We are delighted that you are interested in our company. Data protection is particularly important. In principle, the use of the Internet pages is possible without the disclosure of any personal data. However, if a data subject would like to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally request the consent of the data subject.
As the party responsible for processing, our company has implemented numerous technical and organisational measures in order to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transfers may be subject to security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transfer personal data to us by alternative means, for example by telephone.
1. Definitions of terms
a) Personal data
Personal data is all information relating to an identified or identifiable natural person (hereafter the "data subject"). A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the Data Controller.
Processing in this case is any procedure performed with or without the aid of automated processes or any such series of processes in connection with personal data, such as the collection, recording, organisation, arrangement, storage, adaptation or modification, reading-out, querying, use, disclosure by transfer, dissemination or any other form of provision, reconciliation or linking, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
Pseudonymisation is the processing of personal data in a manner such that the personal data can no longer be assigned to a specific individual without the use of additional information, provided that this additional information is stored separately and is subject to technical and organisational measures which ensure that the personal data is not assigned to an identified or identifiable natural person.
f) Party responsible or Data Controller
The party responsible or Data Controller is the natural or legal person, public authority, institution or other body which alone or together with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or by the law of the Member States, the Data Controller or the specific criteria for his or her appointment may be laid down in accordance with Union law or the law of the Member States.
g) Contract processor
A contract processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the Data Controller.
The recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under Union law or the law of the Member States within the framework of a specific investigation mandate are not regarded as recipients.
i) Third party
A third party is a natural or legal person, authority, institution or other body except for the person concerned, the Data Controller, the order processor and the persons authorised to process the personal data under the direct responsibility of the Data Controller or data processor.
Consent means any informed and unequivocal expression of intent submitted voluntarily by the data subject in the particular case in the form of a declaration or other clear affirmative act by which the data subject indicates his or her consent to the processing of the personal data relating to him or her.
2. Name and address of the Data Controller
The Data Controller within the meaning of the General Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a nature which is relevant to data protection is:
Am Schweizerbach 1
71384 Weinstadt-Benzach, Germany
Telephone: +49 7151 - 9 92 00 0
Fax: +49 7151 - 9 92 00 50
3. Name and Address of the Data Protection Officer
The Data Protection Officer of the Data Controller is:
Hans Joachim Dionisius
D-72639 Neuffen, Germany
Tel: +49 7025 8446060
Mobil: +49 163 9781678
Any data subject can contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.
The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thereby permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common internet browsers. If the data subject disables the setting of cookies in the Internet browser used, not all functions of our Internet site may be fully usable under certain circumstances.
5. Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is transferred as a rule to a Google server in the USA and saved there.
Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
a) IP anonymisation
We have activated the IP anonymisation function on this website. This will cause your IP address to be shortened by Google within Member States of the European Union or in other countries which are party to the Agreement on the European Economic Area before transfer to the USA. Only in exceptional cases is the complete IP address transferred to a Google server in the USA and shortened there. On behalf of the operator of this website Google will use this information in order to evaluate your use of this website for the purpose of compiling reports on website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transferred by Google Analytics from your browser is not combined with other Google data.
b) Browser plug-in
You can prevent the saving of the cookies by making corresponding adjustments to your browser software; we do however point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of the data generated by the cookie and relating to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in that is available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de
c) Objection to data collection
You can prevent the collection of your data by Google Analytics by clicking on the link below. An opt-out cookie is set which prevents the collection of your data during future visits to this website:deactivate Google Analytics for this website.
You can prevent the collection of your data by Google Analytics by clicking on the link below. An opt-out cookie is set which prevents the collection of your data during future visits to our online shop: disable Google Analytics for our online shop.
d) Contract data processing
We have concluded a contract with Google on contract data processing and fully implement the strict requirements of the German data protection authorities with respect to the use of Google Analytics.
