Browser not supported

You are using an old browser that we do not support anymore. Please consider using a modern web browser such as Microsoft Edge, Google Chrome or Firefox for the best website experience.

Privacy policy

We are pleased that you have visited our website. In the following, we would like to take the opportunity to inform you how we handle your data in accordance with Art. 13 General Data Protection Regulation (GDPR).

Controller

The party responsible for the collection and processing of data described below is the body stated in the Legal Notice.

ACO GmbH

Am Ahlmannkai
24782 Büdelsdor


Tel. +49 4331 354-700
Fax +49 4331 354-130
kundencenter(at)aco.com
www.aco.de

Usage data

When you visit our web pages, so-called usage data is temporarily evaluated on our web server for statistical purposes as a protocol to improve the quality of our web pages. This data set consists of

  • the name and address of the requested content,
  • the date and time of access,
  • the transmitted data volume,
  • the access status (content transmitted, content not found),
  • the description of the web browser and operating system used,
  • the referral link, which indicates which page linked you to ours,
  • the IP address of the requesting computer, which is shortened so that a personal identification is no longer possible.

The specified protocol data will only be evaluated anonymously.

Storage of the IP address for security purposes

In addition, we store the complete IP address transmitted by your web browser strictly for the purpose of detecting, limiting and eliminating attacks on our websites for a period of seven days. After this period of time we delete or anonymise the IP address. The legal basis is Art. 6 para. 1 sentence 1 letter f GDPR.

Data security

We have implemented technical and organisational measures to protect your data from unauthorised access to the greatest extent possible. We use an encryption procedure on our websites. Your details are transferred from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognise this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

Necessary Cookies

We use cookies on our websites, which are necessary to use our websites.

Cookies are small text files which can be stored and read out on your end device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond an individual session.

We do not use these necessary cookies for analysis, tracking or advertising purposes.

In some cases, these cookies only contain information on certain settings and cannot be traced back to individuals. They may also be necessary to enable user guidance, security and implementation of the site.

We use these cookies on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR.

You can set your browser to inform you about the use of cookies. This ensures that the use of cookies is transparent for you. You can also delete cookies at any time using the appropriate browser settings and prevent the use of new cookies. Please note that our web pages may then not be able to be displayed and some functions may no longer be available for technical reasons.

Traffic management

We use web analysis tools to design our websites according to your needs. This creates user profiles based on pseudonyms For this purpose, permanent cookies are stored on your end device and read by us. In addition, we may also access recognition features on your browser or end device (e.g. a so-called browser fingerprint or your unabridged IP address). This enables us to recognise returning visitors and count them as such.

In addition, we use the following functions for traffic management:

  • We supplement the anonymous data with additional data provided by third parties. In this way, we are able to record demographic characteristics of our visitors, such as age, gender and place of residence.
  • We use a recognition method that allows us to record and subsequently evaluate the mouse pointer movement of our visitors.

Data processing is based on your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or § 15 Para. 3 S. 1 TMG (German Telemedia Act), provided that you have given your consent via our banners.

Which third-party providers do we use in this context?

Below we list the third-party providers with whom we work in relation to traffic measurement. If the data is processed outside the EU/EEA in this context, please note that there is a risk that authorities may access the data for security and surveillance purposes without your being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer of data to a third country is carried out on the basis of Art. 49 para. 1 letter a GDPR.

ProviderMaximum Storage periodAdequate level of data protectionWithdrawal of consent
Google Ireland Limited Processing within the EU/EEAIf you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

Google LLC (USA)

No adequate level of data protection. Transmission is based on Art. 49 para. 1 letter a GDPR.If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

Third-party tracking technologies for advertising purposes

We use cross-device tracking technologies so that targeted advertising can be displayed to you on other websites based on your visit to our websites and we can see how effective our advertising measures have been.

Data processing is based on your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or § 15 Para. 3 S. 1 TMG (German Telemedia Act), provided that you have given your consent via our banners. Your consent is voluntary and can be revoked at any time.

How does tracking work?

When you visit our websites, it is possible that the third party providers listed below may access recognition features of your browser or end device (e.g. a so-called browser fingerprint), evaluate your IP address, store or read recognition features on your end device (e.g. cookies) or gain access to individual tracking pixels.

The individual features can be used by the third-party providers to recognise your end device on other websites. We may commission the display of advertisements from the relevant third party providers based on the pages visited on our website.

What does cross-device tracking mean?

If you log on to the third-party provider with your own user data, the respective recognition features of different browsers and end devices can be linked with each other. For example, if the third-party provider has created a separate feature for each of the laptops, desktop PCs, smartphones or tablets you use, these individual features can be assigned to each other when you use a third-party service with your credentials. This allows the third-party provider to effectively manage our advertising campaigns across different end devices.

Which third-party providers do we use in this context?

Below is a list of the third-party providers with whom we cooperate for advertising purposes. If the data is processed outside the EU/EEA in this context, please note that there is a risk that authorities may access the data for security and surveillance purposes without your being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer of data to a third country is carried out on the basis of Art. 49 para. 1 letter a GDPR.

