Privacy policy
We look forward to your visit to our website. We would also like to inform you about the treatment of your personal data in accordance with Article 13 of the General Data Protection Regulation (GDPR).
Responsible person
The responsible person for the processing of personal data described below is the institution listed in the cover page.
ACO Industries k.s.
Havlíčkova 260
Přibyslav 582 22
Czech Republic
User data
When you visit our website, so-called user data will be temporarily evaluated on our web server for statistical purposes as a log to improve the quality of our website. This data set consists of:
- the names and addresses of the requested content,
- the date and time of the enquiry,
- the amount of data transmitted,
- access status (content transmitted, content not found),
- description of the web browser and operating system used,
- a referral link that indicates from which page you came to our site,
- the IP address of the querying computer, which is truncated so that personalization is no longer possible.
These logged data are only evaluated anonymously.
IP address storage for security purposes
In addition, we store the full IP address provided by your web browser for a strictly purposeful period of seven days to be able to detect, limit and eliminate attacks on our website. After this period, we delete or anonymize this IP address. The legal basis for this is Article 6 (1) S. 1 (f) GDPR.
Data security
To protect your data from unwanted access as comprehensively as possible, we take technical and organisational measures. We use encryption on our website. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS keying. You can usually tell this by the fact that the lock symbol is locked in the status bar of your browser and the address line starts with https//.
Necessary cookies
We place cookies on our website which are necessary for the use of our website.
Cookies are small text files that can be stored on and retrieved from your terminal device. A distinction is made between session-cookies, which are again deleted when you close your browser, and persistent cookies, which are stored beyond individual accesses.
We do not use these necessary cookies for analytics, tracking or advertising purposes.
These cookies contain partly only information about certain settings and are not personal in nature. They may also be needed to enable user guidance, security, and page conversion.
We use these cookies based on Article 6 (1) S. 1 (f) GDPR.
You can set your browser to inform you of the location of cookies. This will make the use of cookies transparent to you. In addition, you can delete cookies at any time by setting your browser accordingly and prevent the insertion of new cookies. Please note that our website may not be able to be viewed and some functions may no longer be technically available.
Measuring traffic
We use web analytics tools to create our websites to match the need. These create user profiles based on pseudonyms. To do this, permanent cookies are stored on your terminal device and retrieved by us from there. Furthermore, we may require the identification of your browser or your terminal device (e. g. a so-called browser fingerprint or your unshortened IP address). In this way, we can recognize repeat visitors and count them as such.
Moreover, we use the following features to measure traffic:
- We enrich the pseudonymous data with additional data made available to us by third-party providers. In this way, we can collect demographic characteristics of our visitors, such as statements about age, gender, and residence.
- We use a recognition method that allows us to collect and then evaluate the mouse cursor movements of our visitors.
Data processing is carried out on the basis of your consent pursuant to Article 6 (1) S. 1 (a) GDPR or Section 15 (3) S. 1 TMG (Telecommunications Act), if you have given your consent via our banner.
Which third-party providers do we use in this framework?
We will also notify you of third-party providers with whom we work in connection with traffic measurement. If data is processed outside the EU or EEA in this context, please note that there is a risk that the authorities may have access to this data for security and surveillance purposes without informing you or giving you the opportunity to appeal. If we engage providers in non-secure third countries and you agree, a transfer to a third country follows based on Article 49(1)(a) GDPR.
Provider | Maximum time of storage | Adequate level of data protection | Withdrawal of consent |
Google Ireland Limited | Processing within the EU/EEA | If you wish to withdraw your consent, please click here, and make the appropriate settings via our banner. | |
Google LLC (USA) | No adequate level of data protection. The transfer is made based on Article 49(1)(a) GDPR. | If you wish to withdraw your consent, please click here, and make the appropriate settings via our banner. |
Third-party tracking technology for advertising purposes
We use cross-device tracking technologies to show you targeted advertising on other websites based on your visit to our website, so that we can see how effective our advertising measures have been.
The data processing is carried out on the basis of your consent pursuant to Article 6 (1) S. 1 (a) GDPR or Section 15 (3) S. 1 TMG (Telecommunications Act), if you have given your consent via our banner. Your consent is voluntary and can be withdrawn at any time.
How does this tracking work?
When you visit our website, it is possible that the following third-party providers may request your browser or terminal device identifiers (e. g. browser fingerprint), evaluate your IP address, store, or download the identifiers to your terminal device (e. g. cookies) or access an individual tracking pixel.
Third-party providers may use individual characters to make your device recognizable on other websites. We may instruct the relevant third-party providers to include advertisements that are based on the pages you visit with us.
What is motion tracking beyond the device?
