Data privacy

Privacy policy

1. Data privacy at a glance


General information

The following information provides a basic overview of what happens to your personal data when you visit our website. Personal data is data with which you can be personally identified. Detailed information on the subject of data privacy can be found in our privacy policy below this text.
 

Data collection on our website


Who is responsible for data collection on this website?
Data is processed on this website by the website operator. You can find the contact information under “About this site” on this website.

How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may be data that you enter in a contact form, for example.

Other data is automatically collected by our IT systems when you visit our website. This is chiefly technical data (e.g., Internet browser, operating system or the time of page access). This data is collected automatically when you access our website.

What do we do with your data?
Part of the data is collected in order to ensure the website is provided free of errors. Other data can be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right to information about the origin, recipients and purpose of your stored personal data at no cost and at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address provided under “About this site” if you have any further questions on the subject of data privacy. You also have the right of appeal to the competent supervisory authority.

Analytics tools and third-party tools
When you visit our website, your browsing behavior may be statistically evaluated. This is done primarily with cookies and so-called analytics programs. Your browsing behavior is usually analyzed anonymously; the browsing behavior cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following data privacy policy.

2. General notes and mandatory information


Data privacy

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy outlines what information we collect and what we use it for. It also details how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g., communication by e-mail) may be subject to security vulnerabilities. It is not possible to completely protect the data from being accessed by third parties.

Note on the controller

The controller for data processing on this website is:

BHS-Sonthofen GmbH
An der Eisenschmelze 47
87527 Sonthofen, Germany

+49 8321 6099-0
data-privacy@bhs-sonthofen.com

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, e-mail addresses, etc.).

Withdrawal of your consent to data processing

Many data processing operations are only possible with your express consent. You can withdraw previously given consent at any time. An informal e-mail to this effect is sufficient. The data processed before you withdraw your consent may still be legally processed.

Right to restriction of processing

You have the right to request the restriction of processing of your personal data. You can contact us at any time at the address provided under “About this site”. The right to restriction of processing applies in the following cases:

  • You contest the accuracy of the personal data that we have stored; we will generally require time to verify this. For the duration of this verification process, you shall have the right to request the restriction of processing of your personal data.
  • If the processing of your personal data is unlawful, you can request a restriction of use instead of the erasure of your personal data.
  • If we no longer need your personal data, but you require it for the establishment, exercise or defense of legal claims, you have the right to request a restriction of use instead of the erasure of your personal data.
  • If you have objected to processing pursuant to Article 21(1) GDPR, we will have to verify whether our legitimate grounds override yours. Provided that it has not been demonstrated whose interests override the other party’s, you shall have the right to request the restriction of processing of your personal data.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

----------------------------------------------------------------------------------------------------------

Right to object to data collection in particular cases as well as to direct marketing (Art. 21 GDPR)

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Please refer to our privacy policy for the respective legal basis on which processing is based. If you submit an objection, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims (objection pursuant to Article 21(1) GDPR). Where your personal data is processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes (objection pursuant to Article 21(2) GDPR).

----------------------------------------------------------------------------------------------------------

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the General Data Protection Regulation (GDPR), every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint shall remain unaffected by any administrative or judicial remedies.

Right to data portability

You have the right to have the data that we process on the basis of your consent or in fulfillment of a contract to be transferred to yourself or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if this is technically feasible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ as well as by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Access to information, blocking, deletion

You have the right to free information about your stored personal data, their origin and recipients, the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data at any time within the scope of the applicable legal provisions. You can contact us at any time at the address provided under About this site if you have any further questions on the subject of personal data.

Objection to advertising e-mails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam e-mails.

3. Data Protection Officer

We have appointed a data protection officer for our company.

