Data Protection Declaration
As of: January 2020
1. General information
We take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.
Below we will inform you which personal) data we collect, how we use them and how you can revoke the processing of your data. Personal data comprises data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.
We herewith advise you that the transmission of data via the Internet (i.e. through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third party access in case that you should use these transmission channels. Of course, for securing your personal data, we maintain technical and organizational measures according to Article 32 GDPR and we will always adapt them to the current state of the art.
2. Information about the responsible party (referred to as the “controller” in the GDPR)
The data processing controller is:
Bullnheimer & Co. GmbH & Co. KG
Im Tal 12
86179 Augsburg
GERMANY
Phone: + 49 821 80 85 0-0
E-Mail: info(at)bullnheimer.de
The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g. names, e-mail addresses, etc.).
3. Data protection officer
We have appointed a data protection officer for our company.
Mrs. Schoeler
Bullnheimer & Co. GmbH & Co. KG
Im Tal 12
86179 Augsburg
GERMANY
E-Mail: schoeler(at)bullnheimer.de
4. SSL- and/or TLS- encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption programme. You can recognise an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and by the appearance of the lock icon in the browser line. If the SSL or TLS encryption is activated, third parties cannot read data you transmit to us.
5. How we handle your personal information
5.1. Recording of data on our website and in our online tool catalogue
In general it is possible, to visit and use our website and our online catalogue without providing any personal data. Every time a user accesses our website www.bulllnheimer.de or a file, anonymous data on this procedure are saved in the log file. The storage of this information is for internal system- based and statistics purposes. The following data are collected:
· Name of the file accessed
· Date and time of the access
· Data volume transmitted
· Notification whether data retrieval was successful
· Description of the type of web browser used
· Requesting domain
This data is not merged with other data sources.
This data is recorded based on Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded. The statistical raw data will automatically be deleted after 90 days.
Registered customers can log in in our online catalogue in order to see prices and to send us an inquiry for example. Further information on the collection of personal data of registered customers can be found below under 5.4 and 5.5.
5.2. Cookies
In some instances, our website and its pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. The purpose of cookies is to make our website more user friendly, effective and more secure. Cookies are small text files that are placed on your computer and stored by your browser.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your leave our site. Other cookies will remain archived on your device for a minimum of 30 day or until you delete them. These cookies enable us to recognise your browser the next time you visit our website.
You can adjust the settings of your browser to make sure that you are notified every time cookies are placed and to enable you to accept cookies only in specific cases or to exclude the acceptance of cookies for specific situations or in general and to activate the automatic deletion of cookies when you close your browser. If you deactivate cookies, the functions of this website may be limited.
Cookies that are required for the performance of the electronic communications transaction or to provide certain functions you want to use (e.g. the shopping cart function), are stored based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically error free and optimised provision of the operator’s services. If other cookies (e.g. cookies for the analysis of your browsing patterns) should be stored, they are addressed separately in this Data Protection Declaration.
5.3. Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc. for the purpose of tailoring our pages to your needs and continuously optimizing them. ("Google"). This is done based on article 6 paragraph 1 letter f) DSGVO (legitimate interest). Google Analytics uses so-called cookies, i.e. small text files that are stored on your computer. These enable an analysis of the use of our website. Anonymous user profiles are created and cookies are used. The following information is collected during your visit of our website:
· Technical data such as browser, internet provider or terminal device
· Host name of the accessing computer (shortened IP address, so that no clear assignment is possible)
· Previously visited page
· The subpages visited on our site
· Your behaviour on our pages (e.g. access time,), dwell time, and click and scroll behaviour
· Your shopping cart incl. purchase and ordered articles
· Information about any website objectives achieved (e.g. registration for the newsletter)
· Your approximate location (country and city)
On our behalf, Google uses this information to evaluate the use of our website and to compile reports on the activities. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other data from Google. You can prevent the storage of cookies by making the appropriate settings in your browser software. However, we would like to point out that you may not be able to use all functions of our website without any restrictions. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
5.4. Request by contact form, e-mail, telephone or fax
If you contact us by contact form, e-mail, telephone or fax, your request, including all resulting personal data (name, e-mail, request, etc.) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent. The processing of your personal data is based on your consent (Article 6 Sect. 1 lit. a GDPR). By sending your inquiry, you give your consent to the processing of your provided data. You can also revoke at any time any consent you have already given us. To do so, all you are required to do is sent us an informal notification via e-mail. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.
