data privacy statement

Privacy Statement according to the General Data Protection Regulation (DS-GVO)

1. Information on the collection of personal data

(1) In the following we inform you about the collection of personal data when you use our website. Personal data are all data personally concerning you, for example, name, address, e-mail addresses or user behavior.

(2) Responsible according to Art. 4 paragraph 7 EU General Data Protection Regulation (GDPR), is the BMK Group GmbH & Co. KG, Werner-von-Siemens-Strasse 6, 86159 Augsburg, Germany, Telephone: +49 (0)821 – 20788 – 100, Fax: +49 (0)821 – 20788 – 101,  E-mail: info[at]bmk-group.de (see our publishing information). 

Our Data Protection Officers are at your disposal under Datenschutz[at]bmk-group.de  or at our postal address for the attention of “The Data Protection Officer”.

(3) When you contact us by e-mail or via a contact form, all the data you give us (your e-mail address, and where applicable, name and telephone number) will be saved in order to reply to your queries. The data involved in this context will be deleted when storage is no longer necessary, or processing will be restricted insofar as there is a statutory obligation of retention.

(4) If we wish to refer to our authorized service providers in respect of individual functions of our offer or to use your data for advertising purposes we shall inform you of this as given below in detail about the respective procedures. We also name the specified criteria for the duration of storage.

2. Your rights

(1) You have the following rights in respect of the data which concern you personally:

  • the right to information,

  • the right to correction or deletion,    

  • the right to restriction of processing,

  •  the right to objection to processing,

  • the right to data portability. 

(2) In addition you have the right to lodge a complaint about us with a data protection supervisory authority in respect of the processing of your personal data.

The responsible supervisory authority for data protection is

Das Bayerische Landesamt für Datenschutzaufsicht,
Promenade 27 (Schloss),
91522 Ansbach

Germany
Telephone: 0049 (0) 981 53 1300
Fax:  0049 (0) 981 53 98 1300,
E-mail: poststelle[at]lda.bayern.de

3. Collection of personal data when visiting our website

(1) When the website is used solely to receive information, in other words, you do not register or transfer any other information to us, we collect only the personal data which your browser transfers to our server. If you wish to view our website we collect the following data which are required technically in order to show our website to you and to guarantee stability and security (the legal basis is Art. 6 paragraph 1 p. 1 lit. f GDPR):

  • IP-Address

  •  date and time of the request

  • time zone difference to Greenwich Mean Time (GMT)

  • content of the request (specific page)

  • access status/HTTP status code

  • respective volume of data transferred

  • website from where the request is made

  • browser

  • operating system and interface

  •  Language and version of the browser software.

(2) In addition to the above named data, when you use our website cookies will be saved on your computer. Cookies are small text files which are saved on your hard drive and assigned to the browser you use and the place where the cookie is set up (here = our company), where specific information is received. Cookies cannot carry out programs or transfer any virus to your computer. They serve to make Internet offers as a whole more user-friendly and more effective.

(3) The use of cookies:

a) This website uses the following types of cookies, their scope and functions explained below:

  • Transient cookies (see b)

  • Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These save a so-called session-ID, with which various requests of your browser can be allocated to the joint session. In this way your computer can be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period of time which can differ according to the cookie. At any time you can delete cookies in the security settings of you browser.

d) You can configure your browser setting according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would just point out that in this case, you may not be able to use all the functions of this website.

4. Further functions and offers on our website

(1) Apart from using our website solely to provide information, we also provide a number of services which you can visit specifically if interested. As a rule this requires that you enter further personal data which we then use in order to provide the respective service for which the above named regulations on data processing are valid.

(2) In part we also use the services of external service providers for the processing of your data. We have chosen such service providers with the utmost care and have commissioned them according to our instructions and our regular controls.

(3) Further, we can forward your personal data to a third party  in the case that campaigns, participation in campaigns, raffles, conclusion of contract or similar services are offered by us in cooperation with our business partners. Further information on this is available when you enter your personal details or as described below

(4) Insofar as our chosen service provider or partner has its registered office in a country outside the European economic area (EEA), you will be informed of this situation in the specification of our offer.

5. Opposition or revocation of the processing of your data

(1) In the case that you have given your consent to the processing of your data, this can nevertheless be revoked at any time. A revocation influences the permissibility of the processing of your personal data, after you have expressed this to us.

