Data Protection Policy
Data Protection Policy for Users of ALS Customs Services website.
Introduction
At ALS Customs Services, we are committed to protecting the privacy and personal information of our website users. This Data Protection Policy outlines the use of Google Analytics, Cookies, Google Ads, and Google Search Console and describes the type of information they collect when you visit our website.
Please read this policy to carefully understand how your data is handled.
I. Name and address of the responsible person
The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
ALS Customs Services GmbH
Hafenstrasse 20
79576 Weil am Rhein
Germany
Phone: +49 (0)7621 7906-0
E-Mail: info@als-cs.com
Website: www.als-cs.com
II. Name and address of the data protection officer
The data protection officer of the data controller is:
Tomislav Varvodic
At Hülsenfeld 25
40721 Hilden
Germany
E-mail: datenschutz@als-cs.com
Website: www.als-cs.com
In order to carefully protect your privacy and to ensure comprehensive confidentiality in the handling of your data, we would like to provide you with some notes and information below:
Anonymous data collection
In principle, you can use our websites without informing us who you are. We only learn about technical data like the name of your Internet service provider, the website from which you are coming and the websites that you are visiting within our domain. This information is evaluated with the date and time details for internal statistical purposes that are related to advertising and website analysis and it also enables us to design our websites to meet requirements. You remain completely anonymous as the user in this process. We do not draw up any user profiles with pseudonyms.
Data protection declaration by ALS Customs Services GmbH
We would like to provide you with the following facts and information about the care that we take to protect your private sphere and our extensive degree of confidentiality when handling your data:
Customer data
As soon as you become a customer of ALS Customs Services GmbH, we store your data in line with the legal stipulations in the German Federal Data Protection Act, the German Commercial Code and the German Revenue Code. We also use your data in this case within the constraints set by German legislation to send you advertising on other products. Of course, you may cancel any such promotional use of your customer data by phone, mail or letter at any time.
Using cookies
We use cookies in order to improve the quality of the structure and content of our web material and to enable users to find their way around easily and as smoothly as possible. We use so-called session cookies that are restricted to the period of your visit. They help us to establish which materials were viewed from your PC as you continue to surf and also help increase your security while surfing. If you leave our website or do not click on it for some time, these transient cookies are deleted again.
Cookies cannot cause any damage to your PC. They do not pose any security risks similar to a virus or spyware. You can determine how your computer handles cookies yourself. Please use the “Help” function on your browser to allow, reject, view and delete them.
Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files, which are stored on your computer and enable you to analyse the use of the website. The information generated by the cookie about your use of this website is normally transferred to a Google server in the USA and stored there. If IP anonymization has been activated on this website, your IP address will first, however, be abbreviated by Google within the member states of the European Union or in other countries that are signatories to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA in exceptional cases and then abbreviated there. Google will use this information on behalf of the operator of this website to analyse your use of the website in order to compile reports about website activities and provide other services associated with the use of the website and the Internet for the website operator. The IP address communicated by your browser for the purposes of Google Analytics is not combined with any other data held by Google. You can prevent the storage of cookies by adopting the relevant setting on your browser software; however, we would point out that you may not be able to use all the functions on this website if you do so. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) being sent to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
Google Ads
Google Ads is an online advertising platform provided by Google that allows ALS to display targeted advertisements to our website visitors. When you visit our website, Google Ads may collect certain information for the purpose of serving relevant ads. This information may include:
- IP address
- Browser type and version
- Device type
- Operating system
- Referring website
- Pages visited on our website
The information collected by Google Ads is used to tailor advertisements to your interests and to measure the effectiveness of our advertising campaigns. This data is collected through the use of cookies and similar technologies.
For more information about how Google Ads collects and uses data, please refer to the Google Privacy Policy at: https://policies.google.com/privacy?hl=en
Google Search Console
Google Search Console is a web service provided by Google that enables us to monitor and optimise the performance of our website in Google search results. Whem you visit our website, Google Search Console may collect certain information for analysis and reporting purposes.
This information may include:
- Search queries that lead users to our website
- Pages on our website that appear in search results
- Clicks on our website's search results
- Website performance metrics (e.g., loading speed, crawl errors)
The information collected by Google Search Console helps us improve the visibility and accessibility of our website in search engines. It is collected through the use of cookies and similar technologies. For more information about how Google Search Console collects and uses data, please refer to the Google Privacy Policy at: https://policies.google.com/privacy?hl=en
Google Tag Manager
Our website uses functions of "Google Tag Manager," provided by Google Inc. For the European region, responsibility for all Google services lies with Google Ireland Limited, located at Gordon House, Barrow Street Dublin 4, Ireland. Google Tag Manager is an organizational tool that enables us to centrally integrate and manage website tags via a user interface. We have entered into an agreement for order processing with Google. Google Tag Manager is a supplementary service that processes personal data only for technically necessary purposes. It does not store any data itself but facilitates the loading of other components that may collect data. Google Tag Manager does not access this data directly.
