Skip to main content Contact


1. About us

We, AUNDE Achter & Ebels GmbH, are responsible for the collection, processing and storage of your data. You can find details about the company in our imprint at any time.

Our highest priority is to carefully process your personal data. In processing, we comply with the statutory provisions, e.g. the General Data Protection Regulation (GDPR) and associated national provisions.

This data protection declaration applies to all company websites that can be accessed under our domain (,,,,,, Should you switch to websites of other operators within the scope of our offer, their own data protection regulations will apply, and the respective operators of these websites are responsible for their content.

In order to provide you with a comprehensive overview of the processing of personal data in our group of companies, below you will find an overview of all our services in the context of which we collect and process personal data.

If separate or additional conditions apply to individual services or if we request your consent, we will indicate this separately before you use the respective service.

Additionally, we take various security measures to protect your personal data. For example, transmission between your web browser and our servers is always transport encrypted. Likewise, we employ a variety of technical and organizational measures to ensure your data is always protected.

2. Why do we process your data?

You can use our website without needing to disclose your identity. If you would like to subscribe, contact us and we will ask you for your name and other personal information. It is your free decision whether you enter this (extended) data. Data that we absolutely need from you to provide our services are marked as such.

Your personal data is collected and processed for the following purposes in line with the legal bases below:

  • Contract initiation pursuant to Art. 6 (1) lit. a) and b) GDPR
  • Contract execution in accordance with Art. 6 (1) lit. b) GDPR
  • Customer management in accordance with Art. 6 (1) 1 lit. b) and c), f) GDPR
  • Communication and data exchange pursuant to Art. 6 (1) lit. a), b), c), f) GDPR
  • External presentation and advertising pursuant to Art. 6 (1) lit. a), f) GDPR
  • Implementation of declarations of consent pursuant to Art. 6 (1). 1 lit. a) GDPR
  • Ensuring the proper operation of a data processing system in accordance with Art. (1) lit. c) and f) GDPR


3. Which data do we collect and process from you?

We collect different categories of your personal data. Personal data is all information relating to an identified or identifiable natural person; an identifiable natural person is a person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name. Personal data includes information such as your name, address, telephone number and date of birth (if stated). Statistical information that cannot be directly or indirectly associated with you – such as the popularity of our individual websites or the number of users of a page – is not categorized as personal data. Data is collected directly and indirectly. In both cases, data will only be collected to the extent necessary; data will only be processed for the purposes stated under point 2. It is your decision whether you wish to transmit data to us which optimizes your use of our services, but which is not necessary. Corresponding data fields are marked as ‘voluntary’.

The data we collect immediately include:

  • Data that you actively and consciously transmit to us when using our services, e.g. by filling in our contact form.
  • Data collected as part of our online job application process.
  • Data that you actively and deliberately transmit to us as part of the use of our services, further data that you voluntarily transmit to us, e.g. data fields that you have filled in which are marked as ‘voluntary’.

In addition, data about you is collected indirectly when using our services:

  • Technical connection data, e.g. the page called up on our website, your IP address, date and time of the call, terminal device used. This is done to verify the authorization of actions and the authentication of the requesting user of our services. The legal basis is Art. 6 (1) lit. c) in conjunction with Art. 32 and Art. 6 (1) lit. f) DSGVO. Our legitimate interest is to secure our web server, for example to defend ourselves against attacks, and to ensure the functionality of our services.


Our website is not aimed at minors and we do not knowingly collect personal data from minors.

If persons under the age of 16 transmit personal data to us, this is only permitted if the parent/guardian has consented or has consented to the consent of the minor. For this purpose, the contact data of the legal guardian must be communicated to us as per Art. 8 (2) GDPR in order to convince us of the consent or the consent of the legal guardian. These data, as well as the data of the minor, will subsequently be processed in accordance with this data protection declaration.

If it is established that a minor under the age of 16 has sent us personal data without the parental consent or consent of the minor, the data will be deleted immediately.

4. Who has access to your data and who do we transmit your data to?

a) Access

Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who must handle this personal data in their tasks.

Third parties may gain access to your data when we have obtained your permission or where there is a legal basis for this.

We also use service providers to provide services and process your data (among other things, to host, maintain and analyze databases, and for the protection of our web server). Insofar as these special provisions apply, we have carried them out for you in the following way for the respective service. The service providers process the data exclusively on our instructions and must comply with the applicable data protection regulations. All contractors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services or to the extent to which you have consented to the processing and use of your data.

b) Data exchange within the group of companies

Data exchange within the group of companies to which we belong takes place exclusively within the EU/EEA and is only carried out for internal administrative purposes. By group of companies we mean affiliated companies under the meaning of Art. 4 No. 19 GDPR.

c) Transfer to third countries and legal basis

The servers of some of the service providers we use are located in the US and other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as in the European Union Member States. If your data are processed in a country that does not have a recognized high level of data protection, such as the European Union, we use contractual regulations or other recognized instruments to ensure adequate protection of your personal data. We expressly highlight this again within the scope of the individual services.

