Data Protection

Thank you for your interest in our online offer. Below we inform you about the collection, processing and use of your personal data.

Personal data is all data that refers to you as a person, eg name, address, e-mail address or user behavior on a website.

1. Name and contact details of the responsible person

Responsible acc. Article 4 (7) of the EU General Data Protection Regulation (DSGVO) is:


ACTO GmbH

– Büchnerstrasse 11 – 38118 Braunschweig / Germany
– Balthasar – Neumann Str. 4 – 97204 Hoechberg / Germany
– Lower Hauptstrasse 6 – 78573 Wurmlingen / Germany
Tel:   + 49 (0) 531/239 508-0      
Fax: + 49 (0) 531/239 508-11
E-mail: info@actogmbh.com

2. Our website

a. Collection of access data and log files

You may use our online offer without providing any personal information, without registering or otherwise providing information to us. Then we collect only the personal data that your browser transmits to our server and that are technically necessary for us to display our website and to ensure the stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO):

  • IP address
  • Date and time of the request
  • Time Zone Difference to Greenwich Mean Time (GMT)
  • Content of the requirement (concrete page)
  • Access Status / HTTP status code
  • each transmitted amount of data
  • Website from which the request comes
  • browser
  • Operating system and its interface
  • Language and version of the browser software.

This logfile information is stored for security reasons (eg abuse and fraud) for a maximum of 7 days and then deleted. This excludes data whose further storage is necessary for evidence purposes. These will only be deleted after the final clarification of the security-related incident.

b. cookies

On our website, cookies are used to enable you to use certain features and make the visit to our website as convenient and secure as possible. Cookies are small text files that are stored and stored on your computer.

We use the following types of cookies:

Transient cookies (“session cookies”) are automatically deleted when you close the browser. These include, in particular, the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies (“persistent cookies”) are automatically deleted after a specified period, which may differ depending on the cookie. In these, for example, the login status can be saved when our website visit again after several days. Likewise in such a cookie your interests can be stored, which are used for range measurement or marketing purposes.

Third party cookies are cookies offered by someone other than the website operator.

We can use all the aforementioned cookies and clarify this in the context of the privacy policy on:

We use cookies to identify you for follow-up visits if you have an account with us. Otherwise you would have to log in again for each visit. We also use so-called session cookies, which are deleted after closing the browser. In such cookies, for example, the login status or the content of the basket is stored.

The use of cookies serves our legitimate interest in optimizing the presentation of our offer in accordance with Art. 6 para. 1 lit. f DSGVO.

If you do not want cookies from our website to be stored on your computer, you can prevent this with the appropriate settings in your browser. There you can generally disable the setting of cookies and delete already stored cookies. Sometimes, however, individual functions of our website are not fully usable.

The configuration of cookies differs depending on the browser used. The Help menu for each browser describes how to change your cookie settings.

For more information about the general objection to the use of cookies for tracking or online marketing purposes, please visit http://www.aboutads.info/choices/ or https://www.youronlinechoices.com .

c. Hosting of the website by a third party

As part of processing on our behalf, a third party resident within a country of the European Union provides us with the services of hosting and displaying the Website, providing infrastructure services, computing capacity, storage and database services, maintenance services and collateral. In doing so, we or our hosting provider process all data that results from the use of our website. These are inventory data, content data, contract data, usage data, meta and communication data of customers, prospects and visitors of our online offer.

Processing takes place on the basis of our legitimate interest in an efficient and secure provision of this online offer (Article 6 (1) (f) DSGVO in conjunction with Article 28 GDPR).

3. Collection and use of personal data when contacting

We process inventory data (eg names, addresses and contact details) that you have provided to us as part of contacting us (eg by contact form, by e-mail or telephone) to fulfill contractual obligations or to respond to your requests in accordance with Art 6 para. 1 lit. b DSGVO. The data collected is shown in the respective input forms. Information that is required to process your request is marked as mandatory.

We delete the data that arises in this context after the storage is no longer required, or limit the processing if there are statutory retention requirements.We check the necessity of data storage every two years.

4. Collection and use of personal data for order processing in the online shop and opening a customer account

a. Online shop

We process stock data (eg names, addresses and contact details) and contract data (eg services used, payment information), which you have communicated to us as part of your order or when contacting us (eg by contact form or by e-mail) , for the fulfillment of our contractual obligations and services in connection with the operation of our online shop in accordance with Art. 6 para. 1 lit. b DSGVO. The data collected is shown in the respective input forms. Information required to process your request or to fulfill our contractual obligations is marked as mandatory.

