Here we inform you about the processing of personal data when using our online presence. This online privacy statement therefore applies to our website www.beg-luxomat.com and our social media profiles, among other things.
Personal data is all data that can be related to you personally, i.e. name, address, e-mail, IP address or user behaviour.
With regard to the terms used, such as processing, data controller or data subject, reference is made to the definitions in Art. 4 GDPR. In particular, the following can be found there:
Personal data means any information relating to an identified or identifiable natural person (the data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or one or more specific characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person (Article 4(1) GDPR).
Processing means any operation or set of operations carried out with or without the aid of automated processes relating to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, limitation, erasure or destruction of data (Art. 4 No. 2 GDPR).
The data controller is the natural or legal person, public authority, agency or other body that alone or jointly with others decides on the purposes and means of the processing of personal data (Art. 4 No. 7 GDPR). Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Art. 4 No. 8 GDPR).
In particular, the terms processing and personal data are very far-reaching, so that almost any handling of data can be understood as such.
01. Who's in charge?
We are responsible for the processing of your data:
B.E.G. Brück Electronic GmbH
Managing Director: Dipl. Ing. Friedrich Brück
Phone: +49 2266 90121-0
02. Is there a data protection officer?
03. Who is affected by the data processing?
If, for example, you visit our online presence (e.g. our website or our social media profiles) as an interested party, customer, supplier, service provider or other visitor, your personal data will be processed in accordance with the statutory provisions or this declaration. All visitors of our online presence are summarised under the term "user".
04. What data do we collect from you and for what purposes or on what legal basis do we process the data?
If you visit our online presence without registering or otherwise transmitting information to us, only the personal data transmitted by the browser you use to our server will be processed. To the best of our knowledge, the following data will then be processed, which are technically necessary to display our online presence and to guarantee its stability and security:
- IP address of the requesting computer
- Date and time of the request
- Name and URL of the retrieved file
- Access status / HTTP status code
- transferred data volume
- Website from which the request comes (referrer URL)
- browser used
- operating system
If, in addition, you transmit personal data to us, e.g. within the scope of an inquiry by e-mail or via our contact form, we will also process the following data, if applicable:
- Basic data (e.g. name, address)
- Contact data (e.g. e-mail address, telephone number)
- Content data (e.g. text input, photos, videos)
- Usage data (e.g. sites visited, access times)
- Communication / metadata (e.g. device information, IP addresses)
In addition, we process the following personal data for the purposes of providing contractual services, service and customer care as well as marketing / advertising:
- If necessary, contract data (for example, contract object, customer number)
We process your personal data during your visit to our online presence for the following purposes:
- Providing the functions and contents of our online offer
- Ensuring a smooth connection to our website
- Ensuring a comfortable use of our website
- Evaluation and assurance of system security and stability as well as general security measures
- Answering any contact enquiries or communicating with you
- other administrative purposes
- provision of contractual services
- customer service
- Marketing / Advertising
Unless we provide a specific legal basis within the framework of this data protection declaration, the following applies to the processing of your personal data: The legal basis for obtaining consent is set out in Art. 6 para. 1 lit. a, Art. 7 GDPR. Art. 6 para. 1 lit. b GDPR applies as the legal basis for data processing to fulfil our services and carry out (pre-) contractual measures as well as to answer any enquiries. Art. 6 para. 1 lit. c GDPR is the legal basis for data processing to fulfil legal obligations. If vital interests of the data subject or another natural person make data processing necessary, the legal basis is derived from Art. 6 para. 1 lit. d GDPR. Data processing to preserve our legitimate interests is carried out on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest is based on the above-mentioned purposes of data collection.
If, in the course of processing your personal data, we disclose it to third parties, transmit it to them or otherwise grant them access to the data, this will be done exclusively on the basis of a legal permit, provided that you have consented thereto, we are legally obliged to do so or on the basis of our legitimate interests. A legal permission exists in particular if the passing on of the data is necessary for the fulfilment of contractual obligations (e.g. with payment or dispatch service providers). A legitimate interest may exist if we use data for direct advertising or to prevent fraud, or if you are a customer of ours. There may also be a legitimate interest, e.g. in the use of web or e-mail hosts, cloud providers or other service providers. Such service providers often act as so-called contract processors on the basis of a corresponding contract. They are also obliged to comply with data protection regulations and to contractually guarantee this. The legal basis for such contract processing relationships is Art. 28 GDPRO.
