Data protection declaration

We are delighted by your interest in our company and your use of our website. Data protection is of particularly high importance to our company.

 

The websites of Bermüller & Co GmbH can generally be used without providing personal data. However, if a data subject wishes to use specific services of our company via our website, the processing of personal data may become necessary. Where the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.

 

The processing of personal data — such as the name, address, email address, or telephone number of a data subject — is carried out in accordance with the requirements of the General Data Protection Regulation and in compliance with the applicable country-specific data protection provisions.

 

By means of this privacy policy, our company wishes to inform you about the nature, scope, and purpose of the personal data we process. Furthermore, data subjects are informed by means of this privacy policy of the rights to which they are entitled.

 

Bermüller & Co GmbH, as the controller, has implemented numerous technical and organisational measures to ensure the most comprehensive possible protection of personal data processed via this website. Nevertheless, internet-based data transmissions may in principle have security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means.

 
 

Contents

 
  1. Introduction
  2. Who is responsible for the processing of your data?
  3. Who can you contact with questions and suggestions regarding data protection?
  4. What are the sources of your data and who provides it?
  5. What rights do you have?
    • 5.1 Your rights regarding processing
    • 5.2 Right to lodge a complaint
  6. What data do we process when you visit our website?
  7. Tracking mechanisms and cookies
    • 7.1 Google Analytics
    • 7.2 Newsletter MailChimp
    • 7.3 Meta Pixel
  8. Further information on our handling of personal data
  9. Currency and amendments to this information sheet
  10. Glossary
 
 

1. Introduction

 

In the following text, we inform you about the collection of personal data when using our website. The meaning of personal data and other terms can be found in the glossary.

 
 

2. Who is responsible for the processing of your data?

 

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union, and other provisions of a data protection nature is:

 

Bermüller & Co GmbH Rotterdamer Straße 7 90451 Nuremberg

 

Phone: +49 (0) 911 – 64200 – 0 Fax: +49 (0) 911 – 64200 – 90 Email: info[at]beco-bermueller.de

 
 

3. Who can you contact with questions and suggestions regarding data protection?

 

We have appointed a Data Protection Officer. You can reach her at: datenschutz[at]beco-bermueller.de

 
 

4. What are the sources of your data and who provides it?

 

You can reach us via various channels, through which different data is processed accordingly. For example, your telephone number is processed for enquiries made by phone, and for enquiries submitted via the contact form, the data entered in the relevant input fields is processed. When you contact us via the various channels, we process your data on the basis of Art. 6(1)(b) GDPR — pre-contractual and contractual measures.

 

When you visit the website, further data is processed by our IT systems. This processing begins when our page is accessed and takes place automatically.

 

We also process data to analyse your user behaviour and to optimise our website accordingly. We use this data, among other things, to ensure data security and to protect the website.

 
 

5. What rights do you have?

 

5.1 Your rights regarding processing

 

You are entitled to the following rights at any time. A more detailed description can be found in our glossary:

 
  • Right to confirmation and access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (right to be forgotten) (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw a data protection consent (Art. 7(3) GDPR)
  • Automated individual decision-making, including profiling (Art. 22 GDPR)
 

To exercise these rights or if you have any questions, please contact the Data Protection Officer or the controller indicated above.

 

5.2 Right to lodge a complaint

 

You may also lodge a complaint with the Data Protection Officer indicated above or with a supervisory authority (Art. 77 GDPR). A list of German supervisory authorities can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

 
 

6. What data do we process when you visit our website?

 

When you visit our website, we process data that is technically necessary. We process this data on the basis of Art. 6(1)(f) GDPR — legitimate interests. The data we process includes:

 
  • Date and time of access
  • IP address and internet service provider of the visitor
  • Names of web pages accessed
  • Names of files downloaded
  • Status code of the access (successful or unsuccessful)
  • Information provided to us by your browser (type, operating system, etc.)
  • URL of the website from which our page was accessed
 
 

7. Tracking mechanisms and cookies

 

We use various services on our website that enable us to track your usage behaviour or that are strictly necessary for operational purposes (load balancing, cookie preferences). This is partly achieved through cookies. Cookies are small text files that we send to your browser for storage. You can object to the setting of cookies via your browser settings.

 

We also use the following tools to analyse your usage behaviour.

 

7.1 Google Analytics

 

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Analytics only transmits an anonymised version of your IP address.

 

The purpose of the Google Analytics component is to analyse visitor flows on our website. We use this for the optimisation and demand-oriented design of our site. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us, and to provide further services related to the use of our website.

 

You can prevent the storage of cookies by adjusting the settings in your browser software; however, please note that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of such data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

 

You can also prevent the collection of your data by Google Analytics by clicking on the following link:

 

Deactivate data collection by Google Analytics for this website

 

An opt-out cookie will be set that prevents the collection of your data on future visits to this website. For more information on how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de. Please also note that Google Analytics integrates the Google DoubleClick service. More information on this can be found in Google's privacy policy at the link above.

 

7.2 Newsletter MailChimp

 

Our website gives you the option to subscribe to our company newsletter. The personal data transmitted to us when subscribing to the newsletter is determined by the input form used for this purpose.

 

We use the newsletter service MailChimp provided by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. Processing takes place only with your consent (Art. 6(1)(a) GDPR — consent). As a US-based company, Rocket Science Group LLC is subject to the so-called CLOUD Act, which allows US government authorities to access data stored by Google. We have no influence over this. Further information on data protection can be found at mailchimp.com/legal/privacy.

 

Our company newsletter can generally only be received by you if (1) you have a valid email address and (2) you have registered to receive the newsletter. A confirmation email will be sent to the email address you first provide for the newsletter subscription. This confirmation email serves to verify whether the holder of the email address, as the data subject, has authorised receipt of the newsletter.