(2) Insofar as processing of your personal data is based on the consideration of interests, you can file an objection against processing. This is the case if in particular, processing is not necessary for the performance of a contract with you, as represented respectively in the following description of functions. If such an objection is filed, we ask you for the explanation of reasons why we should not processes your personal data as we do. In the case of a justified objection on your part we shall examine the situation and either cease or modify the data processing, or we demonstrate to you our own reasons for the basis on which we continue processing..

(3) You can of course object at any time to the processing of your personal data for the purposes of advertising or data analysis. For an objection to advertising you can contact us under the following:

BMK Group GmbH & Co. KG, Werner-von-Siemens-Strasse 6, 86159 Augsburg, Telephone: +49 (0)821 – 20788 – 100, Fax: +49 (0)821 – 20788 – 101, E-mail: info[at]bmk-group.de

and

datenschutz[at]bmk-group.de

6. Incorporation of YouTube videos

(1) We have incorporated YouTube videos in our online offer. These are saved under www.YouTube.com and can be viewed directly from our website.

(2) When you visit the website YouTube receives the information that you have called up the respective sub-page of our website. In addition, the data listed under point 3. of this declaration are transferred. This occurs regardless of whether YouTube makes a user account available where you are logged in or if there is no user account. When you are logged in at Google, your data are assigned directly to your account. If you do not want the allocation of your profile to YouTube, you must log out before activating the button. YouTube saves your data as a user profile and uses these for purposes of advertising, market research and/or needs-based design of its website. Such an evaluation follows in particular (even for non-logged-in users) to perform needs-based advertising and to inform other users of the social network about your activities on our website. You have the right of objection to the creation of such user profiles by contacting YouTube.

(3) Further information on the purpose and extent of data collection and processing by YouTube are found in the Data Protection Declaration. Here you will also find further information on your rights and about the possible settings for the protection of your privacy: https://policies.google.com/privacy?hl=de&gl=de. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

7.  Incorporation of Google Maps

(1) On this website we use the service offer of Google Maps. In this way we can show you interactive maps directly on the website and thus enable you comfortable use of the map function.

(2) When you visit the website, Google receives the information that you have called up the respective subpage of our website. The data named under point 3. of this declaration are transferred. This occurs whether or not Google makes a user account available via which you log in or there is no user account. When you are logged in with Google your data are assigned directly to your account. If you do not wish this assignment to your profile at Google you must log out before activating the button. Google saves your data as use profile for purposes of advertising, market research and/or needs-based design of its website. Such an evaluation (even for users who are not logged in) serves especially purposes of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of this user profile, and to exercise this right you must contact Google.

(3)  Further information on the purpose and extent of data collection and processing by plug-in providers are found in the data protection declarations of the supplier. Here you also receive further information about your rights and possible settings for the protection of your privacy: https://policies.google.com/privacy?hl=de&gl=de. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

8.  Additional Notices for the Facebook Fanpage

(1) Joint responsibility for processing

You are on the Facebook Fanpage of:
BMK Group GmbH & Co. KG

Werner-von-Siemens-Strasse 6
86159 Augsburg
Germany
Telephone: +49 (0)821 – 20788 – 100
Fax: +49 (0)821 – 20788 – 101
E-Mail: info[at]bmk-group.de

For the information service provided here we use the technical platform facebook.com and the services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: “Facebook”).

As operators of the fan page we are jointly responsible with Facebook for the processing under the terms of the Data Protection Act. The agreement as set forth in Art. 26 subsection 1 GDPR can be found under the following link: https://www.facebook.com/legal/terms/page_controller_addendum

(2) Contact data for data privacy
The contact data of our data privacy officer can be found under Point 1‚ subsection 2. The data privacy officer of the platform operator can be contacted under the following link:  https://www.facebook.com/help/contact/540977946302970

(3) General terms of data processing
Please note that you use this Facebook page and its functions at your own responsibility. This applies in particular to the use of the interactive functions (e.g. comments, sharing, assessments).