It's important to note that under American laws, including provisions for intelligence agencies, American authorities could potentially access personal data. For more details about Google Tag Manager, please refer to Google's Privacy Policy: Google Privacy Policy.
This data processing is necessary for the legitimate interests pursued by the controller (Art. 6 (1) lit. f GDPR), which includes managing and optimizing website performance.
If you have any concerns or inquiries regarding data processing through Google Tag Manager, please contact Google directly.
Our website utilises features of the LinkedIn network to enhance your experience. The service provider for these features is LinkedIn Ireland Unlimited Company, located at Wilton Plaza, Wilton Place, Dublin 2, Ireland (referred to as "LinkedIn" hereafter). We share joint responsibility for data processing with LinkedIn. Details of this agreement under Art. 26 of the General Data Protection Regulation (GDPR) can be found here: LinkedIn's Joint Controller Addendum. For inquiries regarding LinkedIn's data protection practices, you may contact their Data Protection Officer through this link: LinkedIn Data Protection Officer. Details of our Data Protection Officer can be found in section II of this privacy policy.
When you visit our website, even without a LinkedIn account, personal data is processed and stored on the LinkedIn platform. This may include your IP address, browser type, operating system, previously accessed websites, location, mobile service provider, device information, search terms, and cookie data. LinkedIn may also transfer data to third countries, primarily the USA. This data transfer is secured by standard contractual clauses issued by the EU Commission.
1. LinkedIn Company Profile
We maintain a LinkedIn company profile, accessible to all internet users, whether or not they have a LinkedIn account. If you are logged into LinkedIn, your activity may be associated with your account. Regardless, LinkedIn processes your data. We want to clarify that as the page provider, we do not have access to the content of transmitted data or its usage by LinkedIn. Any data you publicly share or comment on within our LinkedIn profile may be viewed globally by other visitors, registered or not.
On our LinkedIn company profile, you can interact by reacting to posts, commenting, posting on our page, or sending private messages. Any data you provide in these interactions will be processed by us. We process your personal data based on our legitimate interest in responding to your requests (Art. 6 (1) lit. f GDPR) and, if applicable, to fulfill a contract (Art. 6 (1) lit. b GDPR).
We typically receive the following data:
- User profile information
- Information provided in messages or comments
- Details of your interactions with our posts
- Type and manner of interaction
Data will be deleted when it's no longer necessary for the purpose it was collected for and when no legal retention obligations exist. For personal data from messages, this occurs when the respective conversation ends.
2. LinkedIn Insight Tag
We utilise the LinkedIn Insight Tag, a JavaScript code snippet on our website, to collect data on visits. This includes URL, referrer URL, IP address, device/browser properties, timestamps, and page views. LinkedIn provides us with aggregated page insights, which do not reveal individual identities. We may receive information such as industry, job title, company size, career level, and location of website visitors.
This data processing is conducted jointly by LinkedIn and us as controllers under GDPR. The purpose is to evaluate and analyse actions on our LinkedIn profile for improvement purposes. Processing is based on consent (Art. 6 (1) lit. a GDPR).
Data is encrypted, anonymized within 7 days, and anonymized data is deleted within 90 days.
3. Opt-Out and Data Subject Rights
LinkedIn members can manage their personal data usage for advertising in their account settings. If you're a LinkedIn member and wish to avoid data collection via our website, you can log out of LinkedIn before visiting. Additionally, you can independently deactivate cookies, regardless of LinkedIn membership, here.
In the context of joint responsibility with LinkedIn, you can exercise your data subject rights (Art. 15, 16, 17, 18, 20, 21 GDPR) with both LinkedIn and us. LinkedIn is responsible for fulfilling GDPR obligations related to Insights data, including safeguarding data subject rights. For data protection inquiries, please contact LinkedIn directly.
For further information, refer to LinkedIn's privacy policy: LinkedIn Privacy Policy.
Using Facebook plugins
Our Internet site uses social plugins (“Plugins”) related to the facebook.com social network, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The Plugins are marked by a Facebook logo or the additional phrase, “Facebook social plugin”. If you call up a website on our Internet domain, which contains one of these Plugins, your browser will establish a direct link to the Facebook servers. The content in the Plugin will be sent by Facebook directly to your browser and integrated in the ALS website. By integrating the Plugins, Facebook obtains the information that you have accessed the relevant page on our Internet site. If you are logged on at Facebook, Facebook can assign the visit to your Facebook account. If you interact with the Plugins, for example, by activating the “I like” button or leaving a commentary, the relevant information will be transferred directly to Facebook from your browser and stored there. You can obtain the purpose and scope of the data collection process and the ongoing processing and use of the data by Facebook and your rights and options to make settings to protect your private sphere from Facebook’s data protection guidelines. If you do not wish Facebook to gather any data about you via our Internet site, you must log out of Facebook before visiting our Internet site.