ProviderMaximum Storage periodAdequate level of data protectionWithdrawal of consent
Google LLC (USA) No adequate level of data protection. Transmission is based on Art. 49 para. 1 letter a GDPR.If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

Contact form

You can contact us via our contact form. To use our contact form, you must first provide us with the information marked as mandatory fields.

We use this data on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR to answer your enquiry.

In addition, you can decide for yourself whether you wish to provide us with further information. This information is provided voluntarily and is not mandatory for establishing contact. We process your voluntary details on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Your data will only be processed to answer your request. We delete your data as long as they are no longer required and there are no legal obligations to retain them.

Insofar as your data transmitted via the contact form is processed on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, you can object to the processing at any time. You can also revoke your consent to the processing of voluntary data at any time Please contact the email address given in the Legal Notice.

Social Plugins

We enable you to use social plugins. For reasons of data protection, however, we only integrate the social plugins that we use in a deactivated form. Therefore, when you visit our websites, no data is transmitted to social media services.

However, you have the option to activate and use the social plug-ins integrated on our websites. For this purpose, we use a solution which means that initially, all data and functions required to display the social plugin are provided by our web server. Only when you decide to activate the respective social plugin and click on the corresponding thumbnail or icon will your browser establish a connection to the servers of the operator of the respective social media service as a subsequent process.

If you activate a plugin, the social media service receives your IP address and, among other things, information about your visit to our websites. This happens regardless of whether you have an account with the social media service concerned. If you are logged in, the data can be directly assigned to your social media profile.

In general, we have no influence on whether and to what extent the respective social media service processes personal data after activation. However, it is likely that the social media service will create user profiles from your data and use them for the purpose of personalised advertising. In addition, your data is used to inform other users of the social media service about your activities on our websites.

Embedding is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or § 15 para. 3 sentence 1 TMG (German Telemedia Act), provided that you have given your consent by clicking on the preview image.Please note that the embedding of numerous social plugins means that your data will be processed outside the EU or EEA. In some countries there is a risk that authorities may access the data for security and surveillance purposes without your being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer of data to an insecure third country is carried out on the basis of Art. 49 para. 1 letter a GDPR.

If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by no longer clicking on the preview image or symbol of the respective social plugin.

Provider

Maximum

Storage period

Adequate level of data protection

Withdrawal of consent

Instagram No adequate level of data protection. Transmission is based on Art. 49 para. 1 letter a GDPR.If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.
LinkedIn No adequate level of data protection. Transmission is based on Art. 49 para. 1 letter a GDPR.If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.
Flickr No adequate level of data protection. Transmission is based on Art. 49 para. 1 letter a GDPR.If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.
Facebook (USA and/or Ireland) No adequate level of data protection. Transmission is based on Art. 49 para. 1 letter a GDPR.If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.
Twitter (USA) No adequate level of data protection. Transmission is based on Art. 49 para. 1 letter a GDPR.If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.

Embedded videos

On our websites we embed videos that are not stored on our servers. In order to ensure that opening our web pages with embedded videos does not automatically lead to the downloading of third-party content, we only show locally stored preview images of the videos as a first step. This does not provide the third party provider with any information.

Only after clicking on the preview image is the content of the third party provider downloaded. This informs the third party provider that you have accessed our site and the technical usage data required in this context. In addition, the third-party provider is then able to implement tracking technologies. We have no influence on any further data processing carried out by the third party provider. By clicking on the thumbnail, you give us permission to download content from the third-party provider.

Embedding is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, provided that you have given your consent by clicking on the preview image. Please note that the embedding of numerous videos means that your data will be processed outside the EU or EEA. In some countries there is a risk that authorities may access the data for security and surveillance purposes without your being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer to an insecure third country is carried out on the basis of Art. 49 para. 1 letter a GDPR.

ProviderAdequate level of data protectionWithdrawal of consent
YouTube / Google (USA)No adequate level of data protection. Transmission is based on Art. 49 para. 1 letter a GDPR.Once you have clicked on a thumbnail, the content of the third-party provider is immediately reloaded. If you do not wish such content to be loaded on other pages, please do not click on any further preview images.

Newsletter registration and sending out

You can subscribe a newsletter on our website. Please note that we need certain data ( at least your email address) to subscribe to the newsletter.

The newsletter will only be sent out if you have given us your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. After placing an order on our website, you will receive a confirmation email to the email address you have provided (so-called double opt-in). You can revoke your consent at any time. An uncomplicated option for cancellation is provided, for example, by clicking on the cancellation link in every newsletter.

As part of the newsletter registration process, we store further data in addition to the data already mentioned, insofar as this is necessary for us to prove that you have subscribed to our newsletter. This may include the storage of the complete IP address at the time of subscription or confirmation of the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing is carried out on the basis of Art. 6 para. 1 sentence 1 letter f GDPR and is carried out in the interest of being able to account for the legality of the newsletter distribution.

