Scroll to top

Privacy policy

Privacy policy
of
buchinger-wilhelmi.com

(hereinafter referred to as the “privacy policy”)

With regard to the aspects relevant under data protection legislation and concerning use of the site

www.buchinger-wilhelmi.com
(hereinafter also referred to as the “website”)

we,

Buchinger Wilhelmi Holding GmbH & Co.KG
Wilhelm-Beck-Straße 27
88662 Überlingen

(Legal notice)

(hereinafter also referred to as “we” or “Buchinger Wilhelmi”)

in our capacity as controller under the terms of data protection legislation and as a service provider at the same time would like to inform you of the following.

Your personal data is only processed in the context of the legal provisions under data protection legislation in the European Union, particularly the EU General Data Protection Regulation (hereinafter referred to as the “GDPR”) and, additionally, the German Federal Data Protection Act in the version valid with effect from 25 May 2018 (hereinafter referred to as the “BDSG”) and other legal provisions concerning data protection (hereinafter collectively referred to as “data protection legislation”).

If you would like to take a look at the GDPR yourself, you will find it online at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

This privacy policy applies to our website, which is accessible at the domain www.buchinger-wilhelmi.com, including all sub-domains. However, the information below does not apply to other providers’ third-party websites linked from this website, for example. The terms used, such as “personal data” or “processing” of the same, correspond to the definitions contained in Art. 4 of the GDPR.

 

Overview

  1. Subject matter of data protection, categories of data and sources
  2. Purposes of processing and legal bases
  3. Server log data
  4. Communication by email and using the contact form
  5. Newsletter
  6. Cookies
  7. Matomo (formerly Piwik)
  8. Other services and content from third-party providers
  9. Recipients of personal data
  10. Data processing in third countries
  11. Security
  12. Duration of storage
  13. Your rights
  14. Our data protection officer
  15. Amendments

 

1. Subject matter of data protection, categories of data and sources

Personal data is the subject matter of data protection. Personal data is all information which relates to an identified or identifiable natural person. Your personal data therefore includes all the data which permits identification of you personally, such as your name, address, phone number or email address.

We regularly process the following categories of personal data:

  • Master data, particularly your surname, first name and title.
  • Contact details, particularly your postal address, plus your phone number and email address if necessary.
  • Contract data, particularly data which you provide us with for the purpose of performing a contract.
  • Content data, particularly text you enter and the data contained in the correspondence between you and us.
  • User data, particularly the pages of our website which you visit, access times and your IP address.

If you want to initiate a business relationship with us over our website, you must provide the personal data necessary for establishing and implementing a business relationship, fulfilling the associated contractual obligations and complying with legal obligations. We shall inform you in an appropriate manner (e.g. by indicating mandatory fields in forms) of what data this is on a case-by-case basis.

This personal data mainly comes from your yourself, particularly through your use of our website, your contact requests and any information you provide when concluding a contract.

2. Purposes of processing and legal bases

We process your data only for specific purposes and if an applicable legal regulation permits doing so. We shall process your data using the following legal bases, to name but a few examples:

  • Consent (Art. 6, Para. 1, Clause 1, lit. a of the GDPR): We shall only process certain data based on the consent which you have expressly and voluntarily granted beforehand. You have the right to revoke your consent at any time with effect for the future.
  • Fulfilment of a contract or implementation of pre-contractual measures (Art. 6, Para. 1, Clause 1, lit. b of the GDPR): We require certain data from you particularly to initiate or implement your contractual relationship with Buchinger Wilhelmi.
  • Fulfilment of a legal obligation (Art. 6, Para. 1, Clause 1, lit. c of the GDPR): We also process your personal data for the purpose of fulfilling legal obligations such as regulatory specifications or retention requirements under commercial and tax law.
  • Protection of legitimate interests (Art. 6, Para. 1, Clause 1, lit. f of the GDPR): Buchinger Wilhelmi shall process data to protect its or third parties’ legitimate interests. However, this only applies if your interests do not take precedence on a case-by-case basis.

Please refer to Section 13 to find out how you can object to such processing and under which conditions we have to stop or restrict our processing activities.

Please bear in mind that this is not a complete or exhaustive list of the potential legal bases; rather, these are only examples which should make the legal bases under data protection legislation more transparent. Please refer to the information in the following sections for more detailed information about the legal bases of the individual data processing activities on our website.

3. Server log data

Visiting our website may cause the following information to be saved about access:

  • The requesting terminal device’s IP address,
  • The file retrieved,
  • The http response code,
  • The previous website from which you are visiting our website (referrer URL),
  • The date, time and time zone of the server request,
  • The browser type and version,
  • The operating system used on the requesting terminal device,
  • The search terms used to find the website via Google, for example.

We process this data based on Art. 6, Para. 1, Clause 1, lit. f of the GDPR for the purpose of making the website available, ensuring technical operation and guaranteeing the security of our IT systems. In this regard, we pursue the interest of enabling use of our website and its technical functionality and permanently maintaining the same. This data is automatically processed when our website is accessed. You cannot use our website without providing it. We do not use this data for the purpose of drawing conclusions about your identity.

The automatically collected data shall generally be deleted after 7 days unless we exceptionally require it for longer for the purposes mentioned above. We shall delete the data immediately after the purpose ceases to apply in a case such as this.

You cannot object to the collection and storage of your server log data because this data is absolutely essential for smooth operation of the website.

4. Communication by email and using the contact form

If you contact us by email, your voluntarily provided contact details (such as your name and email address) shall only be collected, processed and used for a specific purpose, i.e. either to record and, if necessary, respond to your request(s) or for technical administration purposes.