If you log in with your own user data with a third-party provider, the respective identifiers of different browsers and terminal devices may be linked to each other. For example, if the third-party provider has created a custom character for each laptop, desktop PC or smartphone or tablet you use, these individual characters may be associated with each other when you use your login credentials to use the third-party provider's service. In this way, the third-party provider can target our advertising campaigns on different terminal devices.
Which third-party providers do we use in this framework?
We will also notify you of third-party providers with whom we work for advertising purposes. If data is processed outside the EU or EEA in this context, please note that there is a risk that the authorities may have access to this data for security and surveillance purposes without informing you or giving you the opportunity to appeal. If we engage providers in non-secure third countries and you agree, a transfer to the third country follows based on Article 49(1)(a) GDPR.
Provider | Maximum time of storage | Adequate level of data protection | Withdrawal of consent |
Google LLC (USA) | No adequate level of data protection. The transfer is made based on Article 49(1)(a) GDPR. | If you wish to withdraw your consent, please click here, and make the appropriate settings via our banner. |
Contact form
You can contact us using the contact form. To use our contact form, we first need the mandatory marked data from you.
We need this data based on Article 6 (1) S. 1 (f) GDPR to be able to respond to your enquiry.
You can also decide whether you want to provide us with further information. This information is voluntary and is not strictly necessary to make contact. We process your voluntary data based on your consent pursuant to Article 6(1) S. 1 (a) GDPR.
Your data is only processed to answer your enquiry. We will delete your data if it is no longer needed and does not conflict with our legal obligations to keep it.
If your data provided via the contact form is processed based on Article 6(1) S. 1 (f) of the GDPR, you can object to this processing at any time. In addition, you can withdraw your consent to the processing of voluntary data at any time. For this purpose, please contact the e-mail address indicated in the cover page.
Endowment Fund
In view of the current situation in Ukraine we decided to help and for this reason we have established the ACO Fund Ukraine endowment fund. Through this fund, among other things, anyone who is interested, can make a donation, which will then be used by the fund to support people in Ukraine.
You can therefore make a donation through the fund and if you do so, you have the opportunity to request a donation receipt from us for tax purposes via e-mail.
Regarding the processing of data for the purpose of making a donation, we only process the data we receive through the payment confirmation. This includes the name of the person to whom the bank account is registered, the number of the bank account and the amount of the donation.
If you wish that we send you a donation acknowledgement, and if you are an individual acting on your own behalf, we will need to know your name, address, the amount of the donation, the account number from which the donation was made and to which it was sent and the email address to which you wish to send the donation acknowledgement. If you are acting on behalf of a legal entity, we will also need the name of the company, its registration number and registered office.
We need all of the above data based on Article 6(1)(b) GDPR, i.e. for the performance of the contract. By making a donation, a contractual relationship is created between us, a contract of donation. Within the framework of this relationship, you also have the right to be issued with the aforementioned acknowledgement of the donation.
Furthermore, you can decide for yourself whether you want to provide us with further data. This information is voluntary and is not strictly necessary for performance of our contractual relationship. We process your voluntary data on the basis of legitimate interest according to Article 6(1)(f) GDPR. This voluntary data may be contained either in the description of the payment you are sending the donation or in the e-mail you use to request confirmation of the donation.
Your data is processed for the purpose of fulfilling the legal obligations associated with the donation received. We will therefore delete these if they are no longer needed and do not conflict with our legal obligations to keep these data.
If your data is processed on the basis of Article 6 (1) (f) GDPR, you can object to this processing at any time. For this purpose, please contact the email address indicated in the cover page.
We are aware that many people perceive the details of the donation and the amount of the donation as sensitive. However, you do not need to worry about us passing this information on outside the company. Even within the company, only the accounting department, which subsequently processes the payments received, and members of the fund's board of trustees have access to it. We may only disclose data outside the company if we are required to do so by law, in particular in the case of a financial audit, but such disclosure is always covered by confidentiality.
Social plugins
We allow you to use social plugins. However, for data protection reasons, we will only link the social plugins used by us in a deactivated form. When you call up our website, no data will be transmitted from there to the social media services.
However, you have the option to activate and use social plugins linked to our website. We use a solution for this, which results in all the data and functions that are needed to display the social plugins being provided by our web server in the first step. Only when you decide to activate the relevant social plugin and click on the relevant preview or symbol will your browser establish a connection to the servers of the respective social media service provider in a second step.
When you activate the plugin, the social media service receives your IP address in the first place and, among other things, an awareness of your visit to our website. This is done regardless of whether you have an account with the respective social networking service. When you log in, the data can be assigned directly to your social network profile.
In general, we have no influence on whether and to what extent a social network service processes personal data after activation. However, it is likely that the social networking service will create user profiles from your data and use these for the purpose of personalised advertising. In addition, your data will be used to inform other users of the social networking service about your activities on our website.