05. To whom do we transmit your data?
Unless otherwise stated in the data protection declaration, we regularly cooperate with the following recipients in particular:
- shipping service providers
- email host
- web host
- Provider Webinar Software
- online marketing
We carefully select external service providers. In the case of order processing relationships (Art. 28 GDPR), these companies are contractually bound by our instructions and are regularly monitored by us. More detailed information can be found in the following descriptions of the individual services.
The legal basis for the transmission of your personal data is mentioned above under point 04.
06. Will your data be transmitted to bodies outside the EU?
A transfer of your personal data to third countries (i.e. outside the EU or the EEA) or to an international organisation is only exceptionally provided for in certain cases. More detailed information can be found in the following descriptions of the individual services.
If we process your personal data in a third country or have it processed by third parties, this will only take place if it is done to fulfil our (pre-) contractual obligations or on the basis of your consent, a legal obligation or our legitimate interests. Your personal data will only be processed in a third country if the special requirements of Art. 44 ff. GDPR are met, unless legal or contractual permissions exist in individual cases. This means that data processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to that of the European Union (e.g. for the USA through the so-called "EU-US Privacy Shield") or the observance of special, recognised contractual obligations (in particular the so-called "EU standard contract clauses").
07. How long do we process your data?
The duration of the storage of your personal data is periodically evaluated according to existing legal retention periods (e.g. according to commercial or tax law). Unless otherwise stated below, your personal data will be routinely deleted after the expiry of any relevant period, provided that it is no longer required for the performance or initiation of the contract, we no longer have a legitimate interest in further storage and/or if you have not consented to further storage.
In Germany, special retention periods exist in the following areas, among others:
- according to commercial law (6 years, e.g. for opening balance sheets, annual financial statements, accounting documents, etc.)
- according to tax law (10 years for all documents relevant to tax law)
- according to AGG (6 months for documents of rejected applicants)
08. What are your rights?
You have the following rights with regard to the processing of your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to cancellation (Art. 17 GDPR)
- Right to limitation of processing (Art. 18 GDPR)
- Right to data transferability (Art. 20 GDPR)
- Right of opposition (Art. 21 GDPR)
- Right to revoke consent given (Art. 7 para. 3 GDPR)
- Right to appeal to a supervisory authority (Art. 77 GDPR)
The latter three rights are explained in more detail below. If you have any questions about your rights, please do not hesitate to contact us or our data protection officer. The contact details can be found above in the sections on the responsible body and on the data protection officer.
09. When and how can you object to data processing?
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the data processing at any time. As a result, we may no longer process your personal data in the future, unless we can prove compelling entitling reasons that outweigh your interests, rights and freedoms, or the data processing serves to assert, exercise or defend legal claims.
However, the right of objection only applies if there are reasons for it which result from your particular situation or if your objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without stating a particular situation.
If you would like to exercise your right of objection, simply send a message to our postal address or send an e-mail (see above under point 01).
10. When and how can you revoke your consent?
You can revoke your consent to us at any time. As a result, we may no longer process your personal data, which was based on this consent, in the future.
If you would like to exercise your right of withdrawal, simply send a message to our postal address or send an e-mail (see above under point 01).
11. Where can you complain?
With regard to the processing of your personal data by us, you have the right to complain to a data protection supervisory authority. A list of the state data protection supervisory authorities can be found at the following address:
12. When and why is it necessary to provide your data?
You provide us with your personal data (e.g. name, address or e-mail address) in the contact form, during registration or support enquiries.
The provision of your personal data is partly prescribed by law (e.g. by provisions of tax law). It may also be necessary for the implementation of (pre-) contractual measures. Failure to provide your personal data would result in the contract not being concluded with you or your request not being answered.
For the implementation of contracts or pre-contractual measures or for communication with us, the provision of the following data in particular is mandatory:
- First name and surname
- Company and professional group
- email address
- Telephone number, if applicable (e.g. for queries or replies to customer inquiries)
- Customer number, if applicable (e.g. for support activities)
Unless otherwise stated in this privacy statement, all other information is voluntary.
Before providing your personal data, you can also contact our data protection officer, whose contact details can be found under point 02 above, who will tell you individually whether the provision of personal data is required by law or contract in your case or whether it is necessary for a contract to be concluded, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.
