Data privacy statement

Thank you very much for your interest in our company. Data privacy is of particular importance for the management of bedea Berkenhoff & Drebes GmbH. Using the Internet pages of bedea Berkenhoff & Drebes GmbH is generally possible without providing any personal data. However, if the data subject decides to make use of particular company services via our Internet pages, the processing of personal data may become necessary. If the processing of personal data becomes necessary and if there is no legal basis for it, we obtain consent from the data subject as a general rule.

Processing personal data such as the name, address, email address or telephone number of a data subject is always done in line with the General Data Protection Regulation (GDPR) and the country-specific data privacy laws applicable for Berkenhoff & Drebes GmbH. By means of this data privacy statement, our company aims at informing the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this data privacy statement shall inform the data subjects about their rights.

Being responsible for the processing, bedea Berkenhoff & Drebes GmbH has implemented numerous technical and organisational measures to ensure as complete a protection as possible for the personal data processed via this Internet page. However, Internet-based data transfer may generally have safety gaps so that complete protection cannot be provided. Therefore, it is possible for any data subject to choose an alternative way of providing us with their personal data, e.g. by telephone.

 

1. Definitions

The data privacy statement of bedea Berkenhoff & Drebes GmbH is based on the terminology used by the European legislative and regulatory authority for adoption of the General Data Protection Regulation (GDPR). Our data privacy statement shall be easy readable and comprehensible for both the public and our customers and business partners. To ensure this, we would like to explain the used terminology beforehand.

In our data privacy statement, we use the following terms, among others:

a) Personal data

Personal data includes all information that is related to an identified or identifiable, natural person (hereinafter "data subject"). A natural person is considered identifiable if she/he can be identified, directly or indirectly, especially by way of association with an identifier such as a name, an identification number, location data, online identification or a single or several special characteristic(s) that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

b) Data subject

A data subject is any identified or identifiable, natural person the data of which is processed by the responsible controller.

c) Processing

Processing means - with or without support by automated procedures - any completed process or any such process series relating to personal data such as the collection, recording, organisation, sorting, saving, adaptation or modification, the read-out, inquiry, use, and the disclosure by way of transfer, distribution or any other way of provision, the comparison or linking, limitation, deletion or destruction.

d) Restriction of processing

Processing restriction is the marking of saved, personal data with the aim of limiting its future processing.

e) Profiling

Profiling means any way of automated processing of personal data during which this personal data is used to evaluate certain personal aspects that relating to a natural person, in particular to analyse or predict the work performance, economic position, health, personal preferences, interests, reliability, behaviour, residence or change of location of this natural person.

f) Pseudonymisation

Pseudonymisation is the processing of personal data in a way where the personal data can no longer be associated with a specific data subject, provided that this additional information is stored separately and subject to technical and organisational measures that ensure that the personal data will not be associated with an identified or identifiable natural person.

g) controller

A controller is the natural or legal person, authority, organisation or other body that alone or together with others decides upon the ways and means of processing personal data. If the ways and means of the processing are governed by EU law or the law of the Member States, the responsible person, resp., the particular criteria for his/her nomination can be appointed in line with EU law of the law of the Member States.

h) Data processor

Data processor is a natural or legal person, authority, organisation or other body that processes personal data by order of the responsible person.

i) Recipient

Recipient is a natural or legal person, authority, organisation or other body that has received personal data, irrespective if he/she is a third party or not. However, authorities possibly receiving personal data within the framework of a particular investigation order in line with EU law or the law of Member States, are not considered recipients.

j) Third parties

A third party is a natural or legal person, authority, organisation or other body other than the data subject, the responsible person, the processor and the persons who have been authorised to process the personal data under the direct responsibility of the controller.

k) Consent

Consent is any informative and clear statement of intent voluntarily provided by the data subject for a particular case by way of a declaration or another clear affirmative action which states that the data subject consents to the processing of personal data related to them.

 

2. Name and address of the controller

Responsible within the meaning of the General Data Protection Regulation, data privacy laws applicable in the Member States of the European Union and other provisions relating to data privacy is:

bedea Berkenhoff & Drebes GmbH

Herborner Str. 100

D-35614 Asslar

Germany

Phone: +49 (0) 6441 801-0

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Website: www.bedea.com

 

3. Name and address of the Data Privacy Officer

Data Privacy Officer of the controller is:

Erwin Herpel

bedea Berkenhoff & Drebes GmbH

Herborner Str. 100

D-35614 Asslar

Germany

Phone: +49 (0) 6441 801-801

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Website: www.bedea.com

Any data subject is welcome to directly contact our Data Privacy Officer with questions or suggestions.