You can also contact us using a contact form provided in the “Contact” section. If you use this contact form, we collect and store the following data:

  • Salutation
  • Surname and first name
  • Email address
  • Your request / message to us

You are more than welcome to (voluntarily) provide us with your:

  • Title
  • Address
  • Date of birth

The data you provide is transferred by your browser to our server, where it is converted into an email which is then sent to us. Your contact details are only collected, processed and used for a specific purpose, i.e. to record and, if necessary, respond to your request.

Data which is transferred in the context of communication using the contact form or by email is processed based on Art. 6, Para. 1, Clause 1, lit. b of the GDPR if it is provided to initiate a contractual relationship, or based on Art. 6, Para. 1, Clause 1, lit. f of the GDPR. In the latter case, we have a legitimate interest in processing contact requests sent to us voluntarily.

We delete the data you provide as soon as the purpose for which it was collected ceases to apply in full, subject to fulfilment of continuing legal retention requirements.

If your data is processed based on legitimate interests, you can object to the storage of your personal data at any time.

However, please note that we cannot guarantee complete data security, particularly when communicating using the contact form or by email. Please, therefore, refrain from sending confidential information such as bank or credit card details, etc., in these ways. We recommend using a secure transmission path, such as postal communication, to send confidential information.

5. Newsletter

We use what is referred to as the “double opt-in procedure” to send the newsletter, i.e. we will not send you a newsletter by email until we have received your prior express confirmation that we should activate the newsletter service. We will then send you a notification email asking you to confirm that you wish to receive our newsletter by clicking on a link contained in the email. Once this separate double opt-in procedure is complete, you have given your consent to receiving the newsletter.

We only send newsletters following proper subscription, i.e. with your consent based on Art. 6, Para. 1, Clause 1, lit. a of the GDPR. Insofar as the content of a newsletter is specifically described in the course of subscription, such content is decisive for the scope of the consent. Moreover, our newsletters contain information about our products, offers, promotions and company.

If you later decide you no longer wish to receive newsletters from us, you can revoke your consent at any time. Sending a message in text form (e.g. email, letter) to the contact details provided above or to datenschutz@buchinger-wilhelmi.com is sufficient for us in this regard. You will, of course, also find an Unsubscribe link in every newsletter.

The newsletter is sent via “MailChimp”, a newsletter distribution platform provided by the US company Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. In this regard, data processing is carried out on our behalf based on a data processing agreement (order processing contract) which we have concluded with MailChimp. Under the terms of this agreement, MailChimp undertakes to protect our users’ data, to process such data only on our behalf and, in particular, not to disclose such data to third parties.

The email addresses of our newsletter recipients, as well as other data of the recipients described in this information, are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information MailChimp can use this data to optimise or improve its own services, e.g. to technically optimise how the newsletter is sent and presented or for economic purposes, in order to determine which countries the recipients come from. However, MailChimp does not use our newsletter recipients’ data in order to write to them directly or to disclose their data to third parties.

We trust in MailChimp’s reliability, IT security and data security. MailChimp is certified under the EU/US Privacy Shield Agreement and therefore undertakes to comply with EU data protection regulations.

MailChimp’s privacy policy can be viewed here: https://mailchimp.com/legal/privacy/. MailChimp also uses the Google Analytics analysis tool and integrates this tool in the newsletter where necessary. Information about Google Analytics can be found below in the relevant section.

We would like to make you aware that, after the newsletter has been sent, we will evaluate your user behaviour in relation to our newsletter. With regard to this evaluation, the emails that are sent contain what are referred to as either “web beacons” or “tracking / counting pixels”. These are single-pixel image files that link to our website and therefore allow us to evaluate your user behaviour in relation to our newsletter. This is done by collecting technical information, e.g. about your browser, your system, your IP address and the time of access. In addition, there are web beacons, which are assigned to your email address and linked to your own ID.

Web beacon tracking is not possible if you have disabled the display of images in your email program by default. In this case, however, the newsletter will not be displayed to you in full and you may be unable to use all the functions. The aforementioned tracking takes place if you opt to display the images manually.

6. Cookies

The website uses cookies and similar technologies such as HTML5 storage (hereinafter collectively referred to as “cookies”) to be able to optimally design the website. To name but a couple of examples, this makes navigation easier and allows for a high level of user friendliness.

Cookies are small identifiers which our web server sends to your browser and which your terminal device stores if the appropriate default setting is made. They can be used to determine whether communication with us has already taken place from your terminal device, among other things. They are therefore used to make use more convenient for you and to optimise our website. This processing is carried out based on Art. 6, Para. 1, Clause 1, lit. f of the GDPR with regard to essential cookies and based on Art. 6, Para. 1, Clause 1, lit. a of the GDPR if you have given your consent with regard to the storage and use of our own additional cookies or cookies from third-party providers. Personal data can be stored in cookies if doing so is technically necessary or you have given your consent to this effect.

If you use our website, you can grant us your consent with regard to the use and storage of our own additional cookies or cookies from third-party providers on your terminal device. You can revoke any consent that you grant with regard to the use and storage of cookies at any time with effect for the future by disabling the cookie settings on this website which are described below in relation to cookies from third-party providers (Section 6, lit. c).

Furthermore, you can also select “Do not accept any cookies” in your browser settings (also in relation to essential cookies). Please refer to your browser’s Help function for the processes for technical administration and deletion of cookies in your browser settings.

