Data privacy statement

Last updated: 04/02/2020

The following is a translation that is intended for information purposes only. In the event of any inconsistency between the German original and the English translation, the German version shall prevail.

Processing of personal data on the basis of the EU General Data Protection Regulation

BMA Braunschweigische Maschinenbauanstalt AG processes personal data on the basis of the EU General Data Protection Regulation (GDPR). This data protection and privacy policy aims to provide an overview of how we process such personal data and of the rights under data protection legislation.

Data protection and privacy policy
This data protection and privacy policy aims to inform you of how BMA Braunschweigische Maschinenbauanstalt AG (referred to as BMA AG below) processes your personal data, and of your rights as a data subject under the new EU General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) from 25 May 2018.

Controller responsible for the processing of your personal data

BMA Braunschweigische Maschinenbauanstalt AG

Am Alten Bahnhof 5

38122 Braunschweig
Germany

Phone: +49 5331804-0
Fax: + 49 5331804-260

E-mail: www.bma-worldwide.com

Personal data

Personal data means all information relating to the personal or material circumstances of an identified or identifiable natural person (such as the name, date of birth or contact details).

Website

You are generally able to use our website without providing your personal data. However, some applications on our website may require you to disclose your data to us. If you do not provide your data, you may therefore experience restrictions in the use of our website.

When you visit our website, our web servers will temporarily store every access in a log file. The following may be collected and stored until they are automatically deleted: IP address, date and time of access, data volume transmitted, notifications on the success of your retrieval of a web page, IDs of the browser and operating system used, web page from which our website is accessed, IP address of your internet service provider, and other data. These data are processed for the following purposes: to permit use of the website, for system security, for technical administration of the network infrastructure, and for website optimisation. This can be considered a legitimate interest as per Article 6 (1) (f) GDPR.

Other data collection

We collect, store and process your personal data (such as first and last names, address, e-mail address, phone number) if a business relationship such as under a subscription or contract exists or will exist, and for arrangements or changes relating to the content of the business relationship. We also use your personal data inasmuch as you have provided them to us as part of your registration on our website and consented to the processing of your personal data. We also collect, store and process your personal data if you contact us via our job application or contact form, our online recruitment portal, or by sending us an e-mail, inasmuch as this is necessary for handling your enquiries and for correspondence. We will promptly delete the personal data collected by us when they are no longer required for this purpose, unless they are subject to a statutory retention period. Your personal data are provided voluntarily.

Disclosure of data

We use your personal data within BMA Braunschweigische Maschinenbauanstalt AG and affiliated companies. Under Article 28 GDPR, these companies and all external contractors performing data processing services on our behalf are contractually bound to handle all personal data in accordance with current rules. Inasmuch as these companies come into contact with your personal data, we have put in place legal, technical and administrative measures and perform regular monitoring to ensure that they comply with the rules of data protection and privacy legislation.

Where you find partner offerings on our website, you are using them directly on the partners’ sites. They include offerings by third-party providers, which are managed by these third-party providers and are therefore not subject to our data protection regulations. We reserve the right to disclose your personal data to bodies entitled to receive them if we are required to do so by statutory duty or by order of court.

We also use your data outside the European Union, by way of data processing by our affiliated companies and business partners outside the European Union. Protection of your data is ensured with the agreement of standard EU contractual clauses.

We will never disclose your personal data to other third parties.

Cookies

The IP-address, that your Browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser:  http://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser Addon or within browsers on mobile devices, you can click the button below in order to opt-out from being tracked by Google Analytics within this website in the future (the opt-out applies only for the browser in which you set it and within this domain).
An opt-out cookie will be stored on your device, which means that you'll have to click this link again, if you delete your cookies. 

Deactivate Google Analytics

Google Web Fonts

In order to display fonts consistently, this site uses web fonts provided by Google. When you access a page, your browser will load the required web fonts in your browser cache to display texts and fonts correctly. For this purpose, the browser you are using has to contact the Google servers, as a result of which Google learns that your IP address has accessed our website. We use Google web fonts in the interest of displaying our online offerings consistently and attractively. This represents a legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR.
If your browser does not support web fonts, your computer will use a standard font.
You can find further information about Google web fonts at (This link opens in a new tab) https://developers.google.com/fonts/faq and in Google’s data privacy statement: (This link opens in a new tab) https://www.google.com/policies/privacy/.

