Data protection notice

We are very pleased about your interest in our company. Data protection has a particularly high priority for us. Personal data is always processed in accordance with the General Data Protection Regulation and in compliance with the applicable country-specific data protection regulations. On this website, personal data is only collected to the extent that is technically necessary. The data collected will not be sold or passed on to third parties under any circumstances. The following declaration gives you an overview of how we guarantee this protection and of what kind of data is collected for what purpose.

Responsible body

Flözstrasse 26
D-73433 Aalen

Phone: +49 (0) 73 61 / 92 45-0
Fax: +49 (0) 73 61 / 92 45-20

Every person concerned can contact us directly at any time with all questions and suggestions regarding data protection.

Personal data

Personal data is any information related to an identified or identifiable natural person (in the following referred to as ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data processing on this website

Ostalbketten Ltd. automatically collects and saves information in its server log files which your browser transmits to us. These are:

Browser type/ -version

Operating system used

Referrer URL (the page visited previously)

Host name of the accessing computer (IP address)

Time of the server request

These data are not assignable for us to specific persons. A consolidation of this data with other data sources is not carried out and the data is deleted after a statistical evaluation.


According to § 7 para. 1 Telemediengesetz (TMG) we as a service provider are responsible for our own information which is made available for use according to the general laws.

However, according to § 8 para. 1 TMG, we as a service provider are not responsible for third party information which they transmit in a communication network or to which they provide access for use. Also, according to § 10 TMG, we are not responsible for external information that we store for a user, as long as we have no knowledge of the illegal action or information and, in the case of claims for damages, no facts or circumstances are known from which the illegal action or information becomes obvious or we have acted immediately to remove the information or block access to it as soon as we have gained knowledge of it. We cannot assume any liability for links to external sites of third parties to which our homepage refers, as we have no influence on their content. The operators of these sites are solely responsible for their content. All links were checked for illegal content at the time of release on our site and no legal violations were found. However, a permanent monitoring of these links cannot be carried out without concrete evidence of a legal violation.

Contact possibility via website

The website offers the possibility to contact us via a contact form.

When using the contact form, the following mandatory information is stored: Name and e-mail address

Where a data subject contacts the controller via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted voluntarily by a data subject to the controller are stored for the purposes of processing or contacting the data subject. Such personal data will not be disclosed to third parties.


The Internet pages use so-called cookies in several places. They serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Cookies do not damage your computer and do not contain viruses.

Managing cookies

Most Internet browsers allow you to block cookies. If you do not agree to the use of these cookies, please deactivate them as described in this manual for your browser or use the automatic deactivation tool, if available.

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files placed on your computer to help the website analyze how users use the site. The information generated by the cookie about your use of this website (including your IP address) is transferred to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of the website, for compiling reports on the website activity for website operators and for providing other services relating to the website activity and internet usage. Google may also transfer this information to third parties if it is required by law or if third parties process this data on behalf of Google. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you agree to the processing of the data collected about you by Google in the manner described above. Further, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link. The current link is

Customers and business partners

We process personal data that we receive from you in the course of our business relationship. In addition, we process – so far as necessary for the provision of our services – personal data which we have received from other companies or business partners in the field or service providers or from other third parties (e.g. creditworthiness information) in a permissible manner (e.g. to execute orders, to fulfil contracts or on the basis of consent given by you). On the other hand, we process personal data that we have obtained and are permitted to process from publicly accessible sources (e.g. debtor lists, commercial register, press, media, Internet). Personal data that we process in the context of the business relationship are: Name, address, contact data, control characteristics, order data, payment data, bank details, contract data, creditworthiness data, turnover data, communication data, documentation data (e.g. use of our website, newsletter).

Purpose and legal basis of the processing

We process personal data in accordance with the provisions of the data protection laws: Based on your consent (Art. 6 Para. 1 lit. a DS-GVO)

So far as you have given us your consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. A granted consent can be revoked at any time.

For the fulfilment of contractual obligations (Art. 6 (1) (b) DS-GVO)

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case for example with processing operations necessary for the supply of goods or provision of another service or consideration, the processing is based on Art. 6 I lit. b DPA. The same applies to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services.

Due to legal requirements or in the public interest (Art. 6 (1) (c), Art. 6 (1) (e) DS-GVO)

In addition, we process your personal data as far as required by law or if there is a public interest, for example to fulfil tax obligations.

To protect the vital interests of the person concerned or another natural person (Art. 6 Paragraph 1 lit. d DS-GVO)

In rare cases, the processing of personal data might be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company was injured and his name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or any other third party.

In the context of the balancing of interests (Art. 6 (1) (f) DS-GVO)

As far as necessary, we process your data beyond the actual fulfilment of the contract to safeguard legitimate interests of us or third parties, provided that the interests, basic rights and fundamental freedoms of the person concerned do not prevail (e.g. credit information, advertising or market and opinion research, assertion of legal claims and defence in the event of legal disputes, guarantee of IT security, measures for business management and further development of services and products).

