Data Protection Policy
of AH Mediaservice GmbH

1. Controller

The controller responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) is:

AH Mediaservice GmbH
Heppendorfer Strasse 38-40
50170 Kerpen – Deutschland

2. Principles of Data Processing

- Personal data is processed exclusively on the basis of the GDPR and the German Federal Data Protection Act (BDSG).
- The principle of data minimization applies: Only the data necessary for the respective purpose is collected.
- Data is treated confidentially and protected against unauthorized access.

3. Purposes of Processing

AH Mediaservice GmbH processes personal data in particular for the following purposes:
- Execution of contracts and customer orders
- Communication with customers, suppliers and business partners
- Fulfillment of legal obligations
- Marketing and customer information, insofar as consent has been given
- Application management and human resources administration

4. Legal Basis

Processing is carried out on the following legal bases:
- Art. 6 (1) (b) GDPR – contract performance
- Art. 6 (1) (c) GDPR – legal obligations
- Art. 6 (1) (f) GDPR – legitimate interests
- Art. 6 (1) (a) GDPR – consent

5. Categories of Data Subjects and Data

- Customer data: name, address, contact details, payment information
- Employee data: master data, contract and salary data, working hours
- Supplier data: contact persons, communication and contract data
- Applicant data: application documents, CV, qualifications

6. Disclosure of Data

Disclosure of personal data takes place only to:
- Processors (e.g., IT service providers, tax advisors)
- Authorities, where legally required
- Recipients within the EU/EEA
Transfers to third countries only take place where an adequate level of data protection is ensured.

7. Storage Period

Personal data is only stored for as long as is necessary for the respective purpose or as long as statutory retention obligations exist.

8. Rights of Data Subjects

Data subjects have the right to:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to processing (Art. 21 GDPR)
- Lodge a complaint with the supervisory authority

9. Data Security

AH Mediaservice GmbH implements technical and organizational measures (TOM), including:
- Access controls and role-based permissions
- Data encryption
- Regular backups and IT security audits

10. Data Protection Officer

Where required by law, AH Mediaservice GmbH appoints a Data Protection Officer.
Andre Maier

11. Updates and Amendments

This Data Protection Policy is regularly reviewed and amended where necessary.