Datenschutz | Wilhelm Bauer GmbH & Co. KG, Hannover-Anderten

This Privacy Policy provides you with information about the type, scope and purpose of the processing of personal data (hereinafter abbreviated to “Data”) in our online offering and the web pages, functions, content and external online presences, such as our social media profile (hereinafter jointly referred to as “Online Offering”) associated therewith. With respect to the terms used, such as “personal data” or their “processing”, please see the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller:
Wilhelm Bauer GmbH & Co. KG
Hägenstr. 15
30559 Hanover, Germany
Commercial register: Hanover Regional Court HRA 25572
Managing Directors: Jan Bauer, Tobias Bauer
Telephone number: +49 511 51001 0
E-mail address: datenschutz@wilhelm-bauer.de

Types of Data processed:

User data
Contact data
Usage data
Metadata/communication data

Processing of special categories of Data (Art. 9 (1) GDPR):

In principle, no special categories of Data are processed except for that provided by the user for processing, e.g. in online forms or in direct e-mail transmissions.

Categories of persons affected by the processing (data subjects):

Customers / interested parties / suppliers.
Visitors to and users of the Online Offering.

Data subjects are hereinafter also collectively described as “Users”.

Purpose of processing:

Provision of the Online Offering, its contents and functions.
Responding to contact enquiries and communicating with Users.
Marketing, advertising and market research.

Effective: 25/05/2018

Relevant legal bases:
Pursuant to Art. 13 GDPR, we inform you of the legal regulations our data processing is based on. If the legal basis is not mentioned in the Privacy Policy, the following applies: The legal bases for obtaining consent are Art. 6 (1) letter a) and Art. 7 GDPR, the legal basis for processing to perform our services and execute our contractual measures as well as for responding to queries is Art 6 (1) letter b) GDPR, the legal basis for processing to perform our legal obligations is Art. 6 (1) letter c) GDPR and the legal basis for processing to protect our legitimate interests is Art. 6 (1) letter f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) letter d) GDPR serves as the legal basis.

Amendments and updates to the Privacy Policy
We kindly request that you inform yourself of the contents of our Privacy Policy on a regular basis. We will amend the Privacy Policy as soon as changes to our data processing make this necessary. We will inform you as soon as any changes require an act of cooperation on your part (e.g. consent) or other individual notification.

Security measures
Pursuant to Art. 32 GDPR, taking into account the state of the art, implementation costs and the type, scope, circumstances and purpose of processing as well as the differing probabilities of occurrence and severity of the risk in respect of the rights and freedoms of natural persons, we take suitable technical and organisational measures to ensure an appropriate level of protection. The measures include in particular ensuring the confidentiality, integrity and availability of the Data by controlling physical access to the Data as well as its logical access, input, transmission, security of availability and its separation. Furthermore, we have set up procedures that ensure the exercise of data subjects’ rights as well as the erasure of data and the response to threats to Data. In addition, we take the protection of personal data into account as early as in the development or selection of hardware, software and procedures in accordance with the principle of data protection through technology design and default privacy settings (Art. 25 GDPR).

Collaboration with processors and third parties
1. If we disclose, transmit or provide access in any way to the Data to other persons and companies (processors or third parties) in the context of our processing, this only takes place on the basis of lawful permission (e.g. when transmitting Data to third parties, such as required for payment providers, pursuant to Art. 6 (1) letter b) GDPR for contract performance), if you have given consent, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using contractors, web hosting services, etc).
2. If we contract third parties to process Data on the basis of a contract processing agreement, this shall be based on Art. 28 GDPR.
Transmission to third countries
If we process Data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)), or this occurs in the context of using the services of a third party or a disclosure or transmission of Data to third parties, this only occurs in the performance of our (pre-)contractual obligations, based on your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual consent, we process Data, or allow Data to be processed, in a third country only if the special requirements under Art. 44 et. seqq. GDPR are met. This means that, for instance, processing is only carried out on the basis of special guarantees, such as the officially recognised determination of a level of protection that conforms to that of the EU (e.g. for the USA by the "Data Privacy Framework") or the observance of officially recognised special contractual obligations (standard contract clauses).

