General overview

At ATRiCS Advanced Traffic Solutions GmbH (“ATRiCS” or “We” in the following) we are taking the protection of your personal data seriously. And as many German companies in our field we have been doing this for quite some time. Our following privacy policy therefore describes how we deal with the personal data we receive and store. To start with, the most important facts in a nutshell:

• We do not collect, store or process any personal data except for data in direct connection with the business purpose of ATRiCS.
• The personal data we store comprises by maximum: name, email address, telephone numbers and business address. We do not collect, process or store any other or special categories of personal data.
• Our main sources of personal data are
• business cards with contact details given to us by the business card holder at meetings or events
• contact details provided by partners and clients for fulfilling our contractual duties
• personal data sent to us in applications for job vacancies at ATRiCS
• data you provide us when visiting our website and using our contact form.
• We minimize the personal data we work with.
• All personal data we store is deleted when the business purpose ceases to exist
• You have at any time the right to ask us if and if yes which of your personal data we store and we will provide you with the data.

Notice concerning the party responsible

The party responsible for data protection at ATRiCS as well as for processing data on the ATRiCS websites is:

ATRiCS Advanced Traffic Solutions GmbH
Am Flughafen 7
79108 Freiburg im Breisgau
Germany

Phone: +49 761 59 18 680
Email: info@atrics.com
Website: www.atrics.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.)

Data protection officer

Our data protection officer is:

Data protection officer (“Datenschutzbeauftragter”)
ATRiCS Advanced Traffic Solutions GmbH, Am Flughafen 7, 79108 Freiburg im Breisgau, Germany, Email: dataprotection@atrics.com

1) General information on data collection and processing

Description and scope of data processing

We collect and use personal data, no matter if it is provided to us in face-to-face meetings, on paper, by email, phone, other media or through our website only as far as this is necessary to provide our general business services or the functioning of our website.

The collection and use of personal data is based on the consent by the providing party and a legitimate interest based on business relationship.

Legal basis of the processing of personal data

Insofar as we collect the consent of the individuals concerned for the processing of personal data, Art. 6 § 1 lit. a GDPR  (“GDPR for “General Data Protection Regulation”, German: EU-Datenschutzgrundverordnung / “DSGVO” , “GDPR” in the following) forms the legal basis.

When we process personal data for the purpose of contract fulfillment Art. 6 § 1 lit. b GDPR forms the legal basis for our action. This applies also for data processing necessary to carry out and implement pre-contractual steps, efforts, means and actions.

If processing personal data is necessary for the fulfillment of a legal obligation of our company Art. 6 § 1 lit. c GDPR is the legal basis for our action.

Should life critical interests of a person concerned or of another natural person necessitate the processing of personal data, this is done legally based on Art. 6 § 1 lit. d GDPR.

Art. 6 § 1 lit. f GDPR forms the legal basis for data processing in the case where the data processing should be necessary for the protection or preservation of a legitimate interest of our company or of a third party and should the interests, basic rights and fundamental freedoms of the individual concerned not outweigh the first mentioned interest.

Deleting data and data storage period

We delete or block all personal related data as soon as the purpose of the storage ceases to exist. A storage can be continued legally if this has been laid down by the national or European legislator in Union rules, regulations or other legislation. We also delete or block data when a storage period required by the aforementioned rules or regulations expires except in those cases where the data storage is necessary for the conclusion of an agreement or the fulfillment of our contractual duties.

2) Website and Log files

Description and scope of data processing

Whenever you visit our website,the system automatically records data and information from the calling system.

The following data is collected in this case:

• information on the browser and the version in use
• operating system of the user
• the user‘s internet service provider
• the user‘s IP address
• date and time of the call

This data is stored in the log files of our system without any other personal data of the user.

Legal basis of the data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 § 1 lit.f GDPR.

Purpose of data processing

The temporary storage of the IP address by the system is necessary, to provide the website to the visitor’s computer. To this end, the IP address has to be stored for the duration of the session. The storage in log files allows for providing a functioning website. The data is also used to optimize the website and to guarantee the security of our IT systems. There is no analysis of the data for marketing purposes or alike. The provision of a functioning website to our visitors is a legitimate interest of our company for data processing in accordance with Art. 6 § 1 lit. f GDPR.

Data storage period

The data is deleted as soon as it is no longer necessary for obtaining the purpose of its collection. In the case of the provision of a functioning website to the visitor’s computer, the purpose ceases to exist with the end of the respective session. When storing IP addresses in the log files these are stored for a maximum of three months. Should log files be stored longer for a legitimate reason, IP addresses of the users are deleted or modified so that an attribution to the calling client is no longer possible.

Possibility to object and delete

The collection of the data to the end of providing a website and the storage of the data in log files is vital for operating the website. There is thus no possibility for the user to object.

