Status: 25. May 2018

We, ALBA Group plc & Co. KG, take the protection and security of your data very seriously, and we take account of this issue in all our business processes. In this Data Protection Notice we would like to give you an overview of those aspects of our online services which are relevant to data protection law. In the following sections we shall explain:

  • Which data we collect when you use our online services
  • For what purposes these data are processed by ALBA Group plc & Co. KG
  • What rights and options you have with regard to the processing of your data
  • How you can contact us on the subject of data protection.


When does this Data Protection Notice come into effect?

This data privacy statement applies to the online offers of the ALBA Group in the domains and including possible subdomains (such aus,, for example) (hereafter referred to as “websites”) and the social media presentations of the ALBA Group on Facebook, Google+, Instagram, Xing, LinkedIn, YouTube und Twitter (hereafter referred to as “social media profiles”). 

All other online offers of ALBA Group companies but the ones detailed above are subject to their respective own data privacy statements, which you can view in the corresponding offer.

Control and personal contact
The controller under the terms of the European General Data Protection Regulation (GDPR) is

ALBA Group plc & Co. KG
Knesebeckstr. 56-58
10719 Berlin

When the words “we” or “us” are used in this Data Protection Notice, this shall mean solely ALBA Group plc & Co. KG.

You can reach ALBA Group’s Data Protection Officer at datenschutz(at) or by post, to be marked “FAO Data Protection Officer.”

Automatic collection of access data

You can visit our website without providing any personal data. Only the access data which are transmitted automatically by your browser will then be collected. This will comprise, for example, your online identification (e.g. IP address, session IDs, device IDs), information about the web browser and operating system used, the website from which you are visiting our website (i.e. if you have visited one of our websites via a link), the names of the files requested (i.e. which texts, videos, pictures etc. you have viewed on our websites), your browser’s language settings, any error reports, and the times of access.


These access data must be processed to enable you to visit our website and to use it conveniently, and to ensure its permanent functional capability and security.


These access data will also be stored for 30 days in internal logfiles, in order to produce statistical information on the use of our websites. This enables us to optimise our website constantly, taking our visitors’ usage patterns and technical resources into account, and to rectify breakdowns and security risks.


The legal basis for this data processing is Article 6 (1) (f) of the GDPR (balance of interests, grounded on our foregoing legitimate interests).


We use our own cookies and cookies from third parties on our websites. A cookie is a standardised text file which is stored by your browser for a set time. Cookies make possible the local storage of information, such as language settings and temporary identifiers which can be retrieved on subsequent website visits by the server which has set the cookie. In your browser’s security settings you can view and erase the cookies in use. You can adjust your browser settings as you wish and in this way, for instance, refuse to accept cookies from third parties or all cookies. Please note that in this case you may not be able to use all our websites’ functions.


Our own cookies serve to make your visit to our websites more user-friendly and secure. The legal basis for the data processing associated therewith is Article 6 (1) (f) of the GDPR.


For purposes of web analysis and marketing we use cookies from third parties. You will find more detailed information on this subject under Sections 2.5 and 2.6 of this Data Protection Notice.

Your messages and communications

We collect all information and all data which you communicate to us via our websites. For example, you are able at various points on our websites, via functions such as the Contact Form or Contact function, to send us messages and, in some cases, files (e.g. PDF documents). Any information which is compulsory for these functions is marked as such. The information which you provide will be used by us solely in order to process your application.


We shall erase the data accrued thereby once their storage is no longer required, or we shall restrict their processing should statutory data retention obligations exist.


Disclosure of your message to another ALBA Group company or to an external third party will only be made insofar as this is necessary in order to process your application (for example, we disclose your message to another ALBA Group company if the latter is responsible for dealing with your request). If you do not wish your message to be disclosed to another company, you can say this – also as a precautionary measure, of course – directly in your message. We shall then pass on your message to the other company without such information as could identify you (e.g. your name, customer number or contact details).


The legal basis for the foregoing data processing is Article 6 (1) (b) of the GDPR. Insofar as you have consented to the disclosure or processing elsewhere of the data which you have communicated to us, the legal basis will be Article 6 (1) (a) of the GDPR.

Social-Media Plug-ins

Facebook Plug-ins

Some of our websites include functions provided by the social network Facebook (so-called plug-ins). These plug-ins are operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). Facebook is therefore solely responsible for operating the plug-ins in keeping with data protection requirements.


The plug-ins are integrated by way of a so-called two-click solution, meaning that to use a plug-in, you need to activate it first (= first click) to be able to operate it in the manner intended by Facebook (= second click). This is to prevent Facebook from collecting data about you without your consent.


