Privacy Policy Website & Webshop

This privacy policy informs you about the types of personal data processed, the purposes for which such data is processed on this website by us as the controller within the meaning of Article 4 No. 7 of the EU General Data Protection Regulation (GDPR), and the extent to which this data is made available to third parties.

1. Controller
The entity responsible for processing your personal data on this website is:

ALSO Nederland B.V. (ALSO)
Inundatiedok 18
3739 JJ Nieuwegein
Phone: 085-2226622
Email: info@also.com

2. Data Protection Officer
You can contact our Data Protection Officer via mail at the address above or via email at privacy.nl@also.com.

3. Provision of the website and hosting
Data processed in the context of providing the website may include all information generated during use and communication. This regularly includes the IP address, which is necessary to deliver online content to browsers, and all information entered on our online offering or websites.

We process data for every access to servers (so-called server log files). Server log files may include address and name of accessed websites and files, the date and time of access, the amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, the previously visited page, IP addresses, and the requesting provider. For once, server log files may be used for security purposes e.g. to prevent server overload (particularly in cases of misuse like DDoS attacks), for another, and to ensure server stability and performance.

This data is generally not assigned to specific individuals and is therefore not used for profiling or behavioral analysis. The data is not combined with other data sources. After statistical evaluation and for purposes of detecting possible misuse, the data is deleted within 90 days. Data required for evidentiary purposes is excluded from deletion until the respective incident is resolved.

For the webshop, we use hosting services provided by ALSO International Services GmbH (AIS), Lange Wende 43, 59494 Soest, Germany. We have concluded a Data Processing Agreement with AIS. The services provided by AIS include infrastructure and platform services, computing capacity, storage space, database services, security and technical maintenance services to maintain the operability of this online offering.

The legal basis for processing personal data is Article 6 (1) (f) GDPR, as we have a legitimate interest in preventing attacks and ensuring the secure availability of the website.

4. Disclosure of personal data
Your data is generally only shared with third parties with your explicit consent. Exceptions include transfers to our cooperation partners and service providers required to fulfill our agreements with you and which we have commissioned accordingly. Accordingly, your data will be transferred to such service providers and cooperation partners for the purpose of fulfilling the contract in accordance with Article 6 (1) (b) GDPR or to protect our legitimate interests in accordance with Article 6 (1) (f) GDPR, provided that this is explicitly stated in this privacy policy.

Personal data is otherwise only disclosed to service providers with whom we have previously concluded a Data Processing Agreement according to Article 28 GDPR.

Transfers to authorized state institutions and authorities occur solely within the scope of statutory information obligations or when required by a judicial or official decision. In this case, the transfer of your data is necessary to fulfill a legal obligation under Article 6 (1) (c) GDPR.

5. Contact
When you contact us via email, your details are processed by us to respond to your inquiries. Your details are processed for the purpose of fulfilling the intent behind your submission, such as processing your inquiry, handling any follow-up questions, or contacting you upon your request. The legal basis for processing these personal data is Article 6 (1) (b) GDPR if you provide this data to initiate or already have a contractual relationship with us. Otherwise, the processing is based on Article 6 (1) (f) GDPR, where our legitimate interest is the careful handling of your request.

6. Cookies
This website uses cookies. Cookies are small text files stored on your computer that provide specific information to the party that sets the cookie. They are used to make the internet offering more user-friendly and efficient or to facilitate navigation on our website.

Detailed information about individual cookies can be found in the cookie banner on our website. These details can also be accessed via the “Cookies and Third Parties” link in the footer of the website.

Unless otherwise specified in the cookie banner, the lifespan of cookies is 24 months.

You can manage the use of cookies at any time via our cookie banner. There, you have the option to change your decisions and grant or revoke consent retrospectively. The banner can be accessed in the footer of our website via the “Cookies and Third Parties” link or through this link:

Cookie Setup

7. Registration
Our website offers a registration option. During registration, the user's IP address, as well as the date and time of registration, are stored. This is to prevent misuse of the services. The registration of data is required for the provision of content or services. Registered users can modify or delete their stored data at any time.

When you register on our website, a contract regarding the respective user account is established between you and us. The legal basis for processing your personal data is therefore Article 6 (1) (b) GDPR.

8. Webshop
To use our web shop, it is necessary to create an account. For this, we process the following data: company name, address (street, house number, postal code, city, and country), VAT ID, payment method (SEPA), email address, and contact person (mandatory fields: salutation, first name, last name, position, email, phone number; optional: fax, mobile).

