Last updated: 04/02/2020
The following is a translation that is intended for information purposes only. In the event of any inconsistency between the German original and the English translation, the German version shall prevail.
Processing of personal data on the basis of the EU General Data Protection Regulation
Controller responsible for the processing of your personal data
BMA Braunschweigische Maschinenbauanstalt AG
Am Alten Bahnhof 5
Phone: +49 5331804-0
Fax: + 49 5331804-260
Personal data means all information relating to the personal or material circumstances of an identified or identifiable natural person (such as the name, date of birth or contact details).
You are generally able to use our website without providing your personal data. However, some applications on our website may require you to disclose your data to us. If you do not provide your data, you may therefore experience restrictions in the use of our website.
When you visit our website, our web servers will temporarily store every access in a log file. The following may be collected and stored until they are automatically deleted: IP address, date and time of access, data volume transmitted, notifications on the success of your retrieval of a web page, IDs of the browser and operating system used, web page from which our website is accessed, IP address of your internet service provider, and other data. These data are processed for the following purposes: to permit use of the website, for system security, for technical administration of the network infrastructure, and for website optimisation. This can be considered a legitimate interest as per Article 6 (1) (f) GDPR.
Other data collection
We collect, store and process your personal data (such as first and last names, address, e-mail address, phone number) if a business relationship such as under a subscription or contract exists or will exist, and for arrangements or changes relating to the content of the business relationship. We also use your personal data inasmuch as you have provided them to us as part of your registration on our website and consented to the processing of your personal data. We also collect, store and process your personal data if you contact us via our job application or contact form, our online recruitment portal, or by sending us an e-mail, inasmuch as this is necessary for handling your enquiries and for correspondence. We will promptly delete the personal data collected by us when they are no longer required for this purpose, unless they are subject to a statutory retention period. Your personal data are provided voluntarily.
Disclosure of data
We use your personal data within BMA Braunschweigische Maschinenbauanstalt AG and affiliated companies. Under Article 28 GDPR, these companies and all external contractors performing data processing services on our behalf are contractually bound to handle all personal data in accordance with current rules. Inasmuch as these companies come into contact with your personal data, we have put in place legal, technical and administrative measures and perform regular monitoring to ensure that they comply with the rules of data protection and privacy legislation.
Where you find partner offerings on our website, you are using them directly on the partners’ sites. They include offerings by third-party providers, which are managed by these third-party providers and are therefore not subject to our data protection regulations. We reserve the right to disclose your personal data to bodies entitled to receive them if we are required to do so by statutory duty or by order of court.
We also use your data outside the European Union, by way of data processing by our affiliated companies and business partners outside the European Union. Protection of your data is ensured with the agreement of standard EU contractual clauses.
We will never disclose your personal data to other third parties.
As an alternative to the browser Addon or within browsers on mobile devices, you can click the button below in order to opt-out from being tracked by Google Analytics within this website in the future (the opt-out applies only for the browser in which you set it and within this domain).
An opt-out cookie will be stored on your device, which means that you'll have to click this link again, if you delete your cookies.
Google Web Fonts
In order to display fonts consistently, this site uses web fonts provided by Google. When you access a page, your browser will load the required web fonts in your browser cache to display texts and fonts correctly. For this purpose, the browser you are using has to contact the Google servers, as a result of which Google learns that your IP address has accessed our website. We use Google web fonts in the interest of displaying our online offerings consistently and attractively. This represents a legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR.
If your browser does not support web fonts, your computer will use a standard font.
You can find further information about Google web fonts at (This link opens in a new tab) https://developers.google.com/fonts/faq and in Google’s data privacy statement: (This link opens in a new tab) https://www.google.com/policies/privacy/.
In order to optimise the website content and offerings on our website and for statistical analyses, we use a range of technical applications that log data, including anonymised data, on website user behaviour. For this purpose, we collect data on, for instance, clicking behaviour, visit duration, system settings or visitor origin, using analytics software cookies in the form of text files. To analyse these data, cookies are stored on your computer. The data collected may be stored on the servers of the companies operating the analytics tools. The data collected are not used to identify individual users and they are not merged with other personal user data.
Our website uses the analytics tools listed here for the purpose given:
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Our website uses social plugins (“plugins”) from the social networks facebook.com, twitter.com, YouTube.com, induux.com, xing.de and LinkedIn (also referred to jointly below as “the providers”). The plugins are identified by the corresponding logos of the providers.