We pass on your data for the purpose of fulfilling the contract as part of the delivery or processing of payments to the respective service provider (Art. 6 (1) (b) GDPR). Likewise, a disclosure within the scope of legal rights and obligations to legal advisers or authorities. Transmission and processing of the data to third countries is only at your request upon delivery or payment for the purpose of fulfilling the contract.

The deletion of the data takes place after expiration of legal guarantee and comparable obligations or in the case of the existence under commercial law (6 years) and tax law (10 years) archiving obligations after its expiration.

b. customer account

You can register in our online shop and open a customer account. The data collected during the registration serve to fulfill the contract and provide service. Required mandatory information is marked separately. In addition to your stock data, we process usage data (eg visited web pages of our online shop, interest in products) for advertising purposes in a user profile in order to show you eg product references based on your previously used services).This is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO on a promotional address and the fair presentation of the goods in the online shop. The information remains in the customer account until it is deleted. This is possible at any time. Send us a message to the contact options described in the online shop or use the function provided in the customer account.

c. Storage of the IP address

For orders and inquiries through our website as well as the registration and re-registration in our online shop, we store the IP address and the time of the respective user action. This is done on the basis of our legitimate interests, as well as the interests of users in the protection against misuse and unauthorized use of your data. We do not disclose this data to third parties unless this is necessary for the prosecution of our claims or for this purpose a legal obligation pursuant to Art. 6 para. 1 lit. c DSGVO exists.

5. Administration and financial accounting

We process your data as part of the organization of our business for the purposes of office organization, financial accounting and compliance with the statutory archiving obligations and the general processing of payment transactions. Here, the same data is processed, which are also processed for the provision of contractual services. The legal basis of the processing is Art. 6 para. 1 lit. c DSGVO and Art. 6 para. 1 lit. f DSGVO. Our legitimate interest in processing the data lies in the maintenance of our business operations. The deletion of the data required for the performance of the contract shall be as stated in this processing activity. We transfer data to consultants, such as tax consultants or auditors, the financial administration and payment service providers.

6. Deletion of data

In accordance with Art. 17 and Art. 18 GDPR, data processed by us are deleted or their processing restricted. Unless otherwise stated, data is deleted if this is no longer necessary for its intended use. However, if the deletion is contrary to statutory retention requirements, the processing of the data is only limited, they are therefore blocked for further use and can not be processed for other purposes.

The most relevant retention requirements are the retention for 6 years pursuant to § 257 Abs. 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years pursuant to § 147 Abs. 1 AO (books, records, accounting documents, Commercial and business letters, documents relevant to taxation, etc.).

7. E-mail newsletter

If you subscribe to our newsletter, we will use the data required and provided by you to regularly send you our e-mail newsletter based on your consent in accordance with Art. 6 para. 1 lit. to send a DSGVO.

Content of the newsletter: As part of the registration for the newsletter, its content is described concretely. Incidentally, our newsletters contain information about our products, offers, promotions and our company.

Registration procedure: Registration for our newsletter is by double-opt-in procedure. After registration you will receive an e-mail from us in which we ask you to confirm the registration for our newsletter. Only in this way can it be ruled out that a registration with external e-mail addresses takes place.In order to be able to prove the registration for the newsletter in accordance with the legal requirements, we save the registration and confirmation time as well as the IP address. To register for our newsletter, please provide your e-mail address. The indication of your name is voluntary and serves only the personal address in the newsletter.

Legal basis: The newsletter is sent on the basis of your consent in accordance with Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 (2) no. 3 UWG.The logging of the registration process takes place in accordance with Art. 6 para. 1 lit. f DSGVO and our legitimate interest in using a secure newsletter system that serves our business interests as well as your expectations and allows us to prove our consent.

Cancellation / Withdrawal: The cancellation of the newsletter – and thus the revocation of your consent – is possible at any time. The deregistration can be done either by message to the contact options described above or via the dedicated link at the end of each newsletter. After logging off, we can save your e-mail address and the data of the registration process for up to three years. The basis for this is our legitimate interest in being able to prove a previously granted consent. The processing of this data is limited to the purpose of defense against claims. An individual deletion is possible on request, if at the same time the former existence of a consent is confirmed.

8. Payment provider

We offer payment on our website via the payment provider PayPal.

Provider is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). If you choose PayPal as your payment method, your payment details will be sent to PayPal. This transfer takes place on the basis of Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing to fulfill a contract). All transactions are subject to PayPal’s Privacy Policy: https://www.paypal.com/webapps/mpp/ua/privacy-full?locale.x=en_US

9. Use of tracking tool Etracker

We use a tool from eTracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg (“etracker”) for the analysis of usage data. Cookies are used that allow a statistical analysis of the use of this website and the display of usage-related content or advertising.

The data generated thereby are processed and stored on our behalf by etracker exclusively in Germany and are thus subject to the strict German and European data protection laws and standards.

