Privacy Statement

In the following, we will inform you about the type, scope and purpose of the processing of personal data by our company in accordance with the legal requirements of data protection law (in particular in accordance with BDSG n.F. and the European Data Protection Basic Regulation ‘DS-GVO’). This data protection declaration also applies to our websites and social media profiles. With regard to the definition of terms such as “personal data” or “person-related processing” we refer to Art. 4 DS-GVO.

Name and contact details of the responsible person

Our responsible person ( in the following “responsible person”) within the meaning of Art. 4 fig. 7 DS-GVO is:

AST Service GmbH
Alter Flughafen 14a
30179 Hannover
Phone: +49 (0) 511 350 66 26
Fax: +49 (0) 511 350 66 31
E-mail: info@ast-service.com
TAX-ID: DE 197701146

Represented by:
Managing Director: Olaf Babel
Registered in the commercial register
Register No.: HRB 57372
Registration court: Amtsgericht Hannover

Types of data, purposes of processing and categories of persons affected

Below we inform you about the type, scope and purpose of the collection, processing and use of personal data.

  1.  Types of data we process
    Usage data (access times, websites visited etc.), inventory data (name, address etc.), contact details (telephone number, e-mail, fax etc.), communication data (IP address etc.),
    Purposes of processing pursuant to Art. 13 para. 1 c) DS-GVO
    Processing of contracts, website technical and economic optimization, establishment of contact in the event of legal complaints by third parties, optimization and statistical evaluation of our services, customer service and customer care, handling contact requests, security measures,
    Categories of data subjects pursuant to Art. 13 para. 1 e) DS-GVO
    Visitors/users of the website, customers, suppliers, interested parties, applicants, employees, employees of customers or suppliers,
  2. The data subjects are collectively referred to as “users”.
Legal basis for the processing of personal data

In the following we inform you about the legal basis of the processing of personal data:

  1. If we have obtained your consent for the processing of personal data, Art. 6 Para. 1 S. 1 lit. a) DS-GVO is the legal basis.
  2. If the processing is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, which take place at your request, Art. 6 Para. 1 S. 1 lit. b) DS-GVO is the legal basis.
  3. If the processing is necessary to fulfil a legal obligation to which we are subject (e.g. legal storage obligations), Art. 6 para. 1 sentence 1 lit. c) DS-GVO is the legal basis.
  4. If the processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 sentence 1 lit. d) DS-GVO is the legal basis.
  5. If processing is necessary to safeguard our interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not prevail in this respect, Art. 6 para. 1 sentence 1 lit. f) DS-GVO is the legal basis.
Disclosure of personal data to third parties and contract processors

Without your consent we do not pass on any data to third parties. Should this nevertheless be the case, then the passing on takes place on the basis of the aforementioned legal bases e.g. for the fulfilment of the contract or due to judicial arrangement or due to a legal obligation to the publication of the data for the purpose of the criminal prosecution, to the danger defence or to the penetration of the rights at the mental property.

We also use contract processors (external service providers, e.g. for the web hosting of our websites and databases) to process your data. If data is passed on to contract processors within the framework of an agreement on order processing, this is always done in accordance with Art. 28 DS-GVO. We select our contract processors carefully, check them regularly and have been granted the right to issue instructions with regard to the data. In addition, the contract processors must have taken appropriate technical and organisational measures and comply with the data protection regulations in accordance with BDSG n.F. and DS-GVO.

Transfer of data to third countries

The adoption of the European Data Protection Basic Regulation (DS-GVO) created a uniform basis for data protection in Europe. Your data will therefore mainly be processed by companies for which the DS-GVO applies. Should processing by third parties take place outside the European Union or the European Economic Area, they must comply with the special requirements of Art. 44 et seq. of the Data Protection Act. DS-GVO. This means that the processing takes place on the basis of special guarantees, such as the official recognition by the EU Commission of a data protection level corresponding to the EU or the observance of officially recognised special contractual obligations, the so-called “standard contractual clauses”. For US companies, submission to the so-called “Privacy Shield”, the data protection agreement between the EU and the USA, fulfils these requirements.

Deletion of data and storage duration

Unless otherwise expressly stated in this data protection declaration, your personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies, unless its further storage is necessary for the purposes of proof or statutory storage obligations stand in the way of this. This includes, for example, obligations under commercial law to retain business letters in accordance with § 257 (1) HGB (6 years) as well as obligations under tax law to retain documents in accordance with § 147 (1) AO (10 years). If the prescribed retention period expires, your data will be blocked or deleted, unless storage is still necessary for the conclusion of a contract or for the fulfilment of the contract.

