Privacy Policy
Data protection is highly valued at Bihl+Wiedemann GmbH. Use of the website is essentially possible without providing any personal data. Should a data subject however wish to make use of special services of our company through our website, processing of personal data may be required. If there is no legal basis for such processing, we generally request permission from the data subject.
Processing of personal data is always in accordance with the GDPR (General Data Protection Regulation) and in agreement with the prevailing country-specific data protection regulations. By means of this Privacy Policy our company would like to inform the public of the type, scope and purpose of the personal data we gather, use and process. This Privacy Policy also serves to inform data subjects of their rights.
Bihl+Wiedemann GmbH as a controller has implemented numerous technical and organizational measures for ensuring the greatest possible protection of the personal data processed through this website. Nevertheless, Internet-based data transmission inherently has security gaps, so that 100% security cannot be assured. For this reason it is up to each individual data subject to decide whether to use alternative ways of providing us with personal data, such as by telephone.
Content
- 1. Definitions
- 2. Name and address of the controller
- 3. Social Media
- 4. Cookies
- 5. Integration of Services from Other Providers
- 6. Collection of general data and information
- 7. Registering on our website
- 8. Subscribing to our newsletter
- 9. Newsletter tracking
- 10. Contact options from the website
- 11. Academy
- 12. Routine deletion and blocking of personal data
- 13. Rights of the data subject as granted by the European directive and regulation agencies
- 14. Data protection for application forms and in the application process
- 15. Lawfulness of processing
- 16. Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party
- 17. Duration of personal data retention
- 18. Legal or contractual regulations for providing personal data; necessity for concluding a contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
- 19. Existence of automated decision making
Links
1. Definitions
The Privacy Policy of Bihl+Wiedemann GmbH is based on definitions which were used by the European legislature when enacting the GDPR. Our Privacy Policy should be readable and understandable both for the public and for our customers and business partners. To ensure this we would like to begin with a list of terms and definitions.
a) Personal data
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Any identified or identifiable natural person whose personal data are processed by the controller.
c) Processing
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.
d) Restriction of processing
The marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Any form of automated processing of personal data consisting of the use of personal data to evaluate, analyze or predict certain personal aspects.
f) Pseudonymization
Processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.
g) Controller
Natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party
Natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the controller
The responsible entity in the context of the GDPR, other data protection laws applicable in the Member States of the European Union and other regulations of a data protection nature is Bihl+Wiedemann GmbH.
Address :
Bihl+Wiedemann GmbH
Flosswoerthstrasse 41
D- 68199 Mannheim
Germany
E-mail : datenschutzbihl-wiedemann.de
Tel.: +49 621 33996-0
Data protection officer required by law:
We have appointed a data protection officer for our company, who can be reached here: Philipp.Heroldhub24.de or Carina.Stolzhub24.de.
3. Social Media
We use social networks to optimally present our company, communicate with you as a user, customer, or interested party, and to inform you about the services we offer. When using social networks, data is processed outside the European Union (EU) and the European Economic Area (EEA). Providing an equivalent level of data protection to that which exists in the EU cannot be guaranteed in all countries outside the EU.
This means that there may be risks for you as a user if the transmitted data is processed in so-called third countries with an inadequate level of data protection.
This makes it more difficult to enforce established user rights. Furthermore, your data may not be processed according to your best interests by the provider in the third country.
We only transfer personal data to third countries for which an adequate level of protection has been confirmed or in cases where the transfer of personal data can be safeguarded by contractual agreements or other appropriate safeguards.
In addition to the respective providers of social networks, we too collect and process personal user data on so-called "fan pages." This notice informs you about the data we collect from you on our social media sites, how we use it, and how you can object to the use of your data. For the relevant data processing purposes and data categories, please refer to the respective offer listed in more detail below.
The activities on social media conducted by us and detailed below are carried out on the basis of a weighing out of interests pursuant to Art. 6 (1)(f) of the GDPR.
This is realized through the use of cookies, which record user behavior and enable user profiling.
A specific list of the purposes for which user data is processed can be found in the data protection notices of the respective providers. By making the appropriate settings in your user account, you can restrict profiling to a certain extent. For the exact procedure, please read the corresponding data protection information of the respective provider.
