As the controller, we have implemented numerous technical and organisational measures in order to ensure protection that is as seamless as possible for the personal data processed through this website. However, as a general rule, data transfers over the internet may be affected by security vulnerabilities, which means that absolute protection cannot be guaranteed. For this reason, should you wish you may transmit personal data to us through alternative channels, for example by telephone or post.
The controller for the purposes of the GDPR is:
Bachmaier & Klemmer GmbH
Im Pfaffenfeld 1, 83483 Bischofswiesen, Germany
Representative of the controller: Engelbert Sellmaier
3. Data Protection Officer
You can contact the Data Protection Officer as follows:
Telephone: 0911 148986 50
Fax: 0911 148986 59
Please contact our Data Protection Officer directly at any time with any questions or concerns relating to data protection.
1. Personal data
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller (our company).
Processing means means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
9. Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
5. Legal basis for processing
The legal basis for processing by our company is point (a) of Article 6(1) GDPR (in conjunction with Section 15(3) of the German Telemedia Act [Telemediengesetz, TMG]), according to which we obtain consent for a particular purpose of processing.
If the processing of personal data is necessary for the performance of a contract to which you are a party, such as for example in relation to processing necessary for the supply of goods or the provision of other services or in order to make payments, processing is based on point (b) of Article 6(1) GDPR. The same applies for processing in order to take steps prior to entering into a contract, such as in relation to enquiries concerning our products and services.
If our company is subject to a legal obligation that gives rise to a requirement to process personal data, such as for example compliance with tax obligations, processing is based on point (c) of Article 6(1) GDPR.
In some rare cases, processing of personal data may be necessary in order to protect the vital interests of the data subject or of another natural person. This might be the case for instance if a visitor to our company were to be injured, resulting in a need for that person’s name, age, health insurance data and other vital information to be passed on to a doctor, a hospital or another third party. In such an eventuality, processing would be based on point (d) of Article 6(1) GDPR.
Finally, processing may be based on point (f) of Article 6(1) GDPR. This constitutes a legal basis for processing that is not covered by any of the legal bases mentioned above, if processing is necessary for the purposes of a legitimate interest pursued by us or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are allowed to carry out such processing in particular as it is specifically referred to under European law. This stipulates specifically that a legitimate interest may be deemed to exist if you are a customer of our company (recital 47, sentence 2 GDPR).
6.1 SSL/TLS encryption
In order to guarantee the security of data processing and to protect transfers of confidential content, such as for example orders, login data or contact enquiries sent by you to us as the operator, this website uses SSL/TLS encryption. You can recognise an encrypted connection from the fact that the address line in the browser starts with “https://” rather than “http://” along with the padlock symbol in the address line.
We use this technology in order to protect the data transmitted by you.
6.2 Data recording during visits to the website
If our website is used solely in order to obtain information, i.e. if you do not register or otherwise provide information to us, we only collect the data that your browser transmits to our servers (in so-called “server log files”). Our website records a variety of general data and information whenever a page is accessed by you or an automated system. These general data and information are stored in server log files. The following data may be recorded:
1. the browser types and versions used;
2. the operating system used by the accessing system;
3. the website visited by an accessing system before reaching our website (so-called referrer);
4. the subpages through which an accessing system is directed to our website;
5. the date and time when the website was accessed;
6. an abbreviated internet protocol address (anonymised IP address);
7. the internet service provider of the accessing system.
We do not make any inferences concerning your identity when using these general data and information. This information is rather required in order to:
1. display the content on our website correctly;
2. optimise the content on our website and advertising for it;
3. ensure on an ongoing basis the proper functioning of our IT systems and our website technology; and
4. provide the information required for criminal prosecution to the criminal prosecution authorities in the event of a cyber-attack.
These data and information collected are thus statistically assessed by us with the aim of enhancing data protection and data security within our company, ultimately in order to ensure an optimal level of protection for the personal data processed by us. The anonymous data from server log files are stored separately from all personal data provided by a data subject.
The legal basis for data processing is sentence 1 of point (f) of Article 6(1) GDPR. Our legitimate interest results from the purposes of data collection listed above.
7.1 General information concerning cookies
The cookie is used to store information arising in relation to the specific end device used. However, this does not mean that we obtain direct information concerning your identity as a result.
Cookies are used primarily in order to make it easier for you to use our content. For this reason, we use so-called “session cookies” in order to recognise that you have previously visited specific individual pages on our website. These are automatically erased after you leave our website.
In addition, in order to optimise user friendliness we also use temporary cookies that are stored on your end device for a particular period of time. If you return to our website in order to use our services, these automatically recognise that you have previously visited us along with the data entered and the settings used so that you do not need to enter the relevant information again.
The data processed using cookies, which is required for the proper operation of the website, are thus necessary for the purposes of the legitimate interests pursued by us or by a third party pursuant to point (f) of the first subparagraph of Article 6(1) GDPR.
The legal basis for the use of all other cookies is your consent pursuant to point (a) of Article 6(1) GDPR, which you may provide by clicking on our opt-in cookie banner.
8. Content of our website
8.1 Establishing contact / contact form
Personal data are collected when establishing contact with us (e.g. using the contact form or by email). The specific data that are collected using a contact form are indicated in the relevant contact form. These data are stored and used exclusively for the purpose of answering your enquiry or for establishing contact along with the related technical administration. The legal basis for the processing of data is our legitimate interest in responding to your enquiry pursuant to point (f) of Article 6(1) GDPR. If the purpose of your contact is to conclude a contract, point (b) of Article 6(1) GDPR constitutes an additional basis for processing. Your data will be erased after your enquiry has been conclusively dealt with; this is deemed to be the case if it is apparent from the circumstances that the issue concerned has been definitively clarified, unless any legal retention requirements apply.