You can also technically prevent the storage and use of all cookies using free browser add-ons such as “Adblock Plus” (adblockplus.org/de) in combination with the “EasyPrivacy” list (easylist.to) or “Ghostery” (ghostery.com).

a)    Essential cookies

We use the following essential cookies which are required for our website to function:

Name Function / purpose Duration of storage
__cfduid Used by the Cloudflare content network to identify trustworthy web traffic. 1 year
_icl_visitor_lang_js Saves the redirected language which the user selected to display the page. 1 day
wpml_browser_redirect_test Checks whether the setting of cookies is allowed. Permanent

You can only technically disable essential cookies using your browser settings or browser add-ons. This can lead to functional restrictions on the website.

b)    Our own additional cookies

Our own additional cookies, which are not essential to being able to use the website (also known as “first-party cookies”), play a vital role. They enable convenient surfing on our website by providing pre-filled forms, for example. We can also use them to address you with customised offers. We use our own additional cookies, which are outlined below, on our website:

Name Function / purpose Duration of storage
moove_gdpr_popup Saves the set cookie preferences. 1 year
wordpress_test_cookie Checks whether the setting of cookies is allowed. Permanent

c)    Cookies from third-party providers

We use cookies from third-party providers (also known as “third-party cookies”) to integrate content from third-party providers which enable them to receive information that you have accessed this website. Please visit the third-party providers’ websites for more information about how they use cookies. We use the following cookies from third-party providers:

Name Function / purpose Third-party provider Duration of storage
NID The cookie is included in requests sent by browsers to Google websites. The NID cookie contains a unique ID via which Google stores your preferred settings and other information, particularly your preferred language (e.g. German), how many search results should be displayed per page (e.g. 10 or 20) and whether the Google SafeSearch filter should be activated. Google 6 months
1P_JAR Used to optimise advertising over Google. Google 30 days
continuous_play_v3
player
vimeo_gdpr_optin
vuid
View an outsourced image film over Vimeo Vimeo Permanent
1P_JAR, APISID, CONSENT,
HSID, NID,
OGP, OGPC,
SAPISID, SID, SIDCC, SSID
Use of Google Maps Google Permanent

7. Matomo (formerly Piwik)

We use the web analytics service Matomo (formerly Piwik) on our servers. We use cookies for this purpose. The legal basis is Art. 6, Para. 1, Clause 1, lit. f of the GDPR, because we have a legitimate interest in the economic operation and optimisation (particularly user friendliness) of our website and in analysing how it is used, as well as in guaranteeing the security of our technical systems. Pseudonymous user profiles may be created from the processed data.

We only use Matomo with activated IP anonymisation. This means that users’ IP addresses are truncated before storage.

The data is deleted as soon as it is no longer needed for our recording purposes.

You can prevent the storage and use of cookies for user analysis purposes by selecting the “Do Not Track” setting or removing the checkmark next to it in your browser settings. You can also prevent the storage and use of all cookies by making corresponding browser settings or installing browser add-ons.

You will find out more about the data Matomo collects here:
https://matomo.org/faq/general/faq_18254/.

8. Other services and content from third-party providers

We use plugins from third-party providers on our website to incorporate their content and services such as maps or fonts (hereinafter collectively referred to as “content”). Your data is processed in this regard based on our legitimate interests (Art. 6, Para. 1, Clause 1, lit. f of the GDPR) in the economic operation and optimisation (particularly user friendliness) of our website and in analysing how it is used, as well as in guaranteeing the security of our technical systems.

The third-party providers of such content always receive information about your IP address, because the content cannot be transferred to your terminal device without it. The IP address is required to show the content. The third-party providers may also store cookies on your terminal device if you have given your consent with regard to the use and storage of cookies from third-party providers.

You can revoke any consent that you grant with regard to the storage and use of cookies for the following services by disabling “cookies from third-party providers” (see Section 6, lit. b above). Furthermore, you can also technically prevent the storage and use of cookies by making by making corresponding browser settings or installing browser add-ons.

a)    Google Maps

We use the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to display maps. The processed data may include IP addresses and location data in particular, but this information cannot be collected without your consent (generally using corresponding device settings). You will find out more information about Google’s use of data and possibilities with regard to settings and objection at the following links:

b)    Vimeo

Videos over vimeo.com are integrated on this website. This is a service provided by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as “Vimeo”). A connection is established to Vimeo’s servers in the USA for this purpose. Certain information (such as your IP address) is transferred to Vimeo in this regard. Vimeo may also store cookies on your terminal device if you have given your consent with regard to the use and storage of cookies from third-party providers. We are not aware of the nature and scope of the data that Vimeo collects and have no influence over how it is used. The integration means that Vimeo may also receive information that your browser has accessed the relevant page on this website, even if you do not have a Vimeo user account or are not logged into Vimeo.

According to its own information, Vimeo is certified according to the EU/U.S. Privacy Shield.

The legal basis in relation to the use of cookies is Art. 6, Para. 1, Clause 1, lit. a of the GDPR, because data processing in this regard is based on your consent. Art. 6, Para. 1, Clause 1, lit. f of the GDPR forms an additional legal basis, because we have a legitimate interest in using third-party contents and services for the purposes of economic operation and optimisation of our website.

For more information about Vimeo’s collection and use of your data and your rights in this regard, please refer to Vimeo’s privacy policy at https://vimeo.com/privacy.

You can revoke any consent you grant with regard to Vimeo’s storage and use of cookies by deactivating “cookies from third-party providers” (see Section 6, lit. c above) or by technically disabling such cookies in your browser settings or using browser add-ons; however, we would like to point out that you may be unable to use all of our website’s functions in full in this case.

9. Recipients of personal data

We only disclose your personal data to external recipients if doing so is necessary e.g. to handle or process your order or to provide your contractual services, if we have your consent to this effect or if other legal permission exists.

