Data privacy statement

The following is a translation that is intended for information purposes only. In the event of any inconsistency between the German original and the English translation, the German version shall prevail.

Processing of personal data on the basis of the EU General Data Protection Regulation

BMA Braunschweigische Maschinenbauanstalt AG processes personal data on the basis of the EU General Data Protection Regulation (GDPR). This data protection and privacy policy aims to provide an overview of how we process such personal data and of the rights under data protection legislation.

Data protection and privacy policy
This data protection and privacy policy aims to inform you of how BMA Braunschweigische Maschinenbauanstalt AG (referred to as BMA AG below) processes your personal data, and of your rights as a data subject under the new EU General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) from 25 May 2018.

Controller responsible for the processing of your personal data

BMA Braunschweigische Maschinenbauanstalt AG

Am Alten Bahnhof 5

38122 Braunschweig
Germany

Phone: +49 5331804-0
Fax: + 49 5331804-260

E-mail: www.bma-worldwide.com

Data protection officer

Our data protection officer:

Mr Tobias Lau

BEL NET GmbH

Christian-Pommer-Straße 23

38112 Braunschweig

Germany

Contact details for our data protection officer:

Telephone:     +49 531 2144-172

Fax: +49 531 2144-144

E-mail: tobias.lau(at)belnet.de 

 

Cookies

The IP-address, that your Browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser:  http://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser Addon or within browsers on mobile devices, you can click the button below in order to opt-out from being tracked by Google Analytics within this website in the future (the opt-out applies only for the browser in which you set it and within this domain).
An opt-out cookie will be stored on your device, which means that you'll have to click this link again, if you delete your cookies. 

Deactivate Google Analytics

Analysis services and advertising

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States .

In case IP-anonymisation is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transfered to a Google server in the USA and truncated there. The IP-anonymisation is active on this website.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.

Google Web Fonts
In order to display fonts consistently, this site uses web fonts provided by Google. When you access a page, your browser will load the required web fonts in your browser cache to display texts and fonts correctly. For this purpose, the browser you are using has to contact the Google servers, as a result of which Google learns that your IP address has accessed our website. We use Google web fonts in the interest of displaying our online offerings consistently and attractively. This represents a legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR.
If your browser does not support web fonts, your computer will use a standard font.
You can find further information about Google web fonts at (This link opens in a new tab) https://developers.google.com/fonts/faq and in Google’s data privacy statement: (This link opens in a new tab) https://www.google.com/policies/privacy/.

Visitor statistics
The content management system we use offers statistics on the page views of our website. For this, only the number of views, the date and the URL are stored. No personal data such as your IP address are stored.

Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses cookies, which are text files stored on your computer to help the website analyse how you use the site. The information generated by the cookie about your use of the website (including your IP address) will generally be transmitted to and stored by Google on servers in the United States. The Google Analytics cookies are stored on the basis of Art. 6 Para. 1 (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its web offering and its advertising.

Google Maps
This site uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps it is necessary to for your IP address to be stored. This information is generally sent to and stored on a Google server in the USA. The provider of this site has no influence over this data transmission. The use of Google Maps takes place in the interest of showing our online offerings appropriately and making it easy to find the places we mention on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR. You can find more information about the way in which user data is handled in Google’s data privacy statement: (This link opens in a new tab) https://www.google.de/intl/de/policies/privacy/.

Social plugins
Our website uses social plugins (“plugins”) from the social networks facebook.com, twitter.com, YouTube.com, induux.com, xing.de and LinkedIn (also referred to jointly below as “the providers”). The plugins are identified by the corresponding logos of the providers.
When you access our web pages, your browser establishes a direct connection with the providers’ servers. Through the integration of the plugin, the providers receive at least the information that you have accessed the website concerned, and as the case may be also further information depending on the respective plugin or service. If you are registered with and logged in with the respective provider, this provider can allocate your visit to your user account with them. If you interact with the plugin, for example by using the Facebook “Like” button or making a comment, the corresponding information will be transmitted directly from your browser to the provider and stored there, and also further processed if applicable. You can find details of the purpose and scope of such data collection and the further processing and use of the data by the respective provider, as well as your rights in this respect and options for adjusting the settings to protect your privacy, from the respective providers’ data privacy statements:

Facebook Inc.
https://www.facebook.com/policy.php

LinkedIN
https://www.linkedin.com/legal/privacy-policy

Twitter
https://twitter.com/privacy

Xing
https://dev.xing.com/plugins/share_button/privacy_policy

YouTube
www.google.de/intl/de/policies/privacy/

YouTube
Our Online Offers use the YouTube video platform which is operated by YouTube, LLC, 901 Cherry Ave. San Bruno, CA 94066, USA („YouTube”). YouTube is a platform which allows the playback of audio and video files. When you access a respective site of our Online Offers that contains an embedded YouTube player, this creates a connection to YouTube so that the video or audio file can be transmitted and played back. In doing so, data is transferred to YouTube as a data processor. We are not responsible for the processing of such data by YouTube. Additional information on the scope and purpose of collected data, on further processing and usage of data by YouTube, on your rights and the privacy options available to be chosen by you, can be found in YouTube's data protection notice.

Google Maps
Our Online Offers use the map service Google Maps via an API. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For the use of the functions of Google Maps it is necessary to store your IP address. This information is usually transmitted to a server of Google LLC in the USA and saved there. The provider of this page does not have any influence on this transmission of data.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy retrievability of the places listed by us on the website. This represents a predominant legitimate interest on our part within the meaning of article 6 section 1 lit. f GDPR.
Please see the privacy policy of Google for more information on the handling of user data:
https://www.google.de/intl/de/policies/privacy/

Cooperation with commissioned processors and third parties
Insofar as within the context of our processing we disclose data to other persons and companies (commissioned processors or third parties), transmit data to them or grant them access to data otherwise, this only takes place on the basis of legal permission (e.g. if it is necessary to transmit the data to third parties or to payment service providers in accordance with Art. 6 Para. 1 (b) GDPR for the performance of a contract), if you have consented to this, if this is provided for by a legal obligation or on the basis of our legitimate interests (e.g. when using agents, web hosting providers, etc.). If we instruct third parties to process data on the basis of a so-called “commissioned data processing agreement”, this takes place on the basis of Art. 28 GDPR.

Facebook plugins

Facebook is operated under www.facebook.com by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and under www.facebook.de by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland ("Facebook"). Find an overview over Facebook's plugins and their appearance here: https://developers.facebook.com/docs/plugins; find information on data protection at Facebook here: http://www.facebook.com/policy.php.

Twitter plugins

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). Find an overview over Twitter's plugins and their appearance here: https://developer.twitter.com/en/docs/twitter-for-websites/overview.html; find information on data protection at Twitter here: https://twitter.com/privacy.

LinkedIn

Plugins of the social network LinkedIn, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA are integrated on our website. When you visit our website, the plugin establishes a direct connection between your browser and the LinkedIn server. LinkedIn therefore receives information that you have visited our website, including your IP address. When you click the LinkedIn Share button while you are logged on to your LinkedIn account, you can link the content of our website to your LinkedIn profile. This allows LinkedIn to assign the visit to our website to your user account. Please note that we as the website provider receive no information about the content of the transmitted data or their use by LinkedIn. Further information is found in the LinkedIn data privacy statement under www.linkedin.com/legal/privacy-policy.If you do not want LinkedIn to be able to assign your visit to our website to your LinkedIn user account, please log off your LinkedIn user account.

Google Adwords

We use the online advertising program "Google AdWords" and the conversion tracking function of Google AdWords. Google conversion tracking is an analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").When you click on an ad delivered by Google, a conversion tracking cookie is placed on your computer. These cookies expire after 30 days, do not contain any personal data and therefore cannot be used to identify you personally. If you visit certain pages on our website and the cookie has not yet expired, we and Google can tell that you clicked on the ad and were directed to that page. Each Google AdWords customer has a different cookie, so it is not possible to track cookies via websites of other AdWords customers. The information collected by means of the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. Customers can see the total number of users who clicked on their ad and were directed to a page containing a conversion tracking tag. However, they do not receive information that enables them to identify users personally. If you do not want to participate in conversion tracking, you can opt out of this use and prevent cookies from being installed by selecting the appropriate settings on your browser software (deactivation option). You will then not be included in the conversion tracking statistics. Further information and Google's Privacy Policy are available at: https://policies.google.com/privacy

Purposes and legal basis of data processing

We process your personal data exclusively in compliance with the statutory requirements of the EU General Data Protection Regulation (GDPR), the new Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), and, where applicable, other relevant sector-specific laws. We therefore process your data only inasmuch as there is a contractual basis for this, you have given your consent to the processing of these data, or we are legally allowed or required to process your data. 

