Date: April 2021
Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable personal data protection legislation, in particular the GDPR and our country-specific implementation laws, which provide comprehensive information about the processing of your personal data by Brandstätter Unternehmensstiftung and your rights.
Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address and IP address. Anonymous data means, that no personal reference to the individual/user can be made.
Responsible body and data protection officer
Brandstätterstraße 2 - 10
D - 90513 Zirndorf
Company’s contact information
Tel.: +49 911/9666-1381
Fax.: +49 911/9666-1120
Contact info of the data protection officer
Your rights as a data subject
We would first like to notify you of your rights as a data subject. These rights are set out in Articles 15 - 22 GDPR, and include:
- The right of access (Art. 15 GDPR),
- The right to rectification (Art. 16 GDPR),
- The right to data portability (Art. 20 GDPR),
- The right to object to data processing (Art. 21 GDPR),
- The right to erasure / right to be forgotten (Art. 17 GDPR),
- The right to restriction of data processing (Art. 18 GDPR).
To exercise these rights, please contact: email@example.com. The same applies if you have any questions regarding data processing in our company or when you withdraw your consent. You also have a right of appeal to the relevant data protection supervisory authority.
Right to object
Please note the following with respect to your right to object:
If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing.
If you object to the processing for direct marketing, we will no longer process your personal data for such purposes. The objection is free of charge and can be made informally, where appropriate to: firstname.lastname@example.org.
Should we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions.
We will then cease to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
Purposes and legal bases of data processing
The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 GDPR.
We use your data to initiate business, to fulfil contractual and legal obligations, to conduct the contractual relationship, to offer products and services and to consolidate customer relationships, which may include marketing and direct marketing.
Your consent also constitutes a legal basis for data processing. In this respect, we will inform you of the purposes of data processing and the right to withdraw your consent. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you in the consent process.
Processing of special categories of personal data within the meaning of Art. 9 (1) GDPR may only take place where necessary on the grounds of legal regulations and there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data.
Data transfers / Disclosure to third parties
We will only transmit your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the supervisory authorities or law enforcement authorities).
Data recipients / categories of recipients
In our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data.
In many cases, service providers assist our specialist departments to fulfil their tasks. Specifically, we use service providers who support us with regard to our website hosting. The necessary data protection contract has been concluded with all service providers.
Transfers of personal data to third countries
A transfer of data to third countries (outside the European Union or the European Economic Area) shall only take place if required by law, if necessary for the conclusion or performance of a contract concluded or if you have provided your consent for such a transfer.
We do not transfer your personal data to service providers or group companies outside the European Economic Area.
Period of data storage
We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required.
We may also retain data if you have given us your permission to do so, or in the event of any legal disputes and we use the evidence within the statutory limitation period, which may be up to 30 years; the standard limitation period is 3 years.
Secure transfer of data
We implement the appropriate technical and organisational security measures to ensure the optimal protection of the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards.
The data exchange to and from our website is encrypted. We provide https as a transfer protocol for our website, and always use the current SSL /TSL encryption protocols.
It is also possible to use alternative communication channels (e.g. surface mail).
Data categories, sources and origin of data
Which data we process is determined by the respective context.
We collect and process the following data when you visit our website:
- Name of the Internet service provider
- Information on websites accessed on our site, including date and time
- Web browser and operating system used
- Information on the website from which you visited us
- The IP address by your allocated Internet service provider
- Files accessed, volume of data transferred, downloads/file export
Visiting our website (Art. 6 (1) lit. f GDPR).
You can visit our website without providing any personal information.
Every time you access our website, usage data is transmitted to us or our web hoster / IT service provider by your internet browser and stored in log data (so-called server log files). For example, this stored data includes the name of the page accessed, the date and time of access, the IP address, the amount of data transferred and the requesting provider. The processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in ensuring the trouble-free operation of our website as well as for the improvement of our offer.
This data processing is also technically necessary so that the content of our website can be delivered to your end device. Accordingly, your IP address must necessarily be collected and stored for the duration of the respective session. The same applies to the other data which must be processed in order to display our website correctly. The storage of data in the log files also serves to further optimise the site, to ensure its functionality, to guarantee the security of our applications and for legal protection (e.g. detection and defence against attacks on our website).
The storage period of the data is limited and deletion takes place as soon as the data is no longer needed. In the case of collection for the correct display of our website, the data will be deleted after the session has ended. When data is stored in log files, it is deleted or made anonymous after 7 days.
We collect and process the following data as part of a contact request:
- Last name, first name (eventually: title),
- Contact information,
Our website uses “cookies” at various locations, which serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored by your browser (locally on your hard disk). The legal basis for this is Art. 6 (1) f or, if consent has been given, Art. 6 (1) a GDPR.
We currently only use necessary cookies:
These types of cookies are directly controlled by the Brandstätter Stiftung. Depending on the purpose, these remain stored permanently - even after the session has ended - (so-called persistent cookies, e.g.: implementation of opt-out) or are deleted when the browser is closed (so-called session cookies; they are only valid for one browser session). This cookie is necessary to ensure the functionality of our website. Cookies for tracking services are not used.
Most web browsers accept cookies automatically. Of course, you can also deactivate, restrict or delete cookies on your end device manually via the settings of your browser or with the help of software.
Please note: If you deactivate the placing of cookies on your device, you may not be able to access all our website functions in certain circumstances.
Contact form / Contact via email (Article 6 (1) lit a, b GDPR)
A contact form is available on our website which can be used to contact us electronically. If you write to us using the contact form, we will process the data you submitted in the contact form to respond to your queries and requests.
In so doing, we respect the principle of data minimisation and data avoidance, such that you only have to provide the information we require to contact you, which is your email address and the message field itself. Your IP address will also be processed for technical reasons and for legal protection. All other data is voluntary, and additional fields are optional (e.g. to provide a more detailed response to your questions).
If you contact us by email, we will process the personal information provided in the email solely for the purpose of processing your request.
Online offers for children
Persons under the age of 16 may not submit personal data to us or give a declaration of consent without the authorisation of their legal guardian. We encourage parents and guardians to actively participate in the online activities and interests of their children.
Links to other providers
Our website also contains clearly identifiable links to the Internet sites of other companies. Although we provide links to websites of other providers, we have no influence on their content, and no guarantee or liability can therefore be assumed for such. The content of these pages is always the responsibility of the respective provider or operator of the pages.
The linked pages were checked at the time of linking for potential legal violations and identifiable infringements. No illegal content was identified at the time of linking. However, a permanent content control of the linked pages is not reasonable without concrete evidence of an infringement and, upon notification of a violation of rights, such links will be promptly removed.