Who gets your data?

Within Ostalbketten Ltd., those departments receive your data that need it to fulfil our contractual and legal obligations. Order processors employed by us may also receive the data for such purposes. Other recipients of your data may be suppliers and service providers for the execution of the business relationship or public bodies and institutions if there is a legal or official obligation. Other recipients of your data may be those entities for which you have given us your consent to transfer the data.

Duration of storage, deletion and blocking of personal data

The criterion for the duration of storage of personal data is the processing purpose and the respective legal retention period. After the processing purpose has ceased to apply and taking into account the statutory retention period, the corresponding data will be deleted or blocked if they are no longer required for the fulfilment of the contract or the initiation of a contract.

Transmission of personal data

Data is only transferred to companies or suppliers and service providers within the framework of the fulfilment of the contract; these may also be countries outside the EU. There is no transfer to an international organization. A transfer will only take place if an adequate level of data protection has been confirmed by the EU Commission or if other appropriate data protection guarantees (e.g. EU standard contract clauses) are in place.

Rights of the data subject

Right of confirmation

Every data subject has the right to obtain confirmation from the controller whether personal data relating to him or her are being processed.

Right of access

Any person concerned by the processing of personal data has the right to obtain information at any time and free of charge from the controller regarding the personal data stored relating to him/her.

Right of rectification

Any person concerned by the processing of personal data has the right to obtain the rectification without delay of inaccurate personal data concerning him. The data subject also has the right to obtain the completion of incomplete personal data, taking the purposes of the processing into account.

Right of cancellation (right to be forgotten)

Any person concerned by the processing of personal data has the right to request the immediate erasure of personal data from the controller if one of the following reasons applies and as far as the processing is not necessary:

The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.

The data subject withdraws the consent on which the processing was based under Article 6(1)(a) of the DPA or Article 9(2)(a) of the DPA, and there is no other legal basis for the processing.

The data subject lodges an objection to the processing pursuant to Article 21(1) DPA and there are no overriding legitimate reasons for the processing, or the data subject lodges an objection to the processing pursuant to Article 21(2) DPA. The personal data were processed unlawfully. The deletion of personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.

The personal data was collected in relation to information society services offered, in accordance with Article 8 (1) of the DS-GVO.

Right to limit processing

Any person concerned by the processing of personal data has the right to obtain the restriction of the processing from the controller if one of the following conditions is met: (1) The accuracy of the personal data is disputed by the data subject, for a period enabling the controller to verify the accuracy of the personal data. (2) The processing is unlawful, the data subject refuses to have the personal data deleted and instead requests that the use of the personal data is restricted. (3) The controller needs the personal data for purposes of the processing no longer, but the data subject needs them in order to assert, exercise or defend his rights. (4) The data subject has lodged an objection to the processing pursuant to Article 21 (1) of the DPA and it is not yet clear whether the legitimate reasons given by the controller outweigh those of the data subject.

Right to data transferability

Every data subject has the right to obtain, in a structured, standard and machine-readable format, the personal data relating to him which have been supplied by the data subject to a controller.

Right of appeal

Any person concerned by the processing of personal data has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out pursuant to Article 6(1)(e) or (f) of the DPA. This also applies to profiling based on these provisions. In the event of an objection, the responsible body will no longer process the personal data unless we can demonstrate compelling reasons for processing which are worthy of protection and which outweigh the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legal claims. Where the controller processes personal data for the purpose of direct marketing, the data subject shall have the right to object, at any time, to the processing of personal data for the purpose of such marketing. If the data subject objects to the processing for the purposes of direct marketing, we will no longer process the personal data for those purposes.

You can send your objection to the following address:

Flözstrasse 26
D-73433 Aalen

Phone: +49 73 61 / 92 45-0

Right to withdraw consent

Any person affected by the processing of personal data has the right to withdraw his or her consent to the processing of personal data at any time.

Obligation to provide data

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded that a data subject provides us with personal data, which must subsequently be processed by us. For example, the person concerned is obliged to provide us with personal data if our company concludes a contract with him/her. A failure to provide the personal data would mean that the contract with the person concerned could not be concluded.

Existence of an automated decision making process

As a responsible company, we avoid automatic decision making or profiling.

Data protection for applications and in the application process

The controller collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing may also be carried out by electronic means. This is particularly the case if an applicant submits the relevant application documents to the controller electronically, for example by e-mail or via a web form on the website. If the data controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be deleted six months after notification of the rejection decision, unless deletion is contrary to any other legitimate interests of the controller. Other legitimate interests in this sense include, for example, a duty of proof in proceedings under the General Equal Treatment Act (AGG).

Your professional partner

Ⓒ 2020 - All rights reserved

WordPress Cookie Plugin by Real Cookie Banner