The relevant platforms are:
Plattform | Responsible Body | Privacy Policy of the Platform Operator | |
---|---|---|---|
Meta Platforms Ireland Ltd | |||
YouTube | Google Ireland Limited | ||
New Work SE | |||
LinkedIn Ireland Unlimited Company |
Bihl+Wiedemann GmbH maintains profiles on the listed platforms with the purpose of drawing attention to products and service offers as well as interacting with customers, interested parties, and other users of the platform.
In this context, the platform operators also use certain data that they have collected from the users of the platform (e.g., whether a photo on a profile was tagged with "Like" or commented on) to create aggregated usage statistics and make them available to the respective operators of the profile (so-called "Insights" or "Analytics"). We as the profile operator also receive such usage statistics. The information that we as the profile operator receive does not allow any conclusions to be drawn about individual users. The profile operator itself has no access to the personal data that the platform operator processes for the creation of usage statistics. The respective platform operator alone determines which data is processed for these purposes and in what manner. As the profile operator, Bihl+Wiedemann GmbH can neither legally nor actually influence any processing by the platform operators.
For processing in connection with the creation of usage statistics, Bihl+Wiedemann GmbH and the respective platform operator are considered joint responsible within the meaning of Art. 26 of the GDPR.
Shared responsibility agreements are concluded with the respective platform operators where possible.
Furthermore, data is only processed to a very limited extent by Bihl+Wiedemann GmbH as the profile operators:
- Processing of user names and comments deleted for breach of netiquette. These are kept on file for any proof required in the event of legal disputes within the statute of limitations.
- Processing of user names and individual messages when you contact us via messenger services.
- Processing of user names and postings in the context of inquiries and, if necessary, obtaining consent to re-post images.
For these purposes, we generally only process your name, message content, comment content, and the profile information you "publicly" provide.
4. Cookies
Cookies are text files which an Internet browser files and stores on a computer system with an ID.
Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers.
A cookie can be used to optimize the information and offers on our website in the interest of the user.
The data subject can at any time prevent cookies from being set by our site using a certain setting of his or her browser and thereby permanently deny cookie setting. Already set cookies can also be deleted at any time from a browser or other software programs. This is possible in all commonly used browsers. If the data subject disables setting of cookies in the browser, not all functions of our site may be available.
B+W Tracking
Nature and Scope of Processing
For statistical evaluation of our website, we use a tracking tool developed in-house. The data collected includes, for example, the number of times our website is accessed, the search phrases used, and the referrer data.
A cookie (: gw-cookie-notice) is stored on the device to help us evaluate user behavior and recognize users. This information is used, among other things, to compile reports on website activity.
As soon as you have registered in our internal area and given your consent to tracking, we may contact you to provide you with individual advice based on the evaluations made.
You can revoke your consent to being tracked and contacted at any time with effect for the future by deactivating the tracking function again in the cookie consent manager or by contacting the responsible office stated in this privacy policy with your revocation.
Purpose and Legal Basis
We process data for the purpose of optimizing our website and for marketing purposes based on your consent acc. to GDPR Art. 6 (1) (a).
Storage Duration
12 months
5. Integration of Services from Other Providers
Our website uses content, services, and features of other providers. These are, for example, services for the statistical evaluation of the use and visit of our website. In order for this data to be retrieved and displayed in the user's browser, it is necessary to transmit the user's IP address to the third-party providers involved.
Although we strive to use only third-party providers that require the IP address solely to deliver content, or even work with anonymized IP addresses, we have no way of knowing whether the IP address may be stored by them. Information on the third-party providers used can be found below in this privacy policy.
WiredMinds LeadLab
Nature and Scope of Processing
We have integrated WiredMinds LeadLab on our website as a tool for customer intelligence. WiredMinds LeadLab is a service of WiredMinds GmbH, Lindenspürstr. 32, 70176 Stuttgart, Germany, which identifies anonymous website visitors, enriches existing contact data where applicable, or provides complete contact data and offers insights into the visiting history. WiredMinds LeadLab uses cookies and other browser technologies to evaluate user behavior and recognize users.
Among other things, WiredMinds LeadLab tells us which companies have visited our website, establishes a history of your visits on this website, including all pages you have visited and viewed, and the duration of your visit on this website.