External recipients may in particular be:

  • Processors: These are service providers which we engage to provide services, e.g. in the fields of technical infrastructure and maintenance of our website. We select such processors carefully and regularly review them to ensure that your privacy remains protected. These service providers may only use the data for the purposes specified by us and under our instructions. We are authorised to use such processors in compliance with the legal requirements set forth in Art. 28 of the GDPR.
  • Public agencies: These are authorities, state institutions and other public / legal bodies such as supervisory authorities, courts, public prosecutors or financial authorities. Personal data is only transferred to such public agencies for compelling legal reasons. The legal basis of such transfer may be Art. 6, Para. 1, Clause 1, lit. c of the GDPR.
  • Non-public agencies: Service providers and auxiliary persons to whom the data concerning performance of our contract is transferred based on a legal obligation or to protect legitimate interests, such as shipping service providers, payment service providers, tax advisors or auditors. Transfer is then carried out based on Art. 6, Para. 1, Clause 1, lit. b, c and/or f of the GDPR.

10. Data processing in third countries

Generally speaking, we do not process your data outside of the European Union (EU) or the European Economic Area (EEA). However, if we transfer your data to third countries outside of the EU or the EEA on a case-by-case basis (e.g. to carry out an order from a third country), before disclosure we ensure that exceptional circumstances permissible by law exist, that the recipient has an adequate data protection level or that you have given your consent to your data being transferred. An adequate data protection level is, for example, guaranteed by the recipient being certified under the EU/U.S. Privacy Shield Agreement, conclusion of the EU standard contractual clauses or the presence of binding corporate rules (BCRs).

11. Security

We take technical and organisational security precautions to protect your personal data against accidental or deliberate manipulation, loss and destruction or against access by unauthorised individuals. Our security measures are adapted accordingly to the current state of the art in each case.

Your personal data, which is transferred in the context of using our website, is transferred securely on our end by means of encryption. In this regard, we use the encryption protocol Transport Layer Security (TLS), which is more commonly known under its predecessor’s name, Secure Socket Layer (SSL).

Our employees are bound by data secrecy.

12. Duration of storage

We only store your personal data for as long as is necessary for fulfilment of the purposes or – if you have given us your consent – as long as you do not revoke your consent. Storage of your data may particularly be necessary if the data is still required to fulfil contractual services and to be able to check or defend warranty or guarantee claims if necessary.

We shall no longer process your personal data unless further processing of the same is permitted or even stipulated as an obligation according to the relevant legal regulations (e.g. in the context of retention requirements under commercial and tax law).

We also delete your personal data if we are obligated to do so for legal reasons.

13. Your rights

You are entitled to a number of rights as a data subject affected by data processing. In detail, these are:

  • Right of access (Art. 15 of the GDPR): You have the right to receive information about the personal data we have saved about you.
  • Right to correction and deletion (Arts. 16 and 17 of the GDPR): You can request that we correct incorrect data and – if the legal requirements have been met – that we delete your data.
  • Right to restriction of processing (Art. 18 of the GDPR): If the legal requirements have been met, you can request that we restrict processing of your data.
  • Right to data portability (Art. 20 of the GDPR): If you have provided us with data based on a contract or consent, if the legal requirements exist you may request receipt of the data you provided in a structured and common format, or that we transfer the same to another controller.
  • Right to object to data processing based on legitimate interests (Art. 21 of the GDPR): You have the right on grounds relating to your particular situation to object to our data processing activities at any time if doing so is based on legitimate interests under the terms of Art. 6, Para. 1, Clause 1, lit. f of the GDPR. If you exercise your right to object, we shall stop processing your data unless we can demonstrate compelling legitimate grounds for further processing which override your rights.
  • Objection to cookies: You can also object to the use of cookies at any time. If you would like to object to the use of certain cookies, please note the information provided in Section 5.
  • Revocation of consent (Art. 7 of the GDPR): If you have granted us consent to process your data, you can revoke the same at any time with effect for the future. The lawfulness of processing your data until such time that you revoke your consent remains unaffected by this.
  • Right to lodge a complaint with the supervisory authority (Art. 77 of the GDPR): You can also lodge a complaint with the competent supervisory authority if you believe that processing of your data violates applicable law. To do so, you can choose to contact either the data protection authority responsible for your place of residence, your workplace or the place of the suspected violation or the data protection authority responsible for us. The supervisory authority responsible for us is the Baden-Württemberg State Officer for Data Protection and Freedom of Information (LfDI), which can be contacted on the following details: Königstraße 10a, 70173 Stuttgart, Tel.: +49 (0)711 615541-0, Fax: +49 (0)711 615541-15, Email: poststelle@lfdi.bwl.de, Web: baden-wuerttemberg.datenschutz.de.

If you have any questions concerning the topic of processing of your personal data, your rights as a data subject and any consent granted, you are more than welcome to contact our data protection officer on the communication channels mentioned in Section 14. Please also contact our data protection officer directly if you would like to exercise your rights as a data subject.

14. Our data protection officer

We have appointed a company data protection officer. You can contact them as follows:

Mr Sanel Ramadani
– Data Protection Officer-
Buchinger Wilhelmi GmbH & Co.
KG
Wilhelm-Beck-Str. 27
88662 Überlingen
Tel.: +49 7551 807-0
Fax: +49 7551 807-889
Email: datenschutz@buchinger-wilhelmi.com

15. Amendments

From time to time, it may be necessary to adapt the contents of this privacy policy. We therefore reserve the right to amend this privacy policy at any time. We shall seek your consent insofar as the same is required to make an amendment. We will also publish the amended version of the privacy policy here. You should therefore re-read the privacy policy if you visit our website again.

