Privacy Statement

Privacy protection statement

All personal data will be treated as confidential. Our data protection practice is in
compliance with the Federal Data Protection Act (AVG) and the General Data
Protection Regulation (AVG). We are providing the details on data protection to you
below:

 

Person responsible in the sense of the AVG

CRESTA INTERNATIONAL B.V.
Rolbrugweg 4
1332AS Almere – The Netherlands
Tel + 31 20 6 932 932
Chambre of commerce Amsterdam 63656574

 

1. Reasons for data collection
We collect and process your data for the provision of our website and to provide you
with the best possible service with convenient access to our services.

 

2. Which data is collected, processed or used?

2.1 Visiting our website
When you access our website, your servers automatically collect general information,
especially for the purpose of establishing a connection, functionality and system
security. This includes the type of the browser that is used, the utilized operating
system, the domain name of the Internet Service Provider (ISP), the connection data
of the utilized computer (IP address), the website from which you are visiting us
(referrer URL), the pages you visit on our website and data and duration of the visit.
Because of a pseudonymization, we are unable to draw conclusions to a specific
person. This data is not combined with any other data sources.

 

2.2 Contact form
When you contact us using a contact form, personal information will be collected. For
a list of data that is collected, refer to the contact form. The data is stored to process
your inquiry. Mandatory information is marked with an asterisk (*). All other
information is voluntary. We will delete all data that was collected in the context of the
contact form after the storage is no longer required or limit processing if legal
obligations to retain data apply. The legal basis for processing of your personal data
is Art. 6 Sect. 1 lit. b) DSGVO when you are contacting us within the framework of a
contract conclusion. Otherwise, it is our lawful interest in answering your inquiries so
that Art. 6 Sect. 1 lit. f) DSGVO constitutes the legal basis.

 

3. Integration of YouTube videos

We have incorporated YouTube videos in our online offer, which are stored
at https://www.youtube.com and can be played back directly from our website. All of
them are incorporated in an “expanded data protection mode”, i.e., no information of
you as the user is transmitted to YouTube when you do not play back the videos. The
data listed below is not transmitted until you play the videos. We have no influence
on this data transmission. By visiting the website, YouTube receives information that
you accessed the corresponding subpage of our website. The IP address, date and
time of the inquiry, time zone difference to Greenwich Mean Time (GMT), content of
the request (concrete page), access status/HTTP status code, respective transmitted
data volume, website, from which the request was received, browser, operating
system and its interface, language and version of the browser software are
transmitted. This happens regardless of whether YouTube provides a user account
through which you are logged in or if no user account exists. If you are logged into
Google, your data is directly assigned to your account. If you do not want your profile
to be assigned to YouTube, you have to log out before activating the button.
YouTube stores your data as use profiles and utilizes it for purposes of advertising,
market research and/or other needs based design of its website. Such analysis
especially occurs (even for users who are not logged in) to provide needs-based
advertising to inform other users of the social network about you activities on our
website.
You have the right to object to the creation of these user profiles, whereby you have
to address YouTube to exercise this right.
For more information about the purpose and volume of the data collection and its
processing by YouTube, refer to the Privacy Protection Statement. It also provides
additional information about your rights and options for settings to protect your
privacy:
https://www.google.de/intl/de/policies/privacy. Google process also processes your
personal data in the USA and has subjected itself to the US-Privacy-
Shield, https://www.privacyshield.gov/EU-US-Framework.
The legal basis for processing is Art. 6 Sect. 1 lit. f) DSGVO.