Existence of an automated decision making process

We do not use automatic decision making or profiling.

Provision of our website and creation of logfiles
  1. If you only use our website for information purposes (i.e. no registration and no other transmission of information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:
    • IP address
    • Internet service provider of the user
    • Date and time of retrieval
    • browser type
    • Language and browser version
    • Content of the call-off
    • Time zone
    • Access status/HTTP status code
    • Amount of data
    • Websites from which the request comes
    • Operating system.

    These data will not be stored together with other personal data of yours.

  2. These data serve the purpose of the user-friendly, functional and safe delivery of our website to you with functions and contents as well as their optimization and statistical evaluation.
  3. The legal basis for this is our legitimate interest in data processing pursuant to Art. 6 Para. 1 S.1 lit. f) DS-GVO, which also lies in the above purposes.
  4. For security reasons, we store this data in server log files for a storage period of x days. After expiry of this period, these will be deleted automatically, unless we require their storage for evidence purposes in the event of attacks on the server infrastructure or other legal violations.
Cookies
  1. We use so-called cookies when you visit our website. Cookies are small text files that your Internet browser stores on your computer. When you call up our website again, these cookies provide information to automatically recognise you. The information obtained in this way serves the purpose of technically and economically optimising our web offers and enabling you to access our website more easily and securely. When you access our website, we will inform you about the use of cookies for the aforementioned purposes and how you can object to them or prevent their storage (“opt-out”) by means of a reference to our data protection declaration. Our website uses session cookies, persistent cookies and third-party cookies:
    Session-Cookies:
    We use so-called cookies to recognize multiple use of an offer by the same user (e.g. if you have logged in to determine your login status). When you visit our site again, these cookies provide information to automatically recognize you. The information obtained in this way is used to optimise our offers and make it easier for you to access our site. When you close your browser or log out, the session cookies will be deleted.
    Persistente Cookies:
    These will be automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
    Third-party cookies:
    Depending on your preferences, you can configure your browser settings to refuse, for example, the acceptance of third-party cookies or all cookies. However, we would like to point out at this point that you may not be able to use all the functions of this website. You can read more about these cookies in the respective privacy statements of the third party providers.
  2. The legal basis for this processing is Art. 6 Para. 1 S. lit. b) DS-GVO, if the cookies are set to initiate the contract, e.g. for orders, and otherwise we have a legitimate interest in the effective functionality of the website, so that in this case Art. 6 Para. 1 S. 1 lit. f) DS-GVO is the legal basis.
  3. Contradiction and opt-out:
    You can generally prevent cookies from being saved on your hard drive by selecting “do not accept cookies” in your browser settings. However, this can result in a functional limitation of our offers. You can object to the use of third-party cookies for advertising purposes by opting out of this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).
Change cookie preferences
Contact via contact form / e-mail / fax / mail
  1. When contacting us via contact form, fax, post or e-mail, your details will be processed for the purpose of processing the contact request.
  2. Legal basis for the processing of the data is with the existence of a consent of you art. 6 Abs. 1 S. 1 lit. a) DS-GVO. The legal basis for the processing of data transmitted in the course of a contact enquiry or e-mail, letter or fax is Art. 6 Para. 1 S. 1 lit. f) DS-GVO. The person responsible has a justified interest in the processing and storage of the data in order to be able to answer user enquiries, to preserve evidence for reasons of liability and, if necessary, to be able to comply with his legal obligation to store business letters. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) DS-GVO.
  3. We can store your details and contact enquiries in our Customer Relationship Management System (“CRM System”) or a comparable system.
  4. The data are deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. The conversation ends when the circumstances indicate that the matter in question has been conclusively clarified. We store requests from users who have an account or contract with us for a period of two years after termination of the contract. In the case of legal archiving obligations, the deletion takes place after their expiration: end of commercial (6 years) and tax (10 years) retention obligation.
  5. You have the option at any time to revoke your consent to the processing of personal data in accordance with Art. 6 para. 1 sentence 1 lit. a) DS-GVO. If you contact us by e-mail, you can object to the storage of your personal data at any time.
Presence in social media
  1. We maintain profiles in social media in order to communicate with the users connected and registered there and to inform them about our products, offers and services. The US providers are certified according to the so-called Privacy Shield and are therefore obliged to comply with European data protection laws. When you use and call up our profile in the respective network, the respective data protection notices and terms of use of the respective network apply.
  2. We process the data that you send us via these networks in order to communicate with you and answer your messages there.
  3. The legal basis for the processing of personal data is our justified interest in communication with users and our external presentation for the purpose of advertising in accordance with Art. 6 Para. 1 S. 1 lit. f) DS-GVO. If you have given the person responsible for the social network permission to process your personal data, the legal basis is Art. 6 Para. 1 S. 1 lit. a) and Art. 7 DS-GVO.
  4. The data protection notices, information options and objection options of the respective networks can be found here:
    LinkedIn
    (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland) – Privacy Statement: https://www.linkedin.com/legal/privacy-policy,Cookie Policy and Opt-Out: https://www.linkedin.com/legal/cookie-policy, Privacy Shield of the US company LinkedIn Inc.: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
Data protection for applications and in the application process
  1. Applications sent by electronic means or by mail to the person responsible will be processed electronically or manually for the purpose of handling the application procedure.
  2. We expressly point out that application documents with “special categories of personal data” according to Art. 9 DS-GVO (e.g. a photo which gives information about your ethnic origin, religion or marital status) are undesirable, with the exception of a possible severe disability which you would like to disclose freely. You should submit your application without this data. This has no effect on your chances of applying.
  3. Legal bases for the processing are Art. 6 Para. 1 S.1 lit. b) DS-GVO as well as § 26 BDSG n.F.
  4. If an employment relationship is entered into with the applicant after completion of the application procedure, the applicant data will be stored in compliance with the relevant data protection regulations. If you are not offered a position after completion of the application procedure, your submitted letter of application including documents will be deleted 6 months after dispatch of the rejection in order to be able to satisfy any claims and obligations to provide evidence according to the AGG.
Rights of the person concerned