6. Data processing via social media
We are represented with a company page on several social media platforms. By this means, we wish to offer further options to obtain information about our company and to communicate with us. We have company pages on the following social media platforms:
If you visit a profile on a social media platform or interact with it, it is possible that your personal data is processed Also, the information linked to a social media profile which is used regularly depicts personal data. It also records messages and statements which arise during use of the profile. Moreover, whilst you visit a social media profile, frequently certain information regarding your visit is recorded and can also depict personal information.
Visiting a social media page
Facebook and Instagram
When you visit our Facebook or Instagram page via which we depict our company or individual products from our programme, certain information about you is processed. Facebook Ireland Ltd (Ireland/EU – “Facebook”) carries the sole responsibility for processing this data. You can find further information regarding the processing of personal data by Facebook under https://www.facebook.com/privacy/explanation.
Facebook offers the option to disagree with certain data processing; you can find information regarding this and opt-out options under https://www.facebook.com/settings?tab=ads.
Facebook provides us with anonymous statistics and insights for our Facebook and Instagram pages, with whose help we obtain knowledge of the type of action people take on our pages (so-called “page insights”). These page insights are created based on certain information about people who have visited our pages. This personal data, for which we hold joint responsibility, is processed by Facebook and us. Processing serves our justified interests to assess the types of action taken on our pages and to improve them on our pages based on this knowledge.
The legal basis for this processing is Art. 6, para. 1, letter f) of the GDPR [General Data Protection Regulation]. We cannot allocate the information received via page insights to individual Facebook profiles which interact with our Facebook page. We have concluded an agreement with Facebook relating to processing with joint responsibility, in which the allocation of duties pertaining to data protection regulations between us is laid down. You can find further details regarding the processing of personal data for creating page insights and the Agreement concluded between us and Facebook under https://www.facebook.com/legal/terms/information_about_page_insights_data.
With reference to this data processing, you also have the option to assert your data subject rights vis-à-vis Facebook. You can find further information regarding this in the Facebook Data Privacy Statement under https://www.facebook.com/privacy/explanation.
Please note that, in accordance with the Facebook data protection terms, user data is also processed in the USA and further third countries. Facebook only transfers user data to countries for which an adequacy decision of the European Commission according to Art. 45 GDPR exists or, based on appropriate guarantees, according to Art. 46 GDPR.
Processing data which you inform us of via our social media pages
We also process information which you have provided us with via our company page on the respective social media platform. This information can, for example, include the user name, contact data or a message to us. We only process this personal data regularly if we have expressly requested you to provide us with this data beforehand. This processing is made by us in sole responsibility. We process this data due to our justified interest to contact persons who request information. The legal basis for data processing is Art. 6, para. 1, letter f) of the GDPR.
Moreover, we process data provided in this manner for evaluation and marketing purposes as applicable. This processing takes place on the legal basis of Art. 6, para. 1, letter f) of the GDPR and serves our interests to continue to develop our and inform you of our offers in a targeted manner. Further data processing may take place with your consent (Art. 6, para. 1, letter a) GDPR) or if required to fulfil a legal obligation (Art. 6, para. 1, letter c) GDPR).
7. Collection of general data and information
Our website collects an amount of general data and information each time a data subject or an automated system visits our website. This general data and information is stored in the so-called log files of the server. We may record the types and versions of browsers used, the operating system used by the accessing system, the website from which an accessing system reaches our website (so-called referrer), the sub-websites which are accessed via an accessing system on our website, the date and time of access to the website, an Internet protocol address (IP address), the Internet service provider of the accessing system and other similar data and information which serve to avert danger in the event of attacks on our information technology systems.
When using this general data and information, we do not draw any conclusions about the data subject. Instead, this information is required to correctly deliver the contents of our website, to optimise the contents of our website as well as the advertising for it, to ensure the permanent functionality of our information technology systems and the technology of our website and to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by us statistically on the one hand, and on the other with the aim of increasing data protection and data security in our company in order ultimately to ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.