 

4. Integration of Google Maps
On this website, we are utilizing the offer of Google Maps. This allows us to display
interactive cards for you directly on the website and provide you with the convenient
use of the Map function. By visiting the website, Google receives information that you
accessed the corresponding subpage of our website. Additionally, the IP address,
date and time of the inquiry, time zone difference to Greenwich Mean Time (GMT),
content of the request (concrete page), access status/HTTP status code, respective
transmitted data volume, website, from which the request was received, browser,
operating system and its interface, language and version of the browser software are
transmitted. This happens regardless of whether Google provides a user account
through which you are logged in or if no user account exists. If you are logged into
Google, your data is directly assigned to your account. If you do not want your profile
to be assigned to Google, you have to log out before activating the button. Google
stores your data as use profiles and utilizes it for purposes of advertising, market
research and/or other needs based design of its website. Such analysis especially

occurs (even for users who are not logged in) to provide needs-based advertising to
inform other users of the social network about you activities on our website.
You have the right to object to the creation of these user profiles, whereby you have
to address Google to exercise this right.
For more information about the purpose and volume of the data collection and its
processing by the plug-in provider, refer to the Privacy Protection Statements of the
provider. It also provides additional information with regard of your respective rights
and options for settings to protect your privacy:
http://www.google.de/intl/de/policies/privacy. Google process also processes your
personal data in the USA and has subjected itself to the US-Privacy-
Shield, https://www.privacyshield.gov/EU-US-Framework.
The legal basis for processing is Art. 6 Sect. 1 lit. f) DSGVO.

 

5. Contests
From time to time, you have the option to participate in contests on our website. As
part of these contests, personal information (e-mail address, name, address and,
where applicable, additional data that is required for the contest) can be collected
and stored. The personal information you forwarded to us is exclusively used for the
contest (e.g., for the determination of win, notification of win and handover of the
winnings. As part of the contest, we will specifically notify the respective participant
about any data that is processed for the concrete contest. Upon conclusion of our
contests, the participants’ data will be deleted.

 

6. Deletion
Personal data is deleted or blocked, as soon as the purpose of the storage no longer
applies or you request the deletion. A deletion of the data also occurs in the event ,
that a retention period that is required by the specified standard , unless , a
requirement for the continued storage of the data exists for a contract conclusion or
fulfilment of a contract or you have given your consent to that respect .

 

7. Cookies
Cookies are used to design the use of the websites and preferences of the website
visitors attractively. For example, this causes your information to be saved for the
selection of the language. Cookies are text files that are created on your hard drive to
allow an identification of the browsers with repeated access to the website.
You can prevent the storage of cookies on your hard drive with the corresponding
browser settings. Already set cookies can be deleted at any time. For information
about how to delete cookies or prevent their storage, refer to the respective browser
instructions. If you don't accept cookies, it may impair the use of our Internet offer.
The legal basis for processing of cookies is Art. 6 Sect. 1 lit. f) DSGVO.

 

8. Data security
We protect our website and other systems with technical and organizational
measures against loss, destruction, access, modification or distribution of your data
by unauthorized persons. The transmission of the data is dependent of the browser
that is used with an SSL encryption from 128 bits to 256 bits. In spite of regular
checks and consistent improvement of our security measures, a complete protection
against all dangers is not possible.

 

9. Use of Google Analytics for web analysis
This website makes use of Google Analytics, a web analysis service provided by
Google Inc. (www.google.com). Google Analytics uses “cookies”, which are text files
that are stored on your computer and which enable your visit and use of the website
to be analysed. The information generated by the cookie concerning your use of this
website is normally transmitted to a Google server in the USA and saved there. In the
event that IP anonymisation has been activated on this website, your IP address will,
however, be abbreviated beforehand by Google within Member States of the
European Union or other states which are party to the Agreement on the European
Economic Area. Your full IP address will only be sent to a Google server in the USA
and saved there in exceptional circumstances. IP anonymisation technology is active
on this website. Google uses this information on behalf of the operator of this website
to evaluate your use of the website, to compile reports about website activity and to
perform additional services associated with the use of the website and internet for the
benefit of the operator. Google cannot combine the IP address transmitted by your
browser as part of the Google Analytics service with any other data. You can block
websites from saving cookies by adjusting the settings in your web browser software
as appropriate; we would, however, like to point out that in doing so you will not be
able to use the complete array of functions available on this website to their full
extent.
You can also prevent cookies from collecting data relating to your use of this website
(including your IP address) as well as prevent them from being sent to and processed
by Google by downloading and installing the browser plugin available by clicking on
the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Alternatively to the browser plugin, you can click on this
LINK
to set an opt-out cookie, and prevent Google Analytics from collecting data on this
website in future. This will store an opt-out cookie on your end device. If you delete
your cookies, you will need to click on the link again. You can find the terms of use
and notes on data protection at https://www.google.com/analytics/terms/ or
at https://policies.google.com/?hl=en.

