Thank you very much for your interest in our company. Data protection is of a particularly high priority for the management of the Bieler+Lang GmbH. It is generally possible to use the Bieler+Lang GmbH website without providing any personal data. However, if a data subject wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Bieler+Lang GmbH. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

Definitions

The data protection declaration of Bieler+Lang GmbH should be understandable for our customers and business partners and all terms used in it should leave no questions unanswered. The terms originate from the General Data Protection Regulation (GDPR), which was used by the European legislator when it was issued. We have explained all the terms used below.

We use the following terms, among others, in this privacy policy:

a) personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Person concerned

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing

“Processing” means any operation which is performed on personal data, whether or not by automated means. This includes the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States are not considered recipients.

j) third parties

Third parties are natural or legal persons, public authorities, agencies or bodies other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorized to process the personal data.

k) Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

The legal basis

The General Data Protection Regulation (GDPR) protects the personal data of natural persons. Data of legal persons are not subject to this protection. Personal data is individual information about personal or factual circumstances that can be attributed to your person (for example, your name in connection with your telephone number or your e-mail address). This does not include information that cannot be directly linked to your actual identity (such as the items displayed to you on a website).

Scope of application

This data protection declaration informs users about the type, scope and purpose of the collection and use of personal data by the responsible provider Bieler+Lang GmbH, Von-Drais-Straße 31, 77855 Achern, Germany on this website (hereinafter referred to as “offer”).

Your data is protected

Personal data is information about your identity. This includes, for example, information such as name, address, telephone number and e-mail address. It is not necessary for you to disclose personal data in order to use our website. In certain cases, however, we need your name and e-mail address as well as other details so that we can provide the requested services.

The same applies, for example, to the sending of information material or the answering of individual questions. If this is necessary, we will inform you accordingly.

If you make use of services, we will only collect the data that we need to provide the respective service. This data is processed exclusively to fulfill the requested services.

If we ask you for further data, this is voluntary information.

Your personal data will not be passed on to third parties without your necessary consent.

Non-personal data that is collected automatically

When you use our website, the following data is stored for organizational and technical reasons: the names of the pages accessed, the browser and operating system used, the date and time of access, search engines used, names of downloaded files and your IP address.

We evaluate this technical data anonymously and solely for statistical purposes in order to constantly optimize our website and make our internet offers even more attractive. This anonymous data is stored separately from personal information on secure systems and does not allow any conclusions to be drawn about an individual person. Your personal data and your privacy are therefore protected at all times.

Privacy policy Google Maps

Functions of the provider Google Maps are integrated on our website in order to display geographical information visually.

This Google Maps, a map service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: Google Maps). When accessing our website, which is equipped with a map, the website causes the browser used by the data subject to load a corresponding map display. When Google Maps is used, data about the use of the map functions by visitors to the website is also collected, processed and used. Further information about data processing by Google can be found in Google’s privacy policy at https://policies.google.com/privacy?hl=de.

Cookies

We use so-called “cookies” in various places on our website. Cookies are small text files that are stored by the web browser on your computer or mobile device. Cookies do not damage your computer, do not contain viruses and are automatically deleted when they expire. Some cookies expire when you end your internet session, others are stored for a certain period of time.

The cookies on our website do not collect any personal data. We use cookies to make it easier for you to visit our website and to tailor it to your needs. Of course you can also view our website without cookies. You can deactivate the storage of cookies on your computer via the browser settings. You can also delete existing cookies via the browser settings. In this case, however, it is possible that the functionality of our website may be restricted.

Children

Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people, do not collect it and do not pass it on to third parties.

Newsletter data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information.

You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time. To do this, select the “Unsubscribe” link in the newsletter.

The processing of the data entered in the newsletter registration form is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

This website uses SendinBlue to send newsletters. The provider is SendinBlue SAS, 55 rue d’Amsterdam, 75008 Paris, France. SendinBlue is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) will be stored on SendinBlue’s servers.

Our newsletters sent with SendinBlue enable us to analyze the behavior of newsletter recipients. Among other things, it is possible to analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. All links in the e-mail are so-called tracking links, with which your clicks can be counted.

If you do not want SendinBlue to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. Furthermore, you can also revoke your consent at any time with effect for the future by sending an e-mail to the address given in our legal notice.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the SendinBlue servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

Further information can be found in SendinBlue’s privacy policy at: https://de.sendinblue.com/legal/privacypolicy/.

We have concluded a contract with SendinBlue in which we oblige SendinBlue to protect our customers’ data and not to pass it on to third parties.

Data protection for applications and during the application process

We also collect and process applicants’ personal data electronically as part of the application process if an applicant sends us their application documents by e-mail. If we conclude an employment contract with the applicant after the application process, the data transmitted will be stored for the purpose of the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, we will delete the application documents two months after notification of the rejection, provided that no other legitimate interests of our company stand in the way of deletion, such as proof in proceedings under the General Equal Treatment Act (AGG).

Security

We have taken technical and organizational security measures to protect your personal data from loss, destruction, manipulation and unauthorized access. All of our employees and all third parties involved in data processing are obliged to comply with the Federal Data Protection Act and to handle personal data confidentially.

If personal data is collected and processed, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments.

Changes to our privacy policy

We reserve the right to change our security and data protection measures if this becomes necessary due to technical developments. In these cases, we will also adapt our data protection information accordingly. Please therefore note the current version of our privacy policy.

Links

If you use external links that are offered on our website, this data protection declaration does not extend to these links. If we offer links, we endeavor to ensure that these also comply with our data protection and security standards. However, we have no influence on compliance with data protection and security regulations by other providers. Therefore, please also inform yourself on the websites of the other providers about the data protection declarations provided there.

Legal basis of the processing

Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service or consideration, the processing is based on Article 6 I lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance details or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GVO are based. Ultimately, processing operations could be based on Art. 6 I lit. f DS-GVO are based. This legal basis is used for processing operations which are not covered by any of the aforementioned legal bases if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).

Legitimate interests in the processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.

Duration of storage of personal data

The respective statutory retention periods apply to the storage of personal data. After this period has expired, the corresponding data will be deleted if it is no longer required for contract fulfillment or contract initiation. These include legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). In order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact one of our employees. Our employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

Existence of automated decision-making

No profiling or automated decision-making is used on our website.

Data protection notice for Google Analytics

Our website uses the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses cookies or similar technologies that enable your use of the website to be analyzed. The information generated by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there.

We have activated IP anonymization so that your IP address will be shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.

The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you give via our cookie/consent tool.
You can revoke your consent at any time by removing the corresponding check mark in the cookie settings.

Data transfer to the USA:
We would like to point out that the level of data protection in the USA is not comparable to that in the EU. In particular, there is a risk that US authorities may be able to access your data without you having effective legal remedies against this.

Storage period:
The data stored in Google Analytics is automatically deleted after 24 months.

Further information:
Details on how Google Analytics handles user data can be found in Google’s privacy policy:
https://policies.google.com/privacy?hl=de

Information, deletion, blocking and right to object

In accordance with Art. 15 to 18 GDPR, you have the right to free information about your stored personal data, its origin and recipients and the purpose of data processing as well as a right to rectification, blocking or erasure of this data at any time. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of personal data. Furthermore, you can revoke your consent to the collection and storage of your personal data at any time. Please contact us in all cases:

Bieler+Lang GmbH
Von-Drais-Straße 31
77855 Achern

Phone: +49-7841-6937-0
Fax: +49-7841-6937-90

or send an e-mail to:
E-mail: datenschutz@bieler-lang.de