With regard to the aspects relevant under data protection legislation and concerning use of the site
(hereinafter also referred to as the “website”)
Buchinger Wilhelmi Holding GmbH & Co.KG
(hereinafter also referred to as “we” or “Buchinger Wilhelmi”)
in our capacity as controller under the terms of data protection legislation and as a service provider at the same time would like to inform you of the following.
Your personal data is only processed in the context of the legal provisions under data protection legislation in the European Union, particularly the EU General Data Protection Regulation (hereinafter referred to as the “GDPR”) and, additionally, the German Federal Data Protection Act in the version valid with effect from 25 May 2018 (hereinafter referred to as the “BDSG”) and other legal provisions concerning data protection (hereinafter collectively referred to as “data protection legislation”).
If you would like to take a look at the GDPR yourself, you will find it online at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.
- Subject matter of data protection, categories of data and sources
- Purposes of processing and legal bases
- Server log data
- Communication by email and using the contact form
- Google Analytics
- Other services and content from third-party providers
- Recipients of personal data
- Data processing in third countries
- Duration of storage
- Your rights
- Our data protection officer
Personal data is the subject matter of data protection. Personal data is all information which relates to an identified or identifiable natural person. Your personal data therefore includes all the data which permits identification of you personally, such as your name, address, phone number or email address.
We regularly process the following categories of personal data:
- Master data, particularly your surname, first name and title.
- Contact details, particularly your postal address, plus your phone number and email address if necessary.
- Contract data, particularly data which you provide us with for the purpose of performing a contract.
- Content data, particularly text you enter and the data contained in the correspondence between you and us.
- User data, particularly the pages of our website which you visit, access times and your IP address.
If you want to initiate a business relationship with us over our website, you must provide the personal data necessary for establishing and implementing a business relationship, fulfilling the associated contractual obligations and complying with legal obligations. We shall inform you in an appropriate manner (e.g. by indicating mandatory fields in forms) of what data this is on a case-by-case basis.
This personal data mainly comes from your yourself, particularly through your use of our website, your contact requests and any information you provide when concluding a contract.
We process your data only for specific purposes and if an applicable legal regulation permits doing so. We shall process your data using the following legal bases, to name but a few examples:
- Consent (Art. 6, Para. 1, Clause 1, lit. a of the GDPR): We shall only process certain data based on the consent which you have expressly and voluntarily granted beforehand. You have the right to revoke your consent at any time with effect for the future.
- Fulfilment of a contract or implementation of pre-contractual measures (Art. 6, Para. 1, Clause 1, lit. b of the GDPR): We require certain data from you particularly to initiate or implement your contractual relationship with Buchinger Wilhelmi.
- Fulfilment of a legal obligation (Art. 6, Para. 1, Clause 1, lit. c of the GDPR): We also process your personal data for the purpose of fulfilling legal obligations such as regulatory specifications or retention requirements under commercial and tax law.
- Protection of legitimate interests (Art. 6, Para. 1, Clause 1, lit. f of the GDPR): Buchinger Wilhelmi shall process data to protect its or third parties’ legitimate interests. However, this only applies if your interests do not take precedence on a case-by-case basis.
Please refer to Section 13 to find out how you can object to such processing and under which conditions we have to stop or restrict our processing activities.
Please bear in mind that this is not a complete or exhaustive list of the potential legal bases; rather, these are only examples which should make the legal bases under data protection legislation more transparent. Please refer to the information in the following sections for more detailed information about the legal bases of the individual data processing activities on our website.
Visiting our website may cause the following information to be saved about access:
- The requesting terminal device’s IP address,
- The file retrieved,
- The http response code,
- The previous website from which you are visiting our website (referrer URL),
- The date, time and time zone of the server request,
- The browser type and version,
- The operating system used on the requesting terminal device,
- The search terms used to find the website via Google, for example.
We process this data based on Art. 6, Para. 1, Clause 1, lit. f of the GDPR for the purpose of making the website available, ensuring technical operation and guaranteeing the security of our IT systems. In this regard, we pursue the interest of enabling use of our website and its technical functionality and permanently maintaining the same. This data is automatically processed when our website is accessed. You cannot use our website without providing it. We do not use this data for the purpose of drawing conclusions about your identity.
The automatically collected data shall generally be deleted after 7 days unless we exceptionally require it for longer for the purposes mentioned above. We shall delete the data immediately after the purpose ceases to apply in a case such as this.
You cannot object to the collection and storage of your server log data because this data is absolutely essential for smooth operation of the website.
If you contact us by email, your voluntarily provided contact details (such as your name and email address) shall only be collected, processed and used for a specific purpose, i.e. either to record and, if necessary, respond to your request(s) or for technical administration purposes.