3) Usage of Cookies

Description and scope of data processing

We use cookies on our website. Cookies are text data generated by the website that are stored in or by the internet browser on the user’s computer system. When a visitor or user visits a website, a cookie can be saved on the user’s computer. This cookie contains a distinct string of characters that allows for an unambiguous identification of the browser on a recurring visit.

We use cookies to make our website more user friendly. Some elements of our web page require that the calling user can be identified also after he has left the page.

Our website uses only cookies that are technically necessary, we use no other type of cookies.

Legal basis of the data processing

The legal basis for the processing of personal data through the use of cookies is Art. 6 § 1 lit. f GDPR.

Purpose of data processing

Cookies make the use of our website easier for our visitors. Some functions of the site cannot be provided without the use of cookies. The personal data collected by technically necessary cookies is not used for setting up user profiles or alike.

Therefore this purpose represents a legitimate interest of our company for data processing of the scope described in accordance with Art. 6 § 1 lit. f GDPR.

Data storage period, Possibility to object and delete

Cookies are saved on the computer of the user and are transmitted from there to our website. Therefore you have full control on the use of cookies. You can deactivate or limit the transmission of cookies by changing the settings of your browser accordingly. Cookies that have already been activated can be deleted by you at any time. This can be done automatically. If you deactivate cookies for our website, possibly not all functions of the website can be provided.

4) Social Media

Description and scope of data processing

The content in the news section on our web page can be shared on social networks such as Facebook, Twitter, Linkedin and Xing. By sharing content, personal data is transferred to the respective company providing the social network. If users are logged into one or more of the social networks, the Like and Share buttons for Facebook, Twitter, etc. will display an information window in which the user can edit the text before it is sent.

Facebook plugins (Like & Share buttons)

Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/.

When you visit our site and share one of our news post via Facebook, a direct connection between your browser and the Facebook server is established via the plugin. This enables Facebook to receive information that you have visited our site from your IP address. If you click on the Facebook “Like button” while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data. For more information, please see Facebook’s privacy policy at https://de-de.facebook.com/policy.php.

If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.

Twitter plugin

Functions of the Twitter service have been integrated into our website and app. These features are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use Twitter and the “Retweet” function, the websites you visit are connected to your Twitter account and made known to other users. In doing so, data will also be transferred to Twitter. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by Twitter. For more information on Twitter’s privacy policy, please go to https://twitter.com/privacy.

Your privacy preferences with Twitter can be modified in your account settings at https://twitter.com/account/settings.

LinkedIn plugin

Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Each time you access the news page and share a news post via Linkedin, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is informed that you have visited our web pages from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn.

More information can be found in the LinkedIn privacy policy at https://www.linkedin.com/legal/privacy-policy.

XING Plugin

Our website uses features provided by the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Each time you access our news page containing XING features, your browser establishes a direct connection to the XING servers. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored nor is usage behavior evaluated.

For more information about data protection and the XING Share button, please see the XING privacy policy at https://www.xing.com/app/share?op=data_protection.

Legal basis of the data processing

The legal basis for the processing of the data after consent of the user is Art. 6 § 1 lit. a GDPR.

5) Analytics

Google Analytics

Our website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies” as described above. These are text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.

For more information about how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

6) Further plugins and tools

Vimeo

Our website uses features provided by the Vimeo video portal. This service is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored.

If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.

For more information on how to handle user data, please refer to the Vimeo Privacy Policy at https://vimeo.com/privacy.

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

When you call up a page of our website that contains a social plugin, your browser makes a direct connection with Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

The uniform representation of our website is a legitimate interest of ATRiCS.

7) Newsletter

Description and scope of data processing

ATRiCS does not have a regular newsletter nor a registration for a newsletter on our website. From time to time, however we do have news that we like to send out to an audience of our customers, partners, media and others interested in hearing about ATRiCS.

We send our newsletter to you only when you have given us your business card contacts during meetings or events in the past. We store this data in our internal data base and regularly delete data that is not longer necessary to fulfill our contractual duties or where the need for business contact has otherwise expired. You can at any time inform us if you want us to delete your contact details or if you would like to know the contact details we have of you in our data base.

Our company uses Rapidmail to send the newsletters. This service is provided by rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg, Germany. Rapidmail is a service which organizes and analyzes the distribution of newsletters. Email addresses you have provided us will be used to send a newsletter to you and therefore be stored  on Rapidmail servers in Germany.

If you agree to receiving a newsletter but do not want your usage of the newsletter to be analyzed by Rapidmail, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter any time by sending us a short email.

For analysis purposes, emails sent with Rapidmail contain a tracking pixel which connects to Rapidmail servers when the email is opened. This allows us to determine if a newsletter message has been opened. It also helps us to determine which links have been clicked on. All links in the email are tracking links that allow us to count your clicks.

Legal basis of the data processing

Data processing is based on Art. 6 § 1 lit. A GDPR. You may revoke your consent at any time. The data processed before we receive your request may still be legally processed.