(4) Automatic data processing when visiting our Facebook Fanpage
When you visit our Facebook site Facebook records your IP-address together with other information available on your PC in the form of Cookies. This information is used to provide us, the operator of the Facebook sites, with statistical information on the utilization of our Facebook page. Further information on this is available from Facebook under the following link: http://de-de.facebook.com/help/pages/insights .
The data on you collected in this connection are processed by Facebook and if appropriate may be transferred to countries outside the European Union. The information received by Facebook and how this information is used is described in general terms by Facebook in its Data Use Policy. Here you will also find information on contact possibilities for Facebook and on possible settings for advertisements. The data use guidelines are available here under the following link: http://de-de.facebook.com/about/privacy

The full Facebook Data Use Policy can be found under: https://de-de.facebook.com/full_data_use_policy

The ways in which Facebook uses the data collected from a visit to Facebook pages for its own purposes, the extent to which activities on the Facebook page can be allocated to individual users, how long Facebook saves these data and whether data from a visit to the Facebook site are transferred to a third party are not conclusively and clearly named by Facebook and are not known to us.

When accessing a Facebook page the IP-address assigned to your terminal is transmitted to Facebook. According to Facebook, this IP address is anonymized (for “German” IP addresses) and deleted after 90 days. In addition, Facebook saves information about the terminals of its users (e.g. under the framework of the function “Log-in notification”); where applicable, Facebook therefore has the possibility of allocation of IP addresses to individual users.

When you, the user, are logged in to Facebook there is a Cookie with your Facebook identification on your end device. In this way Facebook is able to trace that you have visited this page and how you used it. This also applies to all other Facebook pages. The Facebook buttons integrated in websites enable Facebook to record your visits to these website pages and to allocate these to your Facebook profile. On the basis of these data, other contents or advertising can be presented to suit you.

If you wish to avoid this you should log out from Facebook or deactivate the function “stay logged in”, delete the cookies present on your device, end your browser and restart. In this way Facebook information about you through which you can be directly identified. You can therefore use our Facebook page without your Facebook ID being disclosed. If you access interactive functions of the page (“Like”, comment, share, news etc.), a Facebook log-in mask appears. After a possible log-in you are once again recognizable by Facebook as a specific user.

Information on how you can manage or delete existing information can be found on the following Facebook Support Pages: https://de-de.facebook.com/about/privacy#

Information about those data processed by the platform operator about registered and non-registered visitors to our Facebook Fanpage, the period for which they are saved, the categories of recipients (including also for disclosure and group-internal data exchange) and the data transfer to third countries can be found on the following link: https://www.facebook.com/privacy/explanation

Should the persons concerned be traced through the processing of their data via the Facebook Fanpage e.g. through the use of Cookies, the saving of IP-address or other similar techniques, then according to the agreement entered into as set forth in Art. 26 subsection. 1 GDPR, the platform operator is obliged to notify this.
The platform operator therefore undertakes to provide information on the purposes of the data processing, the legal justification for it and on setting Session-Cookies and three Cookies with lifetimes between four months and two years.

Further information on this can be found under:
https://www.facebook.com/privacy/explanation
https://www.facebook.com/policies/cookies/

(5) Collection, processing and utilization of your person-related data by our company
On our Facebook-Fanpage you have the possibility to react to our articles, express a comment , create an article yourself on our page or send us a message privately. We will use and process all data stated or disclosed by you in this connection. The purposes of this processing serves exclusively the communication with users based on a justified interest on our part (Art. 6 subsection. 1 lit. f) GDPR).

1. Categories of affected persons
Affected persons are visitors to our Facebook Fanpage as registered or non-registered the social network Facebook.

2. Data that we process from registered visitors to our Facebook Fanpage

  • User ID (User name) under which you registered

  • Released profile data (e.g. name, profession, address, contact details, photos, interests and where applicable, also special person-related data such as religious beliefs, health status etc.)

  • Data that occur when sharing content, exchanging news and in communication

  • Data that are required at the request of the registered visitor under the terms for entering into an agreement.

In addition we process only pseudonymized data such as:
Statistics and insights into the extent of interaction with our Fanpage, the articles to be found there, pages, videos and other contents (page activities, page call-ups, likes, scope, general demographics, location and interests-related information on age, sex, country, city, language). We ourselves cannot bring together these pseudonymized data with respective person-related data (allocation characteristics such as names). It is therefore not possible for us to identify specific visitors. They remain anonymous to us.