Google Adwords

We use the online advertising program "Google AdWords" and the conversion tracking function of Google AdWords. Google conversion tracking is an analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").When you click on an ad delivered by Google, a conversion tracking cookie is placed on your computer. These cookies expire after 30 days, do not contain any personal data and therefore cannot be used to identify you personally. If you visit certain pages on our website and the cookie has not yet expired, we and Google can tell that you clicked on the ad and were directed to that page. Each Google AdWords customer has a different cookie, so it is not possible to track cookies via websites of other AdWords customers. The information collected by means of the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. Customers can see the total number of users who clicked on their ad and were directed to a page containing a conversion tracking tag. However, they do not receive information that enables them to identify users personally. If you do not want to participate in conversion tracking, you can opt out of this use and prevent cookies from being installed by selecting the appropriate settings on your browser software (deactivation option). You will then not be included in the conversion tracking statistics. Further information and Google's Privacy Policy are available at: https://policies.google.com/privacy

Web analytics

In order to optimise the website content and offerings on our website and for statistical analyses, we use a range of technical applications that log data, including anonymised data, on website user behaviour. For this purpose, we collect data on, for instance, clicking behaviour, visit duration, system settings or visitor origin, using analytics software cookies in the form of text files. To analyse these data, cookies are stored on your computer. The data collected may be stored on the servers of the companies operating the analytics tools. The data collected are not used to identify individual users and they are not merged with other personal user data.

You can configure your browser settings to disable the use of cookies. Please note, however, that you may in this case not be able to use the full range of services provided on this website. In the following section, you can find detailed descriptions of the analytics tools we use.

Our website uses the analytics tools listed here for the purpose given:

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses cookies, which are text files stored on your computer to help the website analyse how you use the site. The information generated by the cookie about your use of the website (including your IP address) will generally be transmitted to and stored by Google on servers in the United States. The Google Analytics cookies are stored on the basis of Art. 6 Para. 1 (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its web offering and its advertising.

Social plugins

Our website uses social plugins (“plugins”) from the social networks facebook.com, twitter.com, YouTube.com, induux.com, xing.de and LinkedIn (also referred to jointly below as “the providers”). The plugins are identified by the corresponding logos of the providers.
When you access our web pages, your browser establishes a direct connection with the providers’ servers. Through the integration of the plugin, the providers receive at least the information that you have accessed the website concerned, and as the case may be also further information depending on the respective plugin or service. If you are registered with and logged in with the respective provider, this provider can allocate your visit to your user account with them. If you interact with the plugin, for example by using the Facebook “Like” button or making a comment, the corresponding information will be transmitted directly from your browser to the provider and stored there, and also further processed if applicable. You can find details of the purpose and scope of such data collection and the further processing and use of the data by the respective provider, as well as your rights in this respect and options for adjusting the settings to protect your privacy, from the respective providers’ data privacy statements:

Facebook

Facebook is operated under www.facebook.com by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and under www.facebook.de by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland ("Facebook"). Find an overview over Facebook's plugins and their appearance here: https://developers.facebook.com/docs/plugins; find information on data protection at Facebook here: http://www.facebook.com/policy.php.

Twitter

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). Find an overview over Twitter's plugins and their appearance here: https://developer.twitter.com/en/docs/twitter-for-websites/overview.html; find information on data protection at Twitter here: https://twitter.com/privacy.

LinkedIn

Plugins of the social network LinkedIn, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA are integrated on our website. When you visit our website, the plugin establishes a direct connection between your browser and the LinkedIn server. LinkedIn therefore receives information that you have visited our website, including your IP address. When you click the LinkedIn Share button while you are logged on to your LinkedIn account, you can link the content of our website to your LinkedIn profile. This allows LinkedIn to assign the visit to our website to your user account. Please note that we as the website provider receive no information about the content of the transmitted data or their use by LinkedIn. Further information is found in the LinkedIn data privacy statement under www.linkedin.com/legal/privacy-policy.If you do not want LinkedIn to be able to assign your visit to our website to your LinkedIn user account, please log off your LinkedIn user account.

