Privacy Statement

Notice of Liability

The following data protection statement has been created with the greatest possible care. However, we expressly point out that we provide no warranty or assume any other responsibility for the accuracy, timeliness or completeness of the information provided. We reserve the right to make changes to the information without prior notification. The data protection statement has been created by the authors on the basis of literature currently available. The data protection statement serves as an initial model. It should be noted that many of the problems raised have not yet been resolved by supreme court case law, which is why different views are still being expressed on some points. No liability for correctness and completeness is assumed. It should also be noted that each case should be reviewed on an individual basis and that this model does not replace any individual legal advice.

 

PRIVACY STATEMENT

SECTION I. – General Information

Information

We appreciate your interest in our company and our services. We consider it our primary task to protect the confidentiality of the personal data you provide and to protect it from unauthorised access. We therefore take the utmost care and apply state-of-the-art security standards to ensure maximum protection of your personal data. To this end we have adopted technical and organisational measures, which ensure that the data protection regulations are observed both by us and also by our external service providers. Please read these regulations to familiarise yourself with the nature, scope and aim of the processing of personal data by us as the providers of this website. The lawful basis on which we process your personal data is provided under Regulation (EU) 2016/679 General Data Protection Regulation.

– hereinafter referred to as the “GDPR” –

 

Enhanced regulatory provisions apply in Germany under the Federal Data Protection Act [Bundesdatenschutzgesetz], in supplement to the provisions of the GDPR.


– hereinafter referred to as the “BDSG” –

 

To the extent that no other information is provided in the future, you are neither required by law nor by contract to provide your personal data to us, nor is it absolutely necessary to conclude a contract with us. You are not fundamentally obliged to provide your personal data. Refusal to provide your personal data has no consequences for you as a user when viewing our website. This applies only where no other information is given in the subsequent processing operations.

 

 

SECTION II. – Definitions

Definitions

Legislation requires personal data to be processed lawfully, in good faith and in a manner that is reasonable for the Data Subject. In order to ensure this, we hereby inform you of the individual legal definitions which are also used in this data protection statement. This data protection statement is based on terms similar to those used by the European Commission when adopting the General Data Protection Regulation (GDPR). The terms used here are presented in abbreviated form, correspondingly and without any claim to their completeness or the legal certainty of the wording. For further information please refer to Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016, in so far as this description does not sufficiently clarify the definitions or explain the legal form.

We use the following terminology in our data protection statement, including but not limited to:

"Personal data"
(see Article 4(1) of the GDPR)
Personal data is all the information, which relates to an identified or identifiable natural person.
 
– hereinafter referred to as the “Data Subject” or “pers. data” –
 
"Processing"
(see Article 4(2) of the GDPR)
Processing is any process or series of processes carried out in the context of personal data.
"Restriction"
(see Article 4(3) of the GDPR)
A restriction on processing is the marking of stored personal data with the aim of limiting its future processing.
"Profiling"
(see Article 4(4)of the GDPR)
Profiling is any type of automated processing in which personal data is used to evaluate certain personal aspects relating to a natural person.
"Pseudonymisation"
(see Article 4 Para. 5 GDPR)
is the processing of personal data in such a way that this can no longer be assigned to a Data Subject without the need for additional information.
"Data Controller"
(see Article 4(7) of the GDPR)
A data controller is the natural or legal person, who alone or together with others decide on the purposes and means of processing.
"Processor"
(see Article 4(8) of the GDPR)
A processor is a natural or legal person who processes data on behalf of the Data Subject.
"Recipient"
(see Article 4(9) of the GDPR)
A recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, regardless of whether it involves a third party or not.
"Third party"
(see Article 4(10) of the GDPR)
A third party is a natural or legal person, who, under the direct authority of the Data Controller, is authorised to process personal data.
"Consent"
(see Article 4(11) of the GDPR)
Consent is each expression of will unequivocally given by the Data Subject voluntarily for a particular case in the form of a declaration or a unique action of confirmation.