The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
5.5. Registration as a new customer
For the registration as a new customer/For the opening
a new account in our online catalogue we collect and process personal data in
the specified extent. Since we supply specific sectors and specific customer
groups only, certain information and personal data are needed in order to
assure that you are a member of this target group. Furthermore, these data are
needed in order to improve your shopping experience and to simplify a later
order handling. The processing of your
personal data is based on your consent (Article 6 Sect. 1 lit. a GDPR). You can
also revoke at any time any consent you have already given us. To do so, all
you are required to do is sent us an informal notification via e-mail. This
shall be without prejudice to the lawfulness of any data collection that
occurred prior to your revocation. Your customer account will be delated then.
5.6. Data for the performance of a contract
If you like to place an order certain information and personal data is needed in order to register you as a new customer. We collect and process personal data in the specified extent. Furthermore, the data is needed for the performance of the contract. For example, we process the following data: company address(es) and contact details for the communication and processing of orders, VAT number and so on.
The processing of your personal data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 Sect. 1 lit. d GDPR).
We do not pass these data on without your consent. Only this excludes service partners who are needed for the performance of the contract like shipping companies or financial service providers. As a matter of course, the volume of the data transfer will be restricted to a minimum extent.
The deletion of these (personal) data is carried out in compliance with retention periods that arise from commercial and tax law and other applicable legal requirements. Legal storage periods remain unaffected.
Furthermore, if a customer orders on a regular basis, we have saved the contact details of the relevant contact persons. The processing of your personal data is necessary for the purposes of our legitimate interests (Article 6 Sect. 1 lit. f GDPR), since we would like to process inquires and orders addressed to us effectively.
Of course, this personal data is only processed for the project-related order handling, within an active business relationship and in compliance with the statutory data protection regulations. Should you no longer agree to the storage of your personal data or if your data is no longer correct, we kindly ask you to notify us in writing. The deletion or restriction of these personal data is carried out in compliance with retention periods that arise from commercial and tax law and other applicable legal requirements.
In all other cases, the processing of your personal data is based on your consent (Article 6 Sect. 1 lit. a GDPR).
5.7. Usage of email addresses for newsletter
We solely use your e-mail address -separately from the contract processing - for our own advertising purposes for our newsletters. The processing of your personal data is based on your consent (Article 6 Sect. 1 lit. a GDPR).
We use the e-mail address independently from the contract processing exclusively for our own advertising purposes for the newsletter dispatch. The processing is based on Art. 6 sentence 1a of the DS-GVO with your consent.
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter.
In order to ensure that the newsletter is sent by mutual agreement, we use the so-called double opt-in procedure. In the following process the potential recipient can be added to a distribution list. Subsequently, the user receives a confirmation e-mail to confirm the registration in a legally secure manner. Only if the confirmation is made, the address is actively included in the distribution list.
We use this data exclusively for sending the requested information and offers.
Newsletter2Go is used as newsletter software. Your data will be transmitted to Newsletter2Go GmbH. Newsletter2Go is not allowed to sell your data or use it for other purposes than for sending newsletters. Newsletter2Go is a German, certified provider, which was selected according to the requirements of the Data Protection Basic Regulation and the Federal Data Protection Act. You can find further information here: https://www.newsletter2go.de/informationen-newsletter-empfaenger/
You can revoke your consent to the storage of your data, your e-mail address and its use for sending the newsletter at any time, for example by clicking on the "Unsubscribe" link in the newsletter.
The data protection measures are always subject to technical innovations. For this reason, we ask you to inform yourself about our data protection measures at regular intervals by consulting our data protection declaration.
5.8. Information disclosure
We will not pass on any personal data to a third party, except:
· You have given us your explicit consent.