8. Contact option via the website
On the basis of legal regulations, the website contains information that enables the establishment of rapid electronic contact with our company and direct communication with us, which also includes a general address for so-called electronic mail (email address). If a data subject contacts the Data Controller via email or a contact form, the personal data transferred by the data subject is stored automatically. Such personal data that is voluntarily provided by a data subject to the Data Controller is stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.
9. Routine deletion and blocking of personal data
The Data Controller processes and stores the personal data of the data subject only for the duration necessary to achieve the data retention purpose or to the extent provided for by the European regulator or any other legislator in laws or regulations to which the Data Controller is subject.
If the storage purpose no longer applies or if a storage period prescribed by the European regulator or any another competent legislator expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.
10. Rights of the data subject
a) Right to confirmation
Every data subject has the right granted by the European regulator to request the Data Controller to confirm whether personal data relating to him or her is being processed. If a data subject would like to exercise this right of confirmation, he or she may contact our Data Protection Officer or another employee of the Data Controller at any time.
Any person affected by the processing of personal data has the right granted by the European regulator to obtain – at any time and free of charge – information from the Data Controller concerning the stored personal data relating to his or her person and a copy of such information. Furthermore, the European regulator has granted the data subject the right to the following information:
- the purposes of processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data has been or is still being disclosed, in particular recipients in third countries or at international organisations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right of rectification or erasure of the personal data relating to him or her or of a restriction on processing by the Data Controller or a right of objection to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data is not collected from the data subject: All available information about the origin of the data
- the existence of an automated decision-making process, including profiling in accordance with Article 22 para. 1 and 4 of the GDPR and — at least in these cases — meaningful information on the logic involved and the scope and intended effects of such processing for the data subject
Furthermore, the data subject has a right of access to information as to whether personal data has been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to receive information on the appropriate guarantees in connection with the transfer.
If a data subject would like to exercise this right to information, he or she may contact our Data Protection Officer or another employee of the Data Controller at any time.
c) Right to rectification
Any person subject to the processing of personal data has the right granted by the European legislator to request the immediate rectification of inaccurate personal data relating to him or her. Furthermore, taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
If a data subject would like to exercise this right to rectification, he or she may contact our Data Protection Officer or another employee of the Data Controller at any time.
d) Right to erasure (right to be forgotten)
Any person affected by the processing of personal data has the right granted by the European regulator to request the Data Controller to erase the personal data relating to him or her immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:
- The personal data has been collected or otherwise processed for purposes for which it is no longer required.
- The data subject withdraws his/her consent on which the processing was based pursuant to Article 6 para. 1a of the GDPR or Article 9 para. 2a of the GDPR and there is no other legal basis for the processing.
- The data subject opposes the processing under Article 21 para. 1 of the GDPR and there are no overriding legitimate grounds for processing or the data subject opposes the processing under Article 21 para 2 of the GDPR.
- The personal data has been processed unlawfully.
- The deletion of the personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the party responsible is subject.
- The personal data has been collected in relation to information society services offered in accordance with Art. 8 para. 1 of the General Data Protection Regulation (GDPR).
If one of the above-mentioned reasons applies and a data subject wishes to have personal data stored with us erased, he or she may contact our Data Protection Officer or another employee of the Data Controller at any time for this purpose. Our Data Protection Officer will ensure that the request for deletion is complied with without delay.
e) Right to restriction of the processing
Any person subject to the processing of personal data has the right granted by the European legislator to request from the Data Controller that the processing of the data be restricted if one of the following conditions applies:
- The accuracy of the personal data is disputed by the data subject for a period that enables the Data Controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject rejects the erasure of the personal data and instead requests that the use of the personal data be restricted.
- The Data Controller no longer requires the personal data for the purposes of the processing, but the data subject requires it to assert, exercise or defend legal claims.
- The data subject has lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the Data Controller outweigh those of the data subject.
