Information on Data Privacy

We naturally take all data privacy matters very seriously. Protecting the privacy of users on our websites at all times as part of our online offerings is very important for us. If and when users voluntarily provide personal information, it will be processed in accordance with the statutory data protection provisions of the EU General Data Protection Regulation (GDPR) in the version applicable since May 25, 2018, and the other statutory data protection provisions, in particular in accordance with the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). All data is treated confidentially. This data privacy statement describes in detail how data is handled.

1. Information about the Data Protection Officer

1.1 Responsible entity 

Responsible body for the collection, processing, and use of personal data according to Art. 4 Para. 7 DSGVO:
AM ALPHA Kapitalverwaltungsgesellschaft mbH
Freihamer Street 2
82166 Gräfelfing
Phone: +49 89 / 550 6989-00
Fax: +49 89 / 550 6989-99


E-mail: datenschutz@am-alpha.com


1.2 Data Protection Officer

You can reach our data protection officer using the following contact details:
Mr Oliver Gaschler
c/o AM ALPHA Kapitalverwaltungsgesellschaft mbH
Freihamer Street 2
82166 Gräfelfing
Phone: +49 89 / 550 6989-00
Fax: +49 89 / 550 6989-99
  
E-mail: datenschutz@am-alpha.com


2. General information on the collection and processing of personal data


2.1 As a matter of principle, we only process personal data of our users insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.

2.2  Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) sentence 1 lit. a DSGVO serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) sentence 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) sentence 1 lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Article 6 (1) sentence 1 lit. d DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) sentence 1 lit. f DSGVO serves as the legal basis for the processing.

2.3 If you contact us by e-mail, the data you provide voluntarily or necessarily will be stored by us in order to answer your questions or process your other requests. We delete or block the data accruing in this context after the storage is no longer necessary. In deviation from this, data may also be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject.

2.4 If you have given your consent to the processing of your data, you may revoke this consent at any time in accordance with Art. 7 (3) DSGVO. Such a revocation affects the permissibility of the processing of your personal data after you have expressed it to us.

2.5 Insofar as we base the processing of your personal data on our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing pursuant to Art. 21 DSGVO. This is the case if the processing is not necessary, in particular, for the fulfilment of a contract with you, which is shown by us in each case in the description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the merits of the case and either cease or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us of your objection to advertising using the contact details above.

2.6 We will delete or block your personal data as soon as the purpose of the storage no longer applies; blocking in this context means any removal of the reference of the data to your person. Storage may also take place if this has been provided for by the European or national legislator in regulations, laws or other provisions to which the person responsible is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

3. Collection of personal data when visiting our websites

When you use our website https://www.amalpha.de for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO):

  • Referrer (previously visited website)
  • Requested web page or file
  • Browser type and version
  • Operating system used
  • Device type used
  • Date and time of the access IP address in anonymised form (only used to determine the location of the access).

The above data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • Ensuring a comfortable use of our website,
  • Evaluation of system security and stability, and
  • for other administrative purposes.

The collected data records are evaluated exclusively for internal statistical purposes and for the technical administration of our websites. This data is not passed on to third parties. This anonymised data is stored separately from personal data. They are in no way associated with the personal data of the users. This means that it is largely impossible to draw conclusions about a specific person.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are alienated so that an assignment of the calling client is no longer possible.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
We also use cookies when you visit our website. You will find more detailed explanations on this in this data protection declaration below.

4. E-mail-contact


4.1 Description and scope of data processing

Contact can be made via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored; in addition to your e-mail address, this usually includes your name and the transmitted message as well as other personal data, in particular data contained in the message or an attached signature. The data will not be passed on to third parties. The data is used exclusively for processing the conversation.

4.2 Legal basis

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 p. 1 lit. a and lit. f DSGVO. The processing is based on implied consent and on our legitimate interests.

4.3 Purpose of the data processing    

The processing of personal data serves solely to process the contact. The processing of your e-mail address and - if transmitted - your name is necessary in order to process your enquiry (personalised if necessary) and to prevent misuse and thereby ensure the security of our information technology systems; this also constitutes the necessary legitimate interest in the processing of the data within the meaning of Art. 6 (1) sentence 1 lit. f DSGVO.

4.4 Duration of storage; possibility of revocation

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. 
For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. You have the option to revoke your consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case. 

