Privacy Policy
1. Purpose and accountability
1.1. This Privacy Policy describes how we process personal data collected on our websites and online platforms and through our associated webpages, mobile applications, functions and content (hereinafter jointly referred to as “Services” or more specifically as “Website”) and describes the scope and purpose of these activities. This Privacy Policy applies to all situations, regardless of which domain, system, platform or device (e.g. desktop or mobile) the Websites are accessed on.
1.2. The provider of the Websites, and the party responsible for data protection and privacy issues in regard to the Websites, is the company Berndt und Partner GmbH, Englerallee 40, 14195 Berlin, Germany, managing partner: Dipl.-Ing. Thomas Reiner, info@bp-group.de (hereinafter referred to as “we”, “us” and “our”). For further information about us and contact details please refer to our legal information: http://www.bp-group.de/en/imprint.html.
2. General information on data processing and legal basis
2.1. The personal data of the users processed in the context of our Service include inventory data (e. g., names and addresses of customers), contract data (e. g., services used, names of staff), usage data (e. g., the websites visited, interest in our products), Meta/communication data (e. g., device IDs, IP addresses) and content data (e. g., entries in the contact form, data processed within the scope of our contract fulfilment).
2.2. The term “user” covers all categories of data subjects concerned. They include our business partners, customers, prospective customers and other visitors to our website. The term “user” covers all categories of data subjects concerned. They include our business partners, customers, prospective customers and other visitors to our website.
2.3 All the personal User data we collect is processed in accordance with the relevant data protection regulations. That means we only process User data where this is permitted by law. This applies, in particular, if data processing is required or prescribed by law in order to furnish our contractual services (e.g. to process orders) and provide online services, or if the User has provided their consent, or if it is for the purposes of our legitimate interests (i.e. our interest in analyzing, optimizing and running our Websites in a secure and commercially viable manner within the meaning of Art. 6 (1) f. of the General Data Protection Regulation (GDPR).
2.4. In regard to the processing of personal data on the basis of the General Data Protection Regulation (GDPR), please note that the legal basis for the data subject giving consent is Art. 6 (1) a. and Art. 7 GDPR, the legal basis for processing data in order to perform our contractual services and discharge our contractual obligations is Art. 6 (1) b. GDPR, the legal basis for processing data in order to comply with our legal obligations is Art. 6 (1) c. GDPR, and the legal basis for processing data for the purposes of our legitimate interests is Art. 6 (1) f. GDPR.
3.1. We apply state-of-the-art organizational, contractual and technical security measures to ensure compliance with the provisions of data protection legislation and thereby to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
4. Forwarding of data to third parties and third-party providers
4.1. Data is only forwarded to third parties to the extent permitted by law. We only forward User data to third parties if, for example, this is necessary in order to fulfil our contractual obligations towards the users or if we make use of third party services within the scope of our legitimate interests. Furthermore, data is transferred within the companies of our group of companies, in particular for the purpose of fulfilling administrative tasks, legal obligations or for reasons of business interests.
4.2. Insofar as we make use of third-party services to furnish our own services, we ensure appropriate legal safeguards are in place and take appropriate technical and organizational steps to ensure that personal data is protected in compliance with applicable statutory requirements.
4.3. Insofar as content, tools or any other resources from other providers (hereinafter referred to as “third-party providers”) are employed within the scope of this Privacy Policy and said third-party providers have their registered headquarters in a third country, it should be assumed that data will be transferred to the country of domicile of the third-party provider. The term third country refers to countries in which the GDPR does not constitute directly applicable legislation, i.e. essentially countries outside the EU or the European Economic Area. Data shall be transferred to third countries if an adequate level of data protection is in place, if the User has provided their consent, or if this transfer is permitted by law in any other way.
5. Processing of data within the course of customer relations
5.1. We process inventory data (e. g., names and addresses as well as contact data of users) and contract data (e. g., services used, names of contact persons) of our customers and interested parties for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 (1) b. GDPR.
5.2. Furthermore, we process the data of our customers (e. g., the visited websites of our online offer as well as concerning the use of our services) on the basis of our legitimate interests in advertising and market research purposes in accordance with Art. 6 (1) f. GDPR, in order to offer customers services based on their previous contractual interests or the events they have attended and to analyse the development of our business operations. Furthermore, we process the data insofar as we are legally required to do so, e. g. due to commercial and tax obligations, in accordance with Art. 6 (1) c. GDPR, are obligated.
5.3. If a User gets in touch with us by email, we process the User’s details in order to respond to and deal with the query or request. The User’s details may be stored in our customer relationship management (CRM) system or a comparable enquiry system.
