Skip to content
Home /

Privacy Policy

Almato takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

The use of our website is usually possible without providing personal data. As far as personal data (such as name, address or e-mail address) is collected on our website, this is done on a voluntary basis, when possible. This data will not be passed on to third parties without your express consent.

We would like to point out that data transmission on the internet (e.g. during communication by e-mail) may have security gaps. We cannot guarantee complete protection of your data against access by any third parties.

1. Data controller in the sense of Art. 4 (7) GDPR

The data controller in the sense of Article 4 (7) of the General Data Protection Regulation (GDPR) is:

Almato AG
Reinsburgstraße 27
70178 Stuttgart
Phone: +49 711 62030-400
E-Mail: info@almato.com

The following are responsible for their own processing:

Almato AI GmbH
Reinsburgstraße 27
70178 Stuttgart
E-Mail: info@almato.com

Almato Iberia
C/ Pallars 193-205, 9a drcha.
08005 Barcelona
E-Mail: info@almato.com

The Almato companies are companies of the DATAGROUP.

2. Communication by e-mail/telephone/post/contact form

Purpose of data processing/legal basis:

Personal information that you provide to us via email, telephone, post, or contact form will naturally be treated confidentially. We use your data exclusively for the purpose of processing your request. The legal basis for data processing is Art. 6 para. 1 f) GDPR. The legitimate interest on the part of Almato arises from the interest in answering inquiries from our customers, business partners and interested parties and thus maintaining and promoting customer satisfaction.

We use the telephony functions of Microsoft Teams. The information on Teams in this privacy policy applies accordingly to the telephony function.

It cannot be ruled out that, for example, e-mail addresses of external parties are processed in DATAGROUP systems for IT security purposes.

Recipients/categories of recipients:

We generally exclude the transfer of data to third parties outside DATAGROUP. In exceptional cases, data is processed on our behalf by processors. These are carefully selected, audited by us and contractually bound in accordance with Art. 28 GDPR. Furthermore, it may be necessary for us to forward inquiries to other companies within DATAGROUP if this is necessary for processing.

Storage period/criteria for determining the storage period:

We will delete or securely anonymize all personal data that you provide to us in response to inquiries no later than 90 days after the final reply has been sent to you. The 90-day retention period is due to the fact that you may occasionally need to contact us again about the same matter after a reply and refer to the previous correspondence. Experience has shown that, as a rule, there are no more queries about our replies after 90 days.

Voice messages on answering machines remain stored until the called party deletes them.

3. Data processing of contact persons

Purpose of data processing/legal basis:

The DATAGROUP companies process the contact data of contact persons at customers, interested parties, suppliers and other business partners for communication by email, telephone, fax and post. The legal basis for data processing is Art. 6 para.1 f) GDPR. The legitimate interest on the part of Almato and DATAGROUP arises from the interest in conducting or initiating the business relationship with customers, interested parties, suppliers and other business partners and maintaining personal contact with contact persons.

Recipients/categories of recipients:

We generally exclude the transfer of data to third parties outside DATAGROUP. Within DATAGROUP, your data will be passed on, among other things, to carry out or initiate the business relationship. Exceptionally, data is processed by processors on our behalf. These are carefully selected, audited by us and contractually bound in accordance with Art. 28 GDPR.

Storage period/criteria for determining the storage period:

Personal data is stored for the purpose of conducting business relationships for as long as there is a legitimate interest in doing so.

4. Newsletter Subscription

Purpose of data processing/legal basis:

You have the option of subscribing to our newsletter via various channels (this website, at trade fairs). The legal basis for data processing in the context of sending newsletters is your consent in accordance with Art. 6 para. 1 a) GDPR and Section 7 para. 2 UWG. The purpose of data processing in the context of subscribing to the Almato newsletter is to inform newsletter subscribers about offers, promotions, news, products, events and services of the companies of the DATAGROUP Group.

If you register for the free Almato newsletter, we require your e-mail address as mandatory information. If you voluntarily provide further information about yourself when registering (surname, first name, company or position), we will only use this data for the purposes of target group analysis and internal evaluation.

After submitting the registration form, you will receive an e-mail from us with a confirmation link. If you click on the link contained therein, you are registered for the newsletter. You will be informed of this by another e-mail. By confirming your registration, you confirm your consent to the processing of your e-mail address and your optional details for the purposes stated here. For evidence purposes, we store the time and the IP address used to subscribe to the newsletter.

You can revoke your consent to receive the Almato newsletter at any time with effect for the future by clicking on the corresponding unsubscribe link in one of the newsletters or by sending an e-mail to almato.widerruf@datagroup.de.

