Data protection declaration according to GDPR
Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States, as well as other data protection provisions is:
Advanced Aerospace Developments GmbH
Willy-Messerschmitt-Str. 1
82084 Taufkirchen
Rainer STEPHAN - Managing Director
Phone: +49 89 4111934 - 35
E-Mail: info@aad-aero.com
Kai SCHEITHAUER - Managing Director
Phone: +49 89 6495550 0
E-Mail: info@aad-aero.com
Corporate data protection officer
The data protection officer of the controller is:
Danijel BOBOVECKI
Phone: +49 89 4111934 - 23
E-Mail: danijel.bobovecki@aad-aero.com
General information on data processing
Scope of the processing of personal data
We generally only collect and use the personal data of our users insofar as this is necessary to provide a functional website, our content and our services. Our users’ personal data is generally only collected and used after the user’s consent.
An exception applies in those cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Legal basis for the processing of personal data
To the extent we obtain consent of the data subject for processing operations of personal data, point (a) of Article 6(1) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
Point (b) of Article 6(1) GDPR serves as the legal basis for the processing of personal data that is required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are required in order to take steps prior to entering into a contract. If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, point (c) of Article 6(1) GDPR serves as the legal basis.
In the event that vital interests of the data subject or of another natural person require the processing of personal data, point (d) of Article 6(1) GDPR serves as the legal basis.
If the processing is necessary for the purposes of a legitimate interest pursued by our company or by a third party, and the interests, fundamental rights and freedoms of the data subject do not override the aforementioned interest, point (f) of Article 6(1) GDPR serves as the legal basis for the processing.
Erasure of data and retention period
The personal data of the data subject will be deleted or made unavailable as soon as the reason for retention no longer applies.
The storage of data can also take place if this has been provided for by European or national legislature in regulations, laws or other regulations under Union law to which the controller is subject.
The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion of performance of a contract.
Provision of the website and preparation of log files
Description and scope of the data processing
Each time you visit our website, our web site automatically collects data and information from the computer system of the accessing computer.
The following data is collected during this process:Information about the browser type and the version used.
The user’s operating system.
The user’s Internet service provider.
The user's anonymized IP address (without the last byte).
Date and time of accessing our web site.
The accessed page.
The data is also saved in our system's log files. This does not involve the user's IP addresses or other data that enable the assignment of data to a user. This data is not stored together with other personal data of the user.
Legal basis for the data processing
The legal basis for the temporary storage of data and log files is point (a) of Article 6(1) GDPR.
Purpose of the data processing
The temporary storage of the IP address by the system is necessary in order to allow delivery of the website to the user's computer. To do so, the user's IP address must remain stored.
The log files are saved to ensure the functionality of our website. In addition, we use the data to optimize our website and to ensure the security of our IT systems. The data is not evaluated for marketing purposes in this context.
Our legitimate interests in data processing pursuant to point (f) of Article 6(1) GDPR also rests in these purposes.
Duration of retention
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, including ensuring the security of our IT systems.
If the data is stored in log files, this is the case after four weeks at the latest. The IP addresses of the users are only stored anonymously in log files, without it being possible to assign the accessing client. To ensure the safety of our IT systems, the IP address of the users is stored in the CMS system without masking. The data is usually automatically deleted after four weeks.
Ability to object and remove data
The collection of data for the provision of the website and the storage of the data in log files absolutely necessary for the secure operation of our website. There is consequently no possibility for the user to object.
Contact via e-mail
Description and scope of the data processing
You can contact us via the e-mail addresses provided. In this case, the user’s personal data submitted with the e-mail will be saved.
In this context, the data is not passed on to third parties. The data will only be used to process the conversation.
Legal basis for the data processing
When the user's consent has been obtained, the legal basis for the processing of the data is point (a) of Article 6(1) GDPR.
The legal basis for the processing of the data that is transmitted in the course of sending an e-mail is point (f) of Article 6(1) GDPR. If the e-mail contact is aimed at entering into a contract, then the additional legal basis for processing is point (b) of Article 6(1) GDPR.