This storage is carried out on the basis of your consent pursuant to Article 6 (1) S. 1 (a) GDPR or Section 15 (3) S. 1 TMG (Telecommunications Act), if you have given your consent by clicking on the preview. Please note that the storage of many social plugins leads to your data being processed outside the EU or EEA. In several countries, there is a risk that the authorities have access to this data for security and surveillance purposes without informing you or giving you the opportunity to appeal. If we engage providers in insecure third countries and you agree, a transfer to the third country follows based on Article 49(1)(a) GDPR.
If you no longer wish to have your personal data processed by the activated social plugins, you could prevent future processing by no longer clicking on the preview or symbol of the respective social plugins.
Provider | Maximum time of storage | Adequate level of data protection | Withdrawal of consent |
No adequate level of data protection. The transfer is made based on Article 49(1)(a) GDPR. | If you wish to withdraw your consent, please click here, and make the appropriate settings via our banner. | ||
No adequate level of data protection. The transfer is made based on Article 49(1)(a) GDPR. | If you wish to withdraw your consent, please click here, and make the appropriate settings via our banner. | ||
Flickr | No adequate level of data protection. The transfer is made based on Article 49(1)(a) GDPR. | If you wish to withdraw your consent, please click here, and make the appropriate settings via our banner. | |
Facebook (USA a/nebo Irsko) | No adequate level of data protection. The transfer is made based on Article 49(1)(a) GDPR. | If you wish to withdraw your consent, please click here, and make the appropriate settings via our banner. | |
Twitter (USA) | No adequate level of data protection. The transfer is made based on Article 49(1)(a) GDPR. | If you wish to withdraw your consent, please click here, and make the appropriate settings via our banner. |
Embedded videos
We upload videos to our website that are not stored on our servers. To ensure that calling up our website with embedded videos does not automatically lead to third-party content being launched, we only display locally stored video previews in the first step. The third-party provider does not receive any information in this way.
Only when you click on the preview will third-party content launch. The third-party provider will thereby receive the information that you have called up our website and the technically necessary user data within it. In addition, the third provider is then able to implement motion tracking technologies. We have no influence on the further processing of personal data by the third-party provider. By clicking on the preview, you give us your consent to run content from third-party providers.
This storage is carried out on the basis of your consent pursuant to Article 6 (1) S. 1 (a) GDPR, if you have given your consent by clicking on the preview. Please note that the storage of many social plugins will lead to your data being processed outside the EU or EEA. In several countries, there is a risk that the authorities have access to this data for security and surveillance purposes without informing you or giving you the opportunity to appeal. If we engage providers in insecure third countries and you agree, a transfer to the third country follows based on Article 49(1)(a) GDPR.
Provider | Adequate level of data protection | Withdrawal of consent |
YouTube / Google (USA) | No adequate level of data protection. The transfer is made based on Article 49(1)(a) GDPR. | If you clicked on the preview, the third-party content would launch immediately. If you do not want this to happen on other sites, please do not click on the previews again. |
Subscribing to and receiving the newsletter
You can subscribe to the newsletter on our website. Please note that we need certain information (at least your email address) to sign up for the newsletter.
The newsletter will only be sent if you have given us your explicit consent pursuant to Article 6(1) S. 1 (a) GDPR. After a successful subscription on our website, you will receive a confirmation email to the email address you have provided (so-called double opt-in). You can withdraw your consent at any time. You will be given an uncomplicated opportunity to revoke your consent e. g. via the cancellation link available in each newsletter.
As part of the newsletter subscription, we store additional data to the data already provided, if necessary to prove that you have subscribed to our newsletter. This may include storing the full IP address at the time of ordering or confirming the newsletter, as well as a copy of the confirmation email sent by us. The respective data processing is carried out on the basis of Article 6 (1) S. 1 (f) GDPR and is carried out in order to be able to account for the legitimacy of sending the newsletter.
Map services
We add map services to our website that are not stored on our servers. To ensure that calling up our website with embedded map services does not automatically lead to third-party content being launched, we only display locally stored map previews in the first step. The third-party provider does not receive any information in this way.
Only when you click on the preview will third-party content launch. The third-party provider will thereby receive the information that you have called up our website and the technically necessary user data within it. We have no influence on the further processing of personal data by the third-party provider. By clicking on the preview, you grant us consent to run third-party content.
The embedding is carried out on the basis of your consent pursuant to Article 6 (1) S. 1 (a) GDPR or Section 15 (3) S. 1 TMG (Telecommunications Act), if you have previously given your consent by clicking on the preview.
Please note that the embedding of many mapping services will result in your data being processed outside the EU or EEA. In several countries, there is a risk that the authorities have access to this data for security and surveillance purposes without informing you or giving you the opportunity to appeal. If we engage providers in insecure third countries and you agree, a transfer to the third country follows based on Article 49(1)(a) GDPR.
