Privacy policy - a picture with ones and zeros

Data Protection

It is important to us to protect your data, which may be recorded during your visit to www.agasan.com. You can visit our site at any time without providing any personal information.

Privacy statement

The legal provisions for the protection of your data can be found in the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications-Digital-Services-Data-Protection-Act (TDDDG).

Responsible party according to data protection regulations:

AGA Sanitätsartikel GmbH

represented by the managing directors Achim Walter, Sophie Walter, Fynn Walter
Löhner Straße 198b
32584 Löhne | Germany

T: +49 5731 82283
E-Mail: info@agasan.com

Data protection officer: Jörg Spannuth

Below you will find information about which personal data—these are all data that identify or make you identifiable, such as your name, address, email address, or user behavior—we collect during your visit to our website and how this data is used. If you have further questions, please feel free to contact us at spannuth(at)agasan.com.

You also have the right to lodge a complaint with the competent supervisory authority in case of unlawful use of your data. This is:

State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf | Germany

T: +49 211 38424-0
E-mail: poststelle@ldi.nrw.de

1a. Server Data Collection

When you visit our website, various server statistics are automatically stored, which your browser transmits to the server of our provider, Mittwald CM Service GmbH & Co. KG, Königsberger Str. 4–6, 32339 Espelkamp. If you wish to view our website, even for informational purposes, we collect the following data, which is technically necessary for us to display the website and ensure its stability and security: IP address, date and time of the request, time zone difference to GMT, content of the website, access status (HTTP status), amount of data transferred, referring website, web browser, operating system, language and version of the browser.

The storage of the above-mentioned data in log files is for ensuring the functionality and optimizing our website, as well as for ensuring the security of our IT systems.

The legal basis for data collection is Art. 6(1)(f) GDPR. This data is not combined with other data sources. The IP address is anonymized, and the data is deleted at the end of the session. Our legitimate interest in collecting this data is to optimize our services for users, for example by preventing access from malicious websites or improving access via specific browsers, and to enable the delivery of the website to the visitor by logging the IP address.

You generally have the right to object to this data collection. However, this is factually impossible here, as the use of the website would otherwise be impossible.

1b. Data Transmission Security

We use a secure server with 256-bit SSL encryption to transmit your data. This ensures that your data is transmitted securely and cannot be read by unauthorized persons.

2. Use and Disclosure of Personal Data

a. General information

If you have provided us with personal data, we will use it to respond to your inquiries, to advise you, to process contracts with you, and for technical administration. Your personal data will only be passed on to third parties or otherwise transferred if this is necessary for contract processing, for billing purposes, or if you have previously consented. You have the right to revoke any consent given at any time with effect for the future, see also section 6 on your data subject rights.

b. Contract processing

In the context of contracts concluded with you, we collect and store the personal data you provide to process the contract, such as for invoicing purposes.

Data is passed on for billing purposes to banks or transport service providers. Billing data is transferred to the tax office and financial authorities in compliance with tax law.

The legal basis for data collection and processing in the context of contract execution is Art. 6(1)(b) GDPR. The legal basis for transferring data to the tax office is Art. 6(1)(c) GDPR.

This data will be deleted once the applicable statutory retention periods have expired. If no statutory retention periods apply, the data will be deleted when the purpose no longer exists.

c. Contact form and email inquiries

When you use our contact form, we collect and store your name and email address to respond to your inquiry. Providing your address is optional.

If you send us an inquiry by email, we collect and store your email address and the data contained in the email to respond to your inquiry.

Legal basis: If a contractual relationship develops from the inquiry or if the inquiry refers to an existing contractual relationship, the legal basis is Art. 6(1)(b) GDPR, as storing the data is necessary for fulfilling pre-contractual or contractual obligations. We also have a legitimate interest under Art. 6(1)(f) GDPR in processing the data for communication and responding to your inquiries.

The data will be deleted when the purpose of storage ceases to apply, i.e., after your email/contact form inquiry has been answered or when the matter associated with the inquiry is fully resolved. In the case of an existing or subsequent contractual relationship, the data will be deleted after the statutory retention periods have expired.

3. Cookies

Our website uses cookies in several places. They make our site more user-friendly, efficient, and secure. A cookie is a text file that our website places via your web browser on your device. Most of the cookies we use are "session cookies," which are automatically deleted at the end of your visit.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest arises from the fact that the cookies merely facilitate access to the site for you, no tracking data is collected, and thus no interference with your personal rights and freedoms occurs.

You can disable cookies in your web browser, but this may impair the functionality of the site.

3a. Cookie consent tool Klaro

We use the "Klaro" tool from KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin, Germany, for cookie consent management. Through this tool, your consents for the use of cookies, or for the processing and providers mentioned in the cookie banner, are obtained and can be managed and revoked by clicking the "Manage Data Collection" link in the footer of the page. An individual user ID, the types of consents, and the name of the page or subpage where the consent was given are stored server-side and in a cookie on your device. The consent may be stored for up to 365 days. A pseudonymous user identifier is created, along with the time of consent, information about the scope of the consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and device used.

The legal basis for processing your data is Art. 6(1)(c) and (f) of the GDPR, as we are legally required to provide proof of consent, and our legitimate interest arises from the fact that we can only obtain the necessary consent in this way.

4. Use of Google Services

We use the following "Google Services." The responsible entity is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ireland transfers data to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which we always notify about. Data transfers are based on the adequacy decision (EU-US Data Framework) between the EU and the USA. Additionally, we have entered into EU Standard Contractual Clauses with Google, through which Google ensures compliance with appropriate technical and organizational measures to protect your personal data.