 

10. Google AdWords conversion
We use the Google AdWords service to draw attention to our attractive offers using
advertising media (so-called Google AdWords) on external websites. We can

determine how successful the individual advertising activities are based the data from
the advertising campaigns. Our aim is to display advertisements to you which you
find of interest, to make our website more interesting for you and to achieve a fair
calculation of the advertising costs.
These advertising media are delivered by Google via so-called “ad servers”. To do
this, we use ad server cookies which can measure certain parameters to measure
performance, such as the display of adverts or clicks by the users. If you come to our
website via a Google advert, Google AdWords will store a cookie on your PC. These
cookies generally become invalid after 30 days and are not intended to be used to
personally identify you. The unique cookie ID, number of ad impressions per
placement (frequency), last impression (relevant for post view conversions) and opt-
out information (marker that the user would no longer like to be contacted) are
generally stored with this cookie as analysis values.
These cookies allow Google to recognise your internet browser. If a user visits
specific pages of the website of an AdWords customer and the cookie stored on their
computer has not yet expired, both Google and the customer will be able to
recognise that the user has clicked on the advert and was taken to our webpage.
Each AdWords customer is assigned a different cookie. Cookies therefore cannot be
tracked via the websites of AdWords customers. We ourselves do not collect or
process any personal data in the mentioned advertising activities. We only receive
statistical evaluations from Google. We are able to recognise based on these
evaluations which of the advertising activities used are particularly effective. We do
not receive additional data from the use of the advertising media, in particular we
cannot identify the users based on this information.
Based on the marketing tools used, your browser automatically establishes a direct
connection with the Google server. We have no influence over the scope and the
further use of data which is collected by Google through the use of this tool and we
therefore inform you according to our information status: By incorporating AdWords
Conversion, Google receives the information that you have accessed the
corresponding part of our website or clicked on one of our adverts. If you are
registered with a Google service, Google can associate the visit with your account.
Even if you are not registered with Google or you have not logged in, the provider
may come to know and store your IP address.
You can prevent your participation in this tracking process in different ways: a) by
setting your browser software accordingly, in particular rejecting third party cookies
means that you will not receive any adverts from third party providers; b) disabling
cookies for conversion tracking by setting your browser so that cookies from the
domain “ www.googleadservices.com” are
blocked, https://adssettings.google.com/authenticated, whereby this setting is
deleted when you delete your cookies; c) disabling the interest-related adverts from
the providers who are part of the self-regulated campaign “About Ads” via the
link http://www.aboutads.info/choices, whereby this setting will be deleted when you
delete your cookies; d) permanently disabling in your browsers Firefox, Internet
Explorer or Google Chrome via the
link https://support.google.com/ads/answer/7395996?hl=en. We would like to point
out that you may not be able to make full use of all of the functions on this website.
(6) The legal basis for the processing of your data is Art. 6 Paragraph 1 Clause 1 lit f
GDPR. Click here for more information about Google’s data

protection: https://policies.google.com/privacy?hl=en and https://services.google.co
m/sitestats/en.html. Alternatively, you can visit the website of the Network Advertising
Initiative (NAI) at http://www.networkadvertising.org. Google is subject to the EU-US
Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

 

