Beco Bermüller

Data protection

BECO

We are delighted that you are interested in our company and want to use our website. Data protection is very important to us.

It is possible to use the website of Bermüller & Co GmbH without having to disclose your personal data. However, if a data subject wishes to make use of particular services that we offer via our website, it could be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will always obtain the data subject’s consent.

Personal data, such as the name, address, e-mail address or telephone number of a data subject, is processed in accordance with the requirements of the General Data Protection Regulation and the applicable country-specific data protection rules.

The aim of this privacy policy is to inform you about the type, scope and purpose of the personal data processed by us. It also informs data subjects of their data protection rights.

In the capacity of controller for the processing, Bermüller & Co GmbH has implemented a range of technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, transmission of data over the Internet is fundamentally exposed to security vulnerabilities, with the result that absolute protection cannot be guaranteed. For this reason, every data subject is free to send their personal data by other means.

Contents

1. Introduction

2. Who is responsible for the processing of your data?

3. Who is the best contact person if you have questions or suggestions in relation to data protection?

4. Where does your data come from?

5. What are your rights?

5.1 Your rights to processing

5.2 Right to complain

6. Which data do we process when you visit our site?

7. Tracking and cookies

7.1 Google Analytics

7.2 MailChimp newsletter

8. Further information on how we handle your personal data

9. Updating and amending this information sheet

10. Glossary

 

1. Introduction

The following text is designed to provide you with information on the collection of your personal data when using our website. The Glossary contains helpful definitions of “personal data” and other relevant terms.

 

2. Who is responsible for the processing of your data?

The controller as defined in the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other rules relating to data protection is:

 

Bermüller & Co GmbH

Rotterdamer Straße 7

90451 Nuremberg, Germany

 

Telephone: +49 (0) 911 – 64200 – 0

Telefax: +49 (0) 911 – 64200 – 90

E-Mail: info@beco-bermueller.de

 

3. Who is the best contact person if you have questions or suggestions in relation to data protection?

We have appointed a data protection officer. Our Data Protection Officer can be contacted at:
datenschutz@beco-bermueller.de

 

4. Where does your data come from?

You can contact us via various channels through which different data is processed accordingly. For example, we process your telephone number if you make an enquiry by telephone and we process the data from the corresponding form for enquiries received via the contact form. When you contact us via the different channels, we process your data on the basis of Article 6(1)b – (pre)contractual measures GDPR.

When you visit our website, further data is processed by our IT systems. This processing begins automatically when you access our website.

We also process data to evaluate your usage patterns and to optimise our website on this basis. We use this data for such purposes as securing the data and protecting our website.

 

5. What are your rights? 

5.1 Your rights to processing

You have the following rights at all times, a more detailed description of which can be found in our glossary:

  • Right of access (Article 15 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to erasure (right to be forgotten) (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object (Article 21 GDPR)
  • Right to withdraw consent (Article 7(3) GDPR)
  • Automated individual decision-making, including profiling (Article 22 GDPR)

 

To assert these rights or if you have any questions, simply contact the named Data Protection Officer or the controller.

 

5.2 Right to complain

You may also lodge a complaint with the above-mentioned Data Protection Officer or a supervisory authority (Article 77 GDPR). A list of the German supervisory authorities can be found here: (https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html).https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html).

 

6. Which data do we process when you visit our site?

When you visit our website, we process data that is technically necessary. We process this data on the basis of Article 6(1)f – protection of legitimate interests. We process the following data:

  • Date and time of access
  • IP address and provider of the visitor
  • Names of websites accessed
  • Names of downloaded files
  • Status code of the access (successful or faulty)
  • Information provided to us by your browser (type, operating system etc.)
  • URL of the website from which our site is accessed

 

7. Tracking and cookies

We use various services on our website that enable us to track your usage patterns or that are absolutely necessary for us (load balancing, cookie preferences). This sometimes means using cookies. Cookies are small text files that we send to your browser to be saved. You can object to the use of cookies in your browser settings.

 

We also use the following tools to analyse your usage patterns.

 

7.1 Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics only transmits an anonymised version of your IP address.

The purpose of the Google Analytics component is to analyse the flows of visitors to our website. We use this to optimise and tailor the design of our website according to usage. Google uses the data and information obtained to analyse the use of our website, to compile online reports for us and to provide other services related to the use of our website.

You may reject the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to enjoy the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available from the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

You can also prevent the collection of your data by Google Analytics by clicking on the following link:

Get Google Analytics Opt-out Browser Add-on

An opt-out cookie will be set, preventing your data from being collected on future visits to this website. You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en. Please also note that Google Analytics integrates the Google DoubleClick service. You can find out more about this in Google’s privacy policy at the link above.

 

 

7.2 Newsletter MailChimp

Via our website you can choose to subscribe to our company's newsletter. Which personal data is transmitted to us when you subscribe to the newsletter is determined by the data entry form used for this purpose.

We use the MailChimp newsletter service of the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The processing only takes place with your consent (Article 6(1)a – Consent). As a US company, Rocket Science Group LLC is subject to the CLOUD Act, which allows US federal authorities to gain access to the data stored by Google. We have no influence over this. Further information on data protection can be found at mailchimp.com/legal/privacy.