Data processing is based on the statutory provisions of Art. 6 (1) (f) (legitimate interest) of the EU General Data Protection Regulation (EU GDPR). Our concern within the meaning of the EU-DSGVO (legitimate interest) is the optimization of our online offer and our website. Because the privacy of our visitors is important to us, the data that may be allowed to relate to an individual, such as the IP address, login or device identifiers, will be anonymized or pseudonymized as soon as possible. Any other use, combination with other data from etracker or a transfer to third parties will not take place.

You can object to the above-described data processing at any time, as far as it is personal.

Button “I disagree with the processing of my personal data with etracker on this website”

10. Integration of services and content of third parties

We use third party content and services as part of our online offering. This happens, for example, when integrating videos, maps and fonts. The assignment is based on our legitimate interest in the analysis, optimization, security and economic operation of our online service in accordance with Art. 6 para. 1 lit. f DSGVO.

The prerequisite for the integration of the content of these third-party providers is that they receive your IP address, otherwise they would not be able to deliver the content to your browser. The transmission of the IP address is therefore required for the presentation of the contents.

Third parties may use “counting pixels” or “web beacons”, small invisible graphics, for statistical or marketing purposes. This allows the evaluation of access numbers and visitor traffic on this website. This pseudonymous information can be stored in cookies on your device and connected to technical information on the browser, operating system, referring web page, visit time, retrieved pages and information from other sources. Further details can be found in the privacy statements of the respective providers.

Google Maps: We include maps from the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Privacy Policy: https://www.google.com/policies/privacy/ , opt-out: https://adssettings.google.com/authenticated .

Google Fonts : We use Google Fonts from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Privacy Policy: https://www.google.com/policies/privacy/ , opt-out: https://adssettings.google.com/authenticated .

Font Awesome (BootstrapCDN): We incorporate Font Awesome fonts hosted on StackPath, LLC, 2021 McKinney Avenue, Dallas, Texas 75201, USA.

Privacy Policy: https://www.stackpath.com/privacy-statement/

11. Online presence on the social media platform of Facebook

We maintain a Facebook page to communicate effectively with you and to point out our offers and services.

After a decision of the European Court of Justice on 05.06.2018, we are responsible for the data processing as Facebook page operator together with Facebook.

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) processes your data for promotional purposes and profiles your usage patterns. These usage profiles are used to serve your alleged interests within and outside of Facebook. For this purpose, cookies are stored on your computer, in which your usage behavior and your interests are recorded.

The processing of your personal data is based on our legitimate interests in effective information and communication with active customers, prospects and users on social platforms in accordance with. Art. 6 para. 1 lit. f. DSGVO. If you are asked to consent to data processing by Facebook (ie agreeing to it, for example, by ticking a check box or confirming a button), the legal basis for the processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.

Facebook can process your data outside the European Union. However, Facebook is certified under the EU-US Privacy Shield, providing a guarantee to comply with EU privacy standards. The current certificate can be viewed at the following link:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Detailed information on the processing of your data via and on our Facebook page can be found in the data policy of Facebook: https://www.facebook.com/privacy/explanation .

Settings and disagreements on the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US-American site http://www.aboutads.info/ choices / or the EU page http://www.youronlinechoices.com/ .

The assertion of your rights as data subject is most effective directly against Facebook. Only Facebook can access your data directly and delete it if necessary or provide information. You can also contact us for help.

12. Reference to your rights

You have the right to request confirmation from us as to whether personal data relating to you is being processed; If this is the case, you have a right to information about these personal data and to the information listed in Article 15 GDPR.

You have the right to demand that we correct your incorrect personal data without delay and, if necessary, complete incomplete personal data (Art. 16 GDPR).

You have the right to demand that personal data relating to you be deleted without delay, provided that one of the reasons detailed in Art. 17 GDPR is met, eg if the data is no longer needed for the purposes pursued ( right to delete ) ,

You have the right to demand that we restrict the processing if one of the conditions listed in Art. 18 GDPR is met, eg if you have objected to processing for the duration of the inspection by the person responsible.

They also have the right to complain to a data protection supervisory authority in accordance with Art. 77 GDPR. In general, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

13. Right to object

You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation.

We then no longer process the personal data unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims (Art. 21 GDPR) ,

This does not apply if processing takes place for direct marketing purposes (by e-mail or by post). We will no longer process your data for this purpose.

14. Changes to the privacy policy

It may happen that we change the privacy policy in order to adapt it to a changed legal situation or changes in our service or data processing. However, this only applies to declarations of data processing. Insofar as the user’s consent is affected, changes will only be made with your consent.

You are therefore requested to inform yourself regularly about the content of our privacy policy.