 

Your data will be deleted from our systems upon your unsubscription from the email service.

 

7.3 Meta Pixel

 

This website uses the Meta Pixel, an analytics tool provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The Meta Pixel enables us to track the behaviour of users after they have been redirected to our website by clicking on a Facebook advertisement. This serves to measure the effectiveness of Facebook advertisements for statistical and market research purposes and can therefore contribute to the optimisation of future advertising measures.

 

The Meta Pixel collects and reports data to us in anonymised form, which allows us to see how users interact with our website without individually identifying specific users. This includes information about visit activity, page views, and the use of website features.

 

Data processing is carried out on the basis of Art. 6(1)(f) GDPR, whereby our legitimate interest lies in targeted advertising and the analysis of the effectiveness of our advertising.

 

Meta may also link this data to your Facebook account and use it for its own advertising purposes in accordance with Facebook's data use policy, which you can view at https://www.facebook.com/about/privacy/. Meta and its partners may also store cookies on your device.

 

You can object to the collection by the Meta Pixel and the use of your data for the display of Facebook advertisements. To do so, you can access the pages set up by Facebook for configuring usage-based advertising: https://www.facebook.com/settings?tab=ads or use the EU-wide opt-out at http://www.youronlinechoices.com/de/praferenzmanagement/.

 

Please note that you must be logged in to make changes to the settings in your Facebook profile.

 
 

8. Further information on our handling of personal data

 
  • We only share your data with your consent and where an Art. 28 data processing agreement or similar legally valid document is in place.
  • We are also reachable on various social media platforms. If you contact us via these platforms, the data protection information of the respective operator applies. We collect data on our channels for the purpose of communicating with our customers and rely on Art. 6(1)(f) GDPR — legitimate interests — or Art. 6(1)(b) GDPR — pre-contractual and contractual measures.
  • Note: We do not use purely automated processing procedures to reach a decision.
 
 

9. Currency and amendments to this information sheet

 

This information is currently valid and was last updated in June 2021.

 
 

10. Glossary

 

Contents

 

1. Definitions

 

1. "Personal data (PD)" … means all information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Examples of PD include, but are not limited to, address data, names, telephone numbers, IP addresses, and email addresses.

 

2. "Special categories of PD" … describes PD revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation.

 

3. Controller … means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

 

4. Processor … means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

 

5. Third party … means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

 

6. Employees … within the meaning of the German Federal Data Protection Act (BDSG, new version) are:

 
  • Employees, including temporary workers in relation to the hiring company
  • Persons undergoing vocational training
  • Participants in measures for participation in working life and in assessments of professional aptitude or work trials (rehabilitation participants)
  • Persons employed in recognised workshops for people with disabilities
  • Volunteers performing a service under the Act on Youth Voluntary Services or the Federal Voluntary Service Act
  • Persons who, due to their economic dependence, are to be regarded as employee-like persons; this includes home workers and those with equivalent status
  • Applicants for an employment relationship and persons whose employment relationship has ended are also considered employees
 

7. Processing … means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

 

8. Profiling … means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

 

9. Pseudonymisation … means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

 

10. Filing system … means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised, or dispersed on a functional or geographical basis.

 
 

2. Description of data subject rights

 

1. Right to confirmation and access (Art. 15 GDPR) You have the right to obtain from us confirmation as to whether personal data concerning you is being processed.

 

You also have the right to receive from us, at any time upon request in text form, information about your personal data processed by us, to the extent set out in Art. 15 GDPR.

 

This right is restricted by the exceptions set out in § 34 BDSG, according to which the right of access does not apply in particular where the data is stored solely due to statutory retention obligations or for data security and data protection control purposes, where providing the information would require a disproportionate effort and the misuse of data processing is prevented by appropriate technical and organisational measures.

 

2. Right to rectification (Art. 16 GDPR) You have the right, pursuant to Art. 16 GDPR, to demand from us the immediate rectification of your data.

 

3. Right to erasure (right to be forgotten) (Art. 17 GDPR) You have the right to demand from us the erasure of personal data concerning you under the conditions described in Art. 17 GDPR. These conditions apply in particular when the respective processing purpose has been achieved or has otherwise ceased to exist, when we are processing your data unlawfully, when you have withdrawn a consent without another legal basis for processing being available, when you have successfully objected to the processing, and in cases where an obligation to erase exists under Union law or the law of an EU Member State to which we are subject.

 

This right is subject to the restrictions set out in § 35 BDSG, according to which the right to erasure may not apply in particular where, in the case of non-automated data processing, erasure would involve a disproportionately high effort and your interest in erasure is considered to be minor.

 

4. Right to restriction of processing (Art. 18 GDPR) You may request from us, in accordance with Art. 18 GDPR, that we restrict the processing of your personal data. This right exists in particular when the accuracy of the personal data is disputed, when you request restricted processing instead of erasure under the conditions of a legitimate erasure request, when the data is no longer required for the purposes pursued by us but you need the data to establish, exercise, or defend legal claims, and when the outcome of an objection is still pending.

 

5. Right to data portability (Art. 20 GDPR) In accordance with Art. 20 GDPR, you have the right to receive from us the personal data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, as well as the right to have this data transmitted to another controller.

 

6. Right to object (Art. 21 GDPR) You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out either in the public interest or for the purposes of our legitimate interests. We will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or where the processing serves the establishment, exercise, or defence of legal claims.

 

If you object to the processing of your personal data for direct marketing purposes (e.g. in the case of trade customers), we will cease such processing in any case.

 

7. Right to withdraw a data protection consent (Art. 7(3) GDPR) You also have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of the consent prior to its withdrawal.

 

8. Automated individual decision-making, including profiling (Art. 22 GDPR) You have the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning you or similarly significantly affects you.