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by our company, he or she can contact our Data Protection Officer at any time. The Data Protection Officer will arrange for such processing to be restricted.
f) Right to data portability
Any person subject to the processing of personal data has the right granted by the European legislator to receive the personal data relating to him or her which has been provided by the data subject to a Data Controller in a structured, current and machine-readable format. He or she also has the right to transfer such data to another Data Controller without obstruction by the Data Controller to whom the personal data has been made available, provided that the processing is based on the consent provided for in Article 6 para. 1a GDPR or Article 9 para. 2a GDPR or in a contract in accordance with Article 6 para. 1b GDPR and that the processing is carried out using automated procedures, unless the processing is required for the performance of a task which is in the public interest or carried out in order to exercise public authority that has been conferred on the Data Controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20 para. 1 GDPR, the data subject has the right to request that the personal data be transferred directly by one Data Controller to another Data Controller, provided this is technically feasible and provided that the rights and freedoms of other individuals are not affected by this.
In order to assert the right to data portability, the data subject may contact the Data Protection Officer or another employee at any time.
g) Right of objection
For reasons arising from his or her particular situation, any person affected by the processing of personal data has the right granted by the European legislator to object at any time to the processing of personal data relating to him or her under Article 6 para. 1(e) or (f) of the GDPR. This also applies to profiling based on these provisions.
We will no longer process personal data in the event of an objection, unless we can provide evidence of compelling grounds for processing that are worthy of protection and which outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims.
If we process personal data in order to carry out direct advertising, the data subject has the right to object at any time to the processing of the personal data for the purposes of such advertising. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to our company's processing of such data for direct marketing purposes, we will no longer process the personal data for these purposes.
Furthermore, for reasons arising from his or her particular situation, the data subject has the right to object to the processing of personal data relating to him or her for scientific or historical research purposes or for statistical purposes in accordance with Article 89 para. 1 of the GDPR, unless such processing is necessary for the performance of a task which is in the public interest.
To exercise the right of objection, the data subject may contact the Data Protection Officer directly. Notwithstanding Directive 2002/58/EC, the data subject is also at liberty to exercise his or her right of opposition in relation to the use of information society services by means of automated procedures in which technical specifications are used.
h) Automated decisions in individual cases, including profiling
Any person affected by the processing of personal data has the right granted by the European regulator not to be subject to a decision based exclusively on automated processing – including profiling – which has legal effect against or significantly affects him or her in a similar manner, provided that the decision is not necessary for the conclusion or fulfilment of a contract between the data subject and the Data Controller or is admissible under the legal regulations of the Union or Member State to which the Data Controller is subject, and these legal regulations contain appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or is carried out with the express consent of the data subject.
If a decision is necessary for the conclusion or fulfilment of a contract between the data subject and the Data Controller or is taken with the express consent of the data subject, we will take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to bring about the intervention of a person by the Data Controller to state its own position and to challenge the decision.
If the data subject wishes to assert rights with regard to automated decisions, he or she can contact our Data Protection Officer at any time.
i) Right to revoke consent under data protection law
Any person subject to the processing of personal data has the right granted by the European legislator to revoke the consent to the processing of personal data at any time.
If a data subject would like to exercise his or her right to revoke such consent, he or she may contact our Data Protection Officer or another employee of the Data Controller at any time.
11. Data protection for applications and in the application process
The Data Controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant sends corresponding application documents to the Data Controller by electronic means, for example by email or via a web form on the website. If the Data Controller concludes an employment contract with an applicant, the data transferred will be stored for the purposes of processing the employment relationship in compliance with the statutory provisions. If the Data Controller does not conclude an employment contract with the applicant, the application documents are automatically deleted three months after notification of the decision of refusal, provided that no other legitimate interests of the Data Controller stand in the way of such erasure. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the German General Equal Treatment Act (AGG).
The Data Controller has integrated components of YouTube on this website. YouTube is an Internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why entire film and television programmes, as well as music videos, trailers or videos produced by users themselves are available through the Internet portal.
YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time one of the individual pages of this website which is operated by the Data Controller and into which a YouTube component (YouTube video) has been integrated is accessed, the Internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/de/. During the course of this technical procedure, YouTube and Google are informed about which specific subpage of our website is visited by the data subject.