13. Is there an automated decision making process (e.g. profiling)?
An automated decision including profiling does not take place.
14. How can you contact us?
You can contact us either by post, fax, telephone or e-mail. You will find our contact details above under the details of the person in charge.
If you contact us e.g. by e-mail or via our contact form, we automatically save the personal data you voluntarily provide to us for the purpose of processing your enquiry or contacting you. This data will not be passed on to third parties.
15. How do we secure our website?
Taking into account the state of the art, the implementation costs and the nature, extent, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk (Art. 32 GDPR). These measures include, in particular, preserving the confidentiality, integrity and availability of data. In addition, we have set up business processes at our company that ensure, in particular, the protection of data subjects' rights, the deletion of data and also the reaction to data breakdowns. In addition, we observe the principles of data protection law, including data protection through technology design and data protection-friendly default settings (privacy by design and privacy by default, Art. 25 GDPR).
For security reasons and to protect the transmission of your personal data and other confidential content, we use an encrypted SSL / TLS certificate on our website. You can recognise this by the fact that "https" (instead of "http") appears in the address line of your browser as well as a padlock symbol and a different colour representation.
16. How and why do we use Google Analytics?
In addition to or as an alternative to the browser add-on, you can prevent Google Analytics from collecting data by clicking the following link: Disable Google Analytics. This will set an opt-out cookie that will prevent your information from being collected on future visits to our website as long as the cookie remains on your computer.For more information on Google's use of data and on setting and objection options, please visit Google's website: "Use of data by Google when using the websites or apps of our partners" (www.google.com/intl/de/policies/privacy/partners), "Use of data for advertising purposes" (www.google.com/policies/technologies/ads), "Manage information Google uses to display advertising" (www.google.de/settings/ads) and "Determine which advertising Google shows you" (www.google.com/ads/preferences).
17. How and why do we use Google AdWords?
On our internet pages we use the conversion tracking of Google (provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin, 4 Ireland), now part of Google Ads. If you click on an advertisement placed by Google on our website, Google AdWords places a so-called cookie on your terminal device. These cookies are valid for 30 days and are not used for personal identification. If you visit certain subpages of our online presence and the cookie is still valid, we and Google may recognise that you clicked on the ad and were directed to that subpage. Each AdWords customer receives a different cookie. Cookies cannot therefore be traced via the Internet pages of AdWords customers.
The information collected through conversion cookies is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. These customers will be notified of the total number of users who clicked on their ad and were directed to a site with a conversion tracking tag. However, no information is transmitted with which users can be personally identified. The legal basis for the use of Google AdWords is Art. 6 Para. 1 S. 1 lit. f GDPR.
For more information about cookies and how to use them, please read the appropriate section in this privacy statement.
If you do not wish to participate in tracking, you may refuse to accept the cookies required for this purpose, e.g. by means of a browser setting which generally deactivates the automatic setting of cookies or blocks the cookies from the googleleadservices.com domain.
You may not delete the opt-out cookies unless you want your data collected. If this or all cookies are deleted, you must set the opt-out cookie again.
18. How and why do we use Google Tag Manager?
We use the Google Tag Manager (provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin, 4 Ireland) , now part of the Google Marketing Platform, on our Internet pages. The legal basis for the use of Google Tag Manager is Art. 6 Para. 1 S. 1 lit. f GDPR.
This service allows website tags to be managed via an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will persist for all tracking tags if they are implemented with the Google Tag Manager.
19. How do we process your data when you use our contact form?
If you contact us via e-mail, our contact form or our order form, the personal data transmitted by you will be automatically stored. Such personal data voluntarily transmitted to us by you will be processed for the purpose of handling your inquiry or contacting you. This data will not be passed on to third parties without your consent. The legal basis for the use of the contact form is Art. 6 para. 1 sentence 1 lit. f GDPR.
20. What are cookies and how do we use them?
The so-called persistent (or permanent) cookies are automatically deleted after a certain period of time; depending on the cookie, the duration of storage varies. This means that, for example, user information for range measurement or marketing purposes or a login status can be stored for a longer period of time.
A distinction must be made between first-party cookies and third-party cookies for both temporary and permanent cookies. The former are set by the responsible body, the others by third parties.