 

Last updated:    14 August 2018

Privacy policy
of
buchinger-wilhelmi.com

(hereinafter referred to as the “privacy policy”)

With regard to the aspects relevant under data protection legislation and concerning use of the site

www.buchinger-wilhelmi.com
(hereinafter also referred to as the “website”)

we,

Buchinger Wilhelmi Holding GmbH & Co.KG
Wilhelm-Beck-Straße 27
88662 Überlingen

(Legal notice)

(hereinafter also referred to as “we” or “Buchinger Wilhelmi”)

in our capacity as controller under the terms of data protection legislation and as a service provider at the same time would like to inform you of the following.

Your personal data is only processed in the context of the legal provisions under data protection legislation in the European Union, particularly the EU General Data Protection Regulation (hereinafter referred to as the “GDPR”) and, additionally, the German Federal Data Protection Act in the version valid with effect from 25 May 2018 (hereinafter referred to as the “BDSG”) and other legal provisions concerning data protection (hereinafter collectively referred to as “data protection legislation”).

If you would like to take a look at the GDPR yourself, you will find it online at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

This privacy policy applies to our website, which is accessible at the domain www.buchinger-wilhelmi.com, including all sub-domains. However, the information below does not apply to other providers’ third-party websites linked from this website, for example. The terms used, such as “personal data” or “processing” of the same, correspond to the definitions contained in Art. 4 of the GDPR.

 

Overview

  1. Subject matter of data protection, categories of data and sources
  2. Purposes of processing and legal bases
  3. Server log data
  4. Communication by email and using the contact form
  5. Newsletter
  6. Cookies
  7. Matomo (formerly Piwik)
  8. Other services and content from third-party providers
  9. Recipients of personal data
  10. Data processing in third countries
  11. Security
  12. Duration of storage
  13. Your rights
  14. Our data protection officer
  15. Amendments

 

1. Subject matter of data protection, categories of data and sources

Personal data is the subject matter of data protection. Personal data is all information which relates to an identified or identifiable natural person. Your personal data therefore includes all the data which permits identification of you personally, such as your name, address, phone number or email address.

We regularly process the following categories of personal data:

  • Master data, particularly your surname, first name and title.
  • Contact details, particularly your postal address, plus your phone number and email address if necessary.
  • Contract data, particularly data which you provide us with for the purpose of performing a contract.
  • Content data, particularly text you enter and the data contained in the correspondence between you and us.
  • User data, particularly the pages of our website which you visit, access times and your IP address.

If you want to initiate a business relationship with us over our website, you must provide the personal data necessary for establishing and implementing a business relationship, fulfilling the associated contractual obligations and complying with legal obligations. We shall inform you in an appropriate manner (e.g. by indicating mandatory fields in forms) of what data this is on a case-by-case basis.

This personal data mainly comes from your yourself, particularly through your use of our website, your contact requests and any information you provide when concluding a contract.

2. Purposes of processing and legal bases

We process your data only for specific purposes and if an applicable legal regulation permits doing so. We shall process your data using the following legal bases, to name but a few examples:

  • Consent (Art. 6, Para. 1, Clause 1, lit. a of the GDPR): We shall only process certain data based on the consent which you have expressly and voluntarily granted beforehand. You have the right to revoke your consent at any time with effect for the future.
  • Fulfilment of a contract or implementation of pre-contractual measures (Art. 6, Para. 1, Clause 1, lit. b of the GDPR): We require certain data from you particularly to initiate or implement your contractual relationship with Buchinger Wilhelmi.
  • Fulfilment of a legal obligation (Art. 6, Para. 1, Clause 1, lit. c of the GDPR): We also process your personal data for the purpose of fulfilling legal obligations such as regulatory specifications or retention requirements under commercial and tax law.
  • Protection of legitimate interests (Art. 6, Para. 1, Clause 1, lit. f of the GDPR): Buchinger Wilhelmi shall process data to protect its or third parties’ legitimate interests. However, this only applies if your interests do not take precedence on a case-by-case basis.

Please refer to Section 13 to find out how you can object to such processing and under which conditions we have to stop or restrict our processing activities.

Please bear in mind that this is not a complete or exhaustive list of the potential legal bases; rather, these are only examples which should make the legal bases under data protection legislation more transparent. Please refer to the information in the following sections for more detailed information about the legal bases of the individual data processing activities on our website.

3. Server log data

Visiting our website may cause the following information to be saved about access:

  • The requesting terminal device’s IP address,
  • The file retrieved,
  • The http response code,
  • The previous website from which you are visiting our website (referrer URL),
  • The date, time and time zone of the server request,
  • The browser type and version,
  • The operating system used on the requesting terminal device,
  • The search terms used to find the website via Google, for example.

We process this data based on Art. 6, Para. 1, Clause 1, lit. f of the GDPR for the purpose of making the website available, ensuring technical operation and guaranteeing the security of our IT systems. In this regard, we pursue the interest of enabling use of our website and its technical functionality and permanently maintaining the same. This data is automatically processed when our website is accessed. You cannot use our website without providing it. We do not use this data for the purpose of drawing conclusions about your identity.

The automatically collected data shall generally be deleted after 7 days unless we exceptionally require it for longer for the purposes mentioned above. We shall delete the data immediately after the purpose ceases to apply in a case such as this.

You cannot object to the collection and storage of your server log data because this data is absolutely essential for smooth operation of the website.

4. Communication by email and using the contact form

If you contact us by email, your voluntarily provided contact details (such as your name and email address) shall only be collected, processed and used for a specific purpose, i.e. either to record and, if necessary, respond to your request(s) or for technical administration purposes.

You can also contact us using a contact form provided in the “Contact” section. If you use this contact form, we collect and store the following data:

  • Salutation
  • Surname and first name
  • Email address
  • Your request / message to us

You are more than welcome to (voluntarily) provide us with your:

  • Title
  • Address
  • Date of birth

The data you provide is transferred by your browser to our server, where it is converted into an email which is then sent to us. Your contact details are only collected, processed and used for a specific purpose, i.e. to record and, if necessary, respond to your request.

