ASP Arges-Surface-Protection GmbH

1. Controller

ASP Arges-Surface-Protection GmbH

Hannoversche Straße 8
26384 Wilhelmshaven

Represented by the managing directors:
Ismail Omer Kechagia, Chasan Omer Kechagia

Phone: +49 4421 5007152
Fax: +49 4421 9877246
Email: info@aspgmbh.net

Register court: Amtsgericht Oldenburg, HRB 205098

VAT identification number pursuant to Section 27a of the German VAT Act (UStG): DE274199406

2. Data Protection Officer

An external data protection officer has been appointed for our company:

Sören Brunet
Lessingstraße 21
26419 Schortens
Email: soeren.brunet@mberatung.de

If you have any questions regarding data protection or wish to exercise your rights as a data subject, you may contact our data protection officer at any time.

3. General Information on Data Processing

We process personal data of our website visitors only to the extent necessary for providing a functional website and our content and services. The processing of personal data is carried out regularly only with the consent of the data subject. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

The processing of personal data is carried out on the basis of Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter “GDPR”), the German Federal Data Protection Act (BDSG), the German Telecommunications and Digital Services Data Protection Act (TDDDG) and other applicable data protection provisions.

Where we obtain consent for the processing of personal data, Art. 6(1)(a) GDPR serves as the legal basis. For the processing of personal data necessary for the performance of a contract, Art. 6(1)(b) GDPR serves as the legal basis. The same applies to processing operations necessary for the implementation of pre-contractual measures. Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis. Where the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override such interests, Art. 6(1)(f) GDPR serves as the legal basis.

This website uses TLS encryption (identifiable by the prefix “https://” and the lock icon in the address bar of your browser). When TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage beyond this period may occur where the European or national legislator has provided for this in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned provisions expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

Access to information stored on the end user’s terminal equipment (e.g. cookies, local storage) is governed by Section 25 TDDDG. Such access only takes place with consent pursuant to Section 25(1) TDDDG or where it is strictly technically necessary pursuant to Section 25(2) TDDDG.

4. Hosting and Server Log Files

4.1 Hosting Provider

This website is hosted by:

CR technische Service- und Fachhandels GmbH (Servercrew)
Güterstraße 34
26389 Wilhelmshaven

The servers are located in a data centre in northern Germany. When you access our website, the web server automatically collects data and stores it in so-called server log files.

The use of the hosting provider is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the reliable presentation and provision of our website. Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s terminal equipment.

A data processing agreement pursuant to Art. 28 GDPR has been concluded with the hosting provider.

4.2 Server Log Files

When you access our website, the hosting provider automatically collects and stores information in server log files that your browser automatically transmits. This includes in particular: browser type and version, operating system used, referrer URL, host name of the accessing computer, IP address, and time of the server request.

This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website; for this purpose, the server log files must be recorded.

Server log files are stored for a maximum period of 30 days and are then automatically deleted, unless in individual cases further storage is required for the investigation of a specific security incident or for the assertion, exercise or defence of legal claims.

5. Cookies and Consent Management

This website uses cookies. Cookies are small text files that are stored on your terminal equipment and saved by your browser. Most of the cookies we use are so-called technically necessary cookies. They are automatically deleted at the end of your visit or remain on your terminal equipment until you delete them.

Technically necessary cookies are stored on the basis of Section 25(2) No. 2 TDDDG. The website operator has a legitimate interest in storing technically necessary cookies for the technically error-free and optimised provision of its services. The subsequent data processing is based on Art. 6(1)(f) GDPR.

Cookies that are not strictly technically necessary are only set after your consent pursuant to Section 25(1) TDDDG. The subsequent processing of personal data in such cases is based on Art. 6(1)(a) GDPR.

The following technically necessary cookies are used on this website:

Borlabs Cookie: Cookie for storing your consent decisions for consent management. This cookie is technically necessary and is set without consent (Section 25(2) No. 2 TDDDG). Storage duration: 12 months. Provider: Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg.

pll_language: Cookie of the language switching plugin Polylang for storing the selected language. This cookie is technically necessary and is set without consent (Section 25(2) No. 2 TDDDG). Storage duration: 1 year. Provider: WP SYNTEX SARL, 8 rue Joseph Cugnot, 38307 Bourgoin-Jallieu, France.

We use Borlabs Cookie as a consent management tool on our website. Borlabs Cookie is used to obtain your consent for the storage of certain cookies and the use of certain technologies and to document this in a data protection compliant manner. When you access our website, a cookie is stored on your terminal equipment in which your granted consents and their revocation are recorded. This data is stored until you request deletion, delete the cookie yourself, or the purpose for data storage ceases to apply. Mandatory statutory retention obligations remain unaffected.

You may revoke your consent at any time with effect for the future by accessing the cookie settings via the corresponding link or button on our website.

6. Contact via Email and Telephone

If you contact us by email or telephone, your enquiry including all resulting personal data (name, enquiry, email address, telephone number) will be stored and processed by us for the purpose of handling your request.

The processing of this data is based on Art. 6(1)(b) GDPR if your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries directed to us pursuant to Art. 6(1)(f) GDPR, or on your consent pursuant to Art. 6(1)(a) GDPR, where such consent has been requested.

The data you have sent to us will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage ceases to apply. Mandatory statutory provisions, in particular statutory retention periods, remain unaffected.

7. Application Procedure

If you apply to us, we process the personal data you have submitted (e.g. contact details, application documents, cover letter, curriculum vitae, certificates, proof of qualifications) for the purpose of conducting the application procedure.