You can only receive our company's newsletter if (1) you have a valid e-mail address and (2) you have registered to receive it. A confirmation e-mail will be sent to the e-mail address you enter when you first register for the newsletter mailing. This confirmation e-mail is used to check whether the owner of the e-mail address has authorised receipt of the newsletter in the capacity of the data subject.

Your data will be deleted after you unsubscribe from the e-mail service.

 

 

7.3 Google reCAPTCHA

We use Google reCAPTCHA on our website to ensure the security of the input forms and to ensure that the entries have been made by real people rather than bots. This service is provided by Google Ireland Limited. reCAPTCHA analyses the behaviour of website visitors based on various characteristics in order to differentiate between humans and bots. Personal data such as IP address and potentially other information may be transmitted to Google. Further information can be found in Google’s privacy policyhttps://policies.google.com/privacy) and terms of use (https://policies.google.com/terms).

 

 

8. Further information on how we handle your personal data 

  • We only share your data with your consent and subject to the existence of an Article 28 data processing agreement or similar legally valid documents.
  • We also have pages on various social media platforms. If you contact us via these, the operator's data protection information applies accordingly. We collect data on our channels for communication with our customers and rely on Article 6(1)f – protection of legitimate interests or Article 6(1)b – (pre)contractual measure.
  • Note: We do not use any purely automated processing procedures to reach a decision.

 

9. Updating and amending this information sheet

This information, as last amended in June 2021, is currently valid.

 

10. Glossary

Contents

1. Begriffsbestimmungen 

1. “Personal data”

Any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples of personal data include address information, names, telephone numbers, IP address, e-mail address.

2. “Special categories” of personal data

Any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

3. The “controller”

The natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

4. The “processor”

An individual or legal entity, public authority, agency or other body that processes personal data on behalf of the controller.

5. “Third party”

Any individual or legal entity, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorised to process personal data.

6. Employees

In the context of the BDSG (new) are:

  • employees, including temporary workers in relation to the hirer,
  • persons employed for the purposes of vocational training,
  • participants in services to promote participation in working life or undergoing assessment of professional aptitude or work trials (rehabilitants),
  • people employed in recognised workshops for people with disabilities,
  • volunteers performing a service in accordance with the Youth Volunteer Service Act or the Federal Volunteer Service Act,
  • persons who are to be regarded as employee-like persons due to their lack of economic independence; these also include those working from home and those treated as such,
  • applicants for an employment relationship and persons whose employment relationship has ended are deemed to be employees.

7. Processing

Any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

8. Profiling

Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

9. Pseudonymisation

The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

10. Filing system

Any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

2. Description of the rights of the data subject 

  1. Right of access (Article 15 GDPR)

You have the right to request confirmation from us as to whether your personal data is being processed.

You also have the right to request information from us at any time in text form about your personal data processed by us in accordance with the terms of Article 15 GDPR.

This right is limited by the exceptions of Section 34 of BDSG, according to which the right to information does not apply in particular if the data is only stored due to statutory retention requirements or for data backup and data protection control, the provision of information would require a disproportionate effort and suitable technical and organisational measures have been put in place to prevent any misuse of the data processing.

2. Right to rectification (Article 16 GDPR)

You have the right pursuant to Article 16 GDPR to obtain from us without undue delay the rectification of inaccurate personal data concerning you.

3. Right to erasure (right to be forgotten) (Article 17 GDPR)

You have the right to demand that we erase the data concerning you subject to the conditions described in Article 17 GDPR. These conditions exist in particular if the respective processing purpose has been achieved or otherwise ceases to apply, as well as if we process your data unlawfully, if you have revoked your consent without the data processing being able to continue on another legal basis, if you successfully object to the data processing and in cases of an obligation to erase data on the basis of Union law or the law of an EU Member State to which we are subject.

This right is subject to the restrictions set out in Section 35 BDSG, according to which the right to erasure may not apply in particular if, in the case of non-automated data processing, a disproportionately high effort is required for erasure and your interest in erasure is considered to be low.

4. Right to restriction of processing (Article 18 GDPR)

In accordance with Article 18 GDPR, you may request that we only process your personal data to a limited extent. This right exists in particular if the accuracy of the personal data is disputed, or if you request restricted processing instead of erasure under the conditions of a legitimate request for erasure. This right also exists in the event that the data is no longer required for the purposes pursued by us, but you need the data in order to assert, exercise or defend legal claims and if the success of an objection is still disputed.

5. Right to data portability (Article 20 GDPR)

In accordance with Article 20 GDPR, you have the right to receive your personal data that you have made available to us in a structured, commonly used and machine-readable format, and you have the right to have that personal data transmitted directly from us to another controller.

6. Right to object (Article 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you where such processing was carried out either in the public interest or for the purposes of upholding our justified interest.  We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.

If you object to the processing of your personal data for advertising purposes (e.g. for retail customers), we will always cease this processing.

7. Right to withdraw consent (Article 7(3) GDPR)

You also have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of any processing based on consent before its withdrawal.

8. Automated individual decision-making, including profiling (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects that concern you or significantly affect you in a similar way.