You can also contact us using a contact form provided in the “Contact” section. If you use this contact form, we collect and store the following data:
- Surname and first name
- Email address
- Your request / message to us
You are more than welcome to (voluntarily) provide us with your:
- Date of birth
The data you provide is transferred by your browser to our server, where it is converted into an email which is then sent to us. Your contact details are only collected, processed and used for a specific purpose, i.e. to record and, if necessary, respond to your request.
Data which is transferred in the context of communication using the contact form or by email is processed based on Art. 6, Para. 1, Clause 1, lit. b of the GDPR if it is provided to initiate a contractual relationship, or based on Art. 6, Para. 1, Clause 1, lit. f of the GDPR. In the latter case, we have a legitimate interest in processing contact requests sent to us voluntarily.
We delete the data you provide as soon as the purpose for which it was collected ceases to apply in full, subject to fulfilment of continuing legal retention requirements.
If your data is processed based on legitimate interests, you can object to the storage of your personal data at any time.
However, please note that we cannot guarantee complete data security, particularly when communicating using the contact form or by email. Please, therefore, refrain from sending confidential information such as bank or credit card details, etc., in these ways. We recommend using a secure transmission path, such as postal communication, to send confidential information.
We use what is referred to as the “double opt-in procedure” to send the newsletter, i.e. we will not send you a newsletter by email until we have received your prior express confirmation that we should activate the newsletter service. We will then send you a notification email asking you to confirm that you wish to receive our newsletter by clicking on a link contained in the email. Once this separate double opt-in procedure is complete, you have given your consent to receiving the newsletter.
We only send newsletters following proper subscription, i.e. with your consent based on Art. 6, Para. 1, Clause 1, lit. a of the GDPR. Insofar as the content of a newsletter is specifically described in the course of subscription, such content is decisive for the scope of the consent. Moreover, our newsletters contain information about our products, offers, promotions and company.
If you later decide you no longer wish to receive newsletters from us, you can revoke your consent at any time. Sending a message in text form (e.g. email, letter) to the contact details provided above or to email@example.com is sufficient for us in this regard. You will, of course, also find an Unsubscribe link in every newsletter.
The newsletter is sent via “MailChimp”, a newsletter distribution platform provided by the US company Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. In this regard, data processing is carried out on our behalf based on a data processing agreement (order processing contract) which we have concluded with MailChimp. Under the terms of this agreement, MailChimp undertakes to protect our users’ data, to process such data only on our behalf and, in particular, not to disclose such data to third parties.
The email addresses of our newsletter recipients, as well as other data of the recipients described in this information, are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information MailChimp can use this data to optimise or improve its own services, e.g. to technically optimise how the newsletter is sent and presented or for economic purposes, in order to determine which countries the recipients come from. However, MailChimp does not use our newsletter recipients’ data in order to write to them directly or to disclose their data to third parties.
We trust in MailChimp’s reliability, IT security and data security. MailChimp is certified under the EU/US Privacy Shield Agreement and therefore undertakes to comply with EU data protection regulations.
We would like to make you aware that, after the newsletter has been sent, we will evaluate your user behaviour in relation to our newsletter. With regard to this evaluation, the emails that are sent contain what are referred to as either “web beacons” or “tracking / counting pixels”. These are single-pixel image files that link to our website and therefore allow us to evaluate your user behaviour in relation to our newsletter. This is done by collecting technical information, e.g. about your browser, your system, your IP address and the time of access. In addition, there are web beacons, which are assigned to your email address and linked to your own ID.
Web beacon tracking is not possible if you have disabled the display of images in your email program by default. In this case, however, the newsletter will not be displayed to you in full and you may be unable to use all the functions. The aforementioned tracking takes place if you opt to display the images manually.
Cookies are small identifiers which our web server sends to your browser and which your terminal device stores if the appropriate default setting is made. They can be used to determine whether communication with us has already taken place from your terminal device, among other things. They are therefore used to make use more convenient for you and to optimise our website. This processing is carried out based on Art. 6, Para. 1, Clause 1, lit. f of the GDPR with regard to essential cookies and based on Art. 6, Para. 1, Clause 1, lit. a of the GDPR if you have given your consent with regard to the storage and use of our own additional cookies or cookies from third-party providers. Personal data can be stored in cookies if doing so is technically necessary or you have given your consent to this effect.
If you use our website, you can grant us your consent with regard to the use and storage of our own additional cookies or cookies from third-party providers on your terminal device. You can revoke any consent that you grant with regard to the use and storage of cookies at any time with effect for the future by disabling the cookie settings on this website by changing the configuration.
Furthermore, you can also select “Do not accept any cookies” in your browser settings (also in relation to essential cookies). Please refer to your browser’s Help function for the processes for technical administration and deletion of cookies in your browser settings.