9. Newsletter dispatch
9.1 Newsletter dispatch to existing customers
If you have provided us with your email address in relation to the purchase of goods or services, we reserve the right to send you regular offers by email concerning goods or services from our range that are similar to those previously purchased. According to Section 7(3) of the German Act against Unfair Competition [Gesetz gegen den unlauteren Wettbewerb, UWG], we do not require any specific consent in order to do so. In such cases, data processing occurs solely on the basis of our legitimate interest in personalised direct marketing pursuant to point (f) of Article 6(1) GDPR. If you initially objected to the usage of your email address for this purpose, we will not send you any emails. You have the right to object to the usage of your email address for the marketing purposes described above at any time with future effect by informing the controller mentioned above. Should you do so, you will only be liable to pay the costs of transmission according to the basic rate. After your objection has been received, further usage of your email address for marketing purposes will cease without undue delay.
10. Web analysis
10.1 Google Analytics
We use Google Analytics on our websites, a web analysis service of Google Ireland Limited (https://www.google.de/intl/de/about/) (Gordon House, Barrow Street, Dublin 4, Ireland; hereafter “Google”). This involves the creation of pseudonymised user profiles and cookies (see the section on “Cookies”). The information generated by the cookie concerning your usage of the website, such as:
1. browser type/version;
2. operating system used;
3. referrer URL (the website previously visited);
4. host name of the accessing computer (IP address);
5. time of the server request;
are transmitted to a Google server in the USA and stored at that location. The information is used in order to assess usage of the website, to generate reports concerning website activities and to provide further services related to website and internet usage for the purposes of market research and the user-oriented design of this website. This information may also be transferred to a third party where required by law or where the third party concerned processes the data on our behalf. Your IP address will not under any circumstances be cross-referenced with other data held by Google. IP addresses are anonymised in order to ensure that cross-referencing is not possible (IP masking).
You can prevent cookies from being installed through the appropriate settings on your browser software; however, please note that, should you do so, it may not be possible to use all functions of this website in full.
Any such processing occurs exclusively in the event that express consent has been granted pursuant to point (a) of Article 6(1) GDPR.
You can also prevent Google from collecting and processing the data generated by the cookie in relation to your usage of the website (including your IP address) by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to a browser add-on, especially for browsers on mobile devices, you can also prevent data from being collected by Google Analytics by clicking on the following link: Disable Google Analytics. An opt-out cookie is stored, which prevents data from being collected in future whenever you visit this website. The opt-out cookie is only valid in this browser and only for our website, and is stored on your device. If you clear the cookies in this browser, you will have to save the opt-out cookie again.
Further information concerning data protection in relation to Google Analytics can be found for instance at Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).
11. Plugins and other services
11.1 Google Maps
On our website we use Google Maps (API), operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Maps is a web service for displaying interactive (country) maps in order to present geographical information visually. This service can be used for instance to display our location and to facilitate any journey to it.
Information concerning your usage of our website (such as e.g. your IP address) is transferred to Google servers in the USA and stored at that location whenever you visit any subpages that incorporate Google Maps. This occurs irrespective of whether Google has a user account to which you are logged in, or if it has no user account at all. If you are logged in to Google, your data will be allocated directly to your account. If you do not wish any such data to be allocated to your Google profile, you will have to log out of your Google user account. Google stores your data (even for users who are not logged in) as a user profile and assesses them. You have a right to object to the creation of such a user profile, which can be exercised by contacting Google.
Any such processing occurs exclusively in the event that express consent has been granted pursuant to point (a) of Article 6(1) GDPR.
The Google Terms of Service can be consulted at www.google.de/intl/en/policies/terms/regional.html, and the Google Maps Additional Terms of Service at www.google.com/intl/en_US/help/terms_maps.html
12. Your rights as a data subject
12.1 Right to confirmation
You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed.
12.2 Right of access (Article 15 GDPR)
You have the right to obtain from us at any time free of charge information concerning the personal data concerning you that have been stored and to obtain a copy of these data according to law.
12.3 Right to rectification (Article 16 GDPR)
You have the right to obtain the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed.
12.4 Erasure (Article 17 GDPR)
You have the right to obtain from us the erasure of personal data concerning you without undue delay, where one of the grounds provided for by law applies, and where processing or storage is no longer necessary.
12.5 Restriction of processing (Article 18 GDPR)
You have the right to obtain from us the restriction of processing, where any of the prerequisites provided for by law is met.
12.6 Data portability (Article 20 GDPR)
You have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) and the processing is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
In exercising your right to data portability pursuant to Article 20(1) GDPR, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible, provided that this does not adversely affect the rights and freedoms of others.
12.7 Objection (Article 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) (data processing in the public interest) or (f) (data processing based on a balancing of interests) of Article 6(1) GDPR.
This also applies to in relation to any profiling based on these provisions pursuant to Article 4, no. 4 GDPR.
If you object, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
In specific individual cases we process personal data for direct marketing purposes. You may object at any time to the processing of personal data for such marketing. This also includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), you also have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
12.8 Withdrawal of consent to data processing
You have the right to withdraw consent to the processing of personal data at any time with future effect.
12.9 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority with competence over data protection concerning the processing of personal data by us.
13. Routine storage, erasure and blockage of personal data
We process and store your personal data only for the period of time necessary in order to achieve the purpose for which they were stored or where required under legal provisions to which our company is subject.
If the purpose of storage no longer applies or upon expiry of a prescribed retention period, personal data are routinely blocked or erased in accordance with legal requirements.
14. Duration of storage of personal data
The criterion for establishing the duration of the storage of personal data is the relevant statutory retention period. Personal data are routinely erased upon expiry of the period, unless they are required for the performance of a contract or to take steps prior to entering into a contract.