on this

LINK

to set an opt-out cookie, and prevent Google Analytics from collecting data on this website in future. This will store an opt-out cookie on your end device. If you delete your cookies, you will need to click on the link again. You can find the terms of use and notes on data protection at https://www.google.com/analytics/terms/ or at  https://policies.google.com/?hl=en.

10.        Google AdWords conversion

We use the Google AdWords service to draw attention to our attractive offers using advertising media (so-called Google AdWords) on external websites. We can determine how successful the individual advertising activities are based the data from the advertising campaigns. Our aim is to display advertisements to you which you find of interest, to make our website more interesting for you and to achieve a fair calculation of the advertising costs.

These advertising media are delivered by Google via so-called “ad servers”. To do this, we use ad server cookies which can measure certain parameters to measure performance, such as the display of adverts or clicks by the users. If you come to our website via a Google advert, Google AdWords will store a cookie on your PC. These cookies generally become invalid after 30 days and are not intended to be used to personally identify you. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post view conversions) and opt-out information (marker that the user would no longer like to be contacted) are generally stored with this cookie as analysis values.

These cookies allow Google to recognise your internet browser. If a user visits specific pages of the website of an AdWords customer and the cookie stored on their computer has not yet expired, both Google and the customer will be able to recognise that the user has clicked on the advert and was taken to our webpage. Each AdWords customer is assigned a different cookie. Cookies therefore cannot be tracked via the websites of AdWords customers. We ourselves do not collect or process any personal data in the mentioned advertising activities. We only receive statistical evaluations from Google. We are able to recognise based on these evaluations which of the advertising activities used are particularly effective. We do not receive additional data from the use of the advertising media, in particular we cannot identify the users based on this information.

Based on the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence over the scope and the further use of data which is collected by Google through the use of this tool and we therefore inform you according to our information status: By incorporating AdWords Conversion, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our adverts. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or you have not logged in, the provider may come to know and store your IP address.

You can prevent your participation in this tracking process in different ways: a) by setting your browser software accordingly, in particular rejecting third party cookies means that you will not receive any adverts from third party providers; b) disabling cookies for conversion tracking by setting your browser so that cookies from the domain “ www.googleadservices.com” are blocked,  https://adssettings.google.com/authenticated, whereby this setting is deleted when you delete your cookies; c) disabling the interest-related adverts from the providers who are part of the self-regulated campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting will be deleted when you delete your cookies; d) permanently disabling in your browsers Firefox, Internet Explorer or Google Chrome via the link  https://support.google.com/ads/answer/7395996?hl=en. We would like to point out that you may not be able to make full use of all of the functions on this website.

(6) The legal basis for the processing of your data is Art. 6 Paragraph 1 Clause 1 lit f GDPR. Click here for more information about Google’s data protection: https://policies.google.com/privacy?hl=en and  https://services.google.com/sitestats/en.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at  http://www.networkadvertising.org. Google is subject to the EU-US Privacy Shield,  https://www.privacyshield.gov/EU-US-Framework.

11.       Use of GOOGLE reCaptcha

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). reCAPTCHA is supposed to verify whether the data input on our website (e.g. in a contact form) is carried out by a person or by an automated program. To do so, reCAPTCHA analyses the behaviour of the website visitor based on different features. The analysis begins automatically, as soon as the website visitor accesses the website. For the analysis, reCAPTCHA assesses different information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected for the analysis is provided to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

Data processing is carried out based on Art. 6 Paragraph 1 lit f GDPR. The website operator has a legitimate interest in protecting their website against improper automated spying and against spam. You can find further information on Google reCAPTCHA and the Google privacy statement here: https://policies.google.com/privacy?hl=en and  https://www.google.com/recaptcha/intro/android.html.

12.       Applications

We also collect and process personal data of candidates for the purposes of managing the application process that we conduct. In this case, processing may also be carried out electronically. This is always the case if the candidate transmits application documentation to us electronically, i.e. by e-mail or via an online form on our website. If we enter into an employment contract with a candidate, the transmitted data will be stored for the purposes of managing the employment relationship whilst complying with legal regulations. If an employment contract is, however, not entered into between us and the candidate, the application documentation will then be deleted four months after notification of the refusal, provided no other legitimate interests of the controller oppose such deletion. Another legitimate interest in this sense is, for example, burden of proof in a process according to the General Equal Treatment Act (AGG). We would like to assess all candidates only in accordance with their qualification and therefore request that you omit from your application any information concerning race and ethnicity, political opinions, religious or ideological beliefs or any trade union membership, genetic data, biometric data to clearly identify a natural person, health data or data concerning sex life or sexual orientation.

13.       Rights of the data subject

If your personal data is processed, you are a data subject under the GDPR and have the following rights with regard to the data controller:

13.1      Right of access

You have the right to obtain from the controller confirmation as to whether or not your personal data are being processed.

Where that is the case, you have the right to obtain access to the following information from the data controller:

  • the purposes for which the personal data is being processed;
  • the categories of personal data being processed;
  • the recipients or categories of recipient your personal data has been or is being disclosed to;
  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of your personal data or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source.

13.2      Right to rectification

You have the right to obtain from the controller the rectification and/or completion of inaccurate or incomplete personal data. The data controller must carry out the rectification without undue delay.

13.3      Right to restriction of processing

You have the right to obtain the restriction of processing where one of the following applies:

  • you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
  • you have objected to processing under Article 21(1) of the GDPR pending the verification of whether the legitimate grounds of the controller override your grounds.

If the processing of your personal data is restricted, this data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing of your personal data is limited pursuant to the aforementioned conditions, you will be informed by the data controller before the restriction is lifted.

13.4      Right to erasure

Erasure obligation

You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • Your withdraw consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing;
  • You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
  • Your personal data have been unlawfully processed.
  • Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

Informing third parties

Where the controller has made the personal data public and is obliged pursuant to Article 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Exceptions

The right to erasure does not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;
  • for the establishment, exercise or defence of legal claims.

Right to be informed

If you have exercised your right to obtain rectification, erasure or restricted processing from the data controller, the data controller must inform all recipients to whom your personal data has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort. You also have the right to be informed of these recipients by the data controller.

13.6      Right to data portability

You have the right to receive personal data you have provided to the data controller in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

  • the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and
  • the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This may not adversely affect the rights and freedoms of others.

13.7      Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

13.8      Right to withdraw a declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent until its withdrawal.

13.9     Automated individual decision-making

            including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • is necessary for entering into or performance of a contract between an organisation and the individual,
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • is based on your explicit consent.

In all cases, these decisions may not be based on special categories of personal data referred to in Article 9(2)1) of the GDPR, unless point (a) or (g) of Article 9(2) of the GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

13.10    Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Validity of this declaration

This data protection statement applies for the following companies in the CRESTA group:

CRESTA INTERNATIONAL B.V.

Sniep 73 – 1112 AJ Diemen – The Netherland
Tel + 31 36 3 030 063
Chamber of commerce Amsterdam registration number – 63656574