Privacy Policy
We greatly appreciate your interest in our company. The protection of your personal data is of utmost importance to us. We process your data in accordance with the applicable legal regulations on the protection of personal data, in particular the General Data Protection Regulation (GDPR) and the country-specific implementing laws applicable to us. This privacy policy provides you with comprehensive information about the nature, scope, and purpose of the processing of your personal data by TakeASP AG, as well as your rights.
Personal data means any information relating to an identified or identifiable natural person. This includes in particular your name, date of birth, address, telephone number, email address, but also your IP address.
Anonymous data refers to information that cannot be linked to an identified or identifiable natural person.
Responsible Entity
TakeASP AG
Alfred-Nobel-Straße 20
97080 Würzburg
Germany
Phone: +49 931 7808 3500
Fax: +49 931 7808 3599
Email: info@takeasp.de
www.takeasp.de
Data Protection Officer
You can reach our Data Protection Officer (atarax Unternehmensgruppe) at: datenschutz@atarax.de
Storage of Access Data
Each time a user accesses a page of our website or retrieves a file, access data regarding this process is stored in a log file on our server.
Each log entry consists of:
the page from which the file was requested,
the name of the file,
the date and time,
the requested amount of data transferred,
the access status (file transferred, file not found, etc.),
a description of the type of web browser used,
the IP address of the client.
These stored data are evaluated for statistical purposes, to improve the website, and to detect misuse such as in the event of a cyberattack. TakeASP AG does not draw conclusions about the identity of individual users from these general data.
These data and information are analyzed statistically by TakeASP AG, also with the aim of improving data security within our company, to ultimately ensure an optimal level of protection for the personal data we process. Server log files are stored separately from any personal data provided by the data subject and are deleted after 30 days.
Disclosure to third parties neither for commercial nor non-commercial purposes takes place, except where required by law or where consent of the data subject exists.
Provision of Personal Data by the User
If our website offers the possibility to enter personal or business data (e.g., email addresses, names, addresses), this data is provided voluntarily by the user. These data are also treated confidentially and will not be shared with third parties unless required by law. There is no linking with the above-mentioned access data.
Rights of Data Subjects
You have the following rights as a data subject under Articles 15–22 GDPR:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing of personal data (Art. 21 GDPR)
To exercise these rights, for questions regarding the processing of your personal data, or to withdraw consent, please contact: datenschutz@atarax.de. You also have the right to lodge a complaint with a data protection supervisory authority.
Right to Object
Please note the following regarding your right to object:
If we process your personal data for direct marketing purposes, you have the right to object to such processing at any time without giving reasons. This also applies to profiling insofar as it is related to direct marketing.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and may be made informally, preferably to: info@takeasp.de.
If we process your data to safeguard legitimate interests, you may object to this processing at any time for reasons arising from your particular situation. This also applies to profiling based on these provisions.
In such cases, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
Purposes and Legal Basis of Data Processing
We comply with the provisions of the GDPR and all other applicable data protection regulations when processing your personal data. The main legal bases for data processing derive from Article 6 GDPR.
Your data is used for initiating business, fulfilling contractual and legal obligations, performing contracts, offering products and services, and strengthening our customer relationships.
Consent to data processing may also constitute a legal basis under data protection law. Before obtaining consent, we inform you about the purpose of data processing and your right to withdraw consent.
Disclosure to Third Parties
Your data will only be shared with third parties within the framework of legal provisions (e.g., supervisory authorities or law enforcement agencies) or with your consent. Otherwise, no data is passed to third parties unless we are legally obliged to do so.
Recipients / Categories of Recipients
Within our company, we ensure that only persons who require your data to fulfill contractual and legal obligations receive access.
In certain cases, service providers support our departments in performing their tasks. Appropriate data protection agreements are concluded with all service providers. These include IT service providers supporting outsourcing, ERP software support, and data processing relevant to human resources and accounting.
Transfer to Third Countries
Data transfer to third countries (outside the EU or the European Economic Area) only occurs where necessary to perform the contractual relationship, is legally required, or you have given your consent.
Currently, we do not transfer personal data to service providers outside the European Economic Area.
Data Retention Period
Your data is stored only as long as necessary for the respective processing purpose unless statutory retention periods require longer storage, particularly commercial or tax law retention obligations (e.g., Commercial Code, Tax Code). If no further retention obligation exists, data is routinely deleted after the purpose is fulfilled.
We may also retain data if you have granted permission or if it is necessary for legal disputes and evidence preservation within statutory limitation periods, which can be up to 30 years; the regular limitation period is three years.
Secure Data Transmission
To protect the data stored with us from accidental or intentional manipulation, loss, destruction, or unauthorized access, we use appropriate technical and organizational security measures. The security level is continuously reviewed in cooperation with security experts and adapted to new standards.
Data exchange to and from our website is encrypted. We use HTTPS with current encryption protocols. For contact forms, users may upload application documents securely. Alternative communication methods (e.g., postal mail) are also possible.
Obligation to Provide Data
Certain personal data are necessary for establishing, fulfilling, and terminating the contractual relationship and to comply with related legal obligations. The same applies to the use of our website and its functions.
Details are summarized above. In some cases, data must be collected or provided due to legal requirements. Please note that processing your request or fulfilling the contractual relationship is not possible without providing this data.
Categories, Sources, and Origin of Data
Which data we process depends on the context – for example, whether you place an order online, submit a contact inquiry, send an application, or file a complaint.
Please note that we may provide specific information separately for particular processing situations, such as uploading application documents or contact inquiries.