Data which is transferred in the context of communication using the contact form or by email is processed based on Art. 6, Para. 1, Clause 1, lit. b of the GDPR if it is provided to initiate a contractual relationship, or based on Art. 6, Para. 1, Clause 1, lit. f of the GDPR. In the latter case, we have a legitimate interest in processing contact requests sent to us voluntarily.

We delete the data you provide as soon as the purpose for which it was collected ceases to apply in full, subject to fulfilment of continuing legal retention requirements.

If your data is processed based on legitimate interests, you can object to the storage of your personal data at any time.

However, please note that we cannot guarantee complete data security, particularly when communicating using the contact form or by email. Please, therefore, refrain from sending confidential information such as bank or credit card details, etc., in these ways. We recommend using a secure transmission path, such as postal communication, to send confidential information.

5. Newsletter

We use what is referred to as the “double opt-in procedure” to send the newsletter, i.e. we will not send you a newsletter by email until we have received your prior express confirmation that we should activate the newsletter service. We will then send you a notification email asking you to confirm that you wish to receive our newsletter by clicking on a link contained in the email. Once this separate double opt-in procedure is complete, you have given your consent to receiving the newsletter.

We only send newsletters following proper subscription, i.e. with your consent based on Art. 6, Para. 1, Clause 1, lit. a of the GDPR. Insofar as the content of a newsletter is specifically described in the course of subscription, such content is decisive for the scope of the consent. Moreover, our newsletters contain information about our products, offers, promotions and company.

If you later decide you no longer wish to receive newsletters from us, you can revoke your consent at any time. Sending a message in text form (e.g. email, letter) to the contact details provided above or to datenschutz@buchinger-wilhelmi.com is sufficient for us in this regard. You will, of course, also find an Unsubscribe link in every newsletter.

The newsletter is sent via “MailChimp”, a newsletter distribution platform provided by the US company Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. In this regard, data processing is carried out on our behalf based on a data processing agreement (order processing contract) which we have concluded with MailChimp. Under the terms of this agreement, MailChimp undertakes to protect our users’ data, to process such data only on our behalf and, in particular, not to disclose such data to third parties.

The email addresses of our newsletter recipients, as well as other data of the recipients described in this information, are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information MailChimp can use this data to optimise or improve its own services, e.g. to technically optimise how the newsletter is sent and presented or for economic purposes, in order to determine which countries the recipients come from. However, MailChimp does not use our newsletter recipients’ data in order to write to them directly or to disclose their data to third parties.

We trust in MailChimp’s reliability, IT security and data security. MailChimp is certified under the EU/US Privacy Shield Agreement and therefore undertakes to comply with EU data protection regulations.

MailChimp’s privacy policy can be viewed here: https://mailchimp.com/legal/privacy/. MailChimp also uses the Google Analytics analysis tool and integrates this tool in the newsletter where necessary. Information about Google Analytics can be found below in the relevant section.

We would like to make you aware that, after the newsletter has been sent, we will evaluate your user behaviour in relation to our newsletter. With regard to this evaluation, the emails that are sent contain what are referred to as either “web beacons” or “tracking / counting pixels”. These are single-pixel image files that link to our website and therefore allow us to evaluate your user behaviour in relation to our newsletter. This is done by collecting technical information, e.g. about your browser, your system, your IP address and the time of access. In addition, there are web beacons, which are assigned to your email address and linked to your own ID.

Web beacon tracking is not possible if you have disabled the display of images in your email program by default. In this case, however, the newsletter will not be displayed to you in full and you may be unable to use all the functions. The aforementioned tracking takes place if you opt to display the images manually.

6. Cookies

The website uses cookies and similar technologies such as HTML5 storage (hereinafter collectively referred to as “cookies”) to be able to optimally design the website. To name but a couple of examples, this makes navigation easier and allows for a high level of user friendliness.

Cookies are small identifiers which our web server sends to your browser and which your terminal device stores if the appropriate default setting is made. They can be used to determine whether communication with us has already taken place from your terminal device, among other things. They are therefore used to make use more convenient for you and to optimise our website. This processing is carried out based on Art. 6, Para. 1, Clause 1, lit. f of the GDPR with regard to essential cookies and based on Art. 6, Para. 1, Clause 1, lit. a of the GDPR if you have given your consent with regard to the storage and use of our own additional cookies or cookies from third-party providers. Personal data can be stored in cookies if doing so is technically necessary or you have given your consent to this effect.

If you use our website, you can grant us your consent with regard to the use and storage of our own additional cookies or cookies from third-party providers on your terminal device. You can revoke any consent that you grant with regard to the use and storage of cookies at any time with effect for the future by disabling the cookie settings on this website which are described below in relation to cookies from third-party providers (Section 6, lit. c).

Furthermore, you can also select “Do not accept any cookies” in your browser settings (also in relation to essential cookies). Please refer to your browser’s Help function for the processes for technical administration and deletion of cookies in your browser settings.

You can also technically prevent the storage and use of all cookies using free browser add-ons such as “Adblock Plus” (adblockplus.org/de) in combination with the “EasyPrivacy” list (easylist.to) or “Ghostery” (ghostery.com).

a)    Essential cookies

We use the following essential cookies which are required for our website to function:

 

Name

__cfduid

Function / purpose

Used by the Cloudflare content network to identify trustworthy web traffic.

Duration of storage

1 year

 

Name

_icl_visitor_lang_js

Function / purpose

Saves the redirected language which the user selected to display the page.