5. Applicant data

5.1 Description and scope of data processing

If you apply for a job offer or send us a speculative application, you agree that we may store the documents sent to us and use the information contained therein to process your application. As a rule, your documents contain special categories of personal data (e.g. information on marital status; information on health; a photo that allows conclusions to be drawn about your ethnic origin and, if applicable, eyesight and/or religion; similarly sensitive data within the meaning of Art. 9 DSGVO), which may only be processed in the present form with your consent. You consent to us processing the special categories of personal data contained in your letter of application and the enclosed documents for the purpose of carrying out the application procedure. 

5.2 Purposes of data processing

This consent is solely for the purpose of being able to consider the application in its present form. The information will not be taken into account in the application process unless there is a legal obligation to do so. You can refuse your consent to the processing of the application in the application process without giving reasons and revoke any consent given at any time, for example by e-mail. In the event of revocation, your data covered by the consent will be deleted immediately. This has the consequence that the data processing which was based on this consent may no longer be continued for the future. In the event of non-granting or revocation of consent, an application already submitted cannot be considered in its present form.

5.3 Duration of storage

If your application is unsuccessful, you can consent to your personal data provided throughout the application process (e.g. in cover letters, CVs, certificates, applicant questionnaires, applicant interviews) being stored beyond the end of the specific application process. To this end, you can consent to us using this data to contact you at a later date and to continue the application process should you be considered for another position. If special categories of personal data pursuant to Art. 9 of the GDPR have been provided via the application documents (e.g. a photo that reveals ethnic origin, information on severely disabled status, etc.), the consent also applies to this data. This consent also applies to data about your qualifications and activities from generally accessible data sources (in particular professional social networks) that we have permissibly collected as part of the application process. Your data will not be passed on to third parties. This consent is voluntary and has no effect on your chances in the current application process. You can also revoke your consent at any time. In this case, your data will be deleted immediately after the application process has been completed. This has the consequence that we may no longer continue the data processing based on this consent for the future. 

5.4 Legal basis of the data processing

The legal basis for data processing in the case of applications is your consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO.

6. Use of cookies

In addition to the aforementioned data collected when you visit our website (section 3), cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programs or transmit viruses to your computer. Some of them are essential, i.e. they are technically required for the operation of our website. Other cookies are used for statistical purposes or to analyse access to our website, or for marketing purposes or to offer you the use of external media.
This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies, i.e. cookies that are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

Furthermore, we use HTML5 storage objects that are stored on your end device. These objects store the required data independently of the browser you are using and have no automatic expiry date. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you regularly delete your cookies and browser history manually.
Detailed information about the use of the respective cookies, in particular about their purpose, the respective function duration and to what extent they are placed by third parties or third parties have access to the data collected via the cookies, can be found in our "Cookie settings" in addition to the information provided in our data protection declaration. Here you will also find detailed information on the legal basis for the respective data processing, depending on the category of cookies used. 
You can consent to the use of the respective categories of cookies individually; you can also change your consent given in each case at any time under the subpage "Cookie settings" or revoke it vis-à-vis us. 
    

7. Use of Google Fonts 

7.1 Description, scope and purpose of data processing

This site uses so-called web fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street Dublin 4, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
The necessary font files are integrated locally by us, i.e. stored exclusively on our own servers. A transfer of personal data to Google servers, in particular a data transfer to the USA, does not take place. 
If your browser does not support web fonts, a standard font is used by your computer.

7.2 Legal basis for data processing

The use of Google WebFonts is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the uniform presentation of the typeface on our website.

7.3 Further information

Further information on Google Web Fonts can be found at Google Ireland Limited Gordon House, Barrow Street Dublin 4 as well as at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/

8. Integration of social media plug-ins 

8.1 LinkedIn

8.1.1 Description and scope of data processing

Our website uses a social media plug-in from LinkedIn. You can recognise the plug-in and its provider by the mark on the box above its initial letter or logo.

We use the so-called two-click solution. When you visit our site, no personal data is initially passed on to the provider of the plug-ins or third parties. Only when you click on the marked field and thereby activate it, does the plug-in provider receive the information that you have accessed the corresponding website of our online offer. In this case, the information collected when you visit our website is transmitted to the third-party provider. Since the plug-in provider collects the data via cookies, we recommend that you check the cookie settings via your browser's security settings and delete all cookies before clicking on the provider button.
We would like to point out that, according to our information, the data transfer to the plug-in provider takes place regardless of whether you have an account with the plug-in provider and/or are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and, if applicable, shares it publicly with your contacts.