WiredMinds LeadLab collects and processes data about companies such as company name, phone number, address, web address, industry, company profile, revenue and key people.
Purpose and Legal Basis
The use of LeadLab is based on your consent acc. to Art. 6 (1) (a) of the GDPR and Art. 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG).
Storage Duration
The exact storage duration of the processed data cannot be influenced by us. It is determined by WiredMinds GmbH. For further information, please refer to the Privacy Policy of LeadLab: wiredminds.de/en/privacy/
Google Ads
Nature and Scope of Processing
We have integrated Google Ads in our website. Google Ads is a service provided by Google LLC to display targeted advertising to users. Google Ads uses cookies and other browser technologies to evaluate user behavior and recognize users.
Google Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. In addition, Google Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identification features such as your user agent are transmitted to the provider.
If you are registered with a Google LLC service, Google Ads can associate the visit with your account. Even if you are not registered with Google LLC or have not logged in, it is possible that the provider will find out and store your IP address and other identifying features.
In this case, your data will be transferred to the Google Ads operator: Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose and Legal Basis
The use of Google Ads is based on your consent acc. to Art. 6 (1) (a) of the GDPR and Art. 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG).
We may transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data transfer to the USA takes place in accordance with Art. 45 (1) of the GDPR on the basis of the adequacy decision adopted by the European Commission. The U.S. companies involved and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage Duration
The exact storage duration of the processed data cannot be influenced by us, but is determined by Google LLC. For further information, please refer to the Privacy Policy of Google Ads: policies.google.com/privacy.
Google Analytics 4
Nature and Scope of Processing
We use Google Analytics 4 by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our website. This includes, for example, the number of views of our online content, the length of time spent on the website, sub-pages visited or the browser used. Google Analytics 4 evaluates user behavior by means of cookies, scripts, and pixels, and uses machine learning-based algorithms that automatically evaluate event data such as scrolling movements. This information is used, among other things, to compile reports on website activity.
Purpose and Legal Basis
The use of Google Analytics 4 is based on your consent acc. to Art. 6 (1) (a) of the GDPR and Art. 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG).
We may transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data transfer to the USA takes place in accordance with Art. 45 (1) of the GDPR on the basis of the adequacy decision adopted by the European Commission. The U.S. companies involved and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage Duration
The exact storage duration of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. For further information, please refer to the Privacy Policy of Google: https://policies.google.com/privacy?hl=en.
Google Double Click
Nature and Scope of Processing
We have integrated DoubleClick by Google components in our website. DoubleClick is a brand owned by Google, under which primarily special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with each impression, and also with clicks or other activities.
Each of these data transmissions triggers a cookie request to the browser of the data subject. If the browser accepts this request, DoubleClick sets a cookie in your browser.
DoubleClick uses a cookie ID, which is required to process the technical procedure. The cookie ID is needed, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which ads have already been displayed in a browser in order to avoid duplicate placements. Furthermore, the cookie ID enables DoubleClick to record conversions. Conversions are recorded, for example, when a user has previously been shown a DoubleClick ad and subsequently makes a purchase on the advertiser's website using the same Internet browser.
DoubleClick cookies do not contain personal data, but may contain additional campaign identifiers. A campaign identifier serves to identify the campaigns you have been previously exposed to on other websites. As part of this service, Google obtains knowledge of data that Google also uses to generate commission statements. Among other things, Google can track whether you have clicked on certain links on our website. In this case, your data will be transferred to the DoubleClick operator: Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. For further information and the applicable privacy policy of DoubleClick by Google, please visit https://www.google.com/intl/en/policies/.
Purpose and Legal Basis
We process your data with the help of the DoubleClick cookie for the purpose of optimizing and displaying advertising based on your consent acc. to Art. 6 (1) (a) of the GDPR and Art. 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG).
We may transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data transfer to the USA takes place in accordance with Art. 45 (1) of the GDPR on the basis of the adequacy decision adopted by the European Commission. The U.S. companies involved and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
You give your consent by setting the use of cookies (cookie banner / consent manager), with which you can also declare your revocation at any time with effect for the future in accordance with GDPR Art. 7 (3). The cookie is used, among other things, to serve and display user-relevant advertising and to generate reports on advertising campaigns or to improve them. Furthermore, the cookie serves to avoid the same advertisement being displayed more than once. Each time you access one of the individual pages of our website where a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the calculation of commissions. You do not have any legal or contractual obligation to provide your data. If you do not give us your consent, it is still possible to visit our website without restriction, but not all functions may be fully available.