Purpose of data collection

We store your email address and provide it to Rapidmail to send you the newsletter.

Data storage period

The data provided will be used to distribute the newsletter. If you cancel your subsription to the newsletter or inform us directly, your email address will be deleted from our newsletter distribution list. For more information see the privacy policy of Rapidmail at

https://www.rapidmail.com/data-security

Possibilities to object and delete

As stated before, you can at any time unsubscribe to the newsletter by using a link in each newsletter.

8) Contact form and email contact

Description and scope of data processing

In the contact section of our website you find a contact form that you can use to get in touch with ATRiCS. If you use this form the following data is sent to ATRiCS by email

• Name
• Email address
• Subject (if you fill this in)
• Message

The data is not stored but only forwarded to us by email. For the processing of the data you will be asked for your consent before sending the message. When asking for your consent we point also to our privacy policy statement available on our website.

You can also contact us at the given email address directly. In this case the data that you provide with your email will be stored. In the context of using our email address or the contact form no personal data is given to any third party. The data is exclusively stored to process the contact with you.

Legal basis of the data processing

The legal basis for the data processing with the consent of the user is Art. 6 § 1 lit. a GDPR. The legal basis for the processing of data when the data is provided through an email to ATRiCS is Art. 6 § 1 lit. f GDPR.

Purpose of the data processing

In this case the data is processed exclusively to get in touch with you after you have contacted ATRiCS. If you contact us by using the contact form this is considered the required proof of interest to allow for the processing of the data. (Any other personal data stored when sending the form is processed to prevent misuse of the contact form and to ensure the security of our IT-systems.)

Data storage period

The data is deleted when it is no longer required for the contact purpose. For the data given through the contact form or transmitted by email this is the case when the conversation with the user is ended. The conversation is considered as ended when circumstances make it obvious that the concerned matter is finished.

Possibilities to object and delete

At any time you as a user have the possibility to recall your consent to the processing of your personal data. You can contact us to no longer store your data. In this case we will not be able to get in touch with you after that moment. All personal data transferred to us when contacting us will then be deleted.

9) Your rights with regard to any of your personal data

We would like to underline that you have the following rights with regards to you personal data basically at all times based on the GDPR, also to the part of the personal data that we at ATRiCS might store. We consider these rights as self evident seen the importance of data protection that has been strengthened now with the GDPR:

Right on information

You can ask us if we are processing any of your personal data. You can request information from ATRiCS on the purpose, categories, recipients, storage period and origin on or of the data processed.

Right on corrections

You have the right to have the personal data we have from you to be corrected or complete without delay.

Right to limitation of the data

You can also request that the processing of your personal data is limited, for example if you do not want your data to be deleted for reasons of further proof but want to limit its processing meanwhile. After limitation of your data this data may apart from its storage only be processed with your consent. When the limitation has been implemented you will be informed by the responsible party in advance should the limitation be changed.

Right on deletion

You can request from ATRiCS at any time to delete your personal data immediately and we are obliged to delete the data immediately when the purpose to collect or to process your data has ceased, when you recall your consent, when you object to the processing based on Art. 21 § 1 GDPR and there are no superseding legitimate interests for the data processing or you object to the processing based on . Art. 21 § 2 GDPR

Should the responsible party have made personal data public and be obliged to delete this data according to Art. 17 § 1 GDPR, the responsible party has to take appropriate measures and efforts to inform third parties that you have requested the deletion of your data or links to this data.

The right to have data deleted is not imperative if the processing of the data happens in exercise of the right of freedom of expression and information, to fulfill contractual duties necessitating the processing of the data in the public interest or for reasons of public interest in the area of public health Art. 9 § 2 lit. h and i as well as Art. 9 § 3 GDPR; and to meet other purposes in the public interest or for juridical purposes.

Right on information

After you have used your right on data correction, deletion or limitation the responsible party is obliged to inform all recipients who have received your data about the correction or deletion of the data except for circumstances in which this is impossible. You have the right to be informed about the recipients.

Right on transfer of data

You have the right to obtain your data from ATRiCS in a structured, usual machine readable format and also to have the responsible party transfer your data to a third party if you have given your consent to the processing and the processing is based on automated procedures and the transfer is technically feasible. This right does not apply for data that is processed in the exercise of a tasks in the public interest.

Right to object

You have the right to object at any time to the processing of your personal data. We will then no longer process your data except if he can prove important reasons for this.

Right to recall a given consent

You can at any time recall a consent to the processing of your personal data. The processing before the recall stays legitimate but the processing has no longer a legal basis after the recall.

Right on complaint

You have the right to file a complaint at a regulatory authority according to Art 77 DSGVO in your country of residence, of employment or in the country of the assumed data protection violation when you are of the opinion that the processing of data is in conflict with GDPR. The authority will then inform you on the status and the results of the complaint. The relevant authority in charge for ATRiCS is: Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg  https://www.baden-wuerttemberg.datenschutz.de/.