 

 

 

SECTION III. – DATA CONTROLLER

1. Data Controller

The Data Controller in the sense of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), as well as any other data protection laws and other regulations on data protection in the Member States of the European Union:

BDT Media Automation GmbH
Saline 29
78628 Rottweil a. N. (Deutschland)

Tel. : +49 741 248 01
Fax : +49 741 248 224

E-Mail: info@bdt.de
Web: https://www.bdt.de


2. DATA PROTECTION OFFICER

The data protection officer of the Data Controller for processing is:

DDSB GmbH
Andreas Peter Mückl
Untere Dornäcker 21
72379 Hechingen (Germany)

Tel: +49 (0) 7471 5010-100
Fax: +49 (0) 7471 5010-190

E-mail: datenschutz@ddsb.de
Web: https://www.ddsb-datenschutz.de

3. DATA PROTECTION SUPERVISORY AUTHORITY

Responsible supervisory authority:

The State Commissioner for Data Protection
and the Freedom of Information for Baden-Württemberg


[Landesbeauftragte für den Datenschutz
und die Informationsfreiheit Baden-Württemberg]


Postfach 102932
70025 Stuttgart (Germany)

Tel: +49 711 61554-10
Fax: +49 711 61554-115

E-mail: poststelle@lfdi.bwl.de 
Web: https://www.baden-wuerttemberg.datenschutz.de 

4. COMPANIES INVOLVED IN THE CORPORATE GROUP

The corporate group includes:

BDT Media Automation GmbH, 78628 Rottweil a.N.
BDT ProLog GmbH, 78628 Rottweil a.N.
BDT Print Media GmbH, 78628 Rottweil a.N.
BDT Storage GmbH, 78628 Rottweil a.N.

BDT Media Automation GmbH is the parent company of the group.



SECTION IV. - USE AND PURPOSE OF THE PROCESSING AND ITS LAWFUL BASES

1. Use and Purpose of the Processing

We process personal data that we receive directly from our customers in the course of our business relationship. In addition, we process personal data that we collect from other companies, to carry out orders, to fulfil contracts or on the basis of consent we have received from you, for example. We also process personal data that we have legitimately gained and are permitted to process from publicly available sources, such as commercial registers, the press, the media or the internet. The personal data provided by you will be processed according to the applicable regulations on personal data protection, only for the purposes communicated by you and for which you have given consent for its use. In particular, for:

  • initiation or performance of the contract with you;
  • being able to process and answer your enquiries adequately and effectively;
  • tailoring services and offers to you;
  • processing your requests and orders;
  • providing particular information or offers to you;
  • maintaining legitimate business interests, in terms of customer service and customer care.


Your personal data is not disclosed to third parties without your express consent.

2. Lawful Basis for the Processing of Personal Data

The processing of personal data is only lawful if there is a lawful basis for the processing. The lawful basis for the processing may, in accordance with Article 6(1)(a) to (f) of the GDPR, in particular be:

  • a. the Data Subject has given their consent to the processing of personal data concerning them for one or more specific purposes;
  • b. the processing is necessary for the fulfilment of a contract to which the Data Subject is a contractual party or in order to fulfil contractual requirements at the request of the Data Subject;
  • c. the processing is necessary to fulfil a legal obligation to which the Data Controller is subject;
  • d. the processing is necessary to protect the vital interests of the Data Subject or another natural person;
  • e. the processing is necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the Data Controller;
  • f. the processing is necessary to safeguard the legitimate interests of the Data Controller or a third party, unless the interests or fundamental rights and freedoms of the Data Subject, which require the protection of personal data, prevail, in particular where the Data Subject is a child.



SECTION V. – COLLECTION OF PERSONAL DATA

1. Server Log Files

With each visit to our website, whether by a Data Subject or via an automated system, a set of general data and information is collected for the maintenance and safe operation of our website. This general data and information is stored in the log files of the server. This data is collected only to the extent that it is technically necessary. The data remains anonymous and is evaluated exclusively for statistical purposes to improve our websites and online services. The data collected is used solely for statistical evaluations and to improve the website. We reserve the right, however, to review the server log files subsequently, in the event that concrete and valid evidence indicates an illegal use of our website.