3. Data that we process from non-registered visitors to our Facebook Fanpage
Pseudonymized data such as statistics and insights into the extent of interaction with our Fanpage, the articles to be found there, pages, videos and other contents (page activities, page call-ups, likes, scope, general demographics, location and interests-related information on age, sex, country, city, language). We ourselves cannot bring together these pseudonymized data with respective person-related data (allocation characteristics such as names). It is therefore not possible for us to identify specific visitors. They remain anonymous to us.

4. Origin of the data
We collect data directly from the affected person or receive these data from the platform operator.

5. Purposes of data processing
We process the data primarily for the purposes of public image. Further, we process the data for communication and data exchange and for the organization of events. Lastly, the data can also be processed for contract initiation or conclusion purposes.

6. Duration of saving data
On the basis of the agreement entered into with the platform operator as set forth in Art. 26 subsection 1 GDPR, the platform operator is under obligation of keeping and deleting data. Further information can be found under the following link: https://www.facebook.com/privacy/explanation

7. Categories of recipients
Access to the data we process is granted solely to our personnel and service providers. Insofar as the affected persons post their data publicly on our Facebook Fanpage, then these can be seen at any time by other registered or if applicable also by non-registered visitors.

8. Data transfer to third countries
Should the affected persons post their data publicly on our Facebook Fanpage then these data can be seen worldwide by other registered and non-registered visitors to our Fanpage.
Moreover, data are transferred by the platform operator under the framework of operating our Facebook Fanpage, also to third countries. This data transfer is secured either by a decision on appropriateness on the part of the EU Commission pursuant to Art. 45 GDPR or by means of suitable guarantees as set forth in Art. 46 GDPR. Further information can be found under the following link: https://www.facebook.com/privacy/explanation

In addition, the operator of the platform has Privacy Shield certification:  https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

On the basis of agreements on the EU-US Privacy Shield, Facebook shall grant the affected persons various rights which can then be enforced directly against Facebook.

(6) Legal grounds
1. Data processing by our company:

Our justified interest (Art. 6 subsection 1 lit. f) GDPR) in the processing of the data outweighs the interests, fundamental rights and freedoms of the affected persons. Our interest in the processing is the making available of a platform with up-to-date information, the improvement of our offers and our web presence, the presentation of our company and effective communication with the users who have queries or other issues. On the other hand we process as few person-related data of the affected persons as possible and make use of the possibility for anonymisation/pseudonymisation, insofar as this is possible in the interests of effective communication.

2. Data processing by the platform operator:
The legal grounds that form the basis for data processing by the platform operator can be viewed in the following link:
https://www.facebook.com/about/privacy/legal_bases

Insofar as the affected persons are traced through the collection of their data, either through the use of Cookies or similar techniques or through the saving of IP-Addresses, the platform operator shall obtain the prior consent of the affected persons.

In particular, the platform operator undertakes to inform the affected persons as to which purposes and on what legal basis the first call-up of a Fanpage even by non-registered visitors creates entries in the so-called “local storage” and whether also person-related data from non-registered visitors (e.g. IP-address or other data condensed to person-related data) are used for the creation of profiles.

9. Our social-media appearances

Data processing through social networks

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Google+ etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

Responsibility and assertion of rights

If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time

The data collected directly from us via the social media presence will be deleted from our systems as soon as the purpose for their storage lapses, you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).

Individual social networks

Facebook

We have a profile on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.

You can customise your advertising settings independently in your user account. Click on the following link and log in: www.facebook.com/settings.

Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/

Twitter

We use the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. Twitter is certified under the EU-US Privacy Shield.

You can customise your Twitter privacy settings in your user account. Click on the following link and log in: https://twitter.com/personalization

For details, see the Twitter Privacy Policy: https://twitter.com/privacy

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal information, see the Instagram Privacy Policy: https://help.instagram.com/519522125107875

XING

We have a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Details on their handling of your personal data can be found in the XING Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn

We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU-US Privacy Shield. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

For details on how they handle your personal information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

YouTube

Youtube(Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland) – Datenschutzerklärung:  https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

 

Information pursuant to Art. 13, 14 and 21 GDPR (EU-DS-GVO) for our business partners