8.1.2 Purposes of data processing

The data transfer to the plug-in provider takes place in order to simplify the use of the plug-in provider's websites. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user.

8.1.3 Consent to the transfer of personal data to a third country

Subject to legal or contractual permissions, personal data may in principle only be processed in a third country if the special requirements of Art. 44 et seqq. DSGVO are met. Accordingly, data may be transferred if the European Commission has determined by way of a decision within the meaning of Article 45 (1) and (3) of the GDPR that an adequate level of data protection is provided in the third country concerned. By means of such so-called adequacy decisions, the European Commission certifies third countries a level of data protection that is comparable to the recognised standard in the European Economic Area (a list of these countries as well as a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).
Insofar as data is transferred between the USA and the EU in exceptional cases, it should be noted that no such adequacy decision exists for the USA. Therefore, other suitable guarantees would have to exist to ensure that data protection is sufficiently guaranteed in the USA. This would generally be possible via binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct.
Although LinkedIn has submitted to the corresponding standard contractual clauses of the European Commission, US companies are nevertheless obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. Furthermore, you may not be able to assert or enforce your rights to information against LinkedIn in the long term. Furthermore, the technical and organisational measures for the protection of personal data at LinkedIn may not fully comply with the requirements of the GDPR in terms of quantity and quality.
There is thus the possibility that the European Commission's standard contractual clauses used by LinkedIn do not constitute sufficient guarantees within the meaning of Art. 46(2)(a) of the GDPR.
By consenting to the collection of data by LinkedIn, you expressly consent to the transfer of data set out herein, and you have been informed above of the potential risks of such data transfers without the existence of an adequacy decision and appropriate safeguards.
This consent can be revoked at any time. A revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

8.1.4 Legal basis of the data processing  

The legal basis is your explicit and voluntary consent in accordance with Art. 6 Para. 1 S. 1 lit. a) DSGVO to the processing of your personal data for presentation and advertising purposes.

8.1.5 Duration of storage; possibility of objection and elimination

The cookies we use are stored on your computer and transmitted from it to our site. Therefore, you have control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted by you at any time. If you deactivate the use of cookies for our website or delete cookies that have been set, it may no longer be possible to use all the functions of the website to their full extent.

8.1.6 Purposes and legal basis of data processing, duration of storage, possibility of objection and removal with the plug-in provider

We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information about the deletion of the collected data by the plug-in provider. However, the plug-in provider may store the data collected about you as a usage profile and use this for the purposes of advertising, market research and/or designing his website to meet your needs. Such an evaluation is carried out (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact the respective plug-in provider. Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy.

8.1.7 Further information

For more information on the purpose and scope of data collection and its processing, as well as further information on your rights in this regard and setting options for protecting your privacy, please contact: LinkedIn Corporation, 1000 W. Maude Avenue,Sunnyvale, CA 94085,USA / LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, and at https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy 

8.2 XING

8.2.1 Description and scope of data processing

Our website uses a social media plug-in from XING. You can recognise the plug-in and its provider by the mark on the box above its initial letter or logo. We use the so-called two-click solution. When you visit our site, no personal data is initially passed on to the provider of the plug-ins or third parties. Only when you click on the marked field and thereby activate it, does the plug-in provider receive the information that you have accessed the corresponding website of our online offer. In this case, the information collected when you visit our website is transmitted to the third-party provider. Since the plug-in provider collects the data via cookies, we recommend that you check the cookie settings via the security settings of your browser and delete all cookies before clicking on the provider button.
We would like to point out that, according to our information, the data transfer to the plug-in provider takes place regardless of whether you have an account with the plug-in provider and/or are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and, if applicable, shares it publicly with your contacts.

8.2.2 Purposes of data processing

The data transfer to the plug-in provider takes place in order to simplify the use of the plug-in provider's websites. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user.

8.2.3 Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 p. 1 lit. a DSGVO if you have given your consent, as well as the protection of our legitimate interests according to Art. 6 para. 1 p. 1 lit. f DSGVO; our legitimate interests follow from the purposes for data processing described above.

