Privacy statement

We are very pleased with your interest in our company. Data protection is of particularly high importance for the Bohnenkamp AG Management. You can use Bohnenkamp AG's internet pages without any personal data input. However, if a data subject would like to make use of particular services of our company via our website, processing personal data could be necessary. If processing personal data is necessary and there is no legal basis for such processing, we will generally obtain consent from the data subject.

Processing personal data of the data subject such as name, address, e-mail address or telephone number is always carried out in accordance with the General Data Protection Regulation and in agreement with the valid Bohnenkamp AG country-specific data protection regulations. By means of this privacy statement, our company would like to inform the public about the nature, scope and purpose of the personal data collected, used and processed by us. Furthermore, by means of this privacy statement, data subjects will be informed of the rights to which they are entitled.

As the controller, Bohnenkamp AG has implemented numerous technical and organizational measures, in order to ensure the most complete protection of the personal data processed through this website. Nevertheless, internet-based data transfers can in principle exhibit fundamental security flaws, so complete protection cannot be guaranteed. For this reason, every data subject is free to submit personal data to us by alternative means, for example by telephone.

 

1. Definitions

Bohnenkamp AG's privacy statement is based on the terms applied by the European legislator by decree of the General Data Protection Regulation (GDPR). Our privacy statement should be easily readable and understandable for both the public and our customers and business partners. In order to ensure this, we would first like to explain the terminology used.

In this privacy statement we use the following terms, among others:

a) personal data

Personal data is all information that refers to an identified or identifiable natural person (“data subject” in the following paragraphs) An individual is perceived as identifiable when the said person can be directly or indirectly identified, especially by reference to an identifier such as a name, identification number, location data, online identifier or to one or more specific characteristics, expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

B) data subject

A data subject is any identified or identifiable natural person, whose personal data will be processed by the data controller.

c) Processing

Processing is any action carried out with or without the assistance of automatic processes or any such sequence of processes related to personal data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, query, use, publishing by disclosure, distribution or any other form of provisioning, aligning or linking, restricting, deleting or destroying.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their processing in the future.

e) Profiling

Profiling is any form of automated processing of personal data that consists of personal data being used in order to assess certain personal aspects relating to a natural person, in particular in order to analyse or predict aspects concerning work performance, economic situation, health, personal tastes, interests, trustworthiness, behaviour, place of residence or movement connected with this natural person.

f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be associated with a specific data subject without consulting additional information, in so far as this additional information is stored separately and subject to technical and organisational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

g) Responsible person for processing data or data controller

Responsible person or data controller is the natural or legal person, authority, establishment or other body that alone or together with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are prescribed by European Union law or Member State Law, the controller or the specific criteria of their appointment can be provided for under Union or National law.

h) Processor

A processor is a natural or legal person, authority, establishment or other body that processes personal data on behalf of the controller.

i) Recipient

A recipient is a natural or legal person, authority, establishment or other body to which personal data are disclosed, irrespective of whether or not it is a third party. However, authorities that receive personal data under European Union or national law in the framework of a particular inquiry are not considered to be recipients.

j) Third party

A third party is a natural or legal person, authority, establishment or other body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data.

k) Consent

Consent is any declaration of intent unequivocally submitted voluntarily by the data subject in an informed, unambiguous manner in the form of a statement or other explicit informative act, in which the data subject insinuates that they agree with the processing of the personal data pertaining to them.

2. Name and address of the controller

The controller, as defined by the General Data Protection Regulation, other valid data protection laws in the Member States of the European Union and other regulations connected to data protection is:

Bohnenkamp AG
Dieselstraße 14
49076 Osnabrück, Germany
Tel.: +49 541 12163 0
e-Mail: info@bohnenkamp.de
Website: www.bohnenkamp.de

 

3. Name and address of the data protection officer

The data protection officer for the controller:

Lars Hille
TÜV Rheinland Industrie Service GmbH

Friedrich-Ebert-Straße 157-159
D-48153 Münster
Tel.: +49 211 6354 144
E-Mail: datenschutz@bohnenkamp.de

 

Any data subject can at any time contact our data protection officer directly regarding questions and proposals.

4. Cookies

The Bohnenkamp AG websites use cookies. Cookies are text files that are filed and stored on a computer system via an internet browser.