Data processing for the purpose of performance of a contract or for taking steps prior to entering into a contract

We process the personal data you provide to us inasmuch as this is required for entering into a contract, performance of a contract, or termination of a contract. For details of the purposes of data processing, please refer to the relevant contract documentation.

The legal basis for data processing for the performance of a contract and taking steps prior to entering into a contract is normally Article 6 (1) Item b GDPR.

Data processing for the purpose of legitimate interests pursued by the controller or by a third party

We also process your data inasmuch as this is required for the purpose of legitimate interests pursued by us or by a third party. Processing by us for the purpose of legitimate interests includes regular direct marketing activities for our own products and services; preparing internal statistics; criminal investigations; and actions to ensure the correct functioning of our IT infrastructure.

The legal basis for data processing for legitimate interests pursued by us or by a third party is Article 6 (1) Item f GDPR.

Data processing for compliance with a legal obligation

Moreover, we process your data inasmuch as this is required for compliance with a legal obligation that we are subject to. Legal obligations that we are subject to include, in particular, record-keeping duties under the German tax and commercial codes.

The legal basis for data processing for compliance with a legal obligation is Article 6 (1) Item c GDPR, in combination with the relevant legal standard in each case.

Data processing based on consent and for other purposes

We may also process your personal data inasmuch as you have given your express consent to this (see also Article 6 (1) Item a GDPR). In these cases, we provide you separately with additional data protection information in the context of the consent procedure. You can withdraw your consent at any time using the above contact details.

Inasmuch as we will process your personal data in future for purposes not listed in this data protection and privacy policy, we will notify you separately of this, if applicable, in compliance with statutory requirements.

Categories of recipients of personal data

Data processing within a group of undertakings

In the context of our administrative work and in the performance of the contract, it may become necessary for us to disclose your personal data to the company within our group of undertakings that is responsible for the relevant data processing task.

External contractors

Under Article 28 GDPR, all external contractors performing data processing services on our behalf are bound by contract to handle all personal data in accordance with current rules. Inasmuch as these companies come into contact with your personal data, we have put in place legal, technical and administrative measures and perform regular monitoring to ensure that they comply with the rules of data protection and privacy legislation.

Public authorities

We may disclose your personal data to public authorities where this required in the context of our statutory duties of disclosure.

Data transfers to a third country

We will not normally transfer your personal data to third countries or international organisations outside the European Economic Area (EEA). Where we do effect such transfers in individual cases, this will only be to third countries for which an adequacy decision by the European Commission exists, or whose level of protection of personal data has been confirmed by suitable or appropriate safeguards (such as binding corporate rules or standard EU contractual clauses).

Length of data storage

We will store your personal data only for as long as this is required in the context of the purposes specified above, and for a period where the establishment of legal claims against us could be expected.

The statutory limitation period for such claims may in individual cases run for between three and thirty years.

We also store your personal data inasmuch as we are required to do so in the context of the statutory duties of documentation and record-keeping (such as under the German Commercial and Fiscal Codes or the Money Laundering Act).

Statutory retention periods may run for up to ten years. In exceptional cases, specific duties of documentation may exist, which require your personal data to be kept for longer.

Rights of data subjects

  • As a data subject, you have the following rights under Article 15 ff. GDPR:
  • Right of access 
  • You have the right to obtain from us confirmation as to whether or not we process personal data concerning you. Where this is the case, you have the right to request access to these personal data.
  • Right to rectification 
  • You have the right to obtain from us rectification of inaccurate personal data concerning you.
  • Right to erasure
  • In certain cases, you have the right to obtain from us the erasure of personal data concerning you without undue delay.
  • Right to restriction of processing
  • In certain cases, you have the right to obtain from us the restriction of processing.
  • Right to data portability
  • You have the right to receive from us the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.
  • Right to object to processing
  • You have the right to object at any time, on grounds relating to your particular situation, to the processing based on Article 6 (1) Items e or f GDPR of personal data concerning you. Inasmuch as we use your data for direct marketing purposes, you have the right to object to this at any time.
  • Right to object

Inasmuch as you have given your consent to the use of personal data by us, you can withdraw this at any time.

Data protection supervisory authority

You also have the option of lodging a complaint with a data protection supervisory authority about our processing of personal data. The competent data protection supervisory authority is:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
D-30159 Hannover

If you have any further questions or comments, please do not hesitate to contact us or our data protection officer

Tobias Lau

c/o BEL NET GmbH

Christian-Pommer-Str. 23

38112 Braunschweig

Oder per Mail an: dsb(at)bma-de.com

 

03.12.2019