The above data is processed to fulfill orders and deliveries of products, process payments, communicate with customers regarding orders and inquiries. The legal basis for this data processing is Article 6 (1) (b) (performance of a contract) and (c) (fulfillment of a legal obligation, e.g. tax or commercial law) GDPR.

9. Advertising
On our website, you are given the option to subscribe to newsletters on various topics and products via email. For this purpose, we process your email address.

The newsletters are sent using “Adobe Marketo Engage” provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland. We have concluded a Data Processing Agreement with Adobe for this service.

As part of the double opt-in procedure we use, we will send you a confirmation e-mail to the address that you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm within 24 hours, your data related to newsletter delivery will be automatically deleted. If you confirm your wish to receive the newsletter, your email address will be stored until you unsubscribe. We send newsletters only with your consent according to Article 6 (1) (a) GDPR. You can withdraw your consent at any time. A link to unsubscribe is included at the end of each newsletter. If users have only signed up for the newsletter and later unsubscribe, their personal data will be deleted.

We also use your contact details for promotional purposes where no consent is required (e.g. mail advertising, direct marketing for similar products and services within existing customer relationships). The legal basis for this is our legitimate interest (Article 6 (1) (f) GDPR), which lies in customer care and providing information about our products and services.

10. Events
If you register for events, conferences, or similar activities organized by ALSO, your personal data is processed to enable the planning, execution, and billing of these services. ALSO processes your provided personal data (e.g., company, salutation, first and last name, email address) for the purposes mentioned. You will be contacted via email to provide necessary information about your participation and the event's content.

The legal basis for processing your data is Article 6 (1) (b) GDPR, as the processing is necessary for the performance of a contract or to take pre-contractual measures at the request of the person concerned.

We may link to landing pages or invitations hosted on external domains, such as those of event venues. Responsibility for the content and data processing on these websites lies with the respective operators, not ALSO.

We reserve the right to take photos and video recordings for marketing purposes during the event. If this is the case, we will inform you at the beginning of the event. Typically, photos and video recordings depict individuals playing a significant role (e.g., speakers, moderators, etc.) or groups of participants, showcasing the event’s atmosphere. We publish these photos and videos on the ALSO website, on our social media platforms such as LinkedIn, Twitter, Facebook, Instagram and use them to create a photo summary or a video with highlights of the event. If you do not wish to appear in these photos or videos, please notify the photographer.

The legal basis for this processing is our legitimate interest according to Article 6 (1) (f) GDPR. This consists of documenting the event for marketing purposes with photos and film recordings and using these for information and representation purposes. For individual photo or video recordings, we will seek your consent according to Article 6 (1) (a) GDPR, which you may withdraw at any time. For this purpose, you may contact the organizer ALSO, either by mail to the abovementioned address or by e-mail to the address of the Data Protection Officer mentioned there

11. Our social media presence
You can find us online on social networks and platforms. We use these sites to communicate with our active customers, prospective customers and users and to inform them about our services and our company.

If you visit one of our social media sites, we, together with the social media platform provider, are responsible for the data processing that takes place during this visit. You can generally assert your rights (see Section 16 below) both against us and the provider of the respective platform. We would like to point out that, despite our shared responsibility, we do not have full influence over the data processing activities of the social platform and may forward the rights request to the respective provider for better processing of the data subject's request. Our options are generally based on the corporate policy of the respective provider.

In general, user data is processed by the platforms for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. The user profiles can in turn be used to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Data may also be stored in the user profiles independently of the devices used by the users. This occurs in particular if the users are members of the respective platforms and are logged in to them.

You can find information about how we store your data below. We have no influence over the storage period of your data, which is stored by the social media platform provider for its own purposes. For details, please contact the social media network provider directly (e.g. see their privacy policy below).

For a detailed description of the respective processing and the options to withdraw consent, please refer to the following linked information provided by the providers.

- Facebook
(Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) The basis for this is an agreement on the joint processing of personal data: https://www.facebook.com/legal/terms/page_controller_addendum
Privacybeleid: https://www.facebook.com/about/privacy/

- Whatsapp
(Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) The basis is an agreement on joint processing of personal data: https://www.facebook.com/legal/terms/page_controller_addendum
Privacybeleid: https://www.whatsapp.com/legal/privacy-policy-eea

- Google/YouTube
(Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ierland)
Privacy Policy: https://policies.google.com/privacy

- X (Twitter)
(X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, VS)
Privacy Policy: https://policies.google.com/privacy

- LinkedIn
(LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ierland)
Privacy Policy: https://www.linkedin.com/legal/privacy-policy

- XING
(New Work SE, Am Strandkai 1, 20457 Hamburg, Germany)
Privacy Policy: https://privacy.xing.com/en/privacy-policy

Depending on the platform, data processing may occur outside the EU/EEA. Meta, Google and LinkedIn's US-based entities are certified under the EU-U.S. Data Privacy Framework. On the basis of this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the EU-U.S. Data Privacy Framework. Further information about the Data Privacy Framework can be found here: https://www.dataprivacyframework.gov/.