2. Acquisition and Processing of the Data Types in Server Log Files

Where the website is used for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee its stability and security. These items are:

  • websites visited
  • time of access
  • amount of data sent in bytes
  • source/reference from which you accessed the page
  • information about the internet service provider of the accessing system
  • browser type used and its version
  • operating system used for browser access
  • IP address used (anonymised)
  • website from which an accessing system reaches our website (the referrer)
  • the sub-pages that are controlled via an access system on our website
  • other similar data and information used for risk prevention in the case of attacks on our information technology systems.


When using this general data and information, BDT Media Automation GmbH does not draw any conclusions about the Data Subject. Rather, this information is needed to

  • correctly deliver the content on our website;
  • optimise the contents and advertising of our website;
  • ensure the functionality of our information technology systems and the technology of our website;
  • provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber-attack.


This data and information collected anonymously are therefore statistically evaluated by BDT Media Automation GmbH with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us.

The anonymous data from the server log files is stored separately from all personal data given by a Data Subject and, therefore, does not provide any conclusions about individual persons. This means that your personal data is protected at all times. This data is processed based on Article 6(1)(f) of the GDPR under the legitimate interest in the provision and secure operation of our website. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

3. Cookies

Our website uses cookies. Cookies are small text files that are stored in the web browser or by the web browser on a user’s computer system. If a user visits our website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive character string that enables the browser to be uniquely identified when the website is accessed again. We use cookies to make our website more user-friendly, effective and secure. Cookies also enable our systems to recognise your browser after changing sites and to offer you services. Our sites use “session cookies” to remember your:

  • language settings
  • display settings
  • login information


Session cookies will be deleted from your computer when you close your browser.

We also use a limited number of persistent cookies. These remain on your computer until you delete them or until they expire after a period of up to a year, as a general rule.

Persistent cookies contain the following information:

  • status (hidden or expanded) of some menus and widgets
  • selected tab in the widgets.


The purpose of using technically necessary cookies is to simplify use of websites for users. Some features of our website will not be available without the use of cookies. In this case, it is necessary to identify the browser even after changing the page. The lawful basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) of the GDPR. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.  We require cookies for the following applications:

  • applying language settings
  • remembering search terms.


We also use cookies on our website to analyse user surfing behaviour. The following data can be transmitted in this way:

  • search terms entered
  • frequency of page views
  • use of website functions.


The user data collected by cookies is not used to create user profiles. The data collected from you in this way is pseudonymised by technical means. We are therefore unable to relate this data to you personally. The data is not stored together with your other personal data. These cookies help us to gather reliable information about website usage. In this way, we can measure how well the website complies with the requirements of its users, and, if necessary, make improvements.

The analysis cookies are used to improve the quality of our website and its content. By using analysis cookies, we learn how the site is used and can constantly optimise our service. The data that we have collected about your surfing behaviour on our website is stored under absolutely secure conditions. These cookies are used only for the purposes described here.

You can manage and/or delete cookies as you wish. You can delete any cookies that are already on your computer and you can set most browsers so that they are not placed on your computer. If you do this, however, you may have to manually adjust some preferences every time you visit a site, and some services and functions may not work.

You can easily accept or reject the cookies on this page. However, you can reject only persistent cookies, which are not strictly necessary. Some cookies are needed because they make certain functions available. Flash cookies cannot be prevented in the browser settings, but by changing the Flash Player settings.

4. Contact Options

On the basis of statutory regulations, the BDT Media Automation GmbH website contains information that enables customers to quickly contact us electronically, as well to communicate with us directly, which also includes a general e-mail address.

If a Data Subject contacts us by e-mail or any other means of contact, the personal data transmitted by the Data Subject will be automatically stored. We process your personal data which you provide to us by e-mail contact form, etc. to answer and fulfil your requests. You are not obliged to provide your personal data. But if you do not provide us your e-mail address we cannot reply by e-mail. Personal data submitted on a voluntary basis to us is stored for purposes of processing the request and contacting the Data Subject.