Duration of storage

1 day

 

Name

wpml_browser_redirect_test

Function / purpose

Checks whether the setting of cookies is allowed.

Duration of storage

Permanent

You can only technically disable essential cookies using your browser settings or browser add-ons. This can lead to functional restrictions on the website.

 

b)    Our own additional cookies

Our own additional cookies, which are not essential to being able to use the website (also known as “first-party cookies”), play a vital role. They enable convenient surfing on our website by providing pre-filled forms, for example. We can also use them to address you with customised offers. We use our own additional cookies, which are outlined below, on our website:

 

Name

moove_gdpr_popup

Function / purpose

Saves the set cookie preferences.

Duration of storage

1 year

 

Name

wordpress_test_cookie

Function / purpose

Checks whether the setting of cookies is allowed.

Duration of storage

Permanent

 

c)    Cookies from third-party providers

We use cookies from third-party providers (also known as “third-party cookies”) to integrate content from third-party providers which enable them to receive information that you have accessed this website. Please visit the third-party providers’ websites for more information about how they use cookies. We use the following cookies from third-party providers:

 

Name

NID

Function / purpose

The cookie is included in requests sent by browsers to Google websites. The NID cookie contains a unique ID via which Google stores your preferred settings and other information, particularly your preferred language (e.g. German), how many search results should be displayed per page (e.g. 10 or 20) and whether the Google SafeSearch filter should be activated.

Third-party provider

Google

Duration of storage

6 months

 

Name

1P_JAR

Function / purpose

Used to optimise advertising over Google.

Third-party provider

Google

Duration of storage

30 days

 

Name

continuous_play_v3playervimeo_gdpr_optinvuid

Function / purpose

View an outsourced image film over Vimeo

Third-party provider

Vimeo

Duration of storage

Permanent

 

Name

1P_JAR, APISID, CONSENT, HSID, NID, OGP, OGPC, SAPISID, SID, SIDCC, SSID

Function / purpose

Use of Google Maps

Third-party provider

Google

Duration of storage

Permanent

 

7. Matomo (formerly Piwik)

We use the web analytics service Matomo (formerly Piwik) on our servers. We use cookies for this purpose. The legal basis is Art. 6, Para. 1, Clause 1, lit. f of the GDPR, because we have a legitimate interest in the economic operation and optimisation (particularly user friendliness) of our website and in analysing how it is used, as well as in guaranteeing the security of our technical systems. Pseudonymous user profiles may be created from the processed data.

We only use Matomo with activated IP anonymisation. This means that users’ IP addresses are truncated before storage.

The data is deleted as soon as it is no longer needed for our recording purposes.

You can prevent the storage and use of cookies for user analysis purposes by selecting the “Do Not Track” setting or removing the checkmark next to it in your browser settings. You can also prevent the storage and use of all cookies by making corresponding browser settings or installing browser add-ons.

You will find out more about the data Matomo collects here:
https://matomo.org/faq/general/faq_18254/.

8. Other services and content from third-party providers

We use plugins from third-party providers on our website to incorporate their content and services such as maps or fonts (hereinafter collectively referred to as “content”). Your data is processed in this regard based on our legitimate interests (Art. 6, Para. 1, Clause 1, lit. f of the GDPR) in the economic operation and optimisation (particularly user friendliness) of our website and in analysing how it is used, as well as in guaranteeing the security of our technical systems.

The third-party providers of such content always receive information about your IP address, because the content cannot be transferred to your terminal device without it. The IP address is required to show the content. The third-party providers may also store cookies on your terminal device if you have given your consent with regard to the use and storage of cookies from third-party providers.

You can revoke any consent that you grant with regard to the storage and use of cookies for the following services by disabling “cookies from third-party providers” (see Section 6, lit. b above). Furthermore, you can also technically prevent the storage and use of cookies by making by making corresponding browser settings or installing browser add-ons.

a)    Google Maps

We use the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to display maps. The processed data may include IP addresses and location data in particular, but this information cannot be collected without your consent (generally using corresponding device settings). You will find out more information about Google’s use of data and possibilities with regard to settings and objection at the following links:

b)    Vimeo

Videos over vimeo.com are integrated on this website. This is a service provided by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as “Vimeo”). A connection is established to Vimeo’s servers in the USA for this purpose. Certain information (such as your IP address) is transferred to Vimeo in this regard. Vimeo may also store cookies on your terminal device if you have given your consent with regard to the use and storage of cookies from third-party providers. We are not aware of the nature and scope of the data that Vimeo collects and have no influence over how it is used. The integration means that Vimeo may also receive information that your browser has accessed the relevant page on this website, even if you do not have a Vimeo user account or are not logged into Vimeo.

According to its own information, Vimeo is certified according to the EU/U.S. Privacy Shield.

The legal basis in relation to the use of cookies is Art. 6, Para. 1, Clause 1, lit. a of the GDPR, because data processing in this regard is based on your consent. Art. 6, Para. 1, Clause 1, lit. f of the GDPR forms an additional legal basis, because we have a legitimate interest in using third-party contents and services for the purposes of economic operation and optimisation of our website.

For more information about Vimeo’s collection and use of your data and your rights in this regard, please refer to Vimeo’s privacy policy at https://vimeo.com/privacy.

You can revoke any consent you grant with regard to Vimeo’s storage and use of cookies by deactivating “cookies from third-party providers” (see Section 6, lit. c above) or by technically disabling such cookies in your browser settings or using browser add-ons; however, we would like to point out that you may be unable to use all of our website’s functions in full in this case.

9. Recipients of personal data

We only disclose your personal data to external recipients if doing so is necessary e.g. to handle or process your order or to provide your contractual services, if we have your consent to this effect or if other legal permission exists.