BHS-Sonthofen GmbH
Data Protection Officer
An der Eisenschmelze 47
87527 Sonthofen, Germany

+49 8321 6099-0
datenschutz@bhs-sonthofen.com

4. Hosting and Content Delivery Network (CDN)


External hosting

This website is hosted by an external service provider (hosting service). The personal data that is collected on this website is stored on said service provider’s servers. This can include IP addresses, contact requests, metadata, communication data, contractual data, contact data, names, website visits and other data that is generated via a website. Use of this hosting service is carried out for the purposes of contractual performance vis-à-vis our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of ensuring the secure, rapid and efficient provision of our online offer by a professional provider (Art. 6(1)(f) GDPR).  Our hosting service shall process your data to the extent this is required for the fulfillment of its contractual services and comply with our instructions in relation to this data.

Conclusion of a contract on processing

We have concluded a contract on processing with our hosting service in order to guarantee the processing of data in line with data protection law.

5. Data collection on our website


Cookies

Some of our Internet pages use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our website more user friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies.” They are deleted automatically at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

Cookies which are required to allow electronic communication or to provide certain functions you wish to use are stored pursuant to Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. Where other cookies (e.g., cookies for the analysis of your browsing behavior) are stored, these will be treated separately in this data privacy policy.

Consenting to cookies using the Consent Manager Provider

We have integrated the “Consentmanager” consent management tool (www.consentmanager.net) from Jaohawi AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net) on our website for the purpose of requesting consent for data processing or the use of cookies or similar functions. “Consentmanager” allows you to give or refuse your consent for certain functionalities of our website such as those for integrating external elements, integrating streaming content, statistical analysis, coverage measurement and personalized advertising. With “Consentmanager” you can give or refuse your consent for all functions or give your consent for individual purposes or functions. You can change any settings you have at a later time. The purpose of integrating “Consentmanager” is to allow the users of our website to decide on the previously mentioned functions and to offer them the possibility to change previously made settings as part of the ongoing use of our website. When using “Consentmanager,” personal data as well as information about the used end devices and IP address are processed.

The legal basis for this processing is Art. 6(1)(1)(c) in conjunction with Art. 6(3)(1)(a) in connection with Art. 7(1) GDPR and, where applicable, (f). By processing this data, we assist our customers (the “controllers” according to GDPR) to fulfill their legal obligations (e.g., obligation to provide evidence). Our legitimate interests in processing are grounded in the storage of user settings and preferences with regard to the use of cookies and other functionalities. “Consentmanager” stores your data for as long as your user settings are active. After two years following the entry of your user settings, consent will be requested again. If given, the user settings will be saved again for this period.

You can object to the processing. Your right to object may be grounded on reasons arising from your particular situation. If you wish to object, please send an e-mail to data-privacy@bhs-sonthofen.com

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not combined with data from other sources.

This data is collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website, which requires the recording of server log files.

Contact form

If you send us questions via the contact form, we will collect the data entered in the form, including the contact details you provide, to answer your question and any follow-up questions. We will not share this information without your consent.

The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time. An informal e-mail to this effect is sufficient. The data processing operations carried out before you withdraw your consent are not affected by you withdrawing your consent.

We will retain the information you enter in the contact form until you request its erasure, you revoke your consent to storage or the purpose for its storage no longer pertains (for example, after your request has been fulfilled). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Request via e-mail, phone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not share this information without your consent. This data is processed on the basis of Art. 6(1)(b) GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), provided that this has been requested. We will retain the information sent to us via the contact form until you request its erasure, you revoke your consent to storage or the purpose for its storage no longer pertains (for example, after your request has been fulfilled). Mandatory statutory provisions – in particular legal retention periods – remain unaffected.

6. Internal services


Handling applicant data

We offer you the opportunity to apply to work for us (e.g., via e-mail, by mail or via an online application form). We have outlined the scope, purpose and use of your personal data collected within the context of the application process below. We wish to ensure you that the collection, processing and use of your data occurs in accordance with the applicable data protection law and all other legal provisions and that your data is treated as strictly confidential.