On our website we may use temporary or permanent cookies as well as first and third party cookies, e.g. to identify you for subsequent visits if you have an account with us (otherwise you would have to log in again for each visit). You will subsequently receive further information about this as part of our data protection declaration.
21. How and why do we use Google Maps?
We use Google Maps content on our Internet pages to display maps and to create route maps (providers: Google Ireland Ltd, Gordon House, Barrow Street, Dublin, 4, Ireland). According to the provider, its servers are located in different countries all over the world, so that data transfer to third countries cannot be ruled out. The legal basis for the use of Google Maps is Art. 6 para. 1 sentence 1 lit. f GDPR.When you visit our website, Google receives the information that you have accessed the corresponding subpage of our online presence. In addition, certain data is transmitted, e.g. your IP address. This occurs regardless of whether you have a Google user account or are logged in there. When you are logged into your Google Account, your information will be directly associated with your account. If you do not want such an assignment, you have to log out of your Google Account. Google processes your data for the purposes of advertising, market research and/or the needs-based design of its Internet pages. Such evaluation is carried out in particular (even for users who are not logged in) in order to provide demand-oriented advertising and to inform other users about your activities on our website. You have a right to object to this type of data processing. If you wish to exercise your right to object, please contact Google directly.
Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield (www.privacyshield.gov/EU-US-Framework).
22. How and why do we use Google WebFonts?
On our website, we use Google WebFonts (provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin, 4, Ireland) to integrate external fonts:. When you access our website, the required fonts are loaded into the cache of your browser in order to display the contents of our website correctly.
The processing of your data (e.g. IP address) therefore constitutes a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
23. How and why do we use Google reCAPTCHA?
On our website we use the function reCAPTCHA (provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin, 4, Ireland). This serves the purpose of protecting our forms (e.g. our contact form). With reCAPTCHA it can be differentiated whether the input in a form is made by a machine or by a human being, so that a protection against abusive, automated processing exists.
To the best of our knowledge, when using reCAPTCHA, the referrer URL, the IP address, the behaviour of the users of our website as well as information on the operating system, browser and length of visit, cookies, display instructions, scripts or the user's input behaviour in the area of the reCAPTCHA checkbox are transmitted to the provider. Your personal data (e.g. your IP address) will not be merged with other data of the provider, unless you have a Google account and are logged in at this time. If you do not want such an assignment, please log out of your Google account before using our contact form.
24. How and why do we use Google Custom Search API?
On our website, we use Google's custom search engine (Google Custom Search Engine, "Google CSE") as the central search service (provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin, 4 Ireland). This enables us to provide a full text search and thus an improvement or facilitation for the users of our website. Access to this search function is via a search field integrated in the header of the individual sites.
If you do not use the Google search, basically no search data will be transmitted to the Google servers. If, however, you enter a search term into the search field and confirm this by pressing the Enter key or the search icon (arrow symbol), the search results page will be opened, which loads the corresponding search results from Google using a plugin provided by Google. Google CSE enables automated data exchange between the search results page and the Google servers. Google search also involves the dynamic transfer of data by Google to the search results page. Data processing is therefore carried out on the basis of Art. 6 para. 1 lit. f GDPR.
When using the Google search, personal data of the user are transmitted to the Google servers, e.g. the search terms entered and the IP address. We would like to point out that the processing of any personal data transmitted is the responsibility of the provider (Google) and that we have no influence on the type and scope of the transmitted data or on its further processing.
If you have a Google Account and are logged in, your information can be directly associated with your profile. If you do not want such an assignment, you have to log out of your Google Account.
Further information on the purpose and scope of data processing and further information on data protection can be found on the provider's website or on the data protection conditions for advertising at the following address: https://policies.google.com/privacy?hl=en
25. How and why do we use Youtube content?
On our website we use contents as well as plugins of the video portal Youtube (provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin, 4, Ireland), which are stored on the provider's servers and can be played directly from our website. According to the provider, its servers are located in different countries all over the world, so that data transfer to third countries cannot be ruled out. The legal basis for the use of Youtube is Art. 6 Para. 1 S. 1 lit. f GDPR.
Here we use the option "extended data protection mode" provided by Youtube. According to information provided by Youtube, in this mode data is only transmitted to Youtube (e.g. which of our websites you have visited) when you watch the respective video. We have no influence on this data transmission.