Data subjects’ rights
1. You have the right to request confirmation as to whether relevant Data is processed and information about this Data as well as further information and copies of the Data pursuant to Art. 15 GDPR.
2. Pursuant to Art. 16 GDPR, you have the right to completion of the Data relevant to you or the correction of incorrect Data pertaining to you.
3. Pursuant to Art. 17 GDPR, you have the right to request relevant Data to be erased immediately or, as an alternative, request to have the processing of the Data restricted pursuant to Art. 18 GDPR.
4. You have the right to request that Data concerning you that you have provided to us be retained pursuant to Art. 20 GDPR and request this Data to be transmitted to other controllers.
5. Furthermore, pursuant to Art. 77 GDPR, you have the right to lodge a complaint at the competent supervisory authority.
Right to withdraw consent
You have the right to withdraw any consent given with effect for the future pursuant to Art. 7 (3) GDPR.

Right to object
You may object to any future processing of Data relevant to you at any time pursuant to Art. 21 GDPR. The objection may, in particular, be lodged against processing for the purposes of direct marketing.

Cookies and the right to object to direct marketing
We place temporary and permanent cookies. These are small files that are stored on a User’s device (for an explanation of this term and the function, please see the last section of this Privacy Policy). In part, the purpose of cookies is to secure or operate our Online Offering (e.g. to display the website) or to store the User’s decision when confirming the cookie banner. In addition, we place cookies to measure audience reach. We inform the User of this in the Privacy Policy.

For many services, a general objection against the use of cookies for marketing purposes, in particular for tracking, may be lodged via the US web page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/.

Furthermore, the storage of cookies can be deactivated in the browser settings. Please note that not all the functions of this Online Offering may be able to be used in that case.

Erasure of Data
1. The Data processed by us is erased or its processing restricted pursuant to Art. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, the Data stored by us will be erased as soon as it is no longer required for the purpose collected and if there are no statutory retention obligations preventing us from doing so. If the Data is not erased because it is needed for other lawful purposes, its processing shall be restricted. This means that the Data will be blocked and not processed for other purposes. This applies, for example, to Data that must be retained for reasons under commercial or tax law.
2. According to the legal requirements, Data must be retained for 6 years pursuant to section 257 (1) HGB [German Commercial Code] (trading books, inventories, opening balances, annual financial statements, commercial correspondence, accounting documents, etc) and for 10 years pursuant to section 147 (1) AO [German Fiscal Code] (books, records, management reports, accounting documents, commercial and business correspondence, tax-related documents, etc).
Contacting us
1. When you contact us via the contact form or e-mail, the User’s information is processed for the purpose of processing the contact enquiry and its response pursuant to Art. 6 (1) letter b) GDPR.
2. The User’s information can be stored in our Customer Relationship Management System (“CRM System”) or similar query database.
Collection of access data and log files
1. Based on our legitimate interests as defined in Art. 6 (1) letter f) GDPR, we collect Data about every access to the server that has this service (server log files). The access data includes the name of the web page accessed, file, date and time of access, data quantity transferred, message about a successful access, browser type and version, the User’s operating system, referrer URL (the site visited last), IP address and the querying provider.
2. For security reasons (e.g. to clarify any misuse or fraudulent actions), log file information is stored for the duration of the last full calendar year and then erased. Data requiring to be stored for the purposes of providing proof is exempted from erasure until the final clarification of the respective incident.
Inclusion of services and third-party content
1. We place third-party content or service offerings in our Online Offering based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our Online Offering as defined in Art. 6 (1) letter f) GDPR) in order to include their content and services, such as videos or fonts (hereinafter jointly referred to as “Content”). It is always a requirement that third-party providers of this Content access a User’s IP address as they cannot send the Content to their browser without the IP address. The IP address is thus required to display this content. We endeavour to only use content by providers that only use the IP address for the purpose of delivering the content. Furthermore, third-party providers can use pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. Pixel tags are used to analyse information such as visitor traffic to the pages of this website. The pseudonymised information can, in addition, be stored in cookies on the User’s device and be linked to, among others, technical information on the browser and operating system, referring web pages, time of visit and other information on the use of our Online Offering and to such information from other sources.
2. 2. The following list provides an overview of third-party providers, their content and links to their privacy policies which contain further information on the processing of Data and, partially already mentioned here, objection options (opt-out):
  - External fonts from Google, LLC., https://www.google.com/fonts („Google Fonts“). Google Fonts are included by accessing a Google server (generally in the USA). Privacy policy: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.
  - External fonts from Adobe Typekit , https://typekit.com/?locale=de-DE. Adobe Typekit fonts are included by accessing an Adobe server (generally in the USA). Privacy policy: https://www.adobe.com/de/privacy/policies/typekit.html, Opt-Out: https://www.adobe.com/de/privacy/opt-out.html.
  - Maps are provided by the „Google Maps“Maps service of the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.