8.2.4 Duration of storage; possibility of objection and elimination

The cookies we use are stored on your computer and transmitted from it to our site. Therefore, you have control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted by you at any time. If you deactivate the use of cookies for our website or delete cookies that have been set, it may no longer be possible to use all the functions of the website to their full extent.

8.2.5 Purposes and legal basis of data processing, duration of storage, possibility of objection and removal with the plug-in provider

We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider. However, the plug-in provider may store the data collected about you as a usage profile and use it for the purposes of advertising, market research and/or designing its website to meet your needs. Such an evaluation is carried out (also for users who are not logged in) for the presentation of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact the respective plug-in provider. For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

8.2.6 Addresses of the plug-in provider and URL with their data protection information:

Xing AG, Gänsemarkt 43, 20354 Hamburg. Further information on Xing's social plug-ins is available at the following Internet address: http://www.xing.com/privacy.

9. Integration of the services of mpunkt GmbH

9.1 We use the services of mpunkt GmbH, Schießgrabenstraße 6, 86150 Augsburg (hereinafter "mpunkt") to provide our website. The contents of the website are stored on the servers of mpunkt (hosting). 

9.2 When you visit our website, personal data, for example your IP address or, if you have given your consent to this, information on user behaviour is processed by mpunkt on our behalf in connection with the hosting.

9.3 We have concluded an order processing contract with mpunkt GmbH in accordance with Art. 28 DSGVO. Your data will of course be processed in accordance with the applicable data protection regulations.

10. Disclosure of data to third parties; disclosure of data to a third country or an international organisation

Except as set out above, we do not disclose personal data to any third party company, organisation or person except in one of the circumstances set out below.

10.1 With your consent 

We pass on personal data to companies, organisations or persons outside our company if we have received your consent to do so; this refers in particular to the circumstances described above when using our online services.

10.2 Disclosure of data for legal reasons, in particular to public authorities

We will disclose personal data to public authorities if our company is required to do so by applicable law, regulation, legal process or an enforceable governmental order, or in good faith believes that access to, use, preservation or disclosure of such data is reasonably necessary to comply with, in particular, relevant obligations.

10.3 Data transfer to processors

Our company provides personal data to other companies affiliated with our company, as well as to our third party business partners, other trusted companies or individuals who process the data on our company's behalf. This is done on the basis of precise instructions from our company and in accordance with this privacy policy and other appropriate confidentiality and security measures. A corresponding transfer of data takes place in particular to our service computer centre as well as other service providers who are commissioned with the operation and technical support of our websites.

10.4 Transfer of your data to a third country or an international organisation

Unless expressly stated in this privacy policy, your personal data will not be transferred to third countries or international organisations.

11. Automated decision-making in individual cases including profiling

No fully automated decision-making (including profiling) pursuant to Art. 22 DSGVO is used to process the data you have provided.

12. Data security and other technical and organisational measures

12.1 Personal data is regularly transmitted with a secure SSL connection and encrypted using the SSL process via 256-bit SSL over the Internet. SSL encryption protects personal data from unauthorised access. SSL (Secure Socket Layer) is a protocol for encrypting messages on the Internet that offers particularly high security during data transmission.

12.2 In addition, our websites and our other systems are secured by technical and organisational measures against loss, destruction, access, modification or distribution of data of their users by unauthorised persons. However, despite regular checks, complete protection against all dangers is not possible.

13. Your rights

We are available at any time to help you exercise your rights as a person affected by data processing by us and to answer any other questions you may have about data protection. The user can contact the office responsible for all data protection matters below at any time:
Mr Oliver Gaschler
c/o AM ALPHA Kapitalverwaltungsgesellschaft mbH
Freihamer Street 2
82166 Gräfelfing
Phone: +49 89 / 550 6989-00
Fax: +49 89 / 550 6989-99

E-mail: datenschutz@am-alpha.com

Specifically, you have the following rights:

  • to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;

  • to demand the correction of incorrect or incomplete personal data stored by us without delay in accordance with Art. 16 DSGVO;

  • to request the deletion of your personal data stored by us in accordance with Art. 17 DSGVO, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;

  • to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;

  • pursuant to Art. 20 DSGVO to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;

  • to revoke your consent at any time in accordance with Art. 7 (3) DSGVO (see also section 7.1). This has the consequence that we may no longer continue the data processing based on this consent for the future and

  • to complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.