If you visit a website containing a plug-in that you have previously activated, your browser will establish a direct connection with Facebook servers which sends the content of the plug-in (e.g. "like" or share buttons) to your browser and then integrates it in our website. This lets Facebook know that you have visited our website. If you are logged into Facebook with your personal user account when visiting our website, Facebook will be able to link the website visit with this account. When plug-ins are interacted with, e.g. by clicking the "like" button or leaving a comment, the respective information will be directly collected by Facebook and stored there. If you would like to prevent this, you need to log out of your Facebook account before activating plug-ins. 


Further information on the purpose and scope of the data collection by Facebook, the further processing and use of your data there, your rights in this regard and setting options for protecting your privacy is available from Facebook's data privacy information at (


The legal basis for the data processing detailed above, insofar as our responsibility, is GDPR section 6.1.f (balancing of interests based on our legitimate interest in making our contents available to a larger number of users).

Twitter Plug-ins

Our website includes plug-ins of the Twitter Inc. short message network (Twitter). You can recognise the Twitter plug-ins (tweet button) by the Twitter logo on our site. For an overview of tweet buttons visit (


If you access a page of our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server.


Twitter thus receives the information that you have visited our site with your IP address. If you click the Twitter "tweet" button while logged into your Twitter account, you can link the content of our pages to your Twitter profile. This allows Twitter to assign the visit to our site to your user account.


We would like to point out that, as the provider of this website, we do not have any knowledge of the content of the transmitted data or its use by Twitter.


If you do not want Twitter to be able to link visits to our site to your account, please log out of your Twitter user account.


For more information on this see Twitter's privacy policy (


Use of YouTube videos

We use YouTube videos on parts of our websites. YouTube is a video platform operated by the Google company YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”). The YouTube videos can be played directly on our websites. They are embedded in “extended data-protection mode”, i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only if you play the videos will data be transmitted to YouTube. We have no influence on this data transmission. In case personal data is transferred to the US, the EU standard contractual clause has to be concluded with the respective providers and a statement by the provider has to be examined to see whether it complies with the EU level of data protection. You can disable data transfers from the US by setting your browser accordingly.


If you visit a website with embedded YouTube videos, YouTube and Google obtain the access data accrued thereby and the information that you have visited the page on our website in question. This will happen irrespective of whether or not you are logged into YouTube or Google. If you are logged into Google, you data will be associated directly with your Google account. If you do not wish them to be associated with your profile at YouTube, you must log out before playing a video. YouTube and Google may use your access data to produce user profiles for purposes of marketing, marketing research and needs-based design of their own websites. You have a right to object to the formation of these user profiles, in which case the objection must be sent directly to YouTube. You will find further information in Google’s Privacy Policy, which also applies to YouTube.


The legal basis for the foregoing data processing, insofar as we are the controlling body, is Article 6 (1) (f) of the GDPR (balance of interests grounded on our legitimate interest in incorporating video contents).

Google Analytics

Our websites use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies to collect your access data when you visit our websites. These access data will be combined into pseudonymised user profiles on our behalf and transmitted to a Google server in the USA. Prior to this your IP address will be anonymised. Therefore we cannot know which user profiles belong to a particular user. We cannot identify you on the basis of the data collected by Google, nor can we tell how you use our websites. In case personal data is transferred to the US, the EU standard contractual clause has to be concluded with the respective providers and a statement by the provider has to be examined to see whether it complies with the EU level of data protection. You can disable data transfers from the US by setting your browser accordingly.


Google will use the information gained through the cookies in order to evaluate the use of our websites, to compile reports on this website activity, and to supply further services for us associated with website and internet use. You will find further information on this subject in the Google Analytics Privacy Policy.


You can object at any time to the foregoing production and evaluation of pseudonymised user profiles by Google. For this purpose you have various options::


(1) You can set your browser to block cookies from Google Analytics.


(2) You can adjust your Google ad settings.


(3) You can install the opt-out plug-in provided by Google at on your Firefox, Internet Explorer or Chrome browser (this option does not work on mobile devices).


(4) You can set an “opt-out” cookie by clicking here: Disable Google Analytics


The legal basis for this data processing is Article 6 (1) (f) of the GDPR (balance of interests grounded on our legitimate interest in evaluating general usage patterns).

Google Tag Manager

Our website uses Google Tag Manager, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Tag Manager serves to manage website tags more efficiently. A website tag is a placeholder which is stored in our website’s source code, in order for example to capture the embedding of frequently used website elements (e.g. the code for the web analysis service). Google Tag Manager operates without the use of cookies. The data will be processed partly on a Google server in the USA. In case personal data is transferred to the US, the EU standard contractual clause has to be concluded with the respective providers and a statement by the provider has to be examined to see whether it complies with the EU level of data protection. You can disable data transfers from the US by setting your browser accordingly.