External recipients may in particular be:

  • Processors: These are service providers which we engage to provide services, e.g. in the fields of technical infrastructure and maintenance of our website. We select such processors carefully and regularly review them to ensure that your privacy remains protected. These service providers may only use the data for the purposes specified by us and under our instructions. We are authorised to use such processors in compliance with the legal requirements set forth in Art. 28 of the GDPR.
  • Public agencies: These are authorities, state institutions and other public / legal bodies such as supervisory authorities, courts, public prosecutors or financial authorities. Personal data is only transferred to such public agencies for compelling legal reasons. The legal basis of such transfer may be Art. 6, Para. 1, Clause 1, lit. c of the GDPR.
  • Non-public agencies: Service providers and auxiliary persons to whom the data concerning performance of our contract is transferred based on a legal obligation or to protect legitimate interests, such as shipping service providers, payment service providers, tax advisors or auditors. Transfer is then carried out based on Art. 6, Para. 1, Clause 1, lit. b, c and/or f of the GDPR.

10. Data processing in third countries

Generally speaking, we do not process your data outside of the European Union (EU) or the European Economic Area (EEA). However, if we transfer your data to third countries outside of the EU or the EEA on a case-by-case basis (e.g. to carry out an order from a third country), before disclosure we ensure that exceptional circumstances permissible by law exist, that the recipient has an adequate data protection level or that you have given your consent to your data being transferred. An adequate data protection level is, for example, guaranteed by the recipient being certified under the EU/U.S. Privacy Shield Agreement, conclusion of the EU standard contractual clauses or the presence of binding corporate rules (BCRs).

11. Security

We take technical and organisational security precautions to protect your personal data against accidental or deliberate manipulation, loss and destruction or against access by unauthorised individuals. Our security measures are adapted accordingly to the current state of the art in each case.

Your personal data, which is transferred in the context of using our website, is transferred securely on our end by means of encryption. In this regard, we use the encryption protocol Transport Layer Security (TLS), which is more commonly known under its predecessor’s name, Secure Socket Layer (SSL).

Our employees are bound by data secrecy.

12. Duration of storage

We only store your personal data for as long as is necessary for fulfilment of the purposes or – if you have given us your consent – as long as you do not revoke your consent. Storage of your data may particularly be necessary if the data is still required to fulfil contractual services and to be able to check or defend warranty or guarantee claims if necessary.

We shall no longer process your personal data unless further processing of the same is permitted or even stipulated as an obligation according to the relevant legal regulations (e.g. in the context of retention requirements under commercial and tax law).

We also delete your personal data if we are obligated to do so for legal reasons.

13. Your rights

You are entitled to a number of rights as a data subject affected by data processing. In detail, these are:

  • Right of access (Art. 15 of the GDPR): You have the right to receive information about the personal data we have saved about you.
  • Right to correction and deletion (Arts. 16 and 17 of the GDPR): You can request that we correct incorrect data and – if the legal requirements have been met – that we delete your data.
  • Right to restriction of processing (Art. 18 of the GDPR): If the legal requirements have been met, you can request that we restrict processing of your data.
  • Right to data portability (Art. 20 of the GDPR): If you have provided us with data based on a contract or consent, if the legal requirements exist you may request receipt of the data you provided in a structured and common format, or that we transfer the same to another controller.
  • Right to object to data processing based on legitimate interests (Art. 21 of the GDPR): You have the right on grounds relating to your particular situation to object to our data processing activities at any time if doing so is based on legitimate interests under the terms of Art. 6, Para. 1, Clause 1, lit. f of the GDPR. If you exercise your right to object, we shall stop processing your data unless we can demonstrate compelling legitimate grounds for further processing which override your rights.
  • Objection to cookies: You can also object to the use of cookies at any time. If you would like to object to the use of certain cookies, please note the information provided in Section 5.
  • Revocation of consent (Art. 7 of the GDPR): If you have granted us consent to process your data, you can revoke the same at any time with effect for the future. The lawfulness of processing your data until such time that you revoke your consent remains unaffected by this.
  • Right to lodge a complaint with the supervisory authority (Art. 77 of the GDPR): You can also lodge a complaint with the competent supervisory authority if you believe that processing of your data violates applicable law. To do so, you can choose to contact either the data protection authority responsible for your place of residence, your workplace or the place of the suspected violation or the data protection authority responsible for us. The supervisory authority responsible for us is the Baden-Württemberg State Officer for Data Protection and Freedom of Information (LfDI), which can be contacted on the following details: Königstraße 10a, 70173 Stuttgart, Tel.: +49 (0)711 615541-0, Fax: +49 (0)711 615541-15, Email: poststelle@lfdi.bwl.de, Web: baden-wuerttemberg.datenschutz.de.

If you have any questions concerning the topic of processing of your personal data, your rights as a data subject and any consent granted, you are more than welcome to contact our data protection officer on the communication channels mentioned in Section 14. Please also contact our data protection officer directly if you would like to exercise your rights as a data subject.

14. Our data protection officer

We have appointed a company data protection officer. You can contact them as follows:

Mr Sanel Ramadani
– Data Protection Officer-
Buchinger Wilhelmi GmbH & Co.
KG
Wilhelm-Beck-Str. 27
88662 Überlingen
Tel.: +49 7551 807-0
Fax: +49 7551 807-889
Email: datenschutz@buchinger-wilhelmi.com

15. Amendments

From time to time, it may be necessary to adapt the contents of this privacy policy. We therefore reserve the right to amend this privacy policy at any time. We shall seek your consent insofar as the same is required to make an amendment. We will also publish the amended version of the privacy policy here. You should therefore re-read the privacy policy if you visit our website again.

 

Last updated:    14 August 2018