Scope and purpose of data collection

If you send us an application, we shall process the associated personal data (e.g., contact and communication data, application documents, notes from interviews etc.), provided that this is necessary for the decision-making process in establishing an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG – Bundesdatenschutzgesetz – initiation of an employment relationship), Article 6(1)(b) GDPR (general 11/13 contract initiation) and – if you have granted your consent – Article 6(1)(a) GDPR. Consent can be withdrawn at any time. Your personal data is only shared with individuals within our company who are involved in processing your application. If your application is successful, then the data you have submitted based on Section 26 BDSG and Article 6(1)(b) GDPR is stored in our data processing systems for the purposes of implementing the employment relationship.

Data retention period

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have transmitted based on our legitimate interests (Article 6(1)(f) GDPR) for up to six months from the end of the application procedure (rejection or withdrawal of application). The data is then deleted and physical application documents are destroyed. Retention serves the purposes of verification in the case of a legal dispute in particular. If it is evident that the data will be required after the six-month period has ended (e.g., due to an imminent or pending legal dispute), erasure shall only occur when the purpose of said further retention ceases to exist. A longer retention period may also be upheld if you have granted your consent to this (Article 6(1)(a) GDPR) or if legal retention periods oppose the erasure of said data.

Inclusion in the applicant pool

If we do not make you a job offer, then you may have the option of being accepted into our applicant pool. In the event of said acceptance, all documents and information from your application is transferred to the applicant pool in order to contact you in the event that suitable vacancies arise. Acceptance into the applicant pool is carried out exclusively on the basis of your express consent (Article 6(1)(a) GDPR). Granting consent is voluntary and in no way relates to the ongoing application procedure. The data subject can withdraw their declaration of consent at any time. In this case, the data from the applicant pool is irrevocably erased, provided that no legal obligations for its further retention exist. The data from the applicant pool is irrevocably erased two years after consent is granted at the latest.

7. Social media


Sharing content via Xing, LinkedIn, Facebook, Google+, Twitter and other platforms

In compliance with data protection laws, the content on our pages can be shared on social media platforms such as LinkedIn, Xing, Facebook, Google+, Twitter and others. This page uses a direct link for this purpose. Contact between the social media platforms and users is only established when the user actively clicks one of these buttons. This means that user data is not automatically transferred to the operators of these platforms.

8. Analytics tools and advertising


8.1  etracker

This website uses the analytics service etracker (www.etracker.com). The service provider is etracker GmbH, Erste Brunnenstrasse 1, 20459 Hamburg, Germany. This data can be used to create pseudonymized user profiles. etracker does not use cookies by default. If you expressly consent to the use of analytical cookies, then cookies that facilitate a statistical analysis of visitors’ use of this website and allow use-related content and advertising to be displayed will be used. Cookies are small text files that are stored locally in your Internet browser’s cache. These cookies allow us to recognize your browser the next time you visit. etracker cookies do not contain any information that could be used to identify the user.

The data created using etracker is exclusively processed and stored in Germany by etracker on the behalf of the provider of this website, and is thus subject to strict German and European data protection laws and standards. In this regard, etracker has been independently audited, certified and awarded the data protection privacy seal (https://www.eprivacy.eu/en/customers/awarded-seals/company/etracker-gmbh/).

The data collected using etracker’s technologies is not used without the data subject separately granting their consent, it is not used to personally identify visitors to this website and it is not merged with personal data concerning the holder of the pseudonym. etracker cookies remain on your end device until you delete them.

The storage of etracker cookies and use of this analytics tool is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and advertising. If the applicable consent has been retrieved (e.g., consent to the storage of cookies), data is processed exclusively on the basis of Article 6(1)(a) GDPR; said consent can be withdrawn at any time. You can object to data collection and storage at any time with future effect. Please click on the following button if you wish to object to data collection and storage of your visitor data in the future.

etracker button <a id="et-opt-out" href="#" data-tld="IhreSeite.de"></a>

When you click the button, etracker sets an opt-out cookie with the name “_et_oi_v2”. This means that no user data from your browser will be collected and stored by etracker for this domain in the future. Please do not delete this cookie if you wish to uphold your objection.

You can find further information in etracker’s privacy policy at https://www.etracker.com/en/data-privacy/.

Conclusion of a contract on processing

We have concluded a contract for commissioned data processing with etracker and fully implement the strict requirements of the German data protection authorities when using etracker.
 

