We, ACGF – Afghan Credit Guarantee Foundation (hereinafter “we” or “ACGF”) are pleased about your interest in our company.
We take the protection of your personal data and their confidential treatment very seriously. The processing of your personal data takes place exclusively within the framework of the legal provisions of the data protection law of the European Union, in particular the General Data Protection Regulation (hereinafter “GDPR”) and further applicable regulations.
1. Number and contact details of the controller
This data privacy statement shall apply to data processing activities by:
ACGF – Afghan Credit Guarantee Foundation
Chairman/Vice Chairman: Bernd Leidner / Dirk Josef Thiesen
Neusser Str. 182
Telephone: +49 (0) 221 96263307
Fax: +49 (0) 221 962 63 165
2. Subject matter of data protection
The subject matter of data protection is personal data. This means any information relating to an identified or identifiable natural person (‘data subject’). These include e.g. information such as name, postal address, e-mail address or telephone number. Specific information on the personal data processed by us can be found below in detail in the data processing operations listed.
3. Collection and storage of personal data as well as the nature and purpose of their processing
a. When visiting our website
When calling our website, the browser used on your end device will automatically send information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your end and stored until 60 days (except – error logs deleted after 7 days; directory protection anonymized after 1 day)
- internet protocol address of the requesting computer
- date and time of the access
- name and URL of the file retrieved
- website from which the access takes place (referrer URL)
- website that is called via our website
- browser used and, if applicable, the operating system of your computer and the name of your access provider
- anonymized storage of IPs
- error logs
The data mentioned are processed by us for the following purposes:
- ensuring smooth establishment of the website’s connection
- ensuring comfortable use of our website
- evaluation of system safety and stability, as well as
- other administrative purposes
The information is erased automatically after 60 days, whereby error logs are already erased after seven days and directory protection through anonymization sets in after one days.
The legal basis for data processing activities shall be Article 6(1)(1)(f) GDPR. Our legitimate interests follow from the purposes listed above for data collection. In no case shall we use any collected data for the purpose of drawing conclusions about your person.
b. Email Contact
If there are any questions, we offer the option of contacting us via the provided email address. In such a case, your personal data transmitted in the email will be stored.
Data processing activities for the purpose of contacting is according to Article 6(1)(f) GDPR. If the contact is targeted at conclusion of a contract, Article 6(1)(b) GDPR shall be an additional legal basis for processing. The personal data collected by us shall be erased automatically after completion of the request submitted by you.
4. Passing on data
We shall only pass on your personal data to third parties (recipients) if:
- you have explicitly given consent to such for one or more specific purposes pursuant to Arti-cle 6(1)(1)(a) GDPR,
- forwarding is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data pursuant to Arti-cle 6(1)(1)(f) GDPR,
- forwarding is required due to statutory obligations pursuant to Article 6(1)(1)(c) GDPR, and
- this is legitimate by law and required according to Article 6(1)(1)(b) GDPR for processing contractual relationships with you.
We have the personal data managed on our behalf in compliance with Article 28 GDPR. The following third-parties have access to the data collected:
Neumann und Neumann Gbr
Thomas Neumann, Monika Neumann
Untere Dorfstr. 57
Tel.: +49 221 – 476 815 94
Hosting Mittwald CM Service GmbH & Co. KG
General Managers: Robert Meyer, Maik Behring
Königsberger Straße 4-6
Telefon: +49 (0) 5772-293-100 Telefax: +49 (0) 5772-293-333
Bamboo HR LLC
335 South 560
West Lindon, UT 84042
5. Bamboo HR
We use Bamboo HR as a third-party service provider for our application service. The software of Bamboo HR is provided as a cloud service. On our website we link to Bamboo HR where you can send us your application form. The data you enter is stored on Bamboo’s system (cloud/server). We have access to the information submitted by you. We can choose to delete any candidate and his/her data through our user interface with Bamboo. In this case, Bamboo does not keep any track record and deletes the candidate’s data entirely from the system. Therefore, we are the controller of any per-sonal data and Bamboo HR is our processor. Article 6(1)(b) GDPR is the legal basis for processing your data. In case your application is not successful we will delete any data after 180 days. In case your application is successful we will store the data according to Article 6(1)(b) GDPR as long as it is necessary to fulfil the contract and no retention requirements are imposed on us by law.
6. Rights of the data subject
You have the right:
- to demand information in accordance with Article 15 GDPR regarding the processing of your personal data by us. In particular, you may request information on the purposes of the processing, the categories of personal data, the categories of recipient to whom your data have been or are disclosed, the envisaged storage period, the existence of the right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the source of your data to the extent that these were not collected at our site, and the existence of automated decision-making, including profiling and any meaningful information on its details;
- in accordance with Article 16 GDPR, obtain the rectification of any inaccurate personal data stored by us or completion of such data without undue delay;
- in accordance with Article 17 GDPR, obtain the erasure of your personal data stored by us, to the extent that processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- in accordance with Article 18 GDPR, obtain the restriction of processing of your personal data, to the extent that the accuracy of the data is contested by you, processing is unlawful, but you oppose erasure and we no longer need the personal data, but you still require them for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Article 21 GDPR;
- in accordance with Article 20 GDPR, demand to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
- in accordance with Article 7(3) GDPR, to withdraw your consent once given to us towards us at any time. This has the consequence that we may no longer continue the data processing activities that were based on this consent in future and
- in accordance with Article 77 GDPR, lodge a complaint with a supervisory authority. Usually, you may contact the supervisory authority at your habitual residence or place of work or our registered office for this.
7. Right to object
As far as your personal data are processed based on legitimate interests in accordance with Article 6(1)(1)(f) GDPR, you have the right to object to processing of your personal data in accordance with Article 21 GDPR, to the extent that there are grounds relating to your particular situation or the objec-tion is targeted against direct marketing. In the latter case, you have a general right to object that will be implemented by us without any indication of a particular situation.
If you want to exercise your withdrawal right or right to object, send us an email to firstname.lastname@example.org.
8. Further information
In accordance with Art. 13 para. 2 lit. e GDPR we would like to inform you about the following:
The provision of personal data is neither a statutory nor contractual requirement, nor a requirement necessary to enter into a contract. You are not obliged to provide the personal data. There are no consequences resulting from failure to provide such data.
In accordance with Art. 13 para. 2 lit. f GDPR we would like to inform you about the following:
We do not process your personal data for the purpose of automated decision-making.
9. Data security
Apart from this, we use appropriate technical and organisational security measures in order to protect your data from accidental or willful manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures will be improved continually according to the technological developments.
10. Topicality and changes of this data privacy statement
This data privacy statement is currently valid as of May 24, 2020.
Further development of our website and offers through it or changed statutory or authority specifications may require changes to this data privacy statement. You may call and print the respective current data privacy statement at any time on the website at http://www.acgf.de/privacy-policy/.