Storage Duration
The exact storage duration of the processed data cannot be influenced by us, but is determined by Google LLC. For further information, please refer to the Privacy Policy of Google DoubleClick: https://policies.google.com/privacy.
Google Fonts
Nature and Scope of Processing
We use Google Fonts by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland as a service to provide fonts for our website. To obtain these fonts, you connect to Google LLC servers, and your IP address is transmitted to them.
Purpose and Legal Basis
The use of Google Fonts is based on your consent acc. to Art. 6 (1) (a) of the GDPR and Art. 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG).
We may transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data transfer to the USA takes place in accordance with Art. 45 (1) of the GDPR on the basis of the adequacy decision adopted by the European Commission. The U.S. companies involved and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage Duration
The exact storage duration of the processed data cannot be influenced by us, but is determined by Google LLC. For further information, please refer to the Privacy Policy of Google Fonts: policies.google.com/privacy.
Google Maps
Nature and Scope of Processing
We use the map service of Google Maps to give travel directions. Google Maps is a service of Google LLC, which displays a map on our website.
When you access this content on our website, you connect to servers of Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google Maps.
Purpose and Legal Basis
The use of Google Maps is based on your consent acc. to Art. 6 (1) (a) of the GDPR and Art. 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG).
We may transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data transfer to the USA takes place in accordance with Art. 45 (1) of the GDPR on the basis of the adequacy decision adopted by the European Commission. The U.S. companies involved and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage Duration
The exact storage duration of the processed data cannot be influenced by us, but is determined by Google LLC. For further information, please refer to the Privacy Policy of Google Maps: https://policies.google.com/privacy.
Google Tag Manager
Nature and Scope of Processing
We use Google Tag Manager of Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through one interface and allows us to control the exact integration of services in our website.
This allows us to flexibly integrate additional services in order to evaluate user access to our website. Scope and Legal Basis The use of Google Tag Manager is based on our legitimate interests, i.e., interest in optimizing our services acc. to GDPR Art. 6 (1) lit. f.
Purpose and Legal Basis
The use of Google Tag Manager is based on your consent acc. to Art. 6 (1) (a) of the GDPR and Art. 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG).
We may transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data transfer to the USA takes place in accordance with Art. 45 (1) of the GDPR on the basis of the adequacy decision adopted by the European Commission. The U.S. companies involved and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage Duration
The exact storage duration of the processed data cannot be influenced by us, but is determined by Google LLC. For further information, see the Privacy Policy of Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
Google reCaptcha
Nature and Scope of Processing
We have integrated Google reCaptcha components in our website. Google reCAPTCHA is a service of Google LLC, which enables us to distinguish whether a contact request originates from a natural person or is automated by means of a program. When you access this content, you connect to servers of Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user's dwell time and mouse movements to distinguish automated requests from human ones. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google reCAPTCHA.
Purpose and Legal Basis
The use of Google reCAPTCHA is based on your consent acc. to Art. 6 (1) (a) of the GDPR and Art. 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG).
We may transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data transfer to the USA takes place in accordance with Art. 45 (1) of the GDPR on the basis of the adequacy decision adopted by the European Commission. The U.S. companies involved and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage Duration
The exact storage duration of the processed data cannot be influenced by us, but is determined by Google LLC. For further information, please refer to the Privacy Policy of Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.
Vimeo
Nature and Scope of Processing
We have integrated Vimeo Video in our website. Vimeo Video is a component of the video platform of Vimeo, LLC, where users can upload content, share it over the Internet and get detailed statistics. Vimeo Video allows us to integrate content from the platform into our website.
Vimeo Video uses cookies and other browser technologies to analyze user behavior, recognize users and create user profiles. Among other things, this information is used to analyze the activity of the content listened to and to create reports.
When you access this content, you connect to servers of Vimeo, LLC, 555 W 18th St, New York, New York 10011, whereby your IP address and, if applicable, browser data such as your user agent are transmitted.