XING

Plugins of the social network XING AG, Dammtorstraße 30, 20354 Hamburg are integrated on our website. The Xing-Plugins are visible by the Xing logo. When you visit our website, the plugin establishes a direct connection between your browser and the LinkedIn server. Xing therefore receives information that you have visited our website, including your IP address. When you click the Xing Share button while you are logged on to your Xing account, you can link the content of our website to your Xing profile. This allows Xing to assign the visit to our website to your user account. Please note that we as the website provider receive no information about the content of the transmitted data or their use by Xing. Further information is found in the LinkedIn data privacy statement under https://dev.xing.com/plugins/share_button/privacy_policy If you do not want Xing to be able to assign your visit to our website to your Xing user account, please log off your Xing user account.

YouTube

Our Online Offers use the YouTube video platform, which is operated by YouTube, LLC, 901 Cherry Ave. San Bruno, CA 94066, USA („YouTube”). YouTube is a platform which allows the playback of audio and video files. When you access a respective site of our Online Offers that contains an embedded YouTube player, this creates a connection to YouTube so that the video or audio file can be transmitted and played back. In doing so, data is transferred to YouTube as a data processor. We are not responsible for the processing of such data by YouTube. Additional information on the scope and purpose of collected data, on further processing and usage of data by YouTube, on your rights and the privacy options available to be chosen by you, can be found in YouTube's data protection notice.

Google Maps

This site uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps it is necessary to for your IP address to be stored. This information is generally sent to and stored on a Google server in the USA. The provider of this site has no influence over this data transmission. The use of Google Maps takes place in the interest of showing our online offerings appropriately and making it easy to find the places we mention on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR. You can find more information about the way in which user data is handled in Google’s data privacy statement: (This link opens in a new tab) https://www.google.de/intl/de/policies/privacy/.

Newsletter: 

On our website, you can register to receive our free newsletter. The only required information for subscription to the newsletter is your e-mail address. You may also choose to provide your name. If you provide your name, this information is used to personalise the newsletter. The data you provide are not disclosed to third parties.

Registration for our newsletter uses a so-called double opt-in process. It means that, when we receive your registration, we send a confirmation e-mail to the e-mail address provided by you, asking you to confirm your subscription to the newsletter. If you do not click the link in the confirmation e-mail within 24 hours, your registration is automatically deleted.

If you do confirm your newsletter subscription, we will store your data until you unsubscribe from the newsletter or withdraw your consent. The sole purpose of storage is to be able to send you the newsletter. We also store your IP addresses and times of registration and confirmation, to prevent abuse of your personal data.

You can withdraw your consent to receiving the newsletter at any time. To withdraw your consent, click on the link provided in every newsletter (see footer), send an e-mail to socialmedia@bma-de.com, or send a message to the contacts listed in the legal notice.

When you withdraw your consent or unsubscribe from the newsletter, your data are removed from the newsletter mailing list and then permanently deleted. Inasmuch as we have collected your contact details (name and e-mail address) in the context of other business transactions, the relevant retention periods apply.

Cooperation with commissioned processors and third parties

Insofar as within the context of our processing we disclose data to other persons and companies (commissioned processors or third parties), transmit data to them or grant them access to data otherwise, this only takes place on the basis of legal permission (e.g. if it is necessary to transmit the data to third parties or to payment service providers in accordance with Art. 6 Para. 1 (b) GDPR for the performance of a contract), if you have consented to this, if this is provided for by a legal obligation or on the basis of our legitimate interests (e.g. when using agents, web hosting providers, etc.). If we instruct third parties to process data on the basis of a so-called “commissioned data processing agreement”, this takes place on the basis of Art. 28 GDPR.

Purposes and legal basis of data processing

We process your personal data exclusively in compliance with the statutory requirements of the EU General Data Protection Regulation (GDPR), the new Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), and, where applicable, other relevant sector-specific laws. We therefore process your data only inasmuch as there is a contractual basis for this, you have given your consent to the processing of these data, or we are legally allowed or required to process your data. 

Data processing for the purpose of performance of a contract or for taking steps prior to entering into a contract

We process the personal data you provide to us inasmuch as this is required for entering into a contract, performance of a contract, or termination of a contract. For details of the purposes of data processing, please refer to the relevant contract documentation.

The legal basis for data processing for the performance of a contract and taking steps prior to entering into a contract is normally Article 6 (1) Item b GDPR.

Data processing for the purpose of legitimate interests pursued by the controller or by a third party

We also process your data inasmuch as this is required for the purpose of legitimate interests pursued by us or by a third party. Processing by us for the purpose of legitimate interests includes regular direct marketing activities for our own products and services; preparing internal statistics; criminal investigations; and actions to ensure the correct functioning of our IT infrastructure.