This personal data is not transmitted to third parties.

By sending your message, you consent to the processing of the data transferred. This data is processed on the basis of Article 6(1)(a) of the GDPR with your consent.

You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation. We will only use your e-mail address to respond to your enquiry. Your data will then be deleted, taking into account statutory and, in particular, tax and commercial law retention periods, unless you have consented to further processing and use.

5. Communication by E-mail

Your personal data is stored using all possible technical and organisational measures so that it is not accessible to third parties. As the recipient, we cannot guarantee complete data security for e-mail communication, so we recommend that you send confidential information by post. This data is processed on the basis of Article 6(1)(a) of the GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation.

6. Form Function

Where there is the possibility of entering personal data on our website, data is disclosed on an expressly voluntary basis. Of course, this data will be handled confidentially by us.

 

By submitting your data, you consent to the processing of the data transferred. This data is processed on the basis of Article 6(1)(a) of the GDPR with your consent.

 

You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation.

 

7. Comments Function

Where it is possible to make comments on content we publish, we collect your personal data (name, e-mail address, and comment text) only to the extent that it is provided by you. The purpose of this processing is to allow comments to be made and displayed. In addition, your IP address is stored upon submission of the comment in order to prevent abuse of the comment function and to ensure the security of our information technology systems. Our legitimate interest is in the public exchange of user opinions on certain topics and products for the purpose of transparency and opinion-forming. Your interest in data protection is maintained, as you can publish your comment under a pseudonym. A certain storage period is not provided for. You can request to have your comment deleted at any time. You have the right at any time to object to data processing under Article 6(1)(f) of the GDPR and not for the purpose of direct marketing for reasons arising from your particular situation. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement. This personal data collected is not disclosed to third parties, unless such disclosure is required by law or serves for the legal defence of the Data Controller.

8. Blogs and Posts

BDT Media Automation GmbH offers users the opportunity to leave individual comments on individual blog posts on a blog on the Data Controller’s website. A blog is a page run on a website, usually a publicly accessible portal, in which one or more persons, called bloggers or web bloggers, can post articles or thoughts in blogposts. The blog posts can usually be commented on by third parties. If a Data Subject leaves a comment on the blog published on this website, not only the comments left by the Data Subject, but also information on the time of input of the comment and the username (pseudonym) chosen by the Data Subject are saved and published.

Furthermore, the IP address assigned by the internet service provider (ISP) of the Data Subject is also logged. This data is processed on the basis of Article 6(1)(f) of the GDPR based on the legitimate interest in storing the IP address for security reasons and, where appropriate, in serving as a legal defence in the event that the Data Subject’s comment violates the rights of third parties, or provides illegal content, or breaches any legal provisions. You have the right at any time to object to data processing under Article 6(1)(f) of the GDPR and not for the purpose of direct marketing for reasons arising from your particular situation. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement. This personal data collected is not disclosed to third parties, unless such disclosure is required by law or serves for the legal defence of the Data Controller.

The comments made on the blog of BDT Media Automation GmbH can, in principle, be subscribed to by third parties. In particular, a commentator could subscribe to replies to a comment on a particular blog post. If a Data Subject decides to subscribe to comments, the Data Controller will send an automatic confirmation e-mail as part of the double opt-in process to ensure that the owner of the specified e-mail address has actually decided to do so.

 

In posting a comment, you agree to the processing of the data transmitted. This data is processed on the basis of Article 6(1)(a) of the GDPR with your consent.

 

You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation. The option to subscribe to comments can be revoked at any time.

