Privacy Policy

Applies to the website ashw.de operated by AS WarenHandels GmbH, Veritaskai 8, 21079 Hamburg, Germany.

AS WarenHandels GmbH
Veritaskai 8
21079 Hamburg, Germany
Email: office@aswh.de

We have not appointed a Data Protection Officer as we are currently not legally required to do so under Art. 37 GDPR / Sec. 38 BDSG. For any privacy-related queries, please contact us via the email address above.

We process personal data in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications and Telemedia Data Protection Act (TDDDG; formerly TTDSG).

Legal bases (Art. 6(1) GDPR):

• Consent (a),
• Contract / pre-contractual steps (b),
• Legal obligation (c),
• Legitimate interests (f) – e.g., to operate and secure our website in a commercially reasonable manner.

Our website is hosted by an external service provider (hosting provider). The provider processes server and usage data on our behalf to ensure secure and efficient website operation (Art. 28 GDPR).
Hosting provider: [insert name, address, and—if applicable—mention data processing agreement and sub-processors]

We implement appropriate technical and organizational measures (TOMs) to ensure a level of security appropriate to the risk (Art. 32 GDPR).

When you access our website, your browser automatically transmits information that is temporarily stored in server log files. This includes in particular:

• IP address,
• date and time of the request,
• time zone difference to GMT,
• content of the request (specific page/file),
• access status/HTTP status code,
• amount of data transferred,
• referrer URL (website previously visited),
• browser, operating system and interface, language and version of the browser software.

Purposes/interests: technical provision, stability and security, detection of misuse/attacks.
Legal basis: Art. 6(1)(f) GDPR.
Retention: log files are generally deleted or anonymized after [e.g., 7–14] days, unless further retention is required for evidence.

We use cookies or similar technologies (e.g., local storage, pixels) to store or access information on your device.

• Strictly necessary cookies: required to display the website and to ensure basic functions (e.g., language selection, consent status). Legal basis: no consent required; storage/access occurs to provide the telemedia service expressly requested by the user (Sec. 25(2) No. 2 TDDDG), in addition Art. 6(1)(f) GDPR.
• Functional/analytics/marketing cookies: used only with your consent. Legal basis: Sec. 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR.

You can withdraw or modify your consent at any time with future effect via our consent banner. Browser settings can prevent cookies; this may limit functionality.

Note: The consent banner and our cookie overview list the specific cookies/tools used, their providers, purposes, lifetimes, and legal bases. 

When you contact us, we process your details (e.g., name, contact details, message content) to handle and resolve your query.
Legal basis: Art. 6(1)(b) GDPR (contractual/pre-contractual communication) or Art. 6(1)(f) GDPR (general inquiries).
Retention: requests are deleted once handled, at the latest after 12 months, unless statutory retention duties apply.

In the context of business relationships we process master and contact data, contract and payment data, and communications.
Legal bases: Art. 6(1)(b) GDPR (contract), Art. 6(1)(c) GDPR (legal duties, e.g., commercial/tax retention), Art. 6(1)(f) GDPR (legitimate interests, e.g., receivables management).
Retention: pursuant to statutory retention periods (generally 6–10 years).

If you apply to us, we process your application data solely for the purpose of deciding on the establishment of an employment relationship.
Legal bases: Sec. 26 BDSG, and, where relevant, Art. 6(1)(b) and (f) GDPR.
Retention: rejection data are deleted no later than 6 months after the end of the process, unless you consent to longer storage or we have legitimate interests (e.g., legal defense).

Data are shared with service providers only within the scope of data processing agreements (Art. 28 GDPR) or where otherwise permitted by law. Possible recipient categories: IT services, hosting/cloud, newsletter/email services, CRM/ERP, payment services, auditors/tax advisors, legal counsel, logistics.

Where data are processed in countries outside the EU/EEA ("third countries"), this occurs only if an adequacy decision of the European Commission exists or appropriate safeguards are in place (in particular EU Standard Contractual Clauses) and—where required—additional measures have been implemented. We will provide information on this upon request.

We store personal data only for as long as necessary for the respective purposes, as required by law, or where we have a legitimate interest in further storage. Data are then deleted or anonymized.

In the context of concluding or initiating contracts, certain data must be provided. Without such data, contract performance may not be possible. Beyond this, there is no obligation to provide data.

You have the following rights under the GDPR: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection to processing based on Art. 6(1)(e) or (f) (Art. 21), and the right to withdraw consent at any time (Art. 7(3)).
You also have the right to lodge a complaint with a supervisory authority, in particular at our company’s seat or your place of residence. For Hamburg, the competent authority is the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI).

We do not use automated decision-making including profiling.

Our website may contain links to external sites. Those operators are responsible for their own content and data protection measures.

We may update this Privacy Policy from time to time, e.g., due to changes in law, our services, or processing activities. The current version is available on this page.

Effective date: 01 October 2025