We take the protection and security of your personal data very seriously.

Privacy Policy for this Website

In this privacy policy, we – the corporate group of the brand ALVARA, would like to inform you – as a visitor to our website (www.alvara.eu), about the processing of your personal data within the framework of joint responsibility within the corporate group.

1. Name and Contact Details of the Controllers

Within the corporate group, your personal data is processed by the following controllers:

If you have any questions or comments regarding the processing of your personal data, the data protection officer of ALVARA Holding GmbH is available to you as a central contact point.

ALVARA Holding GmbH
Data Protection Officer
Querstraße 18
04103 Leipzig
Germany
E-Mail: datenschutz@alvara.eu

However, you are free to contact any data protection officer or point of contact within the corporate group.

2. Purpose and Nature of the Processing of Your Personal Data

We process your personal data at the following times and for the following purposes.

2.1 Statistical Evaluations and Website Protection

When visiting our website www.alvara.eu, server log files are automatically written.

Recorded are:

• Time of access
• Type of access
• Device-ID or unique ID
• Device type
• Computer and connection information
• Response time
• Browser type (including version)
• Website from which the access was made (Ref-URL)
• IP address

and other usual weblog information

Your personal data is processed for the following purposes:

• Statistical evaluations
• Optimization of operation and security
• Identification of unlawful use and attacks on our website to ensure data security, among other things

The processing of your personal data is based on Article 6 (1) sentence 1 f GDPR. As a website operator, we have a legitimate interest in ensuring the security and availability of the website.

The server log files are processed separately and without any relation to other personal data provided on our website. Under no circumstances will the data be used to infer information about the individual.

2.2 Analysis Tools for the Use of Our Website

Our website uses Google Analytics, a web analytics service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies that are stored on your computer and allow an analysis of your use of our website. The information generated by the cookie about your use of our website is generally transmitted to a Google server in the USA and stored there. Google reserves the right to use personal data for its own purposes (e.g., profiling or cross-platform tracking).

Your data is processed based on your consent in accordance with Article 6 (1) sentence 1 lit. a in conjunction with Article 49 (1) sentence 1 lit. a GDPR. Data processed in the USA is subject to greater risks. Google's compliance with national laws obliges it to publicize your personal data to U.S. authorities. Furthermore, U.S. laws do not grant you any rights in terms of data protection to take legal action against U.S. authorities.

Information about which cookies Google Analytics sets can be found under Point 6 Cookies.

2.3 Contact Form/Newsletter Subscription

If you contact us, for example, via the contact form provided on our website, or sign up for our newsletter, you are considered an interested party.

For further information on the processing of your personal data as an interested party of the corporate group, please refer to our Privacy Policy for Business Partners and Interested Parties.

2.4 Careers Page / Applications

We use the Empfehlungsbund job ad widget from pludoni GmbH to display our company's job advertisements on certain areas of our online presence (career website). When visiting our career website, a single secure connection via HTTPS to https://bms.empfehlungsbund.de is established. This connection is necessary for displaying our job advertisements. Log files containing access data (name of the accessed website, file, date, and time of access, amount of data transferred, message about successful retrieval, browser type including version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider) are created. Log files are processed for troubleshooting and security reasons (e.g., to clarify abuse or fraudulent activities) and stored for a maximum of 3 months before being deleted. Data that must be retained for evidence is exempt from deletion until the respective incident has been fully clarified. The legal basis for data processing according to the GDPR is Article 6 (1) b or Article 28 (order processing). pludoni GmbH, as the processor, processes all data collected on our behalf. Detailed information on the processing of your data in connection with the Empfehlungsbund job ad widget can be found in the separate Privacy Policy of pludoni GmbH.

For more information on how your personal data is processed in the context of a job application, please refer to our Privacy Policy for Applications.

3. Joint Responsibility

Within the framework of joint responsibility, the corporate group has concluded an agreement governing joint responsibility. The essential information pursuant to Article 26 (2) sentence 2 GDPR can be found here.

4. Disclosure of Your Personal Data to Third Parties

We only transfer your personal data to third parties if:

• You have given us your express consent to do so pursuant to Article 6 (1) sentence 1 lit. a GDPR
• The disclosure is necessary under Article 6 (1) sentence 1 lit. f GDPR for the establishment, exercise, or defense of legal claims and there is no reason to suppose that you have an overriding interest worthy of protection in the non-disclosure of your data
• We are legally obliged to disclose it in accordance with Article 6 (1) sentence 1 lit. c GDPR
• The disclosure is permissible by law and required under Article 6 (1) sentence 1 lit. b GDPR for processing a contractual relationship with you.

In all other cases, there is no transfer of your personal data to third parties.

5. Services and Content of Third Parties

Within our website, we may display content from third parties (such as maps from Google Maps, posts on our YouTube channel, information on our Twitter or Xing profile, etc.) or refer to them. When accessing these contents, your IP address is transmitted to the provider (hereinafter "third-party provider"). This is a technical necessity and occurs whenever you visit a page on the internet.

We have no influence on whether the third-party provider stores your IP address.

Furthermore, the third-party provider may receive information from your browser regarding which page of our offering you arrived from. The party responsible for the use of this information is the third-party provider. We cannot influence this.

6. Duration of the Storage of Your Personal Data

Your personal data is routinely deleted according to developed deletion concepts after revocation of your consent, completion of the handling of your request, or expiry of statutory retention periods.

7. Rights of the Individuals Affected

As an affected individual, you have the right:

• In accordance with Article 15 GDPR, to obtain free information from us within the legal framework about whether we process personal data concerning you. If this is the case, you also have the right to request information about the data, its purpose of processing, the recipients (in the case of data transfer), and their origin
• In accordance with Article 16 GDPR, to require the immediate correction of incorrect or incomplete personal data stored by us
• In accordance with Article 17 GDPR, to require the deletion of your personal data stored by us, provided that its processing is not necessary for the exercise of the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims
• In accordance with Article 18 GDPR, to require the restriction of processing of your personal data, provided you contest the accuracy of the personal data or the processing is unlawful, and you oppose deletion, or if we no longer need the personal data, but you need it to establish, exercise, or defend legal claims, or you have objected to its processing under Article 21 GDPR
• In accordance with Article 20 GDPR, to receive your personal data processed by us in a structured, standard, and machine-readable format or to request the transfer of this personal data to another controller
• In accordance with Article 7 (3) GDPR, to revoke your consent at any time. As a result, we can no longer process personal data affected by this consent from the time of revocation
• In accordance with Article 77 GDPR, to lodge a complaint with a supervisory authority

The ALVARA Holding GmbH is available to you as a central point of contact for asserting your rights as an affected individual. However, you are free to contact any company in the corporate group.

Furthermore, the following supervisory authorities are responsible for the companies of the corporate group:

8. Right of Objection

If your personal data is processed based on a legitimate interest pursuant to Article 6 (1) sentence 1 lit. f GDPR or on the basis of a granted consent pursuant to Article 6 (1) sentence 1 lit. a GDPR, you have the right to object to the processing of your personal data for reasons arising from your specific situation as defined in Article 21 GDPR.

You have a general right to object to processing for direct marketing purposes based on Article 6 (1) sentence 1 lit. f GDPR, which is implemented by us without a specific situation on your part.

To exercise your right to object under Article 21 GDPR, it is sufficient, for example, to send an email to our specified contact details.

9. Cookies