Insofar as personal data is transferred to third countries, this takes place on the basis of the conclusion of the EU standard contract 2010 in accordance with Art. 46 para. 2 lit. c DSGVO in conjunction with the decision of the EU Commission of 5 February 2010 (2010/87/EU) or your explicit consent. Additional measures to ensure a higher level of protection of personal data and effective legal protection for data subjects are currently in preparation.

d) Transmission to law enforcement and criminal investigation authorities

In exceptional cases, we transmit personal data to law enforcement and criminal investigation authorities. This is done in accordance with corresponding legal obligations, e.g. from the Code of Criminal Procedure, the Fiscal Code, the Money Laundering Act or state police laws.

5. Storage periods

We store your personal data within the framework of legal regulations or your consent.

We use the following criteria to determine the concrete storage period:

We store the personal data until the purposes for which it was collected cease to apply (e.g. at the end of a contractual relationship or through the last activity, if no continuing obligation exists, or in the case that you revoke your consent for the specific data processing).

Further data will only be stored if:

  • legal storage obligations (e.g. according to AO and HGB) exist;
  • the data is still needed to assert and exercise legal claims or to defend against legal claims, e.g. due to technological and forensic requirements to defend against attacks to our web servers and their prosecution;
  • the deletion would be contrary to the legitimate interest of the data subjects;


  • another exception pursuant to Art. 17 (3) DSGVO applies.


6. Your rights

You have several legal rights to which we would like to draw your attention below. Of course, our data protection officer is also available to answer any questions you may have about your personal data that we have collected and processed using the contact details given.

a) Right to information and data transferability

You have a right to information concerning the personal data we process on you at any time.

If the data processing is based on your consent or according to Art. 6 (1) lit. b) GDPR on a contract, you can also demand to receive the personal data stored on you in a structured, current and machine-readable format in accordance with Art. 20 (1) GDPR. At your request, we will also forward the data directly to the recipient of your choosing.

b) Right to rectification, restriction and deletion

Furthermore, in accordance with Articles 16 to 18 GDPR, you can request that we correct, restrict (block) or delete your personal data if we have processed the data incorrectly, if there is a reason to restrict further data processing, if data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to highlight that your right to deletion may be restricted by legal retention periods.

c) Rights of objection

If our data processing is based exclusively on our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR, you may object to this processing pursuant to Art. 21 (1) GDPR. In this case, we will cease to process your data unless we can prove grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim. Moreover, you can always object to the use of your data for the purpose of direct advertising with effect for the future pursuant to Art. 21 (2) GDPR.

d) Right of revocation

If you have given us your consent to process your personal data, you have a right of revocation with effect for the future pursuant to Art. 7 (3) GDPR.

e) Right of appeal to the Supervisory Authority

You are free to complain to a supervisory authority if you believe that our processing of your personal data breaches the European General Data Protection Regulation or other national and international data protection laws.

Contact Details for the Competent Authority:

Landesbeauftragte für Datenschutz und Informationsfreiheit


Postfach 20 04 44

D-40102 Düsseldorf

Telefon: +49 211 38424 0

Fax: +49 211 38424 10



f) Contact information

To exercise your rights, you can send us an informal message to the following contact details. Please also address the revocation of your consent to the following contact details and indicate which declaration of consent you wish to revoke:

Responsible Entity

Data Protection Officer

AUNDE Achter & Ebels GmbH

Waldnieler Straße 151

41068 Mönchengladbach

Telefon: +49 21 61935-0


it.sec GmbH & Co. KG

– Data Protection Officer –

Einsteinstraße 55

89077 Ulm



7. Use of our website – cookies

a) Basic information on cookies and opt-out options

We use cookies in some areas of our website, e.g. to recognize the preferences of visitors and design the website accordingly. This facilitates user navigation and ensures a high degree of website user-friendliness. Cookies also help us to identify particularly popular sections of our website. Cookies are small files that are stored on the hard drive of the visitor’s device. They allow information to be stored for a certain period and to identify the visitor’s computer. We use permanent cookies to ensure better user guidance and individual service presentation.