Further information on whether and which data Google collects through the use of these services can be found in Google's privacy policy.

4a. Google Tag Manager

Our website uses Google Tag Manager. This solution is used to create and update "tags" that allow us to embed and manage tools and scripts. Google Tag Manager itself does not collect any personal data but serves only for management purposes. However, the tags triggered by this tool or the tools embedded via it may collect personal data (see further below). Google Tag Manager does not access this data. If the tool is disabled, the deactivation applies to all tags implemented through it.

4b. Google Analytics

This website uses the web analytics service Google Analytics.

Google Analytics uses "cookies" to analyze user behavior on the website and measure reach. An overview of how Google uses cookies and which cookies are used can be found in this overview.

The legal basis for collecting and storing data is Art. 6(1)(a) GDPR and Section 25 TDDDG. By giving your consent to the use of Google Analytics, you agree to the processing of your data. Google Analytics automatically anonymizes IP addresses and collects only geolocation data. Therefore, it is not possible for us to associate the collected analytics data with a specific person.

Data transfer to third countries: Google assures that data from devices in the EU is stored and processed on EU servers. However, an indirect transfer of this data to the USA cannot be ruled out. Due to automatic IP anonymization, your IP address will be shortened by Google within EU member states or other contracting states of the European Economic Area before being transferred. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide other services related to website use and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.

Revocation:

You can revoke your consent at any time by deleting all (consent) cookies set in your browser, adjusting your browser settings, or using the cookie consent tool to block cookies. However, please note that in this case, you may not be able to fully use all functions of this website. Further information on Google Analytics' privacy policy can be found here: https://support.google.com/analytics/answer/6004245?hl=en.

Data stored by Google is automatically deleted after 14 months.

4c. Google Ads

We use AdWords, specifically Google Conversion Tracking. A "conversion cookie" is placed on your computer by Google AdWords if you are directed to our website via a Google ad. These cookies expire after 30 days, and no personal data is collected on our side that could identify the user. However, your IP address is transmitted to Google LLC in the USA so that Google can perform the evaluations described below. We have entered into a data processing agreement with Google, ensuring that Google complies with appropriate technical and organizational measures to protect your personal data.

As long as the cookie is active, we can recognize that a user who clicked on our AdWords ad was redirected to our page through conversion tracking. Each AdWords customer receives a different cookie. The information collected through the cookies is used solely to create conversion statistics for us as an AdWords customer. This tells us the total number of users who clicked on one of our ads and were redirected to a page tagged with a conversion tracking tag.

The legal basis for the use of the conversion tracking cookie is Art. 6(1)(a) GDPR, Section 25(1) TDDDG, provided that consent has been given.

Revocation and Deletion:
You can revoke your consent at any time by deleting all (consent) cookies in your browser.

You can also prevent the collection of information by disabling the automatic setting of cookies in your browser settings or blocking cookies from the "googleadservices.com" domain. However, this may limit the usability of our site. You can also deactivate personalized ads and the use of cookies in Google's Ad preferences manager.

5. LinkedIn

We operate a fan page on LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) for the purpose of exchanging information with our customers and interested parties and providing general information about our company and employees.

If you visit the page via the LinkedIn icon on our website while logged into your LinkedIn account, LinkedIn can directly associate your visit to our website with your LinkedIn account. If you do not want LinkedIn to associate your data with your account, you must log out of LinkedIn before visiting our website. If you interact with our page (like, comment, share, message, etc.), a LinkedIn login prompt will appear.

Once logged in, LinkedIn recognizes you again as a specific user. Further information can be found in LinkedIn's privacy policy. You can review the privacy settings in your LinkedIn account, and you can also enable the "block third-party cookies" option in your browser. However, blocking cookies may limit the functionality of the site.

We, as the operator of the LinkedIn fan page, do not collect or process any additional data. Further information on LinkedIn and other social networks, and how to protect your data through privacy settings, can be found at sites like youngdata.de.

The legal basis for operating our LinkedIn fan page is Art. 6(1)(f) GDPR. Our legitimate interest lies in providing customers with a direct means of communication through this social media service, including for complaints, allowing us to continually improve our service.

6. Data Subject Rights

a. Right of objection

If we process your data to protect legitimate interests (Art. 6(1)(f) GDPR), you have the right to object to this processing for reasons arising from your particular situation. In such a case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

If you object to the processing of your data for direct marketing purposes, such processing will no longer take place for that purpose.

b. Right of access

You have the right to request confirmation from us as to whether we are processing personal data concerning you and, if so, to obtain access to the personal data and related information in accordance with Art. 15 GDPR.

c. Right to rectification

You have the right, in accordance with Art. 16 GDPR, to request the immediate rectification or completion of inaccurate or incomplete personal data concerning you.

d. Right to erasure

You have the right to request the immediate deletion of personal data concerning you, and we are obligated to delete it without delay if one of the reasons listed in Art. 17 GDPR applies.

e. Right to restriction of processing

You have the right to request the restriction of processing of your personal data if one of the conditions outlined in Art. 18 GDPR is met.

f. Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to request that we transmit the data to another controller, provided this is technically feasible.

Questions? Contact us today!

Do you have questions about our products or services? Would like to get to know us? Contact us today, we will be pleased to provide expert advice tailored to your needs.

CONTACT AGA