You can also technically prevent the storage and use of all cookies using free browser add-ons such as “Adblock Plus” (adblockplus.org/de) in combination with the “EasyPrivacy” list (easylist.to) or “Ghostery” (ghostery.com).
Essential cookies enable basic functions and are necessary for the proper function of the website.
|Provider||Owner of this website|
|Purpose||Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie.|
|Cookie Expiry||1 Year|
Marketing cookies are used by third-party advertisers or publishers to display personalized ads. They do this by tracking visitors across websites.
|Purpose||Cookie by Google used for website analytics. Generates statistical data on how the visitor uses the website.|
|Cookie Expiry||2 Years|
Content from video platforms and social media platforms is blocked by default. If External Media cookies are accepted, access to those contents no longer requires manual consent.
|Purpose||Used to unblock Vimeo content.|
|Cookie Expiry||2 Years|
|Purpose||Used to unblock YouTube content.|
|Cookie Expiry||6 Month|
a) 7. Web analysis tools / Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses third-party cookies to identify the frequency of use of certain areas of our website and preferences. The information generated by the cookie about your use of our website (including your truncated IP address) is generally transmitted to a Google server in the United States and stored there. Data processing is based on our legitimate interest, namely our interest in the analysis, optimization and cost-effective operation of our online offering. Google is certified under the Privacy Shield agreement, under which it guarantees to observe European data protection law.
Google will use this information on our behalf and under an order processing agreement to analyse your use of the website, compile reports on website activities for us and provide us with additional services in connection with use of the website and Internet usage.
We only use Google Analytics with the IP anonymization function activated. This means that the user’s IP address will be truncated by Google within member states of the European Union (EU) or in other states that are party to the Agreement on the European Economic Area. In exceptional cases only, the full IP address will be transmitted to a Google server in the United States and abbreviated there. The IP address transmitted by your browser will not be combined with other data held by Google.
The data will be deleted as soon as they are no longer required for the purposes for which we recorded them. In our case, this is generally after 36 months.
You can prevent the storage of these cookies for Google Analytics by adjusting the settings in your browser or installing add-ons. In addition, you can prevent the information about your use of the website generated by the cookie (including your IP address) from being passed on to Google and being processed by Google by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=en.
More information about the use of data by Google, options for settings and for raising objections is available on Google’s websites under the following links:
- https://policies.google.com/technologies/partner-sites?hl=en (“How Google uses information from sites or apps that use our services”),
- https://www.google.com/policies/technologies/ads (“Data use for advertising purposes”),
- https://www.google.com/settings/ads (“Control the information Google uses to show you ads”).
We use plugins from third-party providers on our website to incorporate their content and services such as maps or fonts (hereinafter collectively referred to as “content”). Your data is processed in this regard based on our legitimate interests (Art. 6, Para. 1, Clause 1, lit. f of the GDPR) in the economic operation and optimisation (particularly user friendliness) of our website and in analysing how it is used, as well as in guaranteeing the security of our technical systems.
The third-party providers of such content always receive information about your IP address, because the content cannot be transferred to your terminal device without it. The IP address is required to show the content. The third-party providers may also store cookies on your terminal device if you have given your consent with regard to the use and storage of cookies from third-party providers.
a) Google Maps
We use the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to display maps. The processed data may include IP addresses and location data in particular, but this information cannot be collected without your consent (generally using corresponding device settings). You will find out more information about Google’s use of data and possibilities with regard to settings and objection at the following links:
- https://www.google.com/intl/de/policies/privacy/partners (“How Google uses data when you use our partners’ sites or apps”),
- https://www.google.com/policies/technologies/ads (“Using data for advertising purposes”),
- https://www.google.de/settings/ads (“Managing the information that Google uses to show you advertising”).
Videos over vimeo.com are integrated on this website. This is a service provided by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as “Vimeo”). A connection is established to Vimeo’s servers in the USA for this purpose. Certain information (such as your IP address) is transferred to Vimeo in this regard. Vimeo may also store cookies on your terminal device if you have given your consent with regard to the use and storage of cookies from third-party providers. We are not aware of the nature and scope of the data that Vimeo collects and have no influence over how it is used. The integration means that Vimeo may also receive information that your browser has accessed the relevant page on this website, even if you do not have a Vimeo user account or are not logged into Vimeo.
According to its own information, Vimeo is certified according to the EU/U.S. Privacy Shield.
We only disclose your personal data to external recipients if doing so is necessary e.g. to handle or process your order or to provide your contractual services, if we have your consent to this effect or if other legal permission exists.
External recipients may in particular be:
- Processors: These are service providers which we engage to provide services, e.g. in the fields of technical infrastructure and maintenance of our website. We select such processors carefully and regularly review them to ensure that your privacy remains protected. These service providers may only use the data for the purposes specified by us and under our instructions. We are authorised to use such processors in compliance with the legal requirements set forth in Art. 28 of the GDPR.