 

4. Collecting general data and information

The Internet page of bedea Berkenhoff & Drebes GmbH collects a series of general data and information every time a data subject or an automated system calls up the website. These general data and information are saved in the server log files. The following could be collected: (1) used browser types and versions, (2) the operating system used by the accessing system, (3) the Internet page from which an accessing system is referring to our website (so-called referrer), (4) the sub-pages which are contacted via an accessing system on our Internet page, (5) date and time of access to our Internet page, (6) an IP address, (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to combat possible attacks on our IT systems.

bedea Berkenhoff & Drebes GmbH does not use these general data and information to draw conclusions to the data subject. In fact, this information is used to (1) correctly deliver the contents of our Internet page, (2) optimise the contents of our Internet page as well as the related advertisements, (3) ensure the constant functionality of our IT systems and the technology of our Internet page, as well as (4) provide law enforcement authorities with necessary information in case of a cyber-attack. These anonymously collected data and information are evaluated by bedea Berkenhoff Drebes GmbH for statistical purposes and with the goal of enhancing data privacy and safety within our company in order to be able to ultimately ensure an optimal protection level for the personal data processed by us. The anonymous server logfile data is stored separately from all other personal data provided by a data subject.

 

5. How to contact us via the website

Due to statutory provisions, the Internet page of bedea Berkenhoff & Drebes GmbH contains information that facilitates the easy and electronic contacting of our company as well as the direct communication with us, which also includes a general email address. If a data subject contacts the controller via email or a contact form, the personal data transmitted by this data subject is automatically stored. The personal data voluntarily transmitted from a data subject to the controller is stored for editing purposes or to be able to contact the data subject. This personal data will not be forwarded to third parties.

 

6. Routinely deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for the time that is required to successfully store the information or provide that this has been stipulated in laws or regulations set forth by the European legislative and regulatory authorities, or another legislator, that the controller is subject to.

If the storage purpose does not apply or if a retention period set forth by the European legislative and regulatory authority or another legislator expires, the personal data is routinely blocked or deleted in line with statutory provisions.

 

7. Rights of the data subject

a) Right of confirmation

Any data subject shall have the right set forth by the European legislative and regulatory authority, to request from the controller a confirmation regarding whether the respective personal data is being processed or not. If a data subject s to exercise this right of confirmation, he or she may contact an employee of the controller at any time.

b) Right to access

Data subjects affected by the processing of personal data shall have the right set forth by the European legislative and regulatory authority, to receive from the controller information free of charge about their personal data stored, and to obtain a copy of this information. Furthermore, the European legislative and regulatory authority has granted the data subject the right to receive the following information:

the purposes of the processing

the categories of personal data concerned

the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations

where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period

the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing

the right to lodge a complaint with a supervisory authority

where the personal data are not collected from the data subject, any available information as to their source

the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Furthermore, the data subject shall have the right to be informed about whether personal data is transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to receive information about the appropriate safeguards relating to the transfer.

If a data subject wishes to exercise this right of information, he or she may contact an employee of the controller at any time.

c) Right of rectification

Data subjects affected by the processing of personal data shall have the right set forth by the European legislative and regulatory authority, to request the rectification of inaccurate personal data concerning them without undue delay. Considering the purposes of the processing, the data subject shall also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If data subjects wish to exercise this right of rectification, they may contact an employee of the controller at any time.

d) Right to erasure ('Right to be forgotten')

Data subjects affected by the processing of personal data shall have the right set forth by the European legislative and regulatory authority to request from the controller the erasure of personal data concerning them without undue delay provided that one of the following grounds applies and where processing is not required:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
  • The personal data has been unlawfully processed.
  • The personal data has to be erased for compliance with a legal obligation in EU or Member State law to which the controller is subject.
  • The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If one of the a.m. reasons applies and a data subject wishes to request the deletion of personal data stored at bedea Berkenhoff & Drebes GmbH, he or she may contact an employee of the controller at any time. An employee of bedea Berkenhoff & Drebes GmbH will arrange for the data to be deleted without undue delay.

Where bedea Berkenhoff & Drebes GmbH has made the personal data public and is obliged pursuant to Art. 17(1) of the GDPR to erase the personal data, bedea Berkenhoff & Drebes GmbH, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, provided that processing is not required. An employee of bedea Berkenhoff & Drebes GmbH will individually arrange for the necessary steps to be taken.

e) Right to restriction of processing

Data subjects affected by the processing of personal data shall have the right set forth by the European legislative and regulatory authority to request from the controller the restriction of processing provided that one of the following grounds applies:

  • The data subject contests the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the a.m. prerequisites is met and a data subject wishes to require the limitation of personal data stored at bedea Berkenhoff & Drebes GmbH limited, he or she may contact an employee of the controller at any time. An employee of bedea Berkenhoff & Drebes GmbH will arrange for the limitation of processing.

f) Right to data portability

Data subjects affected by the processing of personal data shall have the right set forth by the European legislative and regulatory authority, to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to point (a) of Article 6 (1) or point (a) of Article 9 (2) or on a contract pursuant to point (b) of Article 6 (1) of the GDPR; and the processing is carried out by automated means, and provided that the processing is not required for the fulfilment of a task that is subject to public interest or that is done in the exercise of official authority bestowed upon the controller.

Furthermore, in exercising their right to data portability pursuant to Art. 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible, and provided that the rights and freedoms of others are not affected.