Recipients/categories of recipients:

As a matter of principle, we do not pass on data to third parties outside DATAGROUP. We have commissioned the service provider HubSpot Inc. to send the newsletter. We have carefully selected, audited and contractually obligated this service provider in accordance with Art. 28 GDPR. HubSpot Inc. is certified under the EU - U.S. Data Privacy Framework, an adequacy decision of the European Commission pursuant to Art. 45 para. 3 GDPR is thus given. Within the DATAGROUP group of companies, your data will be passed on by DATAGROUP SE to other companies so that they can also send you information.

Storage period/criteria for determining the storage period:

If you revoke your consent to receive the Almato newsletter, the data collected for this purpose will be deleted immediately, unless it is also required for another purpose.

5. Data processing for marketing purposes

Purpose of data processing/legal basis:

Almato and other DATAGROUP companies use personal data for marketing purposes, in particular for advertising by e-mail, telephone and post. The purpose of data processing in the context of marketing measures is to inform data subjects about products and services of DATAGROUP companies. The legal basis for sending advertising by post is Art. 6 para. 1 f) GDPR. The legitimate interest on the part of Almato arises from the interest in sending customers and interested parties information about products and services. The legal basis for marketing measures by email or telephone is generally a declaration of consent given by you. Section 7 UWG may also apply to marketing measures towards existing customers.

You can object to receiving advertising at any time with effect for the future by sending a message to almato.widerruf@datagroup.de.

If you declare an objection to advertising, we will store your data in an advertising block file on the basis of Art. 6 para. 1 f) GDPR. The legitimate interest on the part of Almato arises from the interest in ensuring that the objection asserted is observed.

Recipients/categories of recipients:

Your data will not be passed on to external parties. If external processors are used to carry out the sending of advertising, they are contractually obliged in accordance with Art. 28 GDPR and have been checked accordingly to ensure that suitable organizational and technical security measures are in place. Within DATAGROUP, your data may be passed on to other companies for marketing purposes.

Storage period/criteria for determining the storage period:

If you object to receiving advertising, your data will be blocked immediately and subsequently deleted, unless it is also stored for other purposes.

6. Acceptance of applications

For information on data processing in application procedures and when using our career portal, please refer to the career portal's data protection information.

7. seminar registration and registration for events

Purpose of data processing/legal basis:

If you would like to book seminars or register for events via our website, we require the information marked as mandatory in the booking form. You can optionally fill in the input fields that are not marked. As part of the booking process, you will receive an e-mail from us to confirm your registration. The booking process is only completed when you activate the link contained in this e-mail. In the case of a virtual event, this e-mail also contains the participation link. The information you provide for the booking will be processed by us for the purpose of carrying out the booking and the seminar or for registering for events. The legal basis for this data processing is Art. 6 para. 1 b) GDPR.

In the case of a virtual event, special categories of personal data within the meaning of Art. 9 para. 1 GDPR are processed, the legal basis is Art. 9 para. 2 lit. a) GDPR. You expressly give your consent for this.

If you give us your consent for this, we will also use your data to send you marketing information about the respective seminar/event by email, post or telephone following the seminar/event. You can revoke your consent at any time with effect for the future by clicking on the corresponding unsubscribe link in one of the e-mails or by sending an e-mail to almato.widerruf@datagroup.de. The legal basis for data processing in the context of sending information is your consent in accordance with Art. 6 para. 1 a) GDPR and Section 7 para. 2 UWG.

Recipients/categories of recipients:

We pass on some of the names of those who register for an event on our homepage to our event partner, who organizes the events with us. They need this data for the organizational handling of the events.

We use the GoTo Webinar tool for virtual events. As a result, the provider GoTo Technologies Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland receives personal data from you. We have carefully selected this provider and contractually obliged it in accordance with Art. 28 GDPR. Further information on data protection at the provider can be found at https://www.goto.com/company/trust/faq

The provider GoTo Technologies may transfer data to locations outside the EU. You consent to the transfer of your data to these bodies in accordance with Art. 49 para. 1 lit. a) GDPR. Entities outside the EU may not have an adequate level of data protection. This is associated with risks such as the lack of enforcement of data subjects' rights or possible access by government agencies. You can revoke your consent at any time with effect for the future.GoTo Technologies has also concluded standard contractual clauses with its subcontractors.

We use the pretix ticket system to register for certain events. As a result, the provider rami.io GmbH, Berthold-Mogel-Straße 1, 69126 Heidelberg, Germany, receives personal data from you. We have carefully selected this provider and contractually obligated it in accordance with Art. 28 GDPR. You can find further information on data protection at the provider at https://pretix.eu/about/en/privacy.