Objection or revocation against the processing of your data

If the processing is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a), Art. 7 DS-GVO, you have the right to revoke this consent at any time. This does not affect the legality of the processing carried out on the basis of your consent until revoked.

If we base the processing of your personal data on a weighing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f) DS-GVO, you may object to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out our compelling reasons worthy of protection on the basis of which we will continue the processing.

You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right of objection free of charge. You can inform us about your advertising objection under the following contact data:

AST Service GmbH
Alter Flughafen 14a
30179 Hannover
Phone: +49 (0) 511 350 66 26
Fax: +49 (0) 511 350 66 31
E-mail : info@ast-service.com
TAX-ID: DE 197701146

Represented by:
Managing Director: Olaf Babel
Registered in the commercial register
Register No.: HRB 57372
Registration court: Amtsgericht Hannover

    1. Right of information
      You have the right to request confirmation from us as to whether personal data concerning you will be processed. If this is the case, you have the right to information about your personal data stored by us in accordance with Art. 15 DS-GVO. This includes in particular information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it has been collected directly from you.
    2. Right to rectification
      You have the right to have incorrect data corrected or correct data completed in accordance with Art. 16 DS-GVO.
    3. Right of deletion
      You have a right to deletion of your data stored with us according to Art. 17 DS-GVO, unless legal or contractual retention periods or other legal obligations or rights to further storage oppose this.
    4. Right to restriction
      You have the right to demand a restriction on the processing of your personal data if one of the conditions in Art. 18 para. 1 lit. a) to d) DS-GVO is fulfilled:

      • If you dispute the accuracy of the personal data concerning you for a period of time which enables the person responsible to verify the accuracy of the personal data;
      • the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
      • the controller no longer needs the personal data for the purposes of the processing, but you need them for the assertion, exercise or defence of legal claims, or
      • if you have lodged an objection against the processing pursuant to Art. 21 para. 1 DS-GVO and it has not yet been determined whether the justified reasons of the data controller outweigh your reasons.
    5. Right to data transferability
      You have a right to transfer data in accordance with Art. 20 DS-GVO, which means that you can receive the personal data we have stored about you in a structured, common and machine-readable format or request that it be transferred to another responsible person.
    6. Right of complaint
      You have the right to appeal to a regulatory agency. As a general rule, you can lodge a complaint with the supervisory authority, in particular in the Member State in which you are staying, at your place of work or at the place where the alleged infringement was committed.
Data security

In order to protect all personal data transmitted to us and to ensure that we and our external service providers comply with data protection regulations, we have taken appropriate technical and organisational security measures. This is why all data between your browser and our server is encrypted using a secure SSL connection.

Menu