To exercise their right of data portability, data subjects may contact an employee of bedea Berkenhoff & Drebes GmbH at any time.

g) Right to object

Data subjects affected by the processing of personal data shall have the right set forth by the European legislative and regulatory authority, to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them based on point (e) or (f) of Article 6(1) GDPR. This also includes profiling based on those provisions.

bedea Berkenhoff & Drebes GmbH shall no longer process the personal data unless the we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where bedea Berkenhoff & Drebes GmbH processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, bedea Berkenhoff & Drebes GmbH will no longer process this data for such purposes.

Where personal data is processed by bedea Berkenhoff & Drebes GmbH for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise their right to object, data subjects may directly contact any employee of bedea Berkenhoff & Drebes GmbH. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

h) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

Responsible supervisory authority
Der Hessische Datenschutzbeauftragte
PO Box 3163
D-65021 Wiesbaden
https://datenschutz.hessen.de
Phone: +49 611 1408 - 0
Fax: +49 611 1408 – 611
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

i) Automated individual decision-making, including profiling

Data subjects affected by the processing of personal data shall have the right set forth by the European legislative and regulatory authority not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision (i) is not necessary for entering into, or performance of, a contract between the data subject and a data controller, (ii) is authorised by EU or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or (ii) is based on the data subject’s explicit consent.

In the cases referred to in points (i) and (iii), bedea Berkenhoff & Drebes GmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

If a data subject wishes to exercise rights regarding the automated decision-making, he or she may contact an employee of the controller at any time.

j) Right to withdraw data privacy consent

Data subjects affected by the processing of personal data shall have the right set forth by the European legislative and regulatory authority, to request the withdrawal of consent to process personal data at any time.

If a data subject wishes to exercise the right to withdraw consent, he or she may contact an employee of the controller at any time.

 

8. Recruitment (process) privacy policy

The controller collects and processes personal data of applicants for the purpose of executing the recruitment process. Electronic processing is also possible. This is the case if an applicant submits to the controller respective application documents electronically, e.g. via email or an online webform. If the controller and the applicant enter into an employment contract, the transmitted data is stored in line with the statutory provisions for the purpose of managing the employment. If no employment contract is entered into, the application documents are automatically deleted three months after the refusal has been made public, provided that other legitimate interests of the controller do not oppose the deletion. 

 

9. Legal basis of processing

Point (a) of Art. 6 (1) GDPR forms the legal basis for our processing operations for which we have to obtain consent for a certain purpose of processing. Processing is based on point (b) of Art. 6(1) GDPR if it is required for the performance of a contract to which the data subject is party, as is the case for e.g. processing operations that are necessary for delivering goods or performing services or counter-services. The same applies to such processing operations that are necessary for the fulfilment of precontractual measures, such as is the case with inquiries regarding our products or services. Processing is based on point (c) of Art. 6(1) GDPR if our company becomes subject to a legal obligation that requires the processing of personal data, such as the fulfilment of tax responsibilities. In rare cases processing personal data may become necessary to protect vital interests of the data subject or other natural persons. This would be the case, should a visitor be injured while on our premises and we would have to provide the doctor, a hospital or other third parties with his name, age, health insurance data or other vital information. Then, processing is based on point (d) of Art. 6(1) GDPR. Lastly, processing operations could be based on point (f) of Art. 6(1) GDPR. Based on this legal basis are processing operations that are not included in any of the a.m. legal bases if the processing is necessary to protect the legitimate interest of our company or a third party, provided that the interests, and basic rights and fundamental freedoms of the data subject are not overriding. We are allowed to make use of such processing operations because the European legislator has specifically mentioned them. which considered that a legitimate interest could be presumed if the data subject is a customer of the controller (Recital 47(2) GDPR).

 

10. Legitimate interests in processing that are monitored by the controller or a third party

If processing personal data is based on point (f) of Art. 6(1) GDPR, our legitimate interest is the realisation of our business for the benefit of all of our employees and shareholder.

11. Period for which the personal data will be stored

 

Criterion for the storage period of personal data is the applicable statutory retention period. Once this period has expired, the respective data is deleted routinely provided that it is no longer required for the fulfilment or preparation of contracts.

 

12. Statutory or contractual regulations regarding the disclosure of personal data; necessities for the conclusion of contract; obligations of the data subject to disclose personal data; possible consequences in case of non-disclosure

We would like to inform you that the disclosure of personal data is partially prescribed by law (e.g. tax regulations) or may result from contractual regulations (e.g. information about the contract partner). When concluding a contract, it may become necessary that a data subject provides us with personal data which we will have to process subsequently. For example, the data subject is obliged to provide us with personal data in order to conclude a contract with our company. Unwillingness to provide the personal data to us would result in the contract not being concluded. The data subject must contact one of our employees prior to disclosing personal data. Our employee individually explains to the data subject if processing the personal data is prescribed by law or contract or necessary for the conclusion of the contract if an obligation exists to disclose the personal data and the consequences for not disclosing the personal data.

 

13. Existence of automated decision-making

As a responsible company, we abandon automated decision or profiling.

This data privacy statement has been created by the data privacy generator of the German Association for Data Protection (DGD Deutsche Gesellschaft für Datenschutz GmbH) that operates as External Data Protection Officer Dresden, in cooperation with RC GmbH that reuses outdated computers, and Christian Solmecke, Attorney-at-law specialised in Data Protection Law.

2018-07-12