Storage period/criteria for determining the storage period:

We store the data of participants in seminars and events, if necessary, for the duration of the statutory retention obligations. Thereafter and otherwise, the data will generally be deleted. If you have given your consent to receive information, we will store your data for this purpose until you withdraw your consent.

Microsoft Teams

If you take part in an online meeting as an external participant, you will receive an access link by email from the meeting host. When registering for the online meeting, you must then enter your name and, if applicable, your e-mail address.

If you do not wish to exchange data with us via Microsoft Teams in accordance with Art. 9 GDPR, we ask you to black out this data in advance or otherwise make it unrecognizable.

Microsoft Teams is a service of the Microsoft Corporation. Further information on the processing of your data when using "Teams" can be found at: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer/.

Almato, whose employee sent you the invitation link, is responsible for the collection and processing of your personal data in connection with the use of Microsoft Teams. The contact details can be found in this privacy policy or in the e-mail signature of the invitation.

Purposes of data processing/legal basis:

We use the "Microsoft Teams" tool to conduct online meetings, video conferences and/or webinars and, if necessary, to exchange documents with the participants.

he legal basis for data processing with regard to contact persons at external bodies is Art. 6 para. 1 lit. f) GDPR. Our interest lies in improved organization and communication with our contact persons as well as the reduction of previously used tools. If our contact person is a direct contractual partner and a natural person, Art. 6 para. 1 lit. b) GDPR is the legal basis.

By clicking on "Agree / With reservation" and accepting the appointment, you expressly consent in accordance with Art. 9 para. 2 lit. a) GDPR to the processing of information/references to your ethnic origin, religion or health (e.g. skin color, glasses or headgear) or special categories of personal data when activating the camera/microphone or, if applicable, in the form of your profile picture.

Furthermore, in accordance with Art. 49 para. 1 lit. a) GDPR, you expressly agree that this may also result in transfers to locations outside the EU/EEA where there is no adequate level of data protection within the meaning of the General Data Protection Regulation. You are aware of the associated risks, such as the lack of enforcement of data subjects' rights and possible access by government agencies.

You can revoke this consent at any time with effect for the future. In the event of revocation, any stored documents will be deleted from Microsoft Teams.

Recipients / disclosure of data:

Personal data that is processed in connection with the storage of documents in Microsoft Teams is generally not passed on to third parties unless it is intended to be passed on. Please note that content from the stored documents, as well as in personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on. Other recipients: The provider of "Microsoft Teams" necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with "Microsoft Teams".

Data processing outside the European Union:

In principle, data processing outside the European Union (EU) does not take place, as we have limited our storage location to data centers in the European Union. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU or the EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without you being informed or having the right to appeal. We have agreed EU standard contractual clauses with the provider of "Microsoft Teams".

You are not obliged to communicate with us via Microsoft Teams. If you wish, communication can take place by other means (e.g. by e-mail or phone).

Storage period/criteria for determining the storage period:

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

8. Cookies

Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

The legal basis for data processing by so-called "necessary cookies" is Art. 6 para. 1 lit. f GDPR. Necessary cookies enable basic functions and are required for the proper functioning of the website. We have a legitimate interest in making the website as user-friendly as possible.

The following cookies that are set by this website are necessary for the operation of the website:

Name of the cookie:Storage duration of the cookie:

  • borlabs-cookie 1 year
9. Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type/browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • The IP address of the requesting internet-enabled device

This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

The legal basis for the processing of this data is Art. 6 para. 1 f) GDPR. Our legitimate interest lies in the purposes of data processing listed above. This data is not transmitted to external bodies. The storage period of the log files is:

  • Mail server log: 7 days
  • Apache log: 1 month
10. Tracking & analysis tools

Google Analytics

We use the web analysis tool "Google Analytics" for the needs-based design of our websites. Google Analytics creates user profiles on the basis of pseudonyms. In this way, we are able to recognize returning visitors and count them as such.

The data processing is essentially carried out by Google. The information collected during tracking about your use of this website is generally stored on servers in the EU. The IP address you use is also truncated there so that it is subsequently only stored in pseudonymous form and transmitted to the USA. The IP address transmitted by your browser as part of Google Analytics is linked to other data about you, such as your search history, personal accounts, usage data from other devices and all other data that Google has about you.

Data processing takes place on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG, provided that you have given your consent via our banner. The transfer to a third country takes place on the basis of Art. 49 para. 1 lit. a GDPR. In addition, the EU-US Data Privacy Framework applies to Google in the USA.