A multitude of websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique cookie identifier. It consists of a sequence of characters through which websites and servers can be assigned to the specific internet browser in which the cookies were saved. This enables the visited internet sites and servers to differentiate the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified through the unique cookie.

Through the use of cookies, Bohnenkamp AG can provide the website user with more user-friendly services, which would not be possible without the cookie setting.

By using cookies, information and offers on our website can be optimised in the interests of the user. As already mentioned, cookies enable us to recognize who is using our website. The purpose of this recognition is to make it easier for users to use our website. The website user that uses cookies does not, for example, have to enter their access information each time they visit the website, as this is undertaken by the website and the cookie is filed in the user’s computer system. A further example is the shopping basket in an online shop. The online shop remembers the items that a customer has placed in the virtual shopping basket via a cookie.

The data subject can prevent the cookie setting through our website at any time by using an appropriate setting in the internet browser being used, and this way permanently deny the cookie setting. Furthermore, set cookies can be deleted at any time via an internet browser of other software programmes. This is possible in all common internet browsers. If the data subject deactivates the cookie setting in the internet browser being used, potentially not all functions of our website will be entirely usable.

5. Collection of general data and information

The Bohnenkamp AG website collects a series of general data and information upon every website visit by data subject or automated system. This general data and information is saved in the server log files. What can be captured are (1) browser type and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (a so-called referrer), (4) the sub-website that is actuated on our website via an accessing system, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that can be used for the prevention of attacks against our information technology (IT) systems.

By using this general data, Bohnenkamp AG does not draw any conclusions about the data subject. Rather, the information is required to (1) deliver the content of our website correctly, (2) to optimize the content of our website and to advertise it , (3) to ensure the long-term functional capability of our IT systems and website technology and (4) to provide law enforcement authorities with the necessary information for prosecution in case of a cyber- attack. This anonymously collected data and information will firstly be statistically evaluated by Bohnenkamp AG and additionally with the aim to optimize technical processes and to increase data protection and data security in our company, ultimately in order to ensure the optimum level of protection for the personal data we process. The anonymous data on server log files will be saved separately from all personal data given by a data subject.

6. Registering on our website

The data subject has the possibility to register on the website of the controller, providing personal data. The personal data transmitted to the controller comes from the input screen used for registration. The personal data entered by the data subject will be exclusively collected and saved for internal use on behalf of the controller and for his own purposes. The controller may initiate the transfer to one or more processors, such as a parcel service provider, who also uses the personal data exclusively for internal use attributable to the controller.

By registering on the website of the controller, the IP address of the data subject assigned by the Internet service provider (ISP) , the date and time of registration are also stored. The storage of this data takes place under consideration that only in this way can the misuse of our services be prevented, and this data, if necessary, enables investigation of the committed offenses. In this respect, the storage of this data is required to safeguard the controller. A disclosure of this data to third parties should not take place, as long as there is no legal obligation to disclose it or the disclosure serves the aim of criminal prosecution.

The registration of the data subject in which they voluntarily provide personal data allows the data controller to provide the data subject with content or services that, due to the nature of the matter in question, can only be offered to registered users. Registered persons are free to modify the personal data given at registration at any time or to delete it completely from the database of the data controller.

The controller shall, at any time upon request, provide information to each data subject as to which personal data is stored about them. In addition, the data controller corrects or deletes personal data at the request or notice of the data subject, insofar as this does not conflict with any statutory retention requirements. All employees of the controller are available to the data subject as a contact person in this context.

7. Newsletter subscription

Users are given the opportunity to subscribe to the company's newsletter on Bohnenkamp's website. Which personal data is transmitted to the controller when ordering the newsletter results from the input screen used.

Bohnenkamp AG regularly informs its customers and business partners about company offers by way of a newsletter. As a matter of principle, our company newsletter can only be received by the data subject when (1) the data subject has a valid email address and (2) the data subject has registered for newsletter dispatch. For legal reasons, a confirmation e-mail using the double-opt-in procedure will be sent to the e-mail address first entered by a data subject for the newsletter dispatch. This confirmation email serves to check whether the owner of the email address as the data subject has authorized the receipt of the newsletter.