We also use session cookies which are automatically deleted when you close your browser. You can set your browser so that it informs you about cookie placement. This makes the use of cookies transparent. We collect the following technical connection data: The page accessed on our website, your IP address shortened by the last three digits, date and time of access, terminal device used, browser configuration data. We do this in order to verify the authorization of actions and the authentication of the user requesting our services. The legal basis is Art. 6 (1) lit. c) together with Article 32 and Article 6 (1) lit. f) GDPR. Our legitimate interest is to secure our web server, for example, to defend against attacks, and to ensure the functionality of our services.

We only set non-technically necessary cookies once we have obtained your express consent, which you may, of course, revoke at any time.

As part of our cookie information on our website, you have agreed to the following statement in this regard:

We use tracking cookies or tracking software to provide you with the full functionality of our website and give you a better online experience. You can find more detailed information on the cookies and web tracking procedures used by us and the consents you have given in our data protection declaration at [LINK]. However, technically unnecessary cookies or our tracking software will not be activated unless you have given us your consent. [AGREE]

If you completely exclude the use of cookies, you will not be able to use certain functions of our website. Please enable the opt-out function of the services you wish to opt out of.

Please also note that by deleting all cookies you will also delete opt-out cookies. You may therefore have to reset them. Cookies are also browser-bound, which means that they must be set separately for each browser you use on each device you use. You can find the necessary links in the description of the respective service below.

The following cookies are used by us – with your consent and without having set one or more opt-out cookies – for the described purposes:



Storage Duration

Technically Necessary


Choice and storage of the user’s language preferences

24 Hours



This cookie records if the user has confirmed the cookie notice. This is a session cookie.

End of Session



This cookie is placed by the WordPress safety plug-in “Wordfence“. It is used to track the user during their visit to the website and enable “Wordfence” to group the page views. The is a permanent cookie.

1 Hour



This cookie is placed by the WordPress safety plug-in “Wordfence“. It is only used within the website to differentiate between visitors and bots.

24 Hours



WordPress places this cookie when a user navigates to the login page. This cookie verifies if the user’s browser accepts or declines the cookies. This is a session cookie.

End of Session



Verifies if the cookies are activated or not. This is a session cookie.

End of Session



a) Google Maps

Our website uses the Google Maps service, for example, to aid you in finding a location or planning a route.


When opening Google Maps on this website, data is automatically transmitted to Google LLC. Within the framework of the provision of Google Maps, a Joint-Control contract with Google LLC was implemented. Below you will find information pertaining to the basis of this agreement.

The responsible party with whom Google Maps is operated jointly with on our website (‚Google‘):

Google LLC
1600 Amphitheatre ParkwayMountain ViewCA, 94043 USA

An agreement in line with Art. 26 (1) GDPR has been drawn up between those with joint responsibility to determine who is responsible for what in relation to GDPR  

The agreement within the scope of Art. 26 (1) GDPR can be found using the following link:

Data privacy contact information:

Data privacy contact information can be found in our data protection information. The contact details of the platform operator’s data protection officer are as follows:

Keith Enright
Director, Privacy Legal

Google LLC

Google Data Protection Office

1600 Amphitheatre Pkwy
Mountain View, California 94043


Phone: 650-253-0000

Fax: 650-618-1806


Categories of data subjects:

Visitors to our website who use Google Maps.



Categories of personal data:

Information pertaining to which data from visitors to our website which may be processed by Google can be found here:, along with the additional data protection regulations for Google Maps:

Data origins:

Google receives the data subject information directly via our website.




Legal basis for processing data:

We will use Google Maps only with your consent, Art. 6 (1) lit. a) DSGVO.

You can prevent the execution of Google Maps by selectively preventing the execution of the Java script code used by using a Java script blocker; alternatively, you can also completely deactivate the execution of Java script in your browser settings.

Information on the legal basis which enables Google to process data can found here:, along with the additional data protection regulations for Google Maps:

Purpose of data processing:

We use Google Maps to enable you to carry out a location search or plan a route, while pursuing the following aims:

  • Public Image and Advertising
  • Communication and Data Exchange
  • Event Management
  • Possible contract initiation and Processing

Information pertaining to the purpose of Google processing data can found here:, along with the additional data protection regulations for Google Maps:

Storage period:

We do not store data. The storage and deletion of data is the sole responsibility of Google. All relevant information pertaining to the storage and deletion of personal data can be found here:, along with the additional data protection regulations for Google Maps:

Our employees and service provider have no access to the data processes by Google.

Categories of Data Recipients:


Information of recipients of data from Google and Google internal exchange of data can be found by visiting the following link:, along with the additional data protection regulations for Google Maps:

Data transfer to third countries:

When using Google Maps, data will be transmitted to third countries. The pertaining data transfer to third countries is subject to EU directive Art. 45 DSGVO or other appropriate safeguards as per Art. 46 DSGVO.