6. Collection of access data (logfiles)
6.1. For the purposes of our legitimate interests according to Art. 6 (1) f. GDPR, we collect data every time the server on which the service is located is accessed. This data is collected in the form of server log files. These access logs include the name of the webpage and/or file accessed by the User, the date and time of access, the amount of data transferred, notification of successful retrieval, details of the web browser used (including the version), the User’s operating system, the referrer URL (of the previous page linking to our website), the IP address and the requesting provider.
6.2. Log file information is retained for security reasons (e.g. to detect improper use or fraud) for a maximum of seven days before being deleted. Data that is to be retained as evidence shall be excluded from deletion until the relevant case has been finalized.
7. Cookies & reach measurement
7.1. Cookies are data packets that are transferred from our web server or third parties’ web servers to the User’s web browser and stored there for later retrieval. Cookies may comprise small files or any other kinds of information storage. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user’s previous activity. We use so-called “session cookies”, which information are only stored for the duration of the current visit to our Website (e. g. to enable your login status). A session cookie stores a randomly generated unique identification number, a so-called session-ID. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when users have finished using my online offer and, for example, log out or close the browser.
7.2. This Privacy Policy also explains to Users how I use cookies in a pseudonymized manner to measure reach.
7.3. If the User does not wish cookies to be stored on their computer, we hereby request that they disable the relevant option in their browser settings. Stored cookies can be deleted in the browser settings at any time. Disabling cookies may prevent the user from enjoying the full functionality of these Websites.
7.4. Users can block cookies that are used for tracking and online advertising by visiting the opt-out page of the network advertising initiative (http://optout.networkadvertising.org/) and also by managing their preferences on the U.S. website http://www.aboutads.info/choices or the European website http://www.youronlinechoices.com/uk/your-ad-choices/.
8. Integration of third-party services and content
8.1. For the purposes of our legitimate interests (i.e. our interest in analyzing, optimizing and running our Websites in a commercially viable manner within the meaning of Art. 6 (1) f. of the GDPR), we use third-party content and service delivery services on our Websites in order to incorporate content and services such as videos and fonts, for example (hereinafter jointly referred to as “content”). The third-party provider of this content always requires the User’s IP address in order to send the content to the browser of the respective User. In other words, the IP address is required to display this content. We endeavor only to use such content where the respective provider uses the IP address exclusively to deliver said content. Third-party providers may additionally use “pixel tags” (invisible image files, also known as web beacons) for statistical or marketing purposes. Pixel tags can be used to analyze information such as the number of visitors accessing the pages of this website. The pseudonymized information may additionally be stored on User devices in the form of cookies. This information includes technical information on the browser and operating system, referring websites, time spent on the website, and further details on how Users make use of our Websites, as well as possibly information about the location of the Users plus it can also be combined with comparable information from other sources.
8.2. The list below provides an overview of third-party providers and their content as well as links to their privacy policies, which contain further information on data processing and opt-out mechanisms, some of which have already been discussed here:
– External fonts provided by the third-party provider Google, Inc., https://www.google.com/fonts („Google Fonts“). The integration of the Google fonts is performed by a request on Google’s server (usually in the USA). Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.
– Notes on Google, Inc.: Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.1. The data stored by us is deleted once it is no longer required for the designated purpose and provided that we have no statutory obligation to retain said data. In the event User data is not deleted because it is required for other purposes permitted by law, then its processing shall be restricted accordingly, i.e. the data shall be blocked and no longer processed for other purposes. This applies, for example to User data that must be retained due to commercial or tax requirements.
9.2. In accordance with statutory requirements, the records are kept for 6 years in accordance with § 257 (1) German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) German General Fiscal Law (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).
10.1. Users have the right to obtain information free of charge on the personal data we have collected about them. In addition, Users have the right to correct any inaccurate data, restrict the processing of their personal data or delete it, and, where applicable, assert their right to data portability. Users also have the right to submit a complaint to the relevant supervisory authorities if they suspect that data has been processed unlawfully.
10.2. Users can also withdraw any consent they may have given. Such a revocation of consent shall have future effect only.
Users can choose to opt out of the future processing of their personal data at any time in accordance with statutory provisions. This right to object applies in particular to the processing of data for the purposes of direct advertising.
12. Amendments to this Privacy Policy
12.1. We reserve the right to amend this Privacy Policy at any time to reflect changes in the legal situation or changes relating to the service or data processing. This only applies to declarations concerning data processing, however. If Users’ consent is required or if the Privacy Policy contains provisions for the contractual relationship with the Users, the changes shall only be made with the consent of the Users.
12.2. Users are requested to check the Privacy Policy on a regular basis to keep up-to-date with its content.
Last updated: May 2018