Purpose of the data processing
If you contact us by e-mail, this is also the necessary legitimate interest in the processing of the data.
Duration of retention
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data that was sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it can be deduced from the facts and circumstances that the matter in question has been finally clarified.
Ability to object and remove data
The user has the possibility to revoke his/her consent to the processing of personal data in the future at any time. If the user contacts us by e-mail, the user can object to the retention of his/her personal data at any time. In such a case, the conversation cannot be continued.
If you would like to withdraw your consent to the processing of your personal data by Advanced Aerospace Developments GmbH, you can inform us at any time in writing by letter or by e-mail (danijel.bobovecki@aad-aero.com)!
In this case, all personal data that was saved in the course of contacting us will be de-leted.
Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
Right of access
You can obtain a confirmation from the controller whether personal data concerning you is being processed.
If such processing is available, you can request the following information from the controller:The purposes for which the personal data is being processed.
The categories of personal data that is processed.
The recipients or the categories of recipients to whom your personal data has been or will be disclosed.
The planned duration of the storage of your personal data or, if specific information on this is not possible, the criteria for determining the storage duration.
The existence of the right to request rectification or erasure of your personal data, the existence of the right to restrict the processing of personal data by the controller, or the existence of a right to object to such processing.
The existence of a right to lodge a complaint with a supervisory authority.
All available information about the origin of the data if the personal data is not collected from the data subject.
The existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and - at least in those cases - meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether your personal data is being transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate safeguards in accordance with Article 46 GDPR relating to the transmission.
Right to rectification
You have a right to rectification and/or completion by the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the rectification without undue delay.
Right to restriction of processing
You can request the restriction of processing of your personal data under the following conditions:
If you contest the accuracy of your personal data for a period of time enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and you refuse the erasure of the personal data and instead request the restriction of the use of the personal data.
The controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise or defense of legal claims.
If you have objected to the processing in accordance to Article 21(1) GDPR and it has not yet been verified whether the legitimate reasons of the controller override your legitimate reasons.
If the processing of your personal data has been restricted, this data – apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
If the processing was restricted according to the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
Right to erasure
Obligation to erasure
Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing is based in accordance with point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and where there is no other legal basis for the processing.
You object to the processing according to Article 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing according to Article 21(2) GDPR.
Your personal data has been processed unlawfully.
Your personal data has to be erased for compliance with a legal obligation in European Union or Member State law to which the controller is subject.
Your personal data has been collected in relation to the offer of information society services in accordance to Article 8(1) GDPR.
Information to third parties
If the controller has made your personal data public and is obliged according to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copies or replications of this personal data.
Exceptions
The right to erasure does not exist to the extent if processing is necessary
for exercising the right of freedom of expression and information.
for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
for reasons of public interest in the area of public health pursuant to point (h) and (i) of Article 9(2) GDPR as well as Article 9(3) GDPR.
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing.
for the establishment, exercise or defense of legal claims.
Right to be informed
If you have exercised the right to rectification, erasure or restriction of processing against the controller, the controller is obligated to report this rectification or erasure of the data or the restriction of processing to all recipients to whom your personal data was disclosed, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed by the controller about these recipients.
Right to data portability
You have the right to receive your personal data which you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance by the controller to which the personal data has been provided, where
the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (a) of Article 6(1) GDPR; and
the processing is carried out using automated processes.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. This may not adversely affect the freedoms and rights of others.
The right to data portability does not apply to a processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.
The controller will no longer process your personal data, unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Right to withdraw the data protection declaration of consent
You have the right to withdraw your data protection declaration of consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This does not apply if the decisionis necessary for entering into, or performance of, a contract between you and the data controller.
is authorized by European Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and as well as your legitimate interests.
is based on your explicit consent.
However, these decisions may not be based on special categories of personal data according to Article 9(1) of the GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases mentioned in (1.) and (3.), the data controller will implement suitable measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work or the location of the alleged violation, if you consider that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.