When subscribing to the newsletter, we also save the IP address assigned by the internet service provider (ISP) of the data subject’s computer system used at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to understand the (possible) misuse of the data subject’s email address at a later date and therefore provides the legal safeguards for the data controller.

The personal data collected in the context of registering for the newsletter will be used exclusively to send our newsletter. In addition, subscribers of the newsletter may be informed by e-mail if this is necessary for the operation of the newsletter service or registration, as may be the case in the event of changes to the newsletter offer or technical data changes. No transfer of personal data to third parties takes place in the context of the newsletter service. Subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data that the data subject has given us for the newsletter dispatch can be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in each newsletter. Furthermore, it is also possible to cancel the newsletter dispatch directly on the controller’s website or to inform the controller in another way.

8. Newsletter tracking

The newsletters of Bohnenkamp AG contain so-called counting pixels. A counting pixel is a miniature graphic that is embedded in those emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Based on the embedded pixel, Bohnenkamp AG can recognize whether and when an email has been opened by a data subject and which links in the email have been invoked by the data subject.

Such personal data collected via the counting pixels contained in the newsletters are stored and evaluated by the controller, to optimize the delivery of newsletters and adapt the content of future newsletters even more to the interests of the data subject. There is no disclosure of this personal data to third parties. Data subjects are at any time entitled to revoke the separate declaration of consent issued via the double-opt-in procedure. After revocation, this personal data will be deleted by the controller. A de-registration from the receipt of the newsletter is automatically interpreted by Bohnenkamp AG as a revocation.

9. Contact via the website

Due to legal regulations, the Bohnenkamp AG website contains information that enables quick electronic contact with our company and direct contact with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or through a contact form, the personal data provided by the data subject will be automatically saved. Such personal information provided on a voluntary basis by a data subject to the controller is stored for the purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.

10. Routine deletion and blocking of persona data

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of the storage or, if so required by the European legislator or another legislator or other regulations, to which the controller is subject.

If the storage purpose is inapplicable or if a storage period prescribed by the European directives and regulations or any other relevant legislature expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

11. Rights of the data subject

a) Right of confirmation

Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If the data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact any employee of the controller.

b) Right of access

Each data subject shall have the right granted by the European legislator to obtain from the controller at any time free information about his or her personal data stored and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

  • the purposes of the processing
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • the existence of the right to request from the controller the correction or deletion of personal data, or restriction of the processing of personal data concerning the data subject, or the objection to such processing
  • the existence of the right to lodge a complaint with a supervisory authority
  • where the personal data are not collected from the data subject: any available information as to the source of the data
  • the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Furthermore, the data subject shall have the right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

Right to rectification

Each data subject shall have the right granted by the European legislator to request from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Considering the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.

D) Right to deletion (Right to be forgotten)

Each data subject shall have the right granted by the European legislator to request from the controller the deletion of personal data concerning him or her without undue delay, where one of the following grounds applies and as long as the processing is not necessary.

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • The data subject objects to the processing according to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing according to Article 21(2) of the GDPR.
  • The personal data have been unlawfully processed
  • The personal data must be deleted for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the deletion of personal data stored by the DGD Deutsche Gesellschaft für Datenschutz GmbH (German Data Protection Authority), he or she may, at any time, contact any employee of the controller. An employee of DGD Deutsche Gesellschaft für Datenschutz GmbH shall promptly ensure that the request for deletion is complied with immediately.

Where Bohnenkamp AG has made personal data public and is obliged pursuant to Article 17(1) to delete this personal data, Bohnenkamp AG, taking into account the available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested deletion by such controllers of any links to, or copy or replication of, these personal data, as far as processing is not required. Employees of the Bohnenkamp AG will arrange the necessary measures in individual cases.

e) Right of restriction of processing

Each data subject shall have the right granted by the European legislator to request from the controller restriction of processing where one of the following conditions applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the deletion of the personal data and requests instead the restriction of their use.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has objected to processing pursuant to Article 21(1) of the GDPR and it has still not been confirmed whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by Bohnenkamp AG, he or she may at any time contact any employee of the controller. The employee of Bohnenkamp AG will arrange the restriction of the processing.

f) Right to data portability

Each data subject shall have the right granted by the European legislator to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent according to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract according to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated processes, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority conveyed to the controller.

Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, as long as it is technically feasible and when doing so does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, the data subject may at any time contact any employee of Bohnenkamp AG.

g) Right to object

Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, against the processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

Bohnenkamp AG shall no longer process the personal data in the event of the objection, unless compelling legitimate grounds can be demonstrated which override the interests, rights and freedoms of the data subject, or serve the establishment, exercise or defence of legal claims.

If Bohnenkamp AG processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to Bohnenkamp AG to the processing for direct marketing purposes, Bohnenkamp AG will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to the processing of personal data concerning him or her by Bohnenkamp AG for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may contact any employee of Bohnenkamp AG. In addition, the data subject is free, in relation to the use of information society services and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.

h) Automated individual decision-making, including profiling

Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not necessary for entering into, or fulfilling the purpose of, a contract between the data subject and a data controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) carried out without the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or fulfilling the purpose of a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, Bohnenkamp AG shall implement suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact any employee of the controller.

i) Right to withdraw data protection consent

Each data subject shall have the right granted by the European legislator to withdraw his or her consent to the processing of his or her personal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the controller.

12. Data Protection for Applications and Application Procedure

The controller shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits to the controller corresponding application documents by email or by means of a web form on the website . If the controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically deleted two months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the deletion. Other legitimate interest in this sense is, e.g. a burden of proof in a procedure under the General Equal Treatment Act (AGG).

13. Data Protection Provisions on the Application and Use of Google Analytics (with Anonymization Function)

On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, among other things, data about the website from which a person has come to another website (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

For the web analytics through Google Analytics the controller uses the application “_gat. _anonymizeIp”. By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse visitor traffic on our website. Google uses the collected data and information, among other things, to evaluate the use of our website and to compile online reports, which show the activities on our websites, and to provide other services connected to us concerning the use of our Internet site.

Google Analytics places a cookie on the information technology system of the subject. The definition of cookies is explained above. With the setting of the cookie, Google is able to analyse the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online analyses. During the course of this technical procedure, Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, among other things, to understand the origin of visitors and clicks, and subsequently create commission settlements.

The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits to our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already in use by Google Analytics may be deleted at any time via a web browser or other software programmes.

In addition, the data subject has the possibility to object to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as objecting to and preventing the processing of this data by Google. For this purpose, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics through a JavaScript, that no data and information about the visits to Internet pages may be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled or deactivated by the data subject or any other person who is attributable to their sphere of influence, it is possible to execute the re-installation or reactivation of the browser add-ons.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.

14. Social media

Now and then you have the chance to take part in a competition via social media. The personal information transmitted from this will be used exclusively by us to inform the winner and send the prize by post. The personal data will be deleted after 14 days.

Please note, that we have no influence over the scope, method and purpose of data processing through social media platforms. You can find more detailed information on data protection guidelines on the respective sites.

15. Legal basis for the processing

Art. 6(1) lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the above-mentioned legal grounds, if processing is necessary for protecting the legitimate interests pursued by our company or by a third party, as long as the interests, basic rights and freedoms of the affected do not prevail. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. It considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

16. The legitimate interests pursued by the controller or by a third party

Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favour of the well-being of all our employees and the shareholders.

17. Period for which the personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.

18. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract for which a data subject has provided with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any of our employees. The employee clarifies to the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

19. Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.

14. Social media

Now and then you have the chance to take part in a competition via social media. The personal information transmitted from this will be used exclusively by us to inform the winner and send the prize by post. The personal data will be deleted after 14 days.

Please note, that we have no influence over the scope, method and purpose of data processing through social media platforms. You can find more detailed information on data protection guidelines on the respective sites.

15. Legal basis for the processing

Art. 6(1) lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the above-mentioned legal grounds, if processing is necessary for protecting the legitimate interests pursued by our company or by a third party, as long as the interests, basic rights and freedoms of the affected do not prevail. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. It considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

16. The legitimate interests pursued by the controller or by a third party

Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favour of the well-being of all our employees and the shareholders.

17. Period for which the personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

18. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract for which a data subject has provided with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any of our employees. The employee clarifies to the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

19. Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.