The following cookies that are set by this website are associated with Google Analytics:

Name of the cookie:Storage duration of the cookie:

  • _ga: 24 months
  • _gat: 1 minute
  • _gid: 1 day

Recipients/categories of recipients:

In the context of Google Analytics, we are supported by Google Ireland Limited and Google LLC.(USA) support us as processors in accordance with Art. 28 GDPR.Data processing may therefore also take place outside the EU or the EEA.

Storage period/criteria for determining the storage period:

We store user and event data for a period of 14 months.

Google Tag Manager

This website uses Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data.

If deactivation has been carried out at domain or cookie level, it remains in place for all tracking tags, provided that these are implemented with the Google Tag Manager.

LinkedIn Insight Tag

Our website uses the "LinkedIn Insight Tag" conversion tool from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that enables the collection of the following data, among others: IP address, device and browser characteristics and page events (e.g. page views). LinkedIn does not share any personal data with Almato AG, but offers anonymized reports on the website target group and display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. Almato AG can use this data to display targeted advertising outside its website without identifying you as a website visitor. Further information on data protection at LinkedIn can be found in the LinkedIn privacy policy.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website ("opt-out"), click here.

Data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG, provided that you have given your consent via our banner. This consent can be revoked at any time.

The following cookies that are set by this website are associated with LinkedIn

Name of the cookie: Storage duration of the cookie:

  • AnalyticsSyncHistory: 30 days
  • UserMatchHistory: 30 days
  • bcookie: 24 months
  • bscookie: 24 months
  • lang: Session duration
  • li_sugr: 90 days
  • li_gc: 24 months
  • lidc: 24 hours
  • lang: Session duration
  • lms_analytics: 30 days

Recipients / categories of recipients:

In the context of LinkedIn, LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland) supports us as a processor in accordance with Art. 28 GDPR.

11. YouTube videos

On our websites, we embed videos from the YouTube platform in the so-called extended data protection mode, which are not stored on our servers. YouTube is operated by Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. When you access the embedded video, a connection is established to the servers of the provider YouTube in the USA and certain information (e.g. your IP address) is sent to the provider, even if you are not logged in to the provider. We have no knowledge of the type and scope of the data collected by YouTube and have no influence on its use. The purpose and scope of the data collection and the further processing and use of the data by YouTube as well as your rights in this regard and the available setting options to protect your privacy can be found in the provider's privacy policy: Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=en.

Playing the embedded videos is only possible if you have previously consented to the transfer of your data to YouTube in the USA in accordance with Art. 49 para. 1 lit. a) GDPR.  Google LLC is certified under the EU - U.S. Data Privacy Framework, an adequacy decision of the European Commission pursuant to Art. 45 para. 3 GDPR is thus given.

The legal basis for the transfer of data to YouTube is the consent you have given in accordance with Art. 6 para. 1 lit. a) GDPR. You can revoke this consent at any time.

The following cookies that are set by this website are associated with YouTube:

Name of the cookie: Storage duration of the cookie:

  • NID 6 months
12. HubSpot

We use HubSpot to create our website. The provider is HubSpot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).

HubSpot CRM enables us to effectively manage existing and potential customers and customer contacts, among other things. It enables us to record, organize and analyse interactions with customers via various channels such as e-mail, social media or telephone.  The personal data collected in the process can be used for communication with potential customers or for marketing activities such as sending newsletters. In addition, the HubSpot CRM enables us to track and analyze the user behavior of our contacts on our website.

The HubSpot CRM is used in accordance with Article 6 para. 1(f) GDPR. The website operator has a legitimate interest in efficient customer management and communication. Insofar as consent has been obtained, processing is carried out exclusively in accordance with Article 6 para. 1 (a) GDPR and Section 25 para. 1 TTDSG, provided that the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) in accordance with TTDSG. This consent can be revoked at any time.

For further details, please refer to HubSpot's privacy policy: HubSpot privacy policy.

Recipients / categories of recipients: 

We have concluded an order processing contract (AV) in accordance with Article 28 GDPR with the above-mentioned provider. This contract ensures that the provider processes personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. HubSpot Inc. is certified under the EU - U.S. Data Privacy Framework, an adequacy decision of the European Commission pursuant to Art. 45 para. 3 GDPR is thus given.

Storage period/criteria for determining the storage period: 

We generally do not store your data for longer than is necessary for the above-mentioned purposes.

13. Microsoft Teams

General information:

If you take part in an online meeting as an external participant, you will receive an access link by email from the meeting host. When registering for the online meeting, you must then enter your name and, if applicable, your e-mail address.

If you do not wish to exchange data with us via Microsoft Teams in accordance with Art. 9 GDPR, we ask you to black out this data in advance or otherwise make it unrecognizable.