We will principally only disclose your data if:

  • you have explicitly consented to this as per GDPR section 6.1.a 
  • this is required as per GDPR section 6.1.f to assert, exercise or defend legal claims of an ALBA Group company and there is no reason to assume that you have an overriding legitimate interest in the data not being disclosed
  • we are legally required to disclose them as per GDPR section 6.1.c
  • their disclosure is permitted by law and required as per GDPR section 6.1 for the performance of a contract with you or for measures preceding the conclusion of such a contract at your request.


Disclosure to external service providers of the ALBA Group

Parts of the data processing described in this data protection statement can be performed by external service providers at our behest. Besides the ones mentioned in this data protection statement, these service providers can in particular also include computer centres that store our websites and data bases, IT service providers that service our systems, and consultancy firms.


Insofar as we disclose data to our service providers, they are only permitted to use this information to fulfil their tasks. We selected and commissioned these service providers with great care. They are contractually bound to our instructions, have suitable technical and organizational measures in place for protecting the rights of data subjects, and are regularly monitored by us.


In the event of our disclosure of your data over and beyond this data protection statement to a service provider based in a country outside the European Economic Area (EEA), we will separately inform you of this fact and the specific guarantees underlying the data transfer, as the case may be. If you require copies of guarantees to substantiate an adequate level of data protection, please contact our data protection officer (see section 1).

Storage period

Unless stated otherwise in this data protection statement, we will only store and use your data for as long as required to fulfil our contractual or statutory obligations or the purposes the data were collected for. We will, however, restrict their processing after the expiry of the statutory limitation purposes, meaning that your data will only be used to comply with statutory obligations from then on.


We will delete the data immediately thereafter, unless we still need them until the expiry of statutory limitation periods as proof for civil claims, or owing to statutory retention obligations. Even after this, we may still be required to store your data for accounting purposes. We are required to do so by statutory documentation obligations possibly arising from the Commercial Code, Tax Code, Banking Act, Money-Laundering Act and Securities Trading Act. The document storage periods required there range from two to ten years.


The document storage periods required there range from two to ten years.
The legal basis of this data processing for fulfilling statutory documentation and retention obligations is GDPR section 6.1.c.

Your rights

If you wish to assert the statutory data privacy rights detailed below, you can contact our data protection officer (see section 1) at any time:

  • You are entitled to request information about our processing of your personal data at any time. In this information, we will explain the data processing and provide you with an overview of the personal data stored about you.
  • If the data we store should be incorrect or no longer up-to-date, you have a right to have them rectified.
  • You can also demand the deletion of your data. Should their deletion be prevented by other statutory requirements in exceptional cases, the data will be blocked to make them available only for that statutory purpose. 
  • You can also have the processing of your data restricted, e.g. if you are of the opinion that the data we store are incorrect. 
  • You have a right to data mobility, meaning that we will provide you with a digital copy of the personal data provided by you upon request.


You also have a right to lodge a complaint with a supervisory authority for data protection. The relevant supervisory authority for the ALBA Group is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Friedrichstr. 219, 10969 Berlin.

Objection and revocation rights

If you would like to assert your revocation or objection rights detailed below, an informal message to the contact data stated in section 1 above will suffice.

Revocation of consent

GDPR section 7.2 entitles you to withdraw a previously given consent from us at any time, with the consequence that we will refrain from the data processing that is based on this consent in the future. The withdrawal of your consent will not affect the lawfulness of the processing based on this consent before its withdrawal.

Objecting to the processing of your data

Insofar as we are processing your data based on legitimate interests as per GDPR section 6.1.f, GDPR section 21 gives you the right to object to this processing of your data on grounds relating to your particular situation, or if the objection concerns direct marketing. In the latter case, you have a general objection right which we will also implement without you citing reasons.

Data security

We maintain adequate technical measures for our online offers to ensure data security and especially protect your data from risks in data transmission and from unauthorized third-party access. These measures are constantly adapted to the state of the art. To protect the personal data disclosed by you on our website, we rely on Transport Layer Security (TLS), which encrypts the information you enter.

Amendments of this data privacy statement

We update this data privacy statement from time to time, e.g. when we adjust our website or if the statutory or official requirements change.

Do you have any questions?

If so, please feel free to contact us or download our detailed brochure on the study directly.

Contact us

The study

Here you will find details on the calculation and the results of the study.


Explanatory videos

Learn more about the methodology.



Login for our customers

A special service and information on your individual contribution.