Privacy policy
The purpose of this document is to outline the rules and actions regarding the collection, processing, and protection of personal data by Aquatica with regards to the requirement of the EU General Data Protection Regulation (GDPR).
We assure that we apply technical and organizational measures with the utmost care so that your personal data are protected in the best conceivable way. We protect your data against unauthorized access, as well as other cases of disclosure, loss or unauthorized modification.
In our privacy policy, we use various terms as defined by the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority, and international organization. Personal data as defined by the GDPR is any information relating to an identified or identifiable natural person (‘data subject’), e.g., name, address, e-mail, order data. You can find the corresponding definitions for these terms in Article 4 of the GDPR.
01. Controller of your personal data
The entity responsible for the processing of personal data is:
The Engineered Stone Group Ltd, UK
Floor 5, Smithson Tower Smithson Plaza, St. James’s Street, London, England, SW1A 1HJ
info@engstone.com
(hereinafter referred to as: the “Controller”)
You can contact our data protection officer at:
dpo@engstone.com
02. Personal data we process
We process personal data that we receive from you, first and foremost while using our website and, if applicable, during our business relationship. Furthermore, we receive your personal data if you contact us via contact form or e-mail. Personal data here are, for example, name, address, e-mail, telephone number and, if applicable, the data that you send us in the message (hereinafter referred to as «contact data»).
03. Legal basis of processing your personal data
We process personal data in accordance with the GDPR for the following purposes and based on the following legal grounds:
Purpose | Legal Basis |
To process personal data for communication, in particular for contacting you (newsletter, advertising by telephone, e-mail, SMS, etc.). You may revoke given consent at any time with effect for future processing. You can send the revocation to the above contact details or to dpo@engstone.com. | Consent, Art. 6 para 1 sentence 1 lit. a GDPR |
To use cookies (and similar technologies) when your visit our website. We will ask you whether you wish to consent to the use of non-essential cookies (and similar technologies). The use of essential cookies (and similar technologies) does not require your prior consent. More on cookies and how you can manage them, see section “Cookies”. | Consent, Art. 6 para. 1 sentence 1 lit. a GDPR Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR |
To safeguard our legitimate interests or those of third parties:
| As part of the balancing of interests for the safeguarding of legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR |
To provide you with solicited information in case you contact us directly (e.g. through email or our contact form). If necessary for the gathering of information, we may transfer your data to affiliated entities. | Processing of a contract, Art. 6 para. 1 sentence 1 lit. b GDPR |
04. Recipients of your personal data
Within the organization, departments that need to know your data to fulfill our contractual and regulatory obligations can access your data.
In addition, data processors (Art. 28 GDPR) engaged by us may also obtain access to data for the above-mentioned purposes. If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant technical and organizational measures to protect personal data in accordance with applicable law.
Any transfer of data to third parties will be made only within the scope of legal requirements. We will disclose your data to third parties only if this is required, for example, for contractual purposes or based on legitimate interests in the economic and effective operation of our business or if you have consented to the transfer of data.
We may share your personal data with the following categories of recipients and data processors:
- entities rendering accounting and tax services for our company,
- entities providing legal services for our company,
- entities servicing and managing our IT system,
- entities providing courier or postal services for our company,
- banks – if it is necessary to make settlements,
- insurance companies which adjust claims,
- state authorities or other entities authorized under legal regulations – to perform duties imposed on us,
- in the case of data obtained in connection with direct marketing – marketing agencies.
05. Period of data storage
We store personal data for different periods of time, depending on whether laws and regulations allow us personal data for a maximum of time, or whether we must comply with minimum data storage retentions.
For security reasons (to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted (see above). Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.
As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via contact form or by e-mail.
In case you make request for information in a written form, e.g. through our contact form or an email, we store your data as long as it is necessary to provide you with the requested information.
Applicant data will be deleted after six months in the event of a rejection, unless you consent in written form to have your personal data stored for a longer period. That period shall not exceed two years. You have the right to revoke your consent for the extended storage period any time.
We are legally obliged to store personal data in the context of performing contracts and complying with fiscal obligations. Legal retention periods to these records apply.
06. Transfer of personal data to third countries or international organizations
The data provided will be processed within the European Union and in the USA.
We transfer your personal data based on an adequacy decision by the EU Commission. For certified data processors, an adequacy decision by the Commission according to Article 45 GDPR exists. Your personal data are not transferred to third countries without an adequacy decision or other guarantees provided by the GDPR.
We also transfer your personal data based on Standard Contractual Clauses (SCCs) issued by the EU Commission and
We also transfer your personal data based on your consent, where applicable. You can revoke your consent at any time with effect for the future.
07. Your rights as a data subject
In connection with the processing of your personal data by us, you have the following rights:
- The right to information about personal data being processing by us.
- The right to access your data and receive their copy.
- The right to rectify (correct) personal data.
- The right to restrict processing of personal data.
- The right to erase personal data.
- The right to data portability.
- The right to object to the processing of personal data. Objections do not require a particular form and no costs are incurred, other than the transmission costs according to the basic tariffs. If possible, any objection should be addressed to the above-mentioned address or email.
- The right to revoke consent to the processing of personal data.
The above notifications and measures requested by you will be made available to you free of charge in accordance with Art. 12 para 5 GDPR. To exercise your rights referred to hereinabove, all correspondence should be sent via post or e-mail to the above mentioned address or email. Before complying with your rights, we will have to ensure that you are really you, i.e., identify you accordingly.
If you believe that we are processing your personal data in violation of the provisions of the GDPR or other legal acts regulating personal data protection, you have the right to lodge a complaint to any data protection authority.
08. Automated individual decision-making, including profiling
We do not use any fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).
09. Newsletter and direct marketing
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as your agreement to receive our newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively for sending the newsletter and do not pass it on to third parties.
Subscription to our newsletter takes place in the so-called double opt-in process. This means that after subscribing to our newsletter, we will send you an email to confirm your registration. Your confirmation serves to ensure that only persons who have access to the given email address register for our newsletter. We log the registration to the newsletter to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address.
The data entered in the newsletter registration form is processed exclusively based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) and Art. 7 DSGVO. You can revoke your consent to the storage of the data, the email address, and their use for sending the newsletter at any time with effect for the future – via the «unsubscribe» link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
10. Information on source of data/voluntary provision of data
In the case of purely informational use of our website, i.e., if you do not submit information to us through a form, we only collect the personal data that your browser transmits to our server. When you access our website, we collect access data, which is technically necessary for us to present our website to you and to ensure stability and security.
The access data includes:
- the IP address, date and time of the request, time zone,
- content of the request (i.e. name of the specific website accessed),
- access status/HTTP status code,
- amount of data transferred in each case,
- referrer URL (previously visited page),
- operating system and its interface, language and version,
- type of browser software,
- notification of successful retrieval.
11. Cookies and similar technologies
We use cookies (from here on we omit that this includes similar technologies like web storage) on our website. A cookie consists of a key and a value and is managed by the user’s browser, often stored in a database and on the user’s computer when visiting certain Internet pages.
If you have given your consent via our cookie banner, you can withdraw your consent or make changes through our cookie banner. You find more information on how to revoke your consent and the use of cookies in our Cookie Policy.