Map service

On our websites we embed map services that are not stored on our servers. In order to ensure that opening our web pages with map services does not automatically lead to the downloading of third-party content, we will first only show locally stored preview images of the maps. This does not provide the third party provider with any information.

Only after clicking on the preview image is the content of the third party provider downloaded. This informs the third party provider that you have accessed our site and the technical usage data required in this context. We have no influence on any further data processing carried out by the third party provider. By clicking on the thumbnail, you give us permission to download content from the third-party provider.

Embedding takes place on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or § 15 para. 3 sentence 1 TMG (German Telemedia Act), provided that you have previously given your consent by clicking on the preview image.

Please note that the embedding of some map services means that your data will be processed outside the EU/EEA. In some countries there is a risk that authorities may access the data for security and surveillance purposes without your being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer of data to an insecure third country is carried out on the basis of Art. 49 para. 1 letter a GDPR.

ProviderMaximum Storage periodAdequate level of data protectionWithdrawal of consent
Google LLC (USA) No adequate level of data protection. Transmission is based on Art. 49 para. 1 letter a GDPR.Once you have clicked on a thumbnail, the content of the third-party provider is immediately reloaded. If you do not wish such content to be loaded on other pages, please do not click on any further preview images.

Integration of other technical third-party content and functions

We use the technical functions and contents of third party providers listed below to display our websites.

Opening our pages leads to the downloading of content from third party providers who provide these functions and contents. This informs the third party provider that you have accessed our site and the technical usage data required in this context.

We have no influence on any further data processing carried out by the third party provider.

The data will be processed on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR provided that you have previously given your consent via our banner solution.

Please note that the use of third-party content and functions may result in your data being processed outside the EU or EEA. In some countries there is a risk that authorities may access the data for security and surveillance purposes without your being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer to an insecure third country is carried out on the basis of Art. 49 para. 1 letter a GDPR.

ProviderTechnical function or contentMaximum storage period, if applicableTransfer to third countries according to the provider's specifications and ensuring an adequate level of data protectionWithdrawal of consent
Google LLC (USA)JQuery (JavaScript library) No adequate level of data protection. Transmission is based on Art. 49 para. 1 letter a GDPRIf you no longer agree with such processing, please stop using our site.
Google LLC (USA)Google Fonts No adequate level of data protection. Transmission is based on Art. 49 para. 1 letter a GDPR.If you no longer agree with such processing, please stop using our site.

Storage duration

Unless we have already informed you about the storage period in detail, we will delete personal data if it is no longer required for the above-mentioned processing purposes and no legal storage obligations prevent deletion.

Other processors

Within the scope of processing in accordance with Art. 28 GDPR, we pass on your data to service providers who support us in the operation of our websites and related processes. These are e.g. hosting service providers. Our service providers are strictly bound by our instructions and the corresponding contractual obligations.

In the following, we will name the processors with whom we work, if we have not already done so in the above text of the data protection declaration. Should data be transferred outside the EU or EEA in this context, we will provide information on the appropriate level of data protection

ProcessorPurposeAdequate level of data protection
Example provider (Germany)Web hosting and supportProcessing only within EU/EEA

Your rights as a data subject

When processing your personal data, the GDPR grants you certain rights as a data subject:

Right of access (Art. 15 GDPR)

You have the right to obtain information as to whether your personal data has been processed; if this is the case, you have the right to access this personal data and the information specifically listed in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to obtain the immediate rectification of incorrect personal data concerning you, and where necessary to request the completion of incomplete data.

Right to erasure (Art. 17 GDPR)

You have the right to demand that personal data relating to you is erased immediately if one of the reasons listed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to obtain the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have lodged an objection to the processing, for the duration of the examination by the controller.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed specifically in Art. 20 GDPR, you have the right to receive your personal data in a structured, common and machine-readable format, and/or request transmission of this data to a third party.

Right of withdrawal (Art. 7 GDPR)

If data is processed on the basis of your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 para. 3 GDPR. Please note that the withdrawal only applies to the future. Processing that took place before the withdrawal is not affected.

Right to object (Art. 21 GDPR)

If data is collected on the basis of Art. 6 para. 1 sentence 1 letter f GDPR (data processing to safeguard legitimate interests) or on the basis of Art. 6 para. 1 sentence 1 letter e GDPR (data processing to safeguard public interests or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data, unless there are demonstrable and compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or processing is carried out in order to assert, exercise or defend legal claims.

Right to lodge an appeal with a supervisory authority (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR, if you believe the processing of your data violates data protection regulations. The right to lodge a complaint can be asserted in particular with a supervisory authority in the Member State in which you are habitually resident, in which you work, or in which the alleged violation took place.

Assertion of your rights

Unless otherwise described above, please contact the party named in the Legal Notice to assert your rights.

Contact details for the Data Protection Officer

Our external data protection officer will be happy to provide you with information on data protection via the following contact details:

Datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Web: www.datenschutz-nord-gruppe.de
E-Mail: office@datenschutz-nord.de

If you contact our data protection officer, please also indicate the responsible party named in the Legal Notice.