Provider | Maximum time of storage | Adequate level of data protection | Withdrawal of consent |
Google LLC (USA) | No adequate level of data protection. The transfer is made based on Article 49(1)(a) GDPR. | If you clicked on the preview, the third-party content would launch immediately. If you do not want this to happen on other sites, please do not click on the previews again. |
Connecting other third-party technical content and features
We use the following technical features and content from third-party providers to display our website.
Calling up our site will result in the launch of content from a third-party provider that makes these features and content available. The third-party provider is thereby informed that you have called up our site and the technically necessary user data within it.
We have no influence on the further processing of personal data by the third-party provider.
The data processing is carried out on the basis of your consent pursuant to Article 6 (1) S. 1 (a) GDPR, if you have given your consent in advance via our banner.
Please note that the use of third-party content and features may result in your data being processed outside the EU or EEA. In several countries, there is a risk that the authorities have access to this data for security and surveillance purposes without informing you or giving you the opportunity to appeal. If we engage providers in insecure third countries and you agree, a transfer to the third country follows based on Article 49(1)(a) GDPR.
Provider | Technical function or content | or maximum storage time | Transfers to third countries as instructed by providers and ensuring an adequate level of data protection | Withdrawal of consent |
Google LLC (USA) | JQuery (knihovna Java Script) | No adequate level of data protection. The transfer is made based on Article 49(1)(a) GDPR. | If you no longer agree to the processing, please do not use our website. | |
Google LLC (USA) | Google Fonts | No adequate level of data protection. The transfer is made based on Article 49(1)(a) GDPR. | If you no longer agree to the processing, please do not use our website. |
Storage period
If we have not already informed you in detail about the storage period, we delete the personal data as far as they are no longer needed for the above-mentioned processing purposes and do not conflict with the legal obligations to store such data.
Other contract processors
We provide your data in the context of contract processing pursuant to Article 28 GDPR to service providers who support us in the operation of our website and related processes. These include, for example, hosting providers. Our providers are strictly bound to us by instructions and contractually bound accordingly.
We will also notify you of the contract processors with whom we work if we have not already done so in the previous text of the privacy policy. Should data be transferred outside the EU or EEA in this framework, we will take measures to ensure an adequate level of data protection.
Contract processor | Purpose | Adequate level of data protection |
Example of a provider (Germany) | Webhosting and support | Processing within the EU/EEA only |
Your rights as a person concerned
When processing your personal data, GDPR guarantees you, as the person concerned, certain rights:
Right to information (Article 15 GDPR)
You have the right to request confirmation as to whether data relating to you is being processed; if this is the case, then you have the right to information about this personal data and to the information individually referred to in Article 15 of the GDPR.
Right to redress (Article 16 GDPR)
You have the right to demand the immediate correction of incorrect personal data concerning you and, where applicable, the completion of incomplete data.
Right to delete (Article 17 GDPR)
You have the right to demand that personal data relating to you be deleted without delay if it coincides with one of the grounds listed in Article 17 of the GDPR.
Right to restriction of processing (Article 18 GDPR)
You have the right to request restriction of processing if one of the prerequisites in Article 18 GDPR is met, e. g. if you have objected to the processing during the assessment period by the responsible person.
Right to data portability (Article 20 GDPR)
In certain cases, which are individually listed in Article 20 of the GDPR, you have the right to receive personal data relating to you in a structured, common, and machine-readable format or to request the transfer of such data to a third party.
Right of revocation (Article 7 GDPR)
If the processing of your data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time pursuant to Article 7(3) GDPR. Please note that this revocation is only effective for the future. Processing that took place before the revocation is not affected.
Right to object (Article 21 GDPR)
If the data is collected on the basis of Article 6(1) S. 1 (f) GDPR (processing for the preservation of legitimate interests) or on the basis of Article 6(1) S. 1 (e) GDPR (processing for the preservation of public interests or for the exercise of public authority), you have the right to object to the processing at any time on grounds that arise from your particular situation. We then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise, or defence of legal claims.
Right to complain to the supervisory authority (Article 77 GDPR)
According to Article 77 of the GDPR, you have the right to lodge a complaint to the supervisory authority if you believe that the processing of data concerning you violates the data protection provisions. In particular, the right to complain can be exercised at the supervisory authority in the Member State of your habitual residence, your place of work or the place where the misconduct is likely to occur.
Exercising your rights
Unless otherwise described above, please refer to the place indicated in the cover page for the exercise of your rights.
Contact details of the data protection officer
Our external data protection officer is happy to provide you with information on data protection at the following contacts:
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Website: www.datenschutz-nord-gruppe.de
E-Mail: office@datenschutz-nord.de
If you contact our data protection officer, please also indicate the point of responsibility as indicated in the cover page.