- Public agencies: These are authorities, state institutions and other public / legal bodies such as supervisory authorities, courts, public prosecutors or financial authorities. Personal data is only transferred to such public agencies for compelling legal reasons. The legal basis of such transfer may be Art. 6, Para. 1, Clause 1, lit. c of the GDPR.
- Non-public agencies: Service providers and auxiliary persons to whom the data concerning performance of our contract is transferred based on a legal obligation or to protect legitimate interests, such as shipping service providers, payment service providers, tax advisors or auditors. Transfer is then carried out based on Art. 6, Para. 1, Clause 1, lit. b, c and/or f of the GDPR.
Generally speaking, we do not process your data outside of the European Union (EU) or the European Economic Area (EEA). However, if we transfer your data to third countries outside of the EU or the EEA on a case-by-case basis (e.g. to carry out an order from a third country), before disclosure we ensure that exceptional circumstances permissible by law exist, that the recipient has an adequate data protection level or that you have given your consent to your data being transferred. An adequate data protection level is, for example, guaranteed by the recipient being certified under the EU/U.S. Privacy Shield Agreement, conclusion of the EU standard contractual clauses or the presence of binding corporate rules (BCRs).
We take technical and organisational security precautions to protect your personal data against accidental or deliberate manipulation, loss and destruction or against access by unauthorised individuals. Our security measures are adapted accordingly to the current state of the art in each case.
Your personal data, which is transferred in the context of using our website, is transferred securely on our end by means of encryption. In this regard, we use the encryption protocol Transport Layer Security (TLS), which is more commonly known under its predecessor’s name, Secure Socket Layer (SSL).
Our employees are bound by data secrecy.
We only store your personal data for as long as is necessary for fulfilment of the purposes or – if you have given us your consent – as long as you do not revoke your consent. Storage of your data may particularly be necessary if the data is still required to fulfil contractual services and to be able to check or defend warranty or guarantee claims if necessary.
We shall no longer process your personal data unless further processing of the same is permitted or even stipulated as an obligation according to the relevant legal regulations (e.g. in the context of retention requirements under commercial and tax law).
We also delete your personal data if we are obligated to do so for legal reasons.
You are entitled to a number of rights as a data subject affected by data processing. In detail, these are:
- Right of access (Art. 15 of the GDPR): You have the right to receive information about the personal data we have saved about you.
- Right to correction and deletion (Arts. 16 and 17 of the GDPR): You can request that we correct incorrect data and – if the legal requirements have been met – that we delete your data.
- Right to restriction of processing (Art. 18 of the GDPR): If the legal requirements have been met, you can request that we restrict processing of your data.
- Right to data portability (Art. 20 of the GDPR): If you have provided us with data based on a contract or consent, if the legal requirements exist you may request receipt of the data you provided in a structured and common format, or that we transfer the same to another controller.
- Right to object to data processing based on legitimate interests (Art. 21 of the GDPR): You have the right on grounds relating to your particular situation to object to our data processing activities at any time if doing so is based on legitimate interests under the terms of Art. 6, Para. 1, Clause 1, lit. f of the GDPR. If you exercise your right to object, we shall stop processing your data unless we can demonstrate compelling legitimate grounds for further processing which override your rights.
- Revocation of consent (Art. 7 of the GDPR): If you have granted us consent to process your data, you can revoke the same at any time with effect for the future. The lawfulness of processing your data until such time that you revoke your consent remains unaffected by this.
- Right to lodge a complaint with the supervisory authority (Art. 77 of the GDPR): You can also lodge a complaint with the competent supervisory authority if you believe that processing of your data violates applicable law. To do so, you can choose to contact either the data protection authority responsible for your place of residence, your workplace or the place of the suspected violation or the data protection authority responsible for us. The supervisory authority responsible for us is the Baden-Württemberg State Officer for Data Protection and Freedom of Information (LfDI), which can be contacted on the following details: Königstraße 10a, 70173 Stuttgart, Tel.: +49 (0)711 615541-0, Fax: +49 (0)711 615541-15, Email: firstname.lastname@example.org, Web: baden-wuerttemberg.datenschutz.de.
If you have any questions concerning the topic of processing of your personal data, your rights as a data subject and any consent granted, you are more than welcome to contact our data protection officer on the communication channels mentioned in Section 14. Please also contact our data protection officer directly if you would like to exercise your rights as a data subject.
We have appointed a company data protection officer. You can contact them as follows:
Mr Sanel Ramadani
– Data Protection Officer-
Buchinger Wilhelmi GmbH & Co. KG
Tel.: +49 7551 807-0
Fax: +49 7551 807-889
Last updated: 14 August 2018