Purpose and Legal Basis
The use of Vimeo Video is based on your consent acc. to Art. 6 (1) (a) of the GDPR and Art. 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG).
We may transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data transfer to the USA takes place in accordance with Art. 45 (1) of the GDPR on the basis of the adequacy decision adopted by the European Commission. The U.S. companies involved and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage Duration
The exact storage duration of the processed data cannot be influenced by us, but is determined by Vimeo, LLC. For further information, please refer to the Privacy Policy of Vimeo Video: https://vimeo.com/privacy.
YouTube
Nature and Scope of Processing
We have integrated YouTube Video in our website. YouTube Video is a component of the video platform of YouTube, LLC, where users can upload content, share it over the Internet and get detailed statistics.
YouTube Video allows us to integrate content from the platform into our website. YouTube Video uses cookies and other browser technologies to analyze user behavior, recognize users and create user profiles.
Among other things, this information is used to analyze the activity of the content listened to and to create reports. If a user is registered with YouTube, LLC, YouTube Video can associate the videos played with his/her profile.
When you access this content, you connect to servers of YouTube, LLC, whereby your IP address and possibly browser data such as your user agent are transmitted.
Purpose and Legal Basis
The use of the service is based on your consent acc. to Art. 6 (1) (a) of the GDPR and Art. 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG).
We may transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data transfer to the USA takes place in accordance with Art. 45 (1) of the GDPR on the basis of the adequacy decision adopted by the European Commission. The U.S. companies involved and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage Duration
The exact storage duration of the processed data cannot be influenced by us, but is determined by YouTube, LLC. For further information, please refer to the Privacy Policy of YouTube video: https://policies.google.com/privacy
Akamai CDN
Nature and Scope of Processing
We use Akamai CDN to properly deliver the content of our website. Akamai CDN is a service provided by Akamai Technologies, Inc. which acts as a Content Delivery Network (CDN) on our website.
A CDN helps to provide content related to our website – especially files, such as diagrams or scripts – more quickly through the use of regionally or internationally distributed servers. When you access this content, you connect to servers of Akamai Technologies, Inc., Cambridge, Massachusetts, US, whereby your IP address and possibly browser data, such as your user agent, are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Akamai CDN.
Purpose and Legal Basis
Use of the Content Delivery Network is based on our legitimate interests, i.e., interest in the secure and efficient presentation and optimization of our website acc. to Art. 6 (1) (f) of the GDPR.
We may transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data transfer to the USA takes place in accordance with Art. 45 (1) of the GDPR on the basis of the adequacy decision adopted by the European Commission. The U.S. companies involved and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage Duration
The exact storage duration of the processed data cannot be influenced by us. It is determined by Akamai Technologies, Inc. For further information, please refer to the Privacy Policy of Akamai CDN: www.akamai.com/legal
New relic
Nature and Scope of Processing
We have integrated the New Relic JS Agent on our website. New Relic JS Agent is a service provided by New Relic, Inc., who develops cloud-based software which allows the owners of websites and applications to track the performance of their services.
New Relic JS Agent enables us to detect and improve the stability of our services by monitoring system and code errors.
Your IP address and activities performed on our website are collected. In this case, your data will be transferred to the operator of New Relic JS Agent, New Relic, Inc, San Francisco, California, USA.
Purpose and Legal Basis
The use of New Relic JS Agent is based on your consent acc. to Art. 6 (1) (a) of the GDPR and Art. 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG).
We may transfer personal data to third countries outside the European Economic Area, in particular to the United States. Data transfer to the USA takes place in accordance with Art. 45 (1) of the GDPR on the basis of the adequacy decision adopted by the European Commission. The U.S. companies involved and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Storage Duration
The exact storage duration of the processed data cannot be influenced by us. It is determined by New Relic, Inc. For further information, please refer to the Privacy Policy of New Relic JS Agent: newrelic.com/termsandconditions/privacy.
Genial.ly
Nature and Scope of Processing
For the graphical presentation of information, this website uses the service Genial.ly – a service of Genially Web SL, Plaza Ramon Y Cajal 4, 14003 Córdoba, Spain. Data that is automatically transmitted by your browser, including the IP address, browser type and version, operating system used, referrer URL, host name of the accessing computer, and the time of the server request is processed and statistically evaluated at our request.