The legal basis for data processing for legitimate interests pursued by us or by a third party is Article 6 (1) Item f GDPR.

Data processing for compliance with a legal obligation

Moreover, we process your data inasmuch as this is required for compliance with a legal obligation that we are subject to. Legal obligations that we are subject to include, in particular, record-keeping duties under the German tax and commercial codes.

The legal basis for data processing for compliance with a legal obligation is Article 6 (1) Item c GDPR, in combination with the relevant legal standard in each case.

Data processing based on consent and for other purposes

We may also process your personal data inasmuch as you have given your express consent to this (see also Article 6 (1) Item a GDPR). In these cases, we provide you separately with additional data protection information in the context of the consent procedure. You can withdraw your consent at any time using the above contact details.

Inasmuch as we will process your personal data in future for purposes not listed in this data protection and privacy policy, we will notify you separately of this, if applicable, in compliance with statutory requirements.

Categories of recipients of personal data

Data processing within a group of undertakings

In the context of our administrative work and in the performance of the contract, it may become necessary for us to disclose your personal data to the company within our group of undertakings that is responsible for the relevant data processing task.

External contractors

Under Article 28 GDPR, all external contractors performing data processing services on our behalf are bound by contract to handle all personal data in accordance with current rules. Inasmuch as these companies come into contact with your personal data, we have put in place legal, technical and administrative measures and perform regular monitoring to ensure that they comply with the rules of data protection and privacy legislation.

Public authorities

We may disclose your personal data to public authorities where this required in the context of our statutory duties of disclosure.

Data transfers to a third country

We will not normally transfer your personal data to third countries or international organisations outside the European Economic Area (EEA). Where we do effect such transfers in individual cases, this will only be to third countries for which an adequacy decision by the European Commission exists, or whose level of protection of personal data has been confirmed by suitable or appropriate safeguards (such as binding corporate rules or standard EU contractual clauses).

Length of data storage

We will store your personal data only for as long as this is required in the context of the purposes specified above, and for a period where the establishment of legal claims against us could be expected.

The statutory limitation period for such claims may in individual cases run for between three and thirty years.

We also store your personal data inasmuch as we are required to do so in the context of the statutory duties of documentation and record-keeping (such as under the German Commercial and Fiscal Codes or the Money Laundering Act).

Statutory retention periods may run for up to ten years. In exceptional cases, specific duties of documentation may exist, which require your personal data to be kept for longer.

Rights of data subjects

  • As a data subject, you have the following rights under Article 15 ff. GDPR:
  • Right of access 
  • You have the right to obtain from us confirmation as to whether or not we process personal data concerning you. Where this is the case, you have the right to request access to these personal data.
  • Right to rectification 
  • You have the right to obtain from us rectification of inaccurate personal data concerning you.
  • Right to erasure
  • In certain cases, you have the right to obtain from us the erasure of personal data concerning you without undue delay.
  • Right to restriction of processing
  • In certain cases, you have the right to obtain from us the restriction of processing.
  • Right to data portability
  • You have the right to receive from us the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.
  • Right to object to processing
  • You have the right to object at any time, on grounds relating to your particular situation, to the processing based on Article 6 (1) Items e or f GDPR of personal data concerning you. Inasmuch as we use your data for direct marketing purposes, you have the right to object to this at any time.
  • Right to object

Inasmuch as you have given your consent to the use of personal data by us, you can withdraw this at any time dsb@bma-de.com.

Data protection supervisory authority

You also have the option of lodging a complaint with a data protection supervisory authority about our processing of personal data. The competent data protection supervisory authority is:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
D-30159 Hannover

Involvement, timeliness and changes to the data privacy policy

By continuing to use our website, you consent to the use of data detailed above. Our data privacy policy was last updated on 10/10/2018 and it is currently valid. As we continue to develop our website and implement new technologies, it may become necessary to update this data privacy policy. BMA Braunschweigische Maschinenbauanstalt AG therefore reserves the right to change the data privacy policy at any time with effect for the future. You should therefore visit this website regularly to find out the current status of our privacy policy.

Contact Data protection officer of BMA Braunschweigische Maschinenbauanstalt AG:

Mr Tobias Lau

c/o BEL NET GmbH

Christian-Pommer-Str. 23

38112 Braunschweig
Germany

E-Mail: dsb(at)bma-de.com

Please click here for our data protection and privacy notice, in compliance with our duties of information (German only).