Data protection
Table of contents
1. objective and responsibility
2. basic information on data processing and legal bases
3. safety measures
4. transfer of data to third parties and third-party providers
5. processing of data in the context of customer relations, events and trade fairs
6. collection of access data
7. web analysis
8. newsletter and contact
9. integration of third-party services and content
10. rights of the users
11. deletion of data
12. right of objection
13. changes to the privacy policy
Person responsible
Burgsmüller GmbH
Schwammelwitzer Straße 17
D-37574 Einbeck
Persons authorized to represent the company: Jens Biel, Paul-Eberhard Kortmann
Email: info@burgsmueller.de
Contact data protection officer
1. objective and responsibility
1.1 This privacy policy explains the type, scope and purpose of the processing of personal data within our online offer and the associated websites, functions and content (hereinafter jointly referred to as "online offer" or "website"). The data protection declaration applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offer is executed.
1.2 The provider of the online offer and responsible under data protection law is Burgsmueller GmbH, Schwammelwitzer Straße 17, 37574 Einbeck, Germany, management: Jens Biel, Paul-Eberhard Kortmann, e-mail address info@burgsmueller.com (hereinafter referred to as "provider", "we" or "us"). For further information about us and contact options, please refer to our legal notice: https://burgsmueller.mpsn-server.de/de/impressum/.
2. basic information on data processing and legal bases
2.1 The personal data of users processed in the context of our online offer includes inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of clerks, payment information), usage data (e.g., the websites visited on our online offer, interest in our products), meta/communication data (device IDs, IP addresses, location data) and content data (e.g., entries in the contact form).
2.2 The term "user" includes all categories of data subjects affected by data processing. These include our business partners, customers, interested parties and other visitors to our online offering. The terms used, such as "user", are to be understood as gender-neutral.
2.3 We only process users' personal data in compliance with the relevant data protection regulations. This means that user data will only be processed if we have legal permission to do so. This means, in particular, if the data processing is necessary for the provision of our contractual services (e.g. processing of orders) and online services, or is required by law, if the user has given consent, as well as on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR, in particular when measuring reach, creating profiles for advertising and marketing purposes and collecting access data and using the services of third-party providers.
2.4 With regard to the processing of personal data on the basis of the General Data Protection Regulation (GDPR), we would like to point out that the legal basis for consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f GDPR.
3. safety measures
3.1 We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
3.2 The security measures include, in particular, the encrypted transmission of data between your browser and our server.
4. transfer of data to third parties and third-party providers
4.1 Data will only be passed on to third parties (i.e. in particular their transmission or disclosure) on the basis of legal authorizations and within the framework of legal requirements. We only pass on user data to third parties if this is necessary, for example, to fulfill our contractual obligations to users or if we use the services of third parties within the scope of our legitimate interests. Furthermore, data is transferred within the companies of our group of companies, in particular for the purpose of fulfilling administrative tasks, legal obligations or due to business interests.
4.2 If we use third-party services (SC-Networks GmbH, Enzianstr. 2, 82319 Starnberg, www.sc-networks.com; MPSN Design Marktplatz Südniedersachsen Internet GmbH & Co. KG, Götzenbreite 1 A, 37124 Rosdorf, www.mpsn-design.de) to provide our services, we take appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.
4.3 If content, tools or other means from other providers (hereinafter jointly referred to as "third-party providers") are used within the scope of this privacy policy and their registered office is located in a third country, it must be assumed that data is transferred to the countries in which the third-party providers are based. Third countries are countries in which the GDPR is not directly applicable law, i.e. generally countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if there is an adequate level of data protection, user consent or other legal permission.
5. processing of data in the context of customer relations, events and trade fairs
5.1 We process inventory data (e.g., names and addresses as well as contact data of users) and contract data (e.g., services used, names of contact persons, payment information) of our customers, interested parties and participants of trade fairs and events for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit. b. GDPR. GDPR.
5.2 Furthermore, we process the data of our customers and participants (e.g. the visited websites of our online offer, interest and attendance of our events, as well as the use of products and orders) on the basis of our legitimate interests in advertising and market research purposes pursuant to Art. 6 para. 1 lit. f. GDPR. GDPR, e.g. to offer customers and participants services based on their previous contractual interests or events attended, to make events pleasant and safe or to analyze the development of our business operations. Furthermore, we process the data if we are legally obliged to do so, e.g. due to commercial and tax obligations, in accordance with Art. 6 para. 1 lit. c. GDPR, are obliged to do so.
5.3 When contacting us (via contact form or e-mail), the user's details are processed to handle the contact request and its processing and may be stored for these purposes in our customer relationship management system or comparable request organization.
6. collection of access data
6.1 On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
6.2 Log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum period of seven days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
7. web analysis
The provider of this website uses services of etracker GmbH from Hamburg, Germany (www.etracker.com) to analyze usage data. We do not use cookies for web analysis by default. If we use analysis and optimization cookies, we will obtain your explicit consent separately in advance. If this is the case and you give your consent, cookies are used to enable a statistical analysis of the reach of this website, to measure the success of our online marketing measures and test procedures, e.g. to test and optimize different versions of our online offering or its components. Cookies are small text files that are stored by the Internet browser on the user's end device. etracker cookies do not contain any information that enables a user to be identified.
The data generated with etracker is processed and stored by etracker on behalf of the provider of this website exclusively in Germany and is therefore subject to strict German and European data protection laws and standards. etracker has been independently audited and certified in this respect and has been awarded the ePrivacyseal data protection seal of approval.
Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. f (legitimate interest) of the General Data Protection Regulation (GDPR). Our concern within the meaning of the GDPR (legitimate interest) is the optimization of our online offer and our website. Since the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, combination with other data or transfer to third parties takes place.
You can object to the data processing described above at any time by clicking on the slider. The objection has no negative consequences. If no slider is displayed, data collection is already prevented by other blocking measures.
8 Newsletter and contacting us
8.1 With the following information, we inform you about the content of our newsletter and other types of business emails and electronic mail ("newsletter" for short) as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you consent to receiving it and to the procedures described. The legal basis for your consent is Art. 6 para. 1 lit. a, Art. 7 GDPR and Section 7 para. 2 no. 3 UWG.
8.2 Content of the newsletter: We only send newsletters, emails and other electronic notifications with advertising information (hereinafter "newsletter") with the consent of the recipient or with legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user's consent. In addition, our newsletters contain information about the Krauss Maffei Group and its products and brands KraussMaffei, KraussMaffei Berstorff and Netstal (Group companies: https://www.kraussmaffeigroup.com), e.g. invitations to events and trade fairs at which the KraussMaffei Group or its brands are represented.
8.3 Dispatch service provider: The newsletter is sent by SC-NETWORKS GMBH, Enzianstr. 2, 82319 Starnberg, Germany (hereinafter referred to as "dispatch service provider") on the basis of an order processing contract within the meaning of Art. 28 para. 3 sentence 1 GDPR. You can view the data protection provisions of the shipping service provider here: https://www.sc-networks.de/unternehmen/datenschutz/.
8.4 Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people's e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored with the mailing service provider are also logged.
8.5 Furthermore, the mailing service provider may, according to its own information, use this data in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. to technically optimize the mailing and presentation of the newsletter or for statistical purposes in order to determine which countries the recipients come from. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.
8.6 Registration data: To register for the newsletter, please enter the mandatory information marked with an (*) and complete the optional information. We use this information to address our newsletter subscribers personally as well as to make the content of the newsletter more interesting according to their industry and location and, for example, to send news relating only to a region or an event.
8.7 Statistical collection and analysis - The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from the server of the mailing service provider when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked and when. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the mailing service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
8.8 The newsletter is sent on the basis of the consent of the recipients in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR and Section 7 para. 2 no. 3 UWG. The statistical surveys and analyses are carried out on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of users. The registration process is logged in accordance with Art. 6 para. 1 lit. c. GDPR due to the legal obligation to prove the consent of the newsletter recipients pursuant to Section 7 (2) No. 3 UWG and pursuant to Art. 7 (1) GDPR. In addition, for reasons of legal certainty, we ask the newsletter recipients for their consent to the aforementioned analyses and the logging of the registration.
8.9 Cancellation/revocation - Newsletter recipients can cancel the receipt of our newsletter at any time, i.e. revoke their consent. At the same time, your consent to the statistical analyses will expire. Unfortunately, it is not possible to cancel the sending of the newsletter by the mailing service provider or the statistical analysis separately; in this case, the entire newsletter subscription must be canceled. Newsletter recipients will find a link to unsubscribe from the newsletter at the end of each newsletter. When you unsubscribe from the newsletter, your personal data will be deleted (usually within 7 working days), unless their retention is legally required or justified, in which case their processing will be limited to these exceptional purposes.
9. integration of third-party services and content
9.1 On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offers from third-party providers within our online offer. GDPR) content or service offers from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content are aware of the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer as well as information about the user's location, and may also be linked to such information from other sources to form user profiles.
9.2 The following presentation provides an overview of third-party providers and their content, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, options for objection (so-called opt-out):
- The links/buttons to social networks and platforms (hereinafter referred to as "social media") used within our online offering do not establish direct contact between social networks and users. Their function corresponds to the mode of operation of a regular online link.
- Videos from the "YouTube" platform of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/. Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- Within our online offer, we use the marketing functions (so-called "LinkedIn Insight Tag") of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. With the help of the LinkedIn Insight Tag, we can in particular analyze the success of our campaigns within LinkedIn or determine target groups for them based on the interaction of users with our online offer. If you are registered with LinkedIn, LinkedIn is able to assign your interaction with our online offering to your user account. LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
For the purposes of online surveys, we use the services of the provider Netigate Deutschland GmbH, Luisenforum, Kirchgasse 2, 65185 Wiesbaden. Netigate processes the information provided by users solely for the purpose of evaluating the survey on our behalf and, unless personal data such as names or e-mail addresses are requested, stores them anonymously, i.e. in particular without the IP address of the user. If personal data (e.g. name, address, company, etc.) is also requested as part of the survey in addition to the topic of the survey, we will point out separately in the survey that this is additional, voluntary information that we collect and use. Privacy policy: https://www.netigate.net/de/impressum/#legal.
10. rights of the users
Users have the right, upon request and free of charge, to receive information about the personal data that we have stored about them.
In addition, users have the right to rectification of inaccurate data, restriction of processing and erasure of their personal data, if applicable, to assert
their rights to data portability and, in the event of the assumption of unlawful data processing, to lodge a complaint with the competent supervisory authority.
10.1 Users can also revoke their consent, in principle with effect for the future.
11. deletion of data
11.1 The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the user's data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.
11.2 In accordance with legal requirements, storage is carried out for 6 years in accordance with § 257 para. 1 HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
12. right of objection
Users can object to the future processing of their personal data in accordance with the legal requirements at any time. The objection can be made in particular against processing for direct marketing purposes.
13. changes to the privacy policy
13.1 We reserve the right to amend the privacy policy in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. If user consent is required or parts of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.
13.2 Users are requested to inform themselves regularly about the content of the privacy policy.