Purpose and Legal Basis
The use of genial.ly is based on your consent acc. to Art. 6 (1) (a) of the GDPR and Art. 25 (1) of the German Federal Act on Privacy in Telecommunications and Telemedia (TTDSG).
Storage Duration
The exact storage duration of the processed data cannot be influenced by us. It is determined by Genially Web SL. For further information, please refer to the Privacy Policy of genial.ly: https://www.genial.ly/privacy
6. Collection of general data and information
Each time the web page is opened by a person or automated system a series of general data and information is generated. This general data and information are stored in the log files of the server, and can include (1) the browser types and versions used, (2) the operating system used for access, (3) the Internet page from which an accessing system arrives at our Internet page (so-called referrer), (4) the sub-sites which directed to our website through an accessing system, (5) the date and time of an access to the website, (6) an Internet Protocol (IP) address, (7) the Internet Service Provider of the accessing system, and (9) other similar data and information which serve to defend against danger in case of attacks on our IT systems.
In using this general data and information Bihl+Wiedemann GmbH is unable to associate it with the data subject. This information is rather used (1) to correctly deliver the contents of our website, (2) to optimize the contents of our website as well as the advertising for it, (3) to ensure uninterrupted function of our IT systems and the technology of our website, as well as (4) to provide law enforcement authorities with the information needed for prosecution in case of a cyberattack.
This anonymously collected data and information is evaluated by Bihl+Wiedemann GmbH therefore on one hand statically but also with the goal of increasing data protection and data security in our company so as to ensure an optimum level of protection for the personal data we process. The anonymous server log files are stored separately from all the personal data provided by a data subject.
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers.
We use the following hoster:
firstcolo GmbH
Kruppstraße 105
60388 Frankfurt am Main
Germany
We have concluded an Order Processing Contract (OPC) with the aforementioned provider. This is a contract required by privacy law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
7. Registering on our website
The data subject has the opportunity to register on the website of the controller by providing personal data. Which personal data are transmitted for the controller is a function of the input screen used for the registration. The personal data entered by the data subject is collected and stored solely for internal use and for the controller’s own purposes. The controller can for example share with one or more contract processors, for example a parcel service, who likewise uses the personal data solely internally.
By registering on the website of the controller the IP address of the data subject provided by the Internet Service Provider (ISP), the data and the time of registration are stored. This data is stored with the idea of preventing misuse of our services, and when needed this data can be used to elucidate committed offenses. To this extent the storage of this data is necessary in order to protect the controller. This data is not shared with third parties unless there is a legal obligation to do so or unless it is used in a legal proceeding.
Registration of the data subject with voluntary provision of personal data is used by the controller to offer the data subject content or services which by their nature can only be offered to registered users. Registered persons are free to change the information they provided at the time of registration or to delete it completely from the controller’s database.
The controller shall on request and at any time tell the data subject which personal data about the data subject are stored. Furthermore the controller shall correct or delete the personal data on request or notice from the data subject unless there is a legal requirement to preserve the information. Any employee of the controller is available to the data subject as a contact in this respect.
8. Subscribing to our newsletter
On the website of Bihl+Wiedemann GmbH users are given the opportunity to subscribe to our company’s newsletter. Which personal data are provided to the controller when ordering the newsletter is a function of the input screen used.
Our company’s newsletter can be received by the data subject only if (1) the data subject has a valid e-mail address, and (2) the data subject has registered for sending of the newsletter. For legal reasons a confirmation mail is sent to the e-mail address first provided by the potential subscriber following the double opt-in procedure. This confirmation e-mail serves to verify whether the owner of the e-mail address as data subject has authorized receipt of the newsletter.
When registering for the newsletter we also store the IP address at the time of registration provided by the ISP of the data subject as well as the date and time of registration. This data must be collected in order to pursue possible misuse of the e-mail address of the data subject at a later time, and therefore serves as legal protection for the controller.
