Controller: Wilhelm Bauer GmbH & Co. KG Hägenstr. 15 30559 Hanover, Germany Commercial register: Hanover Regional Court HRA 25572 Managing Directors: Jan Bauer, Tobias Bauer Telephone number: +49 511 51001 0 E-mail address: firstname.lastname@example.org
Types of Data processed:
- User data
- Contact data
- Usage data
- Metadata/communication data
Processing of special categories of Data (Art. 9 (1) GDPR):
- In principle, no special categories of Data are processed except for that provided by the user for processing, e.g. in online forms or in direct e-mail transmissions.
Categories of persons affected by the processing (data subjects):
- Customers / interested parties / suppliers.
- Visitors to and users of the Online Offering.
Data subjects are hereinafter also collectively described as “Users”.
Purpose of processing:
- Provision of the Online Offering, its contents and functions.
- Responding to contact enquiries and communicating with Users.
- Marketing, advertising and market research.
- Security measures Pursuant to Art. 32 GDPR, taking into account the state of the art, implementation costs and the type, scope, circumstances and purpose of processing as well as the differing probabilities of occurrence and severity of the risk in respect of the rights and freedoms of natural persons, we take suitable technical and organisational measures to ensure an appropriate level of protection. The measures include in particular ensuring the confidentiality, integrity and availability of the Data by controlling physical access to the Data as well as its logical access, input, transmission, security of availability and its separation. Furthermore, we have set up procedures that ensure the exercise of data subjects’ rights as well as the erasure of data and the response to threats to Data. In addition, we take the protection of personal data into account as early as in the development or selection of hardware, software and procedures in accordance with the principle of data protection through technology design and default privacy settings (Art. 25 GDPR).
Collaboration with processors and third parties
- If we disclose, transmit or provide access in any way to the Data to other persons and companies (processors or third parties) in the context of our processing, this only takes place on the basis of lawful permission (e.g. when transmitting Data to third parties, such as required for payment providers, pursuant to Art. 6 (1) letter b) GDPR for contract performance), if you have given consent, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using contractors, web hosting services, etc).
- If we contract third parties to process Data on the basis of a contract processing agreement, this shall be based on Art. 28 GDPR.
- Transmission to third countries If we process Data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)), or this occurs in the context of using the services of a third party or a disclosure or transmission of Data to third parties, this only occurs in the performance of our (pre-)contractual obligations, based on your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual consent, we process Data, or allow Data to be processed, in a third country only if the special requirements under Art. 44 et. seqq. GDPR are met. This means that, for instance, processing is only carried out on the basis of special guarantees, such as the officially recognised determination of a level of protection that conforms to that of the EU or the observance of officially recognised special contractual obligations (standard contract clauses).
Data subjects’ rights
- You have the right to request confirmation as to whether relevant Data is processed and information about this Data as well as further information and copies of the Data pursuant to Art. 15 GDPR.
- Pursuant to Art. 16 GDPR, you have the right to completion of the Data relevant to you or the correction of incorrect Data pertaining to you.
- Pursuant to Art. 17 GDPR, you have the right to request relevant Data to be erased immediately or, as an alternative, request to have the processing of the Data restricted pursuant to Art. 18 GDPR.
- You have the right to request that Data concerning you that you have provided to us be retained pursuant to Art. 20 GDPR and request this Data to be transmitted to other controllers.
- Furthermore, pursuant to Art. 77 GDPR, you have the right to lodge a complaint at the competent supervisory authority.
- Right to withdraw consent You have the right to withdraw any consent given with effect for the future pursuant to Art. 7 (3) GDPR.
- Right to object You may object to any future processing of Data relevant to you at any time pursuant to Art. 21 GDPR. The objection may, in particular, be lodged against processing for the purposes of direct marketing.
Erasure of Data
- According to the legal requirements, Data must be retained for 6 years pursuant to section 257 (1) HGB [German Commercial Code] (trading books, inventories, opening balances, annual financial statements, commercial correspondence, accounting documents, etc) and for 10 years pursuant to section 147 (1) AO [German Fiscal Code] (books, records, management reports, accounting documents, commercial and business correspondence, tax-related documents, etc).
- When you contact us via the contact form or e-mail, the User’s information is processed for the purpose of processing the contact enquiry and its response pursuant to Art. 6 (1) letter b) GDPR.
- The User’s information can be stored in our Customer Relationship Management System (“CRM System”) or similar query database.
Collection of access data and log files
- Based on our legitimate interests as defined in Art. 6 (1) letter f) GDPR, we collect Data about every access to the server that has this service (server log files). The access data includes the name of the web page accessed, file, date and time of access, data quantity transferred, message about a successful access, browser type and version, the User’s operating system, referrer URL (the site visited last), IP address and the querying provider.
- For security reasons (e.g. to clarify any misuse or fraudulent actions), log file information is stored for the duration of the last full calendar year and then erased. Data requiring to be stored for the purposes of providing proof is exempted from erasure until the final clarification of the respective incident.
Inclusion of services and third-party content
- We place third-party content or service offerings in our Online Offering based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our Online Offering as defined in Art. 6 (1) letter f) GDPR) in order to include their content and services, such as videos or fonts (hereinafter jointly referred to as “Content”). It is always a requirement that third-party providers of this Content access a User’s IP address as they cannot send the Content to their browser without the IP address. The IP address is thus required to display this content. We endeavour to only use content by providers that only use the IP address for the purpose of delivering the content. Furthermore, third-party providers can use pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. Pixel tags are used to analyse information such as visitor traffic to the pages of this website. The pseudonymised information can, in addition, be stored in cookies on the User’s device and be linked to, among others, technical information on the browser and operating system, referring web pages, time of visit and other information on the use of our Online Offering and to such information from other sources.