Microsoft Bookings - Making Appointments
Our website utilises Microsoft Bookings, herein referred to as "MS Bookings," to facilitate online appointment scheduling. Provided by Microsoft Corporation ("Miscrosoft"), MS Bookings integrates with Outlook and features a web-based booking calendar, allowing customers to conveniently select their preferred appointment times. As a Microsoft 365 app, all data associated with MS Bookings is stored within the Microsoft 365 platform and Exchange.
When booking an appointment through MS Bookings on our website, users can view available slots and provide necessary information to confirm the appointment. Following confirmation, users receive both a confirmation email and a calendar invitation. Each Bookings calendar operates as a mailbox within Exchange Online, facilitating storage and retrieval of files via Exchange. Virtual appointments booked through MS Bookings are conducted using Microsoft Teams ("MS Teams"), with each appointment generating a unique meeting link sent to attendees, enabling participation via web browser, phone dial-in, or the Teams app.
In the process of booking appointments through MS Bookings, we collect certain personal data from users, including the date and time of the appointment, name, email address, phone number, and optional information such as notes, company, and zip code. This data is processed to confirm appointments and facilitate communication.
When using MS Teams, additional data is processed, including name, email address, optional profile picture, preferred language, and meeting metadata such as date, time, meeting ID, and location. Text entries made in the chat function during online meetings are also processed to display them within the appointment. To enable video display and audio playback, data from the microphone and video camera of the user's device are processed during online appointments. Users have the ability to control their camera and microphone settings within MS Teams.
The legal basis for processing user data is their consent under Art. 6 para. 1 lit. a GDPR, with the option to revoke consent at any time. Users are not obligated to use MS Bookings and can choose alternative contact options for appointment scheduling.
Personal data is deleted once it is no longer necessary for the intended purpose, and retention obligations are fulfilled. If there is no interest in collaboration following an online appointment, personal data is deleted thereafter.
User data for appointment scheduling is transferred to Microsoft, primarily hosted in Germany. During processing by Microsoft, data may be transferred to the USA. To safeguard data transfer, standard contractual clauses are employed to ensure GDPR-equivalent security levels.
Further details regarding data handling can be found in the privacy policy.
Microsoft Clarity
This website employs the features of the "Microsoft Clarity" service, provided by Microsoft Corporation, located at One Microsoft Way, Redmond, WA 98052-6399, USA (referred to as "Microsoft" hereafter). MS Clarity is a tool designed for analysing user behavior on this site. Specifically, it records mouse movements and generates graphical representations, such as heat maps, highlighting the most frequently scrolled-to areas of the website. Additionally, Clarity has the capability to record sessions, enabling the viewing of page usage through videos. General user behavior information within our website is also obtained. The recorded data is retained for a period of up to 30 days.
Upon accessing our website through a Microsoft advertising advert, Microsoft places a cookie on your computer. The following data is collected and processed as part of MS Clarity usage:
- IP address
- Location
- Browser information
- Screen resolution
- Language settings
- Visited website/subpages
- Date/time of website access
- Clicks, scrolls, mouse movements
The utilisation of MS Clarity relies on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. You have the option to withdraw your consent at any time by adjusting your preferences in the "Cookie preferences" section.
It is important to note that Microsoft may transfer personal data to the USA. The European Commission approved its adequacy decision for the USA on July 10, 2023. Microsoft Corporation holds certification under the EU-US Privacy Framework, confirming adherence to necessary data protection regulations and practices. Microsoft employs the collected data to enhance its advertising and other services, with the possibility of linking the data to your Microsoft account if applicable. Microsoft may also recognize and store your IP address. Data transfer to the USA as part of MS Clarity processing is secured through standard contractual clauses.
To learn more about how Microsoft handles and utilizes your data, please refer to the Microsoft Privacy Statement.
The Rights of the Data Subject
1. Right of access
You can request confirmation from us as to whether personal data concerning you is being processed by us. If such processing has taken place, you can request information from us about the following:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data that are being processed;
(3) the recipients or the categories of recipients to whom the personal data related to you has been disclosed or is still being disclosed;
(4) the planned time span for storing the personal data related to you or, if specific details on this are not possible, the criteria for determining the time span for storage;
(5) the existence of any right to correct or delete the personal data related to you, a right to restrict the processing of the data by the controller or a right to object to this processing of data;
(6) the existence of a right to make a complaint to a supervisory authority;
(7) all the information that is available about the origin of the data, if the personal data is not being gathered from the person involved;
You can receive a free copy of your data from us. If you are interested in further copies, we reserve the right to charge you for the additional copies.