When you access our web pages, your browser establishes a direct connection with the providers’ servers. Through the integration of the plugin, the providers receive at least the information that you have accessed the website concerned, and as the case may be also further information depending on the respective plugin or service. If you are registered with and logged in with the respective provider, this provider can allocate your visit to your user account with them. If you interact with the plugin, for example by using the Facebook “Like” button or making a comment, the corresponding information will be transmitted directly from your browser to the provider and stored there, and also further processed if applicable. You can find details of the purpose and scope of such data collection and the further processing and use of the data by the respective provider, as well as your rights in this respect and options for adjusting the settings to protect your privacy, from the respective providers’ data privacy statements:
Facebook is operated under www.facebook.com by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and under www.facebook.de by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland ("Facebook"). Find an overview over Facebook's plugins and their appearance here: https://developers.facebook.com/docs/plugins; find information on data protection at Facebook here: http://www.facebook.com/policy.php.
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). Find an overview over Twitter's plugins and their appearance here: https://developer.twitter.com/en/docs/twitter-for-websites/overview.html; find information on data protection at Twitter here: https://twitter.com/privacy.
Plugins of the social network LinkedIn, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA are integrated on our website. When you visit our website, the plugin establishes a direct connection between your browser and the LinkedIn server. LinkedIn therefore receives information that you have visited our website, including your IP address. When you click the LinkedIn Share button while you are logged on to your LinkedIn account, you can link the content of our website to your LinkedIn profile. This allows LinkedIn to assign the visit to our website to your user account. Please note that we as the website provider receive no information about the content of the transmitted data or their use by LinkedIn. Further information is found in the LinkedIn data privacy statement under www.linkedin.com/legal/privacy-policy.If you do not want LinkedIn to be able to assign your visit to our website to your LinkedIn user account, please log off your LinkedIn user account.
Plugins of the social network XING AG, Dammtorstraße 30, 20354 Hamburg are integrated on our website. The Xing-Plugins are visible by the Xing logo. When you visit our website, the plugin establishes a direct connection between your browser and the LinkedIn server. Xing therefore receives information that you have visited our website, including your IP address. When you click the Xing Share button while you are logged on to your Xing account, you can link the content of our website to your Xing profile. This allows Xing to assign the visit to our website to your user account. Please note that we as the website provider receive no information about the content of the transmitted data or their use by Xing. Further information is found in the LinkedIn data privacy statement under https://dev.xing.com/plugins/share_button/privacy_policy If you do not want Xing to be able to assign your visit to our website to your Xing user account, please log off your Xing user account.
Our Online Offers use the YouTube video platform, which is operated by YouTube, LLC, 901 Cherry Ave. San Bruno, CA 94066, USA („YouTube”). YouTube is a platform which allows the playback of audio and video files. When you access a respective site of our Online Offers that contains an embedded YouTube player, this creates a connection to YouTube so that the video or audio file can be transmitted and played back. In doing so, data is transferred to YouTube as a data processor. We are not responsible for the processing of such data by YouTube. Additional information on the scope and purpose of collected data, on further processing and usage of data by YouTube, on your rights and the privacy options available to be chosen by you, can be found in YouTube's data protection notice.
This site uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps it is necessary to for your IP address to be stored. This information is generally sent to and stored on a Google server in the USA. The provider of this site has no influence over this data transmission. The use of Google Maps takes place in the interest of showing our online offerings appropriately and making it easy to find the places we mention on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR. You can find more information about the way in which user data is handled in Google’s data privacy statement: (This link opens in a new tab) https://www.google.de/intl/de/policies/privacy/.
On our website, you can register to receive our free newsletter. The only required information for subscription to the newsletter is your e-mail address. You may also choose to provide your name. If you provide your name, this information is used to personalise the newsletter. The data you provide are not disclosed to third parties.
Registration for our newsletter uses a so-called double opt-in process. It means that, when we receive your registration, we send a confirmation e-mail to the e-mail address provided by you, asking you to confirm your subscription to the newsletter. If you do not click the link in the confirmation e-mail within 24 hours, your registration is automatically deleted.
If you do confirm your newsletter subscription, we will store your data until you unsubscribe from the newsletter or withdraw your consent. The sole purpose of storage is to be able to send you the newsletter. We also store your IP addresses and times of registration and confirmation, to prevent abuse of your personal data.
You can withdraw your consent to receiving the newsletter at any time. To withdraw your consent, click on the link provided in every newsletter (see footer), send an e-mail to firstname.lastname@example.org, or send a message to the contacts listed in the legal notice.
When you withdraw your consent or unsubscribe from the newsletter, your data are removed from the newsletter mailing list and then permanently deleted. Inasmuch as we have collected your contact details (name and e-mail address) in the context of other business transactions, the relevant retention periods apply.
Cooperation with commissioned processors and third parties
Insofar as within the context of our processing we disclose data to other persons and companies (commissioned processors or third parties), transmit data to them or grant them access to data otherwise, this only takes place on the basis of legal permission (e.g. if it is necessary to transmit the data to third parties or to payment service providers in accordance with Art. 6 Para. 1 (b) GDPR for the performance of a contract), if you have consented to this, if this is provided for by a legal obligation or on the basis of our legitimate interests (e.g. when using agents, web hosting providers, etc.). If we instruct third parties to process data on the basis of a so-called “commissioned data processing agreement”, this takes place on the basis of Art. 28 GDPR.