The personal data collected in the context of subscribing to the newsletter will be used exclusively for sending our newsletter. The legal basis for this shall be Art. 6 (1) (1) (a) of the GDPR. No personal data collected as part of the newsletter service are shared with a third party. Subscription to our newsletter may be cancelled by the data subject at any time. Consent to store personal data which the data subject has shared for sending of the newsletter may be withdrawn at any time. A corresponding link is provided in each newsletter for the purpose of withdrawing consent. It is also possible to cancel the subscription to the newsletter directly on the website of the controller or to notify the controller by other means.
9. Newsletter tracking
The newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic which is embedded in such e-mails which are sent in HTML format to enable a log file recording and a log file analysis. This allows statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel Bihl+Wiedemann GmbH can determine whether and when an e-mail was opened by a data subject and which links contained in the e-mail were followed by the data subject.
Such personal data obtained by the tracking pixels in the newsletters are stored and analyzed by the controller in order to optimize sending of the newsletter and to better adapt the contents of future newsletters to needs of the data subject. This personal data is not shared with third parties. Data subjects may at any time revoke their consent declared through the separate double opt-in procedure. After revoking, this personal data is deleted by the controller. Cancellation to subscription of the newsletter is automatically interpreted by Bihl+Wiedemann GmbH as a revocation of consent.
10. Contact options from the website
For legal reasons the website of Bihl+Wiedemann GmbH contains information which enable fast electronic contacting as well as direct communication with us. To the extent that a data subject uses e-mail or a contact form to make contact with the controller, the personal data provided by the data subject are automatically stored Such personal data voluntarily provided by the data subject to the controller are stored for the purposes of processing or for contacting the data subject. This personal data is not shared with third parties.
Depending on the type of request, the legal basis for this processing is Art. 6 (1) (b) of the GDPR for requests you make yourself as part of a pre-contractual measure, or Art. 6 (1) (1) (f) of the GDPR if your request is of a different nature. Should there be a request for personal data that we do not need for the fulfillment of a contract or for the protection of legitimate interests, the transfer to us will be based on your consent pursuant to Art. 6 (1)(a) of the GDPR.
11. Academy
As part of our website, we also offer a learning platform by the provider Moodle, which you can access via the menu item "Academy". A protected login area has been set up for the use and execution of the course programs. To use it, you need to enter access data. Your username and password are required to register for the Academy.
When you access our Academy, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily saved in a log file.
The following information is collected without your intervention and stored until it is deleted automatically:
Browser type/version
Operating system used
Referrer URL (the webpage you viewed previously)
IP address of your terminal device
Time of the server request
The following data will be saved after logging in:
Activities within the platform and courses (e.g., click paths)
Login and logout times
Information about which user has accessed which course
This information is used exclusively for optimization and troubleshooting purposes. We particularly process the data to establish a smooth website connection, to ensure comfortable use of our website, and to evaluate system security and stability. This processing is legally based on Art. 6 (1)(f) of the GDPR. If a contractual relationship already exists, Art. 6 (1)(b) GDPR shall apply. We do not reconcile this information with other data or transfer it to third parties.
The data in your user profile will be stored until the user profile is deleted. The data arising from participation in a course program will be stored for up to 2 months after the end of the course.
12. Routine deletion and blocking of personal data
The controller shall process and store personal data of the data subject only for as long as is required for achieving the purpose of storage to the extent that this has been provided for by the European directive and regulation agencies or by another legal body in the form of laws or regulations to which the controller is subject.
If the storage purpose no longer applies or if a storage time limit mandated by the European directive and regulation agencies has expired, the personal data are routinely and in accordance with the legal requirements blocked or deleted.
13. Rights of the data subject as granted by the European directive and regulation agencies
a) Right of access
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to make use of this right of access, he or she may contact an employee of the controller at any time.
b) Right of access
The data subject shall have the right to obtain information at no charge and at any time concerning the personal data stored and to obtain a copy of this information. Access to the following information shall also be provided:
- The purposes of the processing
- The categories of personal data concerned
- The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- The right to lodge a complaint with a supervisory authority
- Where the personal data are not collected from the data subject, any available information as to their source
- The existence of automated decision-making, including profiling, referred to in Art. 22 Par. 1 and 4 of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be so informed. When this is the case, the data subject further has the right to be informed of the appropriate safeguards relating to the transfer. If a data subject wishes to make use of this right to access, he or she can at any time do so by contacting any employee of the controller.
c) Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to make use of this right rectification, he or she can at any time do so by contacting any employee of the controller.
d) Right of erasure (‘right to be forgotten‘)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they are collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to Art. 6 Par. 1 Point (a) GDPR or Art. 9 Par. 2 Point (a) GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Art. 21 Par. 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 Par. 2 GDPR.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Art. 8 Par. 1 GDPR.