11. Use of GOOGLE reCaptcha
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. The
provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043,
USA; “Google”). reCAPTCHA is supposed to verify whether the data input on our
website (e.g. in a contact form) is carried out by a person or by an automated
program. To do so, reCAPTCHA analyses the behaviour of the website visitor based
on different features. The analysis begins automatically, as soon as the website
visitor accesses the website. For the analysis, reCAPTCHA assesses different
information (e.g. IP address, time spent by the website visitor on the website or
mouse movements made by the user). The data collected for the analysis is provided
to Google. The reCAPTCHA analyses run entirely in the background. Website visitors
are not informed that an analysis is taking place.
Data processing is carried out based on Art. 6 Paragraph 1 lit f GDPR. The website
operator has a legitimate interest in protecting their website against improper
automated spying and against spam. You can find further information on Google
reCAPTCHA and the Google privacy statement
here: https://policies.google.com/privacy?hl=en and https://www.google.com/recaptc
ha/intro/android.html.

 

12. Applications
We also collect and process personal data of candidates for the purposes of
managing the application process that we conduct. In this case, processing may also
be carried out electronically. This is always the case if the candidate transmits
application documentation to us electronically, i.e. by e-mail or via an online form on
our website. If we enter into an employment contract with a candidate, the
transmitted data will be stored for the purposes of managing the employment
relationship whilst complying with legal regulations. If an employment contract is,
however, not entered into between us and the candidate, the application
documentation will then be deleted four months after notification of the refusal,
provided no other legitimate interests of the controller oppose such deletion. Another
legitimate interest in this sense is, for example, burden of proof in a process
according to the General Equal Treatment Act (AGG). We would like to assess all
candidates only in accordance with their qualification and therefore request that you
omit from your application any information concerning race and ethnicity, political
opinions, religious or ideological beliefs or any trade union membership, genetic data,
biometric data to clearly identify a natural person, health data or data concerning sex
life or sexual orientation.

 

13. Rights of the data subject

If your personal data is processed, you are a data subject under the GDPR and have
the following rights with regard to the data controller:

 

13.1 Right of access
You have the right to obtain from the controller confirmation as to whether or not your
personal data are being processed.
Where that is the case, you have the right to obtain access to the following
information from the data controller:
the purposes for which the personal data is being processed;
the categories of personal data being processed;
the recipients or categories of recipient your personal data has been or is
being disclosed to;
the envisaged period for which the personal data will be stored, or, if not
possible, the criteria used to determine that period;
existence of the right to request from the controller rectification or erasure of
personal data or restriction of processing of your personal data or to object
to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available
information as to their source.

 

13.2 Right to rectification
You have the right to obtain from the controller the rectification and/or completion of
inaccurate or incomplete personal data. The data controller must carry out the
rectification without undue delay.

 

13.3 Right to restriction of processing
You have the right to obtain the restriction of processing where one of the following
applies:
you contest the accuracy of the personal data, for a period enabling the
controller to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data
and request the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the
processing, but they are required by you for the establishment, exercise or
defence of legal claims, or
you have objected to processing under Article 21(1) of the GDPR pending the
verification of whether the legitimate grounds of the controller override your
grounds.

If the processing of your personal data is restricted, this data shall, with the exception
of storage, only be processed with your consent or for the establishment, exercise or
defence of legal claims or for the protection of the rights of another natural or legal
person or for reasons of important public interest of the Union or of a Member State.
If the processing of your personal data is limited pursuant to the aforementioned
conditions, you will be informed by the data controller before the restriction is lifted.