For contact inquiries, we process:
- Company
- Name, First Name
- Contact data (email address, phone number if provided)
- Salutation
- Information provided in the message field (e.g., wishes, interests)
For online applications, we process:
- Company
- Salutation
- Name, First Name
- Contact data (email address, phone number if provided)
- Information provided in the message field
- Information from your application documents
Automated Individual Decision-Making
We do not use fully automated processing to make decisions.
Contact Forms / Registration Forms / Email Contact
If you submit inquiries via our website’s contact form, your information including contact data will be stored to process your request and for potential follow-up questions. Voluntarily submitted personal data are stored for processing or contact purposes and will not be disclosed without your consent.
If you register for an event using a registration form, your voluntarily provided contact data will be stored for event organization purposes and not shared without your consent.
Applications
We appreciate your interest in working at TakeASP AG. We handle your personal data submitted via the application form only for processing your application and contacting you during the process. No data is passed to third parties without your consent.
The application form requests personal data necessary for thorough review and legally required data. Your IP address is also processed for technical and legal security reasons.
Without these data, we cannot review your application, and the upload function will be disabled. Voluntary information may be provided.
To protect your data confidentiality, we implement appropriate security measures, including encrypted transmission of application documents.
We retain your data until the application process is complete and related deadlines have expired — no longer than six months after decision notification.
Cookies
Our website uses cookies to make our offer more user-friendly, effective, and secure. Cookies are small text files stored on your device by your browser and contain pseudonymous data. Some cookies persist for the session only (session cookies); others are stored longer (persistent cookies, e.g., consent or language settings), typically deleted after six months.
We also use cookies from third parties, who use the information to display content or track visited pages.
Based on our legitimate interest (Art. 6 (1) (f) GDPR), we use technically necessary cookies essential for website operation and functionality. We also use cookies without consent where they are required for transmitting messages or providing expressly requested services (Section 25 (2) TDDDG).
Currently, we use the following necessary cookie:
full_css_www_takeasp – full CSS display of the website, retention: 7 days.
Links to Third-Party Websites
Our website contains links to external websites of other providers. We have no influence on their content and accept no liability. The respective provider is responsible for their content.
Links were checked for legal violations at the time of linking and none were found. Permanent monitoring is not reasonable without specific indications. Known violations will lead to immediate removal of links.
Social Media Presence
TakeASP AG maintains profiles on social media platforms including Facebook, Xing, and LinkedIn. Where we control data processing, we ensure compliance with applicable data protection regulations.
Responsible companies for these platforms:
Facebook: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Xing: Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany
LinkedIn: LinkedIn Ireland Unlimited Company
However, you use these platforms and their functions at your own responsibility. This applies especially to the use of interactive features (e.g., commenting, sharing, rating).
Please note that user data may be processed outside the territory of the European Union. This may entail risks for users, for example, as enforcing user rights might be more difficult. Providers processing or storing data in third countries are obligated to comply with European data protection standards through contractual agreements and certification under the US-EU Data Privacy Framework. Data processing or storage in third countries may also be based on your consent (Art. 49(1) sentence 1 lit. a GDPR), in which case you will be specifically informed when giving your consent, including the possibility of withdrawal.
We maintain the profiles to communicate with visitors and inform them about our offers.
We also collect data for statistical purposes to further develop and optimize content and make our offerings more attractive. The required data (e.g., total page views, page activities, data provided by visitors, interactions) are prepared by the social networks and provided to us. We have no influence on their generation or presentation.
Furthermore, your personal data is processed by the social media providers for market research and advertising purposes. For example, usage profiles may be created based on your usage behavior and resulting interests. This enables targeted advertising inside and outside the platforms tailored to your interests. Usually, cookies are stored on your device for this purpose. Independently, data not directly collected on your devices may also be stored in your usage profiles. Storage and analysis are also carried out across devices, especially but not exclusively if you are registered and logged in to the respective platforms. Apart from this, we do not collect or process personal data in this context.
The processing of your personal data by TakeASP AG is based on our legitimate interest in effective information and communication pursuant to Art. 6(1) sentence 1 lit. f GDPR.
If you are asked for consent to data processing (i.e., you agree by confirming a button or similar, opt-in), the legal basis for processing is Art. 6(1) sentence 1 lit. a and Art. 7 GDPR.
Your Rights & Options to Object
If you are a member of a social network and do not want the network to collect data about you via our presence and link it to your stored member data at the respective network, you must:
Log out of the respective network before visiting our pages, delete the cookies stored on your device, and close and restart your browser.
Please note that this process must be carried out separately on each device.
After logging in again, you will be identifiable as a specific user to the network again.
For detailed information on processing and objection options (opt-out), please refer to the linked information below:
- Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
- Xing (Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany) – Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung, Opt-Out: http://www.youronlinechoices.com
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
In total, you have the following rights regarding the processing of your personal data:
- The right to access (Art. 15 GDPR),
- The right to deletion (Art. 17 GDPR),
- The right to rectification (Art. 16 GDPR),
- The right to data portability (Art. 20 GDPR),
- The right to restriction of processing (Art. 18 GDPR),
- The right to object to data processing (Art. 21 GDPR).
You also have the right to lodge a complaint with a data protection supervisory authority.
However, since TakeASP AG does not have full access to your personal data, you should directly contact the social media providers to exercise your rights, as they have access to users’ personal data and can take appropriate measures and provide information.
Objection to Advertising Emails
The use of contact data published in the imprint or other legal provisions for sending unsolicited advertising and informational materials is hereby objected to. The operators (TakeASP AG) of these pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example via spam emails.