Purposes and legal basis of data processing
We process your personal data exclusively in compliance with the statutory requirements of the EU General Data Protection Regulation (GDPR), the new Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), and, where applicable, other relevant sector-specific laws. We therefore process your data only inasmuch as there is a contractual basis for this, you have given your consent to the processing of these data, or we are legally allowed or required to process your data.
Data processing for the purpose of performance of a contract or for taking steps prior to entering into a contract
We process the personal data you provide to us inasmuch as this is required for entering into a contract, performance of a contract, or termination of a contract. For details of the purposes of data processing, please refer to the relevant contract documentation.
The legal basis for data processing for the performance of a contract and taking steps prior to entering into a contract is normally Article 6 (1) Item b GDPR.
Data processing for the purpose of legitimate interests pursued by the controller or by a third party
We also process your data inasmuch as this is required for the purpose of legitimate interests pursued by us or by a third party. Processing by us for the purpose of legitimate interests includes regular direct marketing activities for our own products and services; preparing internal statistics; criminal investigations; and actions to ensure the correct functioning of our IT infrastructure.
The legal basis for data processing for legitimate interests pursued by us or by a third party is Article 6 (1) Item f GDPR.
Data processing for compliance with a legal obligation
Moreover, we process your data inasmuch as this is required for compliance with a legal obligation that we are subject to. Legal obligations that we are subject to include, in particular, record-keeping duties under the German tax and commercial codes.
The legal basis for data processing for compliance with a legal obligation is Article 6 (1) Item c GDPR, in combination with the relevant legal standard in each case.
Data processing based on consent and for other purposes
We may also process your personal data inasmuch as you have given your express consent to this (see also Article 6 (1) Item a GDPR). In these cases, we provide you separately with additional data protection information in the context of the consent procedure. You can withdraw your consent at any time using the above contact details.
Categories of recipients of personal data
Data processing within a group of undertakings
In the context of our administrative work and in the performance of the contract, it may become necessary for us to disclose your personal data to the company within our group of undertakings that is responsible for the relevant data processing task.
Under Article 28 GDPR, all external contractors performing data processing services on our behalf are bound by contract to handle all personal data in accordance with current rules. Inasmuch as these companies come into contact with your personal data, we have put in place legal, technical and administrative measures and perform regular monitoring to ensure that they comply with the rules of data protection and privacy legislation.
We may disclose your personal data to public authorities where this required in the context of our statutory duties of disclosure.
Data transfers to a third country
We will not normally transfer your personal data to third countries or international organisations outside the European Economic Area (EEA). Where we do effect such transfers in individual cases, this will only be to third countries for which an adequacy decision by the European Commission exists, or whose level of protection of personal data has been confirmed by suitable or appropriate safeguards (such as binding corporate rules or standard EU contractual clauses).
Length of data storage
We will store your personal data only for as long as this is required in the context of the purposes specified above, and for a period where the establishment of legal claims against us could be expected.
The statutory limitation period for such claims may in individual cases run for between three and thirty years.
We also store your personal data inasmuch as we are required to do so in the context of the statutory duties of documentation and record-keeping (such as under the German Commercial and Fiscal Codes or the Money Laundering Act).
Statutory retention periods may run for up to ten years. In exceptional cases, specific duties of documentation may exist, which require your personal data to be kept for longer.
Rights of data subjects
- As a data subject, you have the following rights under Article 15 ff. GDPR:
- Right of access
- You have the right to obtain from us confirmation as to whether or not we process personal data concerning you. Where this is the case, you have the right to request access to these personal data.
- Right to rectification
- You have the right to obtain from us rectification of inaccurate personal data concerning you.
- Right to erasure
- In certain cases, you have the right to obtain from us the erasure of personal data concerning you without undue delay.
- Right to restriction of processing
- In certain cases, you have the right to obtain from us the restriction of processing.
- Right to data portability
- You have the right to receive from us the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.
- Right to object to processing
- You have the right to object at any time, on grounds relating to your particular situation, to the processing based on Article 6 (1) Items e or f GDPR of personal data concerning you. Inasmuch as we use your data for direct marketing purposes, you have the right to object to this at any time.
- Right to object
Inasmuch as you have given your consent to the use of personal data by us, you can withdraw this at any time email@example.com.
Data protection supervisory authority
You also have the option of lodging a complaint with a data protection supervisory authority about our processing of personal data. The competent data protection supervisory authority is:
Die Landesbeauftragte für den Datenschutz Niedersachsen
Contact Data protection officer of BMA Braunschweigische Maschinenbauanstalt AG:
Mr Tobias Lau
c/o BEL NET GmbH
Please click here for our data protection and privacy notice, in compliance with our duties of information (German only).