Logic involved and significance of profiling and/or automated decision-making using the collected data:

If the data subject is tracked using their processed data, either via cookies, or similar technology, or via their IP address, then Google is legally obligated to inform the data subject.

Further information can be found by visiting the following link:, lists separate  Maps:

Rights of the data subject:

The parties with joint responsibility must afford the data subject all applicable rights pertaining to the processing of their data.

The rights granted to the data subject are listed in our data protection information. Any claims can be made directly to Google.

The responsible supervisory authority is in the European Union country where Google’s European headquarters are located (Google Ireland Ltd.).

Data Protection Commission

21 Fitzwilliam Square, Dublin 2
D02 RD28, Ireland

Web Address:

You can prevent the execution of Google Maps by selectively preventing the execution of the Java script code used by using a Java script blocker; alternatively, you can also completely deactivate the execution of Java script in your browser settings.

b) Google fonts

To aid uniform displaying of fonts, the website uses web fonts provided by Google. These fonts are locally installed on our server. No connection to Google servers will be necessary while using these fonts.

c) OpenStreetMap

To display geo-data, we use the open source mapping tool OpenStreetMap (OSM). This tool does not store any data pertaining to the user. Any appointment dates are stored exclusively on our server. For more details visit:


8. Supplementary notes and provisions on individual services

a) Newsletter

At your request, we will send you our newsletter relating to the topic areas you select as well as information about our company. Please note that we can only send the newsletter if you have explicitly consented to the subscription using our double opt-in process.

The personal data we collect as part of the newsletter subscription is only used to send and personalize the newsletter (e.g. to address you by name). You can revoke the consent you granted to have your personal data stored for the purpose of newsletter delivery at any time with future effect. Every newsletter includes a link you can use to revoke your consent. Alternatively, you can also directly contact us so we can implement the revocation. We have provided you with the details regarding the consent you granted in the double opt-in e-mail.


b) Contact form

Any data that you provide via our contact form is processed for communication purposes so we can respond to your specific enquiry. This data will be stored for as long as processing is required for this purpose or until the expiry of any subsequent retention periods.

C) Online job application

You have the opportunity to apply for jobs with our company using an online procedure.
The data entered by you and the attachments you send with it are transferred via a secure connection. Your electronic application data will be received by the relevant HR department and only forwarded to the department responsible for the position in question or to the persons in charge of processing. All parties involved will treat your application documents with the necessary care and with absolute confidentiality.

After completion of the applicant selection procedure, we will keep your application documents for another 3 months and then erase them or destroy any copies if we have not concluded a contract of employment with you. If we add your application documents to our talent pool, we will notify you accordingly. In the notification you can actively consent to the further storage of your documents. If you consent to the storage of your documents, we will store them for one year. Please note that applications that you send by e-mail will be transferred to us unencrypted. We therefore recommend that you use the online application program.

Under we offer you the opportunity to apply to us via outlook.

9. E-Mail communication with business partner

PRIVACY NOTICE: We would like to inform you about the handling of your personal data received in the context of our business relationship (contact data etc.) according to Art. 13, 14 GDPR. Responsible is AUNDE Achter & Ebels GmbH, The legal basis for the processing of this personal data can be found in Art. 6 (1) lit. b), c) and f) GDPR. The purpose of data processing and our legitimate interest is to carry out the business relationship between our company and your company or group of companies. Your data will be stored for the duration of the business relationship and subsequently deleted, subject to any existing legal retention periods or if we still need the data to assert, exercise or defend legal claims. If you have consented to any other use, we will delete the data as soon as you revoke your consent. Our employees and service providers have access to the data only if they require the data to perform the agreed tasks. If necessary, the data are transmitted to public authorities on the basis of legal regulations (e.g. investigative authorities). Data transmission to other third parties or in third countries may take place within the framework of communication within the companies or groups of companies involved in the business relationship or other contact persons named by you on the basis of instructions from your company. In addition, data may be transferred to third countries as part of the deployment of our service providers. Related data transfers to third countries are secured by an adequacy resolution of the EU Commission pursuant to Art. 45 GDPR or by suitable guarantees pursuant to Art. 46 GDPR. You have the right to information, correction or deletion of personal data concerning you or a right to restriction of data processing by us if certain conditions pursuant to Art. 15 to Art. 18 GDPR are met. You can also object to the further processing of your personal data, Art. 21 (1) GDPR. Furthermore, you have the right to file a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR, Art. 77 (1) GDPR