Processing of (personal) data by the entity in charge of the online application process
We are very pleased about your interest in our company. Data protection is of particularly high importance to the management of APC AG. The processing of your data is always carried out in accordance with the EU General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to APC AG. By means of this privacy policy, we would like to inform you comprehensively about the processing of your personal data by APC AG and the rights to which you are entitled.
Personal data refers to any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address, but also your IP address. Anonymous data exists when no personal reference to the user can be established.
As the controller, APC AG has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website.
1. Controller
APC AG Ostendstraße 132
90482 Nuremberg, Germany
Tel.: +49 (0)911 504 999 0
Email: apc@apc-ag.de
Website: www.apc-ag.de
2. Contact Details of the Data Protection Officer
Email: apc-datenschutz@atarax.de
Any data subject may contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.
3. Your Rights as a Data Subject
First, we would like to inform you about your rights as a data subject. These rights are standardized in Art. 15 - 22 GDPR. This includes:
The right of access (Art. 15 GDPR)
The right to erasure (Art. 17 GDPR)
The right to rectification (Art. 16 GDPR)
The right to data portability (Art. 20 GDPR)
The right to restriction of data processing (Art. 18 GDPR)
The right to object to data processing (Art. 21 GDPR)
To exercise these rights, please contact: apc-datenschutz@atarax.de. The same applies if you have questions about data processing in our company or wish to withdraw consent you have previously granted. You also have the right to lodge a complaint with a data protection supervisory authority.
4. Rights to Object
In connection with the right to object, please note the following:
If we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without giving reasons. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made informally, preferably to: apc-datenschutz@atarax.de.
In the event that we process your data to protect legitimate interests, you may object to this processing at any time for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
5. Purposes and Legal Bases of Processing
The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 GDPR.
We use your data for business initiation, to fulfill contractual and legal obligations, to offer products and services, and to strengthen the customer relationship. Your consent to data processing may also constitute a legal permission under data protection law. Before granting consent, we will inform you about the purpose of the data processing and your right of withdrawal.
If the processing of personal data is based on Art. 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and our shareholders.
6. Disclosure to Third Parties
We will only pass on your data to third parties within the framework of legal provisions or with corresponding consent. Otherwise, no disclosure to third parties will take place unless we are obliged to do so by mandatory legal regulations (e.g., disclosure to supervisory authorities or law enforcement agencies).
7. Recipients of Data / Categories of Recipients
Within our company, we ensure that only those persons receive your data who need it to fulfill contractual and legal obligations. In certain cases, service providers support our departments (e.g., IT shipping). The necessary data protection contracts have been concluded with all service providers.
8. Transfer to Third Countries
Data transfer to third countries (outside the EU/EEA) only takes place if necessary for the execution of the contractual relationship, if required by law, or if you have given us your consent. We do not transfer your personal data to any service provider or group company outside the EEA.
9. Duration of Storage
We store your data as long as it is required for the respective processing purpose. Please note that numerous retention periods require continued storage (e.g., commercial or tax law retention obligations). If no further retention obligations exist, the data is routinely deleted once the purpose has been achieved.
10. Secure Transmission of Your Data
To best protect your data, we use technical and organizational security measures. Data exchange to and from our website is encrypted via HTTPS using current encryption protocols. We also offer content encryption for contact forms and applications.
11. Obligation to Provide Data
Various personal data are necessary for the establishment, execution, and termination of the contractual relationship. Without providing this data, processing your request or executing the contract is not possible.
12. Categories, Sources, and Origin of Data
The data we process is determined by the respective context (e.g., contact form or registration).
12.1 Website Visits
When visiting our website, we may process browser types, operating systems, referrer URLs, date/time of access, and IP addresses. This is based on our legitimate interest (Art. 6(1)(f) GDPR) in technical site operation.
12.2 Login Areas
For portals like APC DocuWeb, we collect login data (username/email and password). Passwords are stored in encrypted form.
12.3 Contact Form
Data provided via the contact form (name, company, contact details, message, IP address) is processed to answer your inquiries.
12.4 Webinars
For webinar registration, we process: Name, salutation, zip code/city, and email address.
13. Notice for Customers, Suppliers, and Interested Parties
We process your contact, professional, and payment data for pre-contractual measures, contract fulfillment (Art. 6(1)(b) GDPR), or legal obligations (Art. 6(1)(c) GDPR). We also use data to maintain customer relationships (Art. 6(1)(f) GDPR).
14. Notice for Applicants
Application data is processed solely for the recruitment process (Art. 6(1)(b) GDPR, § 26 BDSG). Storage usually ends six months after a decision, or 12 months if you consent to our talent pool.
15. Automated Decision-Making
We do not use automated decision-making.
16. Cookies
Our website uses cookies. Technically necessary cookies are used based on Art. 6(1)(f) GDPR. Other cookies are only used with your consent, which can be withdrawn via our consent banner at any time.
17. Google Analytics
Based on your consent (Art. 6(1)(a) GDPR), we use Google Analytics with IP anonymization. Data is transferred to Google servers in the USA. You can prevent collection via a browser plugin or our consent banner.
18. Google Tag Manager
We use Google Tag Manager (Art. 6(1)(f) GDPR) to manage website tags. The tool itself does not collect personal data.
19. Microsoft Teams
For webinars, we use MS Teams. User, connection, and metadata are processed. Video/audio data is only processed if you enable your camera/microphone. MS Teams processes data in the USA; Microsoft is contractually obligated to ensure EU data protection standards. For more info: https://privacy.microsoft.com/en-us/privacystatement.
20. Social Media Links
Our website links to Xing. Clicking the link establishes a connection to Xing’s servers. If you are logged in, Xing can assign this visit to your account. Their servers are located in the USA and other non-EU countries.
21. Social Media Presence
We maintain a corporate presence on Xing (New Work SE). Processing is based on our legitimate interest in communication (Art. 6(1)(f) GDPR). For opt-outs and details, see: https://privacy.xing.com/en/privacy-policy.
22. Podcasts
Our podcasts are hosted by ART19, LLC (USA). When you listen to a podcast, data is processed in the USA. By using this service, you declare your consent (Art. 49(1)(a) GDPR).Listener Analysis: If you consent, we process activity data (titles heard, duration, IP, device type) via ART 19 cookies. More info: https://art19.com/privacy.
23. Copyright Notice
When publishing content on our social media presence, you may be transferring usage rights to the network. Ensure you have the necessary rights to avoid legal consequences.
24. External Links
We are not responsible for the content of linked external websites. These were checked for legal violations at the time of linking. If violations become known, the links will be removed immediately.