If the data subject is logged on to YouTube at the same time, YouTube recognises which specific subpage of our website is visited by the data subject when the subpage that contains a YouTube video is accessed. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google receive information via the YouTube component that the data subject has visited our website whenever the data subject is logged on to YouTube at the same time as he or she accesses our website; this happens regardless of whether the data subject clicks on a YouTube video or not. If such a transfer of this information to YouTube and Google is not desired by the data subject, he or she can prevent the transfer by logging out of his or her YouTube account before calling up our website.
The data protection provisions published by YouTube, which can be accessed at https://www.google.com/intl/en/policies/privacy/, provide information on the collection, processing and use of personal data by YouTube and Google.
13. Data processing via Microsoft Teams
We process personal data as far as it is required for collaboration with you via Microsoft Teams.
For this, we process personal data from:
- you as the person who communicates or collaborates with us via Microsoft Teams,
- other persons who are the object of such communication or collaboration, e.g. your staff, colleagues or consultants.
We process the following personal data categories where required:
- information provided by you regarding the constituent parts of your own Microsoft Teams account,
- technical data necessary for the provision of the Microsoft Teams function, in particular the IP address, time and duration of use, the protocol and further use data,
- audio and/or video data from participants in audio or video conferences,
- contact details, in particular the first name and surname, if applicable the title, address, telephone number and E-mail address,
- information regarding the business or vocational activity,
- further information in connection with communication or collaboration.
The purpose and legal basis for processing this personal data results basically from the respective communication or collaboration context. Otherwise, the legal basis is Article 6, para. 1, letter f of the GDPR.
For the technical provision of the Microsoft Teams functions, we transfer the above-named data to Microsoft. Microsoft is bound by confidentiality in this respect and only processes data for and in accordance with the instructions from BORT GmbH. Here, the above-named data can also be transferred to states outside the EU/EEA, in particular to the USA.
Audio and video data which arises during an audio or video conference or a screen sharing session is only processed for the duration of the conference or session and then deleted directly. Recordings which are kept above and beyond this are not created without your extra express permission.
Communications via text and data from collaboration on a co-working platform are kept as long as the context of the collaboration demands. Moreover, they are deleted or rendered anonymous as soon as their knowledge is no longer required unless statutory provisions demand or allow further storage.
14. Legal basis of the processing
Art. 6 I lit. a GDPR is used by our company as the legal basis for processing procedures in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case for example with processing procedures which are required for the delivery of goods or the provision of another service or service in return, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing procedures that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, for example for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured at our company and his or her name, age, health insurance data or other vital information had to be passed on to a doctor, a hospital or other third parties. The processing would then be based on Art. 6 I lit. d of the GDPR. Ultimately, processing procedures could be based on Art. 6 I lit. f of the GDPR. Processing procedures which are not covered by any of the aforementioned legal bases are covered by this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and basic freedom of the data subject do not prevail. We are permitted to carry out such processing procedures in particular because they have been specifically mentioned by the European legislator. In this respect the legislator took the view that a legitimate interest could be assumed if the data subject was a customer of the Data Controller (Recital 47, second sentence, GDPR).
15. Legitimate interests in the processing of data carried out by the Data Controller or a third party
If the processing of personal data is based on Article 6 I lit. f GDPR, it is in our legitimate interest to conduct our business activities for the well-being of all our employees and our shareholders.
16. Retention period for the personal data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiry of this period, the corresponding data is routinely deleted, provided that it is no longer necessary for the fulfilment or initiation of the contract.
17. Legal or contractual provisions for the provision of the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We hereby inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In some cases, it may be necessary if a contract is to be concluded for a data subject to provide us with personal data which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with him or her. The failure to provide personal data would mean that the contract with the data subject could not be concluded. Before the provision of personal data by the data subject, the data subject must contact our Data Protection Officer. Our Data Protection Officer will then inform the data subject on a case-by-case basis whether the provision of personal data is required by law or by the contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences any failure to provide the personal data would have.