The legal basis for the processing of your data in the application procedure is Section 26(1) BDSG in conjunction with Art. 6(1)(b) GDPR. If your application contains special categories of personal data within the meaning of Art. 9(1) GDPR (e.g. health data, religious affiliation, photograph), the processing is based on Art. 9(2)(b) GDPR.

In the event of a rejection, your application documents will be deleted no later than six months after the conclusion of the application procedure, unless deletion is precluded by other legitimate interests. Such a legitimate interest may, for example, be an obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

If you grant us your consent, we may retain your application documents beyond the aforementioned period for future job offers in a talent pool. Such consent may be revoked at any time.

8. External Reporting Channel under the Whistleblower Protection Act (HinSchG)

We provide an external reporting channel for reports within the meaning of the German Whistleblower Protection Act (HinSchG). Reports can be submitted by email to the address indicated on our website.

In the course of a report, the personal data you submit (e.g. name, contact details, description of the matter) will be processed. The processing is based on Art. 6(1)(c) GDPR in conjunction with the provisions of the HinSchG. Whistleblowers may also submit reports anonymously.

Reports are handled by the following external service provider acting as a processor pursuant to Art. 28 GDPR:

MB Managementberatung

Lessingstraße 21
26419 Schortens

The data will be retained in accordance with the provisions of the HinSchG and deleted three years after the conclusion of the proceedings (Section 11(5) HinSchG). Longer retention will only take place where this is necessary for compliance with statutory obligations or is proportionate. The confidentiality of the identity of the whistleblower is safeguarded in accordance with Sections 8 and 9 HinSchG.

9. Third-Party Content

Our website embeds content from third-party providers. This content is only loaded after you have given your consent via our consent management tool (Borlabs Cookie). Without your consent, a placeholder is displayed and no data is transmitted to the respective third-party provider.

The legal basis for access to the terminal equipment by third-party services is Section 25(1) TDDDG (consent). The legal basis for the subsequent processing of personal data is Art. 6(1)(a) GDPR (consent). You may revoke your consent at any time via the cookie settings.

9.1 Google Maps

We use the mapping service Google Maps. The integration is technically implemented via the plugin “Premium Addons for Elementor”; data is transmitted directly to Google. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Once you have given your consent, a connection to the Google servers is established. In doing so, your IP address, among other things, is communicated to the Google server. Data may be transferred to Google LLC in the USA. Google LLC is certified under the EU–US Data Privacy Framework (DPF), ensuring an adequate level of data protection pursuant to the adequacy decision of the European Commission of 10 July 2023.

For further information, please refer to the Google privacy policy at https://policies.google.com/privacy.

9.2 YouTube

We embed videos from the YouTube platform. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Once you have given your consent, accessing a page with an embedded YouTube video establishes a connection to the YouTube servers. This informs the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to directly associate your browsing behaviour with your personal profile. You can prevent this by logging out of your YouTube account. Data may be transferred to Google LLC in the USA. Google LLC is certified under the EU–US Data Privacy Framework (DPF).

For further information, please refer to https://policies.google.com/privacy.

10. Statutory Retention Obligations

We are legally obliged to retain certain data for the statutory retention periods. After expiry of these periods, the relevant data will be routinely deleted, unless it is still required for the conclusion or performance of a contract.

Retention is based on Art. 6(1)(c) GDPR in conjunction with the following statutory provisions:

Commercial retention obligations (Section 257 HGB): Commercial books, inventories, opening balance sheets, annual financial statements, management reports as well as the working instructions and other organisational documents required for their understanding: ten years. Accounting vouchers: eight years. Received and copies of dispatched commercial letters: six years.

Tax retention obligations (Section 147 AO): Books, records, inventories, annual financial statements, management reports and the documents required for their understanding: ten years. Accounting vouchers: eight years (reduced since 1 January 2025 by the Fourth Bureaucracy Relief Act; previously ten years). Received and dispatched commercial or business letters and other tax-relevant documents: six years.

11. Rights of Data Subjects

As a data subject, you are entitled to various rights under the GDPR, arising in particular from Art. 15 to Art. 21 and Art. 77 GDPR:

11.1 Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation from us as to whether personal data concerning you are being processed. If this is the case, you have a right of access to such personal data and to the information specified in detail in Art. 15 GDPR.

11.2 Right to Rectification (Art. 16 GDPR)

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete data.

11.3 Right to Erasure (Art. 17 GDPR)

You have the right to obtain from us the erasure of personal data concerning you without undue delay, provided that one of the grounds set out in Art. 17 GDPR applies and the processing is not necessary for the reasons set out in Art. 17(3) GDPR.

11.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to obtain from us the restriction of processing where one of the conditions set out in Art. 18(1) GDPR is met.

11.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent or on a contract and the processing is carried out by automated means.

11.6 Right to Object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims.

11.7 Right to Withdraw Consent (Art. 7(3) GDPR)

You have the right to withdraw consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

11.8 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority responsible for us is:

The State Commissioner for Data Protection of Lower Saxony

(Die Landesbeauftragte für den Datenschutz Niedersachsen)
Prinzenstraße 5
30159 Hannover
Phone: +49 511 120-4500
Website: https://www.lfd.niedersachsen.de

12. Currency and Amendment of this Privacy Policy

This privacy policy is current as of May 2026. Due to the further development of our website and our offerings or as a result of changes to statutory or regulatory requirements, it may become necessary to amend this privacy policy. The current version of the privacy policy can be accessed at any time on our website.