 

13.4 Right to erasure
Erasure obligation
You have the right to obtain from the controller the erasure of your personal data
without undue delay and the controller shall have the obligation to erase personal
data without undue delay where one of the following grounds applies:
Your personal data are no longer necessary in relation to the purposes for
which they were collected or otherwise processed;
Your withdraw consent on which the processing is based according to point (a)
of Article 6(1) or point (a) of Article 9(2) of the GDPR, and where there is no
other legal ground for the processing;
You object to the processing pursuant to Article 21(1) of the GDPR and there
are no overriding legitimate grounds for the processing, or the data subject
objects to the processing pursuant to Article 21(2) of the GDPR;
Your personal data have been unlawfully processed.
Your personal data have to be erased for compliance with a legal obligation in
Union or Member State law to which the controller is subject.
Your personal data have been collected in relation to the offer of information
society services referred to in Article 8(1) of the GDPR.

Informing third parties
Where the controller has made the personal data public and is obliged pursuant to
Article 17(1) of the GDPR to erase the personal data, the controller, taking account of
available technology and the cost of implementation, shall take reasonable steps,
including technical measures, to inform controllers which are processing the personal
data that the data subject has requested the erasure by such controllers of any links
to, or copy or replication of, those personal data.

Exceptions
The right to erasure does not apply to the extent that processing is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or
Member State law to which the controller is subject or for the performance of
a task carried out in the public interest or in the exercise of official authority
vested in the controller;
for reasons of public interest in the area of public health in accordance with
points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;
for the establishment, exercise or defence of legal claims.

Right to be informed
If you have exercised your right to obtain rectification, erasure or restricted
processing from the data controller, the data controller must inform all recipients to
whom your personal data has been disclosed of this rectification or erasure of data or
restriction of processing, unless this proves impossible or involves disproportionate
effort. You also have the right to be informed of these recipients by the data
controller.

 

13.6 Right to data portability
You have the right to receive personal data you have provided to the data controller
in a structured, commonly used and machine-readable format. You also have the
right to transmit those data to another controller without hindrance from the controller
to which the personal data have been provided, where
the processing is based on consent pursuant to point (a) of Article 6(1) or point
(a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article
6(1) of the GDPR; and
the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data transmitted
directly from one controller to another, where technically feasible. This may not
adversely affect the rights and freedoms of others.

 

13.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any
time to processing of your personal data which is based on point (e) or (f) of Article
6(1) of the GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller
demonstrates compelling legitimate grounds for the processing which override your
interests, rights and freedoms, or for the establishment, exercise or defence of legal
claims.

Where personal data are processed for direct marketing purposes, you have the right
to object at any time to processing of your personal data for such marketing, which
includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data
shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding
Directive 2002/58/EC, you may exercise your right to object by automated means
using technical specifications.

 

13.8 Right to withdraw a declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law
at any time. The withdrawal of consent does not affect the lawfulness of the
processing carried out on the basis of consent until its withdrawal.

 

13.9 Automated individual decision-making
including profiling
You have the right not to be subject to a decision based solely on automated
processing, including profiling, which produces legal effects concerning you or
similarly significantly affects you. This does not apply if the decision
is necessary for entering into or performance of a contract between an
organisation and the individual,
is authorised by Union or Member State law to which the controller is subject
and which also lays down suitable measures to safeguard your rights and
freedoms and legitimate interests; or
is based on your explicit consent.
In all cases, these decisions may not be based on special categories of personal
data referred to in Article 9(2)1) of the GDPR, unless point (a) or (g) of Article 9(2) of
the GDPR applies and suitable measures to safeguard the data subject’s rights and
freedoms and legitimate interests are in place.

 

13.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to
lodge a complaint with a supervisory authority, in particular in the Member State of
your habitual residence, place of work or place of the alleged infringement if you
consider that the processing of personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the
complainant of the progress and the outcome of the complaint including the
possibility of a judicial remedy pursuant to Article 78 of the GDPR.

 

Validity of this declaration
This data protection statement applies for the following companies in the CRESTA
group:
CRESTA INTERNATIONAL B.V.
Rolbrugweg 4 – 1332 AS – Almere – The Netherlands
Tel + 31 20 6 932 932