8.2  Google Analytics

This website uses functions of Google Analytics, a Web analytics service. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies.” These are text files stored on your computer to help the website analyze how users use the site. The information generated by the cookie about your use of this website will usually be transmitted by Google to servers in the United States and stored there.

Google Analytics cookies are stored on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both his website and advertising.

Demographics and Google Analytics

This website uses the “Demographics” function of Google Analytics. This allows reports containing information on the age, gender and interests of visitors to the website to be created. This data originates from Google’s interest-based marketing as well as visitor data from third party providers. It is not possible to attribute this data to a specific person. You can disable this function at any time via the ad settings in your Google account or prevent Google Analytics from collecting your data in general as under the point “Objection to data collection.”

Retention period

Data stored by Google on the user and event level that is linked to cookies, usernames (e.g., user ID) or marketing IDs (e.g., DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. You can find more details at the following link: https://support.google.com/analytics/answer/7667196?hl=en

IP anonymization

We have enabled the IP anonymization function on this website. This means that Google will truncate/anonymize your IP address within Member States of the European Union as well as other states party to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases is the full IP address sent to Google servers in the USA and truncated there. On behalf of the website provider Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage to the website provider. Google will not associate the IP address transmitted by your browser within Google Analytics with any other data held by Google.

Browser plug-in

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link:  https://tools.google.com/dlpage/gaoptout?hl=en.

Objection to data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. When you do so, an opt-out cookie is set that prevents the collection of your data during future visits to this website:  Disable Google Analytics.

For more information on how Google Analytics handles user data, please see Google’s privacy policy:  https://support.google.com/analytics/answer/6004245?hl=en.

Data processing

We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (‘Google’).

As part of Google AdWords, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user has clicked on the ad and has been redirected to this page.

Each Google AdWords customer receives a different cookie. Cookies cannot be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that allows users to be personally identified. If you do not wish to participate in tracking, you can object to this use by simply deactivating the Google conversion tracking cookie via your Internet browser under User Settings. You will then not be included in the conversion tracking statistics.

Conversion cookies are stored on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both his website and advertising.

For more information on Google AdWords and Google conversion tracking, please see Google’s privacy policy:  https://policies.google.com/privacy?gl=de&hl=en.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

9.  Plug-ins and tools


YouTube and privacy-enhanced mode

This website has embedded videos from YouTube. The operator of these pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in privacy-enhanced mode. According to YouTube, this mode means that no information about visitors to this website is stored before they view a video. However, privacy-enhanced mode cannot fully rule out that data will be shared with YouTube’s partners. This means that YouTube establishes a connection to the Google DoubleClick network regardless of whether you view a video.

As soon as you press play on a YouTube video on this website, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you have visited. If you’re logged into your YouTube account, YouTube will associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube can also store different cookies on your end device after you press play on a video. These cookies allow YouTube to receive information on visitors to this website. This information is collected to record video statistics, improve user-friendliness and prevent attempted fraud, for example. The cookies remain on your end device until you delete them.

If necessary, further data processing operations over which we have no influence may be triggered after you press play on a YouTube video. We use YouTube in the interest of making our online presence more appealing. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If the applicable consent has been retrieved, data is processed exclusively on the basis of Article 6(1)(a) GDPR; said consent can be withdrawn at any time. For more information on data privacy at YouTube, please see YouTube’s privacy policy at: https://policies.google.com/privacy?hl=en.

Google Maps

This page uses the Google Maps map service via an API. The service provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. It is necessary to store your IP address in order to use Google Maps’ functions. This information is usually transmitted by Google to servers in the United States and stored there. The provider of this website has no influence on the transmission of this data.

We use Google Maps in the interest of making our online presence more appealing and to make the locations specified on our website easier to find. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If the applicable consent has been retrieved, data is processed exclusively on the basis of Article 6(1)(a) GDPR; said consent can be withdrawn at any time. For more information on how user data is handled, please see Google’s privacy policy: https://policies.google.com/privacy?hl=en.