2. Right to rectification
You have the right to have the controller correct and/or complete any data, if the personal data that is being processed and concerns you is incorrect or incomplete. The controller must make the correction immediately.
3. Right to restriction of processing
You may demand restrictions on the processing of the personal data related to you in the following situations:
(1) if you dispute the correctness of the personal data related to you for a period that enables the controller to check the correctness of the personal data;
(2) if the processing of the data is illegal and you reject any deletion of your personal data and demand that restrictions are placed on the use of your personal data instead;
(3) if the controller no longer requires the personal data for the purposes of processing it, but you require it to assert, exercise or defend legal claims; or
(4) if you have lodged an objection to the processing according to Article 21 Para. 1 of the GDPR and it is not yet clear whether the legitimate reasons presented by the controller override your reasons.
4. Right to erasure
You may demand from the controller that the personal data related to you is deleted immediately and the controller shall be obliged to delete this data immediately if one of the following reasons applies:
(1) the personal data related to you is no longer required for the purposes for which it was gathered or processed in some other way;
(2) you withdraw your consent, on which the processing of the data was based according to Article 6 Para. 1 a) or Article 9 Para. 2 a) of the GDPR, and there is no other legal basis for processing the data;
(3) you lodge an objection against any processing of the data according to Article 21 Para. 1 of the GDPR and there are no overriding legitimate reasons for the processing of the data or you lodge an objection to the processing of the data according to Article 21 Para. 2 of the GDPR;
(4) the personal data related to you has been processed illegally;
(5) the deletion of the personal data related to you is necessary to fulfil a legal obligation according to the laws of the Union or the law of the member states, to which the controller is subject;
(6) the personal data related to you was gathered in relation to information society services according to Article 8 Para. 1 of the GDPR.
a) Exceptions
There is no right to have the data deleted if the processing of the data is required:
(1) to exercise the right of free expression and information;
(2) to meet a legal obligation, which requires the processing of the data according to the laws of the Union or the member states, to which the controller is subject, or to perform a task that is of public interest or takes place in connection with exercising any state authority that has been transferred to the controller;
(3) for reasons of public interest in the field of public health according to Article 9 Para. 2 h) and i) as well as Article 9 Para. 3 of the GDPR;
(4) for archiving purposes that are in the public interest, scientific or historical research purposes or for statistical purposes according to Article 89 Para. 1 of the GDPR, if the right cited in paragraph a) will probably make the achievement of the goals of this processing of data impossible or will serious impair it; or
(5) to assert, exercise or defend legal claims.
5. Right to data portability
You have the right to receive the personal data related to you, which you have made available to the controller, in a structured, conventional and machine-readable format. You also have the right to transfer this data to a different controller without any obstruction by the first controller, to which the personal data was made available, if
(1) the processing of the data is based on consent in line with Article 6 Para. 1 a) of the GDPR or Article 9 Para. 2 a) of the GDPR or on a contract according to Article 6 Para. 1 b) of the GDPR and
(2) the processing of the data takes place using automated procedures.
When exercising this right, you also have the right to ensure that the personal data related to you is directly transferred from one controller to a different controller, if this is technically feasible. The freedoms and rights of other persons may not be impaired by this process.
The right to data portability shall not apply to any processing of personal data that is necessary to perform a task that is in the public interest or takes place in connection with exercising any state authority that has been transferred to the controller.
6. The right to object
You have the right to lodge an objection at any time to the processing of the personal data related to you, if this takes place according to Article 6 Para. 1 e) or f) of the GDPR, for reasons arising from your particular situation; this shall also apply to any profiling supported by these stipulations. In this case we will no longer process your data. The latter does not apply if we can prove that there are compelling reasons for processing worthy of protection which outweigh your interests or if we need your data to assert, exercise or defend legal claims.
If the personal data related to you is processed to provide direct marketing, you have the right to lodge an objection to the processing of the personal data related to you for the purpose of this kind of advertising at any time; this shall also apply to profiling, if it is connected to this kind of direct marketing. If you object to the processing of the data for the purposes of direct marketing, the personal data related to you will no longer be processed for these purposes.
7. The right to cancel the declaration of consent under data protection law
You have the right to cancel your declaration of consent provided under data protection law at any time. By cancelling your consent, the legitimacy of the processing of the data that was performed on the basis of your consent until your cancellation shall not be affected.
8. The right to lodge a complaint to a supervisory authority
Regardless of any different administrative law or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your place of residence, your place of work or the place of the alleged breach, if you believe that the processing of the personal data related to you breaches the GDPR.