If one of the above reasons applies and a data subject wishes to have his or her personal data which are stored at Bihl+Wiedemann GmbH deleted, this can be accomplished at any time by contacting an employee of the controller.
Where Bihl+Wiedemann GmbH have made the personal data public and our company is obliged pursuant to Art. 17 Par. 1 GDPR to erase the personal data, Bihl+Wiedemann GmbH shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data to the extent that they are not necessary for processing.
e) Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
- The data subject has objected to processing pursuant to Art. 21 Par. 1 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the above conditions is met and a data subject would like to request restriction of processing of personal data stored by Bihl+Wiedemann GmbH, he or she may any time contact any employee of the controller. The data protection deputy of Bihl+Wiedemann GmbH or another employee will initiate restriction of processing.
f) Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. This shall apply where the processing is based on consent pursuant to Art. 6 Par. 1 Point (a) GDPR or Art. 9 Par. 2 Point (a) GDPR and the processing is carried out by automated means, presuming the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Art. 20 Par. 1 GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and to the extent that this is technically feasible and does not adversely affect the rights and freedoms of others.
To assert the right to data portability the data subject may contact an employee at any time.
g) Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6 Par. 1 Point (e) or (f) GDPR, including profiling based on those provisions.
Bihl+Wiedemann GmbH shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where Bihl+Wiedemann GmbH process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89 Par. 1 GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object the data subject may turn directly to an employee. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
h) Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly affects him or her, presuming the decision (1) is not necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.
If the decision is necessary (1) for entering into, or performance of, a contract between the data subject and a data controller, or (2) is based on the data subject’s explicit consent, Bihl+Wiedemann GmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decison.
To assert his or her rights with respect to automated decision-making, the data subject may contact an employee at any time.
i) Right to withdraw consent
Every data subject shall have the right to withdraw his or her consent at anytime.
To exercise his or her right to withdraw consent, he or she may at any time contact an employee of the controller responsible for the processing.
14. Data protection for application forms and in the application process
The data controller gathers and processes personal data from applicants for the purpose of carrying out the application process, including in electronic form. When the data controller forms an employment contract with an applicant, the transmitted data are retained for the purpose of the employment relationship according to legal requirements. If no contract is concluded with the applicant, the application documentation are automatically deleted two months after notification of the rejection decision unless there are no other legitimate interests for its processing. Other legitimate interest in this context is for example a burden of proof in a matter related to the General Equal Treatment Act (AGG).
15. Lawfulness of processing
Art. 6 Par. 1 Point (a) GDPR serves for our company as the legal basis for processing where the data subject has given consent to the processing or his or her personal data for a specific purpose. Where processing of personal data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, such as in cases of inquiries about our products or services, then such processing is based on Art. 6 Par. 1 Point (b) GDPR. When processing by our company is necessary for compliance with a legal obligation to which the controller is subject, such as compliance with tax obligations, the processing is based on Art. 6 Par. 1 Point (c) GDPR.
16. Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party
If the processing of personal data is based on Art. 6 Par. 1 Point (f) GDPR, our legitimate interest is the performance of our business activity for the welfare of all our employees.
17. Duration of personal data retention
The criterion for the duration of retention of personal data is the respective legal preservation period. After expiration of the period the corresponding data are routinely deleted unless they are still required for fulfillment or initiation of a contract.
18. Legal or contractual regulations for providing personal data; necessity for concluding a contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We are making you aware that providing of personal data is in part a legal requirement (e.g. for tax purposes) or can result from contractual obligations (e.g. information about the contractual partner). Sometimes the drawing up of a contract may require that a data subject provides us with personal data which consequently must be processed by us. Before the data subject provides personal data, he or she must contact our data protection deputy.
19. Existence of automated decision making
As a responsibility conscious company we do not engage in automated decision making or profiling.
GDPR: English abbreviation for General Data Protection Regulation.