Microsoft Teams is a service of the Microsoft Corporation. Further information on the processing of your data when using "Teams" can be found at: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer/.

The DATAGROUP company whose employee sent you the invitation link is responsible for the collection and processing of your personal data in connection with the use of Microsoft Teams. The contact details can be found in this privacy policy or in the e-mail signature of the invitation.

Purposes of data processing/legal basis:

We use the "Microsoft Teams" tool to hold online meetings, video conferences and/or webinars and, if necessary, to exchange documents with the participants.

The legal basis for data processing with regard to contact persons at external bodies is 6 para. 1 lit. f) GDPR. Our interest lies in improved organization and communication with our contact persons and the reduction of previously used tools. If our contact person is a direct contractual partner and a natural person, Art. 6 para. 1 lit. b) GDPR is the legal basis.

If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are processed, e.g. within documents provided, the legal basis is Art. 9 para. 2 lit. a) GDPR. You expressly give your consent for this.

Furthermore, in accordance with Art. 49 para. 1 lit. a) GDPR, you expressly consent to the fact that data may also be transferred to places outside the EU/EEA where there is no adequate level of data protection within the meaning of the GDPR. You are aware of the associated risks, such as the lack of enforcement of data subjects' rights and possible access by government agencies.

You can revoke this consent at any time with effect for the future. In the event of revocation, the documents will be deleted from Microsoft Teams.

Recipients / forwarding of data:

Personal data that is processed in connection with the storage of documents in Microsoft Teams will not be passed on to third parties unless it is intended to be passed on. Please note that content from the stored documents, as well as in personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on. Other recipients: The provider of "Microsoft Teams" necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with "Microsoft Teams".

Data processing outside the European Union:

Data processing outside the European Union (EU) does not generally take place, as we have limited our storage location to data centers in the European Union. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU or the EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without you being informed or having the right to appeal. We have agreed EU standard contractual clauses with the provider of "Microsoft Teams". In addition, the EU-US Data Privacy Framework applies to Microsoft in the USA. You are not obliged to communicate with us via Microsoft Teams. If you wish, communication can take place by other means (e.g. by email or telephone).

Storage period/criteria for determining the storage period:

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

Where relevant - Special information on recordings in Microsoft Teams:

For use in our DATAGROUP Academy and in webinars for external parties/customers or for other purposes communicated in individual cases, we would like to make digital sound and image recordings of the meeting ("recordings"). The topic can be found in the subject of the invitation. The recording will be stored digitally by the host of the meeting. This may include audio recordings, video recordings and public chat content of the meeting participants. ("Information").

The digital recordings are made available to the participants of the meeting and made available on DATAPEDIA, our intranet, for information and training purposes. All DATAGROUP companies (recipients) have access to DATAPEDIA.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 a) and Art. 9 para. 2 lit. a) GDPR. You can withdraw your consent at any time with effect for the future. The provision of your data is neither contractually nor legally required. The non-provision or withdrawal of consent has no effect on your contractual relationship with us. The revocation should be addressed to Corporate Communications marketing@datagroup.de. The recordings will be deleted immediately after the expiry of the period specified in the invitation once the stated purpose no longer applies, unless you have already withdrawn your consent. Personal data may be transferred to third countries under certain circumstances; this is done on the basis of standard contractual clauses.

14. Your rights as a data subject

In accordance with Art. 15 (1) GDPR, you have the right to request information free of charge about your personal data stored by Almato.

In addition, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data.

If the data processing is based on Art. 6 para. 1 e) or f) GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will not take place in future unless the controller can demonstrate compelling legitimate grounds for further processing which override the data subject's interest in objecting.

If you have provided the processed data yourself, you have a right to data portability in accordance with Art. 20 GDPR.

If the data processing is based on consent pursuant to Art. 6 para. 1 a) or Art. 9 para. 2 a) GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing.

Please contact the data protection officer in writing or by email in the aforementioned cases, if you have any unanswered questions or in the event of complaints.

You also have the right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority of the federal state in which you live or in which the controller has its registered office is responsible.

In the case of joint controllers, you will receive the relevant information from the controller with whom you are initiating or conducting a business relationship.

15. No obligation to provide personal data

Unless otherwise stated in the previous chapters, the provision of personal data is not required by law or contract or necessary for the conclusion of a contract. You are not obliged to provide personal data if no information to the contrary has been provided previously. Failure to provide your personal data may mean that we are unable to respond to your contact request or that you are unable to participate in the application process or attend an event.

16. Data protection officer of Almato AG

Our company data protection officer will be happy to provide you with information or suggestions on the subject of data protection:

Dr. iur. Christian Borchers
datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg

office@datenschutz-sued.de