However, the European Commission has not issued a data protection adequacy decision for a large number of other countries outside the European Union/European Economic Area. The possible processing locations can be found via the following links:

- Meta: https://www.facebook.com/privacy/policy?subpage=9.subpage.2-WhereIsInformationTransferred. In this respect, standard contractual clauses exist between the meta companies ( https://www.facebook.com/privacy/policy?subpage=9.subpage.3-HowDoWeSafeguard).

- Google: https://www.google.com/about/datacenters/locations/. In this respect, standard contractual clauses exist between Google companies ( https://cloud.google.com/terms/sccs and under https://policies.google.com/privacy/frameworks?hl=en).

- LinkedIn: https://de.linkedin.com/legal/privacy-policy#share. In this respect, standard contractual clauses exist between the LinkedIn companies. ( https://www.linkedin.com/help/linkedin/answer/a1343190/?trk=microsites-frontend_legal_privacy-policy&lang=en).

- X (Twitter): https://help.x.com/en/rules-and-policies/global-operations-and-data-transfer
X has included standard contractual clauses for data transfers in the data processing agreement.

12. Applicant Data
You can also apply to us, for example, via email. The data you provide will be processed exclusively for the purpose of selecting applicants. The selection process also includes contacting and informing you in writing and/or by telephone during the application process. We aim to evaluate all applicants solely based on their qualifications, regardless of race, ethnicity, gender, religion or belief, disability, age, or sexual identity. Therefore, we kindly ask you to avoid including such information in your application. You can modify your application at any time. To do so, please contact the ALSO Human Resources Department at the address provided above or via email at human-resources-de@also.com .

The legal basis for processing your applicant data is Article 9(2)(b) and Article 88 of the General Data Protection Regulation (GDPR), in combination with the Dutch GDPR Implementation Act (UAVG), specifically Article 24 of the UAVG, as the data is required to establish an employment relationship.

13. Credit Checks
For new customers, a credit check is carried out by Schufa and Creditreform before a customer account is set up and a contract is concluded. As part of this check, certain personal data is transmitted to these service providers and processed by them, and also requested by ALSO. The following data is processed: Crefonummer, identification number, name of company, address (street, house number, postcode, city and country).

ALSO receives updates for 12 months in the event of changes. After that, the monitoring takes effect, i.e. the additional period limited to the duration of the customer relationship. This can be cancelled at Creditreform at the end of each month, and at Schufa after 12 months following purchase. This means that in both cases ALSO stores your data for at least one year. After that, ALSO can have the update stopped at its own discretion, based on the risk assessment described at the beginning.

The processing of this data is necessary to evaluate business risks and ensure appropriate payment options. The legal basis for this data processing is our legitimate interest according to Article 6 (1) (f) GDPR.

14. Data subject rights
You have the right to request information about the personal data we have stored about you. According to legal provisions, you also have the right to rectification of incorrect data, blocking, data portability, and deletion of your personal data. If you have given consent, you have the right to withdraw it at any time. The lawfulness of processing carried out based on the consent before its withdrawal remains unaffected.

You may object to future processing of your personal data based on legitimate interests under legal provisions at any time. This objection may particularly apply to processing for direct marketing purposes.

Please address such requests by mail to the above-mentioned ALSO address or via email to the Data Protection Officer at the address provided there.

You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you violates statutory provisions.

15. Retention period of personal data
Unless specific retention periods have been stated, the following applies: Personal data is stored for the duration of the relevant statutory retention period or as long as the purpose of collection exists. After the retention period expires, the data is routinely deleted unless required for contract initiation or fulfillment. If user data is not deleted because it is necessary for other and legally permissible purposes, processing is restricted as much as possible. This means the data is blocked and not processed for other purposes. For example, this applies to user data retained for commercial or tax law reasons.

16. Security Information
We strive to process your personal data by taking all technical and organizational measures to comply with data protection laws and in order to protect this data. Our website or rather communication via our website is encrypted using HTTPS.

Dated: December 2024