· It is necessary for the performance of a contract.
·
It
is necessary for compliance with a legal obligation.
5.9. Exercise your rights
To exercise your rights, simply write us at the above-mentioned address.
5.10. Embedded YouTube videos
Our website uses plug-ins of the YouTube platform, which is being operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use
YouTube in the expanded data protection mode. According to YouTube, this mode
ensures that YouTube does not store any information about visitors to this
website before they watch the video. Nevertheless, this does not necessarily
mean that the sharing of data with YouTube partners can be ruled out as a
result of the expanded data protection mode. For instance, regardless of
whether you are watching a video, YouTube will always establish a connection
with the Google DoubleClick network.
As soon as you start to play a YouTube video on our website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.
Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device. With the assistance of these cookies, YouTube will be able to obtain information about our website visitor. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud. These cookies will stay on your device until you delete them.
Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.
The use
of YouTube is based on our interest in presenting our online content in an
appealing manner pursuant to Art. 6 Sect. 1 lit. f GDPR, this is a legitimate interest.
For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under https://policies.google.com/privacy?hl=en.
6. Data subject rights
6.1. Information about, blockage, rectification and eradication of data
Within the scope of the applicable statutory provisions, you have the right to at any time demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data. You may also have a right to have your data rectified, blocked or eradicated.
If you have questions about this subject matter
or any other questions about personal data, please do not hesitate to contact
us at any time at the address provided in section “Information Required by Law.”
6.2. Right to demand processing restrictions
You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time at the address provided in section “Information Required by Law.” The right to demand restriction of processing applies in the following cases:
· In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
· If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the eradication of this data.
· If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
· If you have raised an objection pursuant to Art. 21 Sect. 1 GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
If you have restricted the processing of your
personal data, the data – with the exception of their archiving – may be
processed only subject to your consent or to claim, exercise or defend legal
entitlements or to protect the rights of other natural persons or legal
entities or for important public interest reasons cited by the European Union
or a member state of the EU.
6.3. Right to log a complaint with the competent supervisory agency
In the event of violations of the GDPR, data
subjects are entitled to log a complaint with a supervisory agency, in
particular in the member state where they usually maintain their domicile,
place of work or at the place where the alleged violation occurred. The right
to log a complaint is in effect regardless of any other administrative or court
proceedings available as legal recourses.
6.4. Right to data portability
You have the right to demand that we hand over
any data we automatically process on the basis of your consent or in order to
fulfil a contract be handed over to you or a third party in a commonly used,
machine readable format. If you should demand the direct transfer of the data
to another controller, this will be done only if it is technically feasible.
6.5. Revocation of your consent to the processing of data
A wide range of data processing transactions is
possible only subject to your express consent. You can also revoke at any time
any consent you have already given us. To do so, all you are required to do is
sent us an informal notification via e-mail. This shall be without prejudice to
the lawfulness of any data collection that occurred prior to your revocation.
6.6. Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)
In the event that data are processed based on
Art. 6 Sect. 1 lit. e or f GDPR, you have the right to at any time object to
the processing of your personal data based on grounds arising from your unique
situation. This also applies to any profiling based on these provisions. To
determine the legal basis, on which any processing of data is based, please
consult this Data Protection Declaration. If you log an objection, we will no longer
process your affected personal data, unless we are in a position to present
compelling protection worthy grounds for the processing of your data, that
outweigh your interests, rights and freedoms or if the purpose of the
processing is the claiming, exercising or defence of legal entitlements
(objection pursuant to Art. 21 Sect. 1 GDPR).
If your personal data is being processed in order to engage in direct advertising, you have the right to object to the processing of your affected personal data for the purposes of such advertising at any time. This also applies to profiling to the extent that it is affiliated with such direct advertising. If you object, your personal data will subsequently no longer be used for direct advertising purposes (objection pursuant to Art. 21 Sect. 2 GDPR).
Changes in our privacy policy
We reserve the right to update this Privacy Policy so that it always meets the current and future (legal) requirements and that all future changes in our services are included in this document. For this reason, we kindly ask you to note the respectively current version of our Privacy Policy.