When you access one of our web pages equipped with this feature, a connection is established to the Youtube servers. The Youtube server will be informed which of our pages you have visited. If you have your own Youtube account and are logged in to it, Youtube can assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Youtube account.
Youtube processes your data for the purposes of advertising, market research and/or the design of its Internet pages to meet your needs. Such analysis is carried out in particular (even for users who are not logged in) in order to provide demand-oriented advertising and to inform other Youtube users about your activities on our website. You have a right to object to this type of data processing. If you wish to exercise your right to object, please contact Youtube directly.
Further information can be found in the privacy statement for the Youtube platform (www.google.de/intl/de/policies/privacy). Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield (www.privacyshield.gov/EU-US-Framework).
26. How do we process your data when you subscribe to our newsletter?
You can subscribe to our newsletter. You must give us your express consent to this. With our newsletter we inform you regularly about our products, our company and/or current offers. You can find the details in the declaration of consent.
Once you have subscribed to our newsletter, we will first send you an email to the email address you provided, asking you to click on the activation link provided to confirm your subscription. If you do not confirm your registration in this way within 72 hours, your information will be blocked and automatically deleted after 3 weeks.
In addition, we save your IP address and the time of registration as well as the confirmation, if applicable. The purpose of this so-called double opt-in procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
Only your e-mail address is required to send you our newsletter, this is the only mandatory information that you must provide. The indication of further, separately marked data is voluntary and is used for the purpose of personal address. After your confirmation, we will process your e-mail address and any other voluntarily provided data exclusively for the purpose of sending and administering our newsletter.
The legal basis for the administration and dispatch as well as the associated performance measurement is Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG (German Act Against Unfair Competition; Gesetz gegen den unlauteren Wettbewerb; UWG) or on the basis of the exception pursuant to § 7 para. 3 UWG. The registration procedure is recorded on the basis of our legitimate interests, e.g. for documentary purposes (Art. 6 para. 1 lit. f GDPR).
You can revoke your consent to receive our newsletter at any time with effect for the future. You can declare your revocation by clicking on the unsubscribe link contained in each newsletter.
27. How and why do we use newsletter tracking?
When sending our newsletter, we analyse your user behaviour. For this purpose, the links in the individual newsletters are designed in such a way that it is possible to track which links are clicked how often. Technical information (e.g. about your browser) and also your IP address as well as the time of the call are raised.
The data is collected exclusively under a pseudonym, so it is not linked with your other data, a direct personal relationship is excluded.
This information is used for the technical improvement of the services as well as for the individualisation of our offer.
You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us of this in a separate e-mail, for example. The information is stored as long as you have subscribed to the newsletter. After a deregistration we store the data purely statistically and anonymously.
28. How do we handle applicant data?
We also offer job advertisements on our website, which can be responded to in electronic form (i.e. by e-mail or PDF files); we also accept unsolicited applications. Applicants' data will be processed electronically for the purposes of the application procedure. These application data include in particular name, address, telephone number, e-mail address, date of birth, educational information or grades.
If the conclusion of an employment contract results from an application, the application data can be stored for the usual organisational and administrative process of the respective personnel file. Otherwise, i.e. in the case of rejection of applicants, the application data will be deleted six months after notification of rejection. This applies in any case if there are no specific legal requirements to the contrary or if the respective applicant has expressly agreed to the longer storage of his application data.
29. How and why do we use online seminar software?
However, you will find the supplement on data processing by the provider here: https://logmeincdn.azureedge.net/legal/20181030/DPA/LMI-Customer-Data-Processing-Addendum-2018-v2-GDPR-DE-SAMPLE.pdf
30. How and why is data processed in a customer account?
You can voluntarily create a customer account, through which we can store your data for future purchases. When a customer account is created, the data provided by you will be stored revocably. In your customer area you have the possibility to view, correct or delete your data.
When registering, re-registering and using our online services, we store your IP address and the time of each action. This is done on the basis of our legitimate interests and in the interest of the user, in particular protection against misuse or the like. Data will not be passed on to third parties unless it is necessary as a legitimate interest to pursue our legal claims or unless there is a legal obligation to do so. The deletion of the data takes place after expiry of the legal storage obligations or other contractual rights or obligations (e.g. services from contracts with customers).
31. Which social media profiles do we use?
Our social media profiles:
- Facebook (PrivacyPolicy)
- Facebook (joint accountability agreement)