9. Use of Social Media Plug-Ins

We currently use the following social media plug-ins: [Facebook, Google+, Twitter, Xing, T3N, LinkedIn and Flattr]. We use the two-click solution. This means that if you visit our site, initially no personal data will be passed on to these plug-ins’ providers. You can identify the provider of the plug-in by the marking on the box above its initial letter or the logo. You can communicate directly with the plug-in provider via the button. Clicking the marked field will activate it, and the plug-in provider receive the information that you have accessed the corresponding website from our website. In addition, the data mentioned under section 3 of this statement will be transmitted. In the case of Facebook and Xing, the IP address of the respective provider in Germany is anonymised immediately after collection. By activating the plug-in, data is automatically transmitted to the respective plug-in provider and stored there (in the USA for US providers). Since the plug-in provider collects data mainly via cookies, we recommend that you delete all cookies using your browser’s security settings before clicking on the greyed-out box.
We have no influence on the data collected and the data handling processes, nor are we aware of the full extent of the data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or customised design of its website. Such evaluation is also carried out in particular (including for users who are not logged in) to display customised advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles. You must contact the respective plug-in provider to exercise this right. Through the plug-ins, we offer you the option to interact with social networks and other users, so that we can improve our offering and make it more interesting for you as a user. The lawful basis for this use is Article 6 (1)(1)(f) of the GDPR.
The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click on the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares this with your contacts in public. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid linking to your profile with the plug-in provider.
For more information on the purpose and extent of the data collection and processing by the plug-in provider, please refer to the data protection statements of these providers below. You will also find further information on your rights and settings options for protecting your privacy there.
Addresses of the plug-in providers and the link to their data protection policy:

  • a. Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084
  • b. http://www.facebook.com/about/privacy/your-info-on-other#applications and
  • c. http://www.facebook.com/about/privacy/your-info#everyoneinfo.


Facebook is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework


Google is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework

  • e. Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; twitter.com/privacy.


Twitter is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

  • i. Flattr Network Ltd. with its office at 2nd Floor, White Bear Yard 114A, Clerkenwell Road, London, EC1R 5DF, UK; flattr.com/privacy.]



SECTION VI – USE AND PROCESSING

1. Information

We only store and process data which you voluntarily provide to us. If you make use of services, generally only data that we absolutely need to provide the services and to safeguard our own legitimate business interests is collected. If we ask you for further information, you are under no obligation to provide it.

If the processing of personal data is necessary and there is no lawful basis for such processing, we generally obtain consent for the processing the data of the Data Subject. Personal data is always processed in accordance with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), and in accordance with the state-specific data protection provisions applicable to BDT Media Automation GmbH.

BDT Media Automation GmbH has implemented numerous technical and organisational measures as the Data Controller in order to ensure that all personal data processed via this website is protected as best as possible. Nevertheless, internet-based data transmissions can by their very nature have security gaps, so absolute protection cannot be 100% guaranteed. For this reason, every Data Subject is free to transmit personal data to us by alternative means, for example by telephone or post.

2. Consent

If it is necessary to obtain personal data, the processing of which is permitted or provided for on a lawful basis, we collect this from the Data Subject before processing in the form of voluntary consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation.

3. Legitimate Interest

If the processing is absolutely necessary to maintain a legitimate interest of our company or a third party, and it must be ensured that the interests are proportionate and the fundamental rights and freedoms of the Data Subject do not prevail, then we conduct the processing on the basis of Article 6(1)(f) of the GDPR in a considered assessment of risks related to this and in full awareness of our fiduciary duty according to strict assessment criteria, which otherwise are not included in any of the above mentioned lawful bases. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

We are, in particular, allowed to carry out such processing procedures that sometimes become necessary because they have been specifically provided for in EU legislation. In this regard this maintains the condition that, for example, a legitimate interest could be assumed if the Data Subject is a customer of the Data Controller. (see Recital 47(2) of the GDPR).

4. Direct Marketing

We use your e-mail address, which we have obtained within the framework of a personal contact or in connection with an agency/project undertaking or in connection with a service delivery/claim or in connection with the sale/purchase of a good/product, for the electronic transmission of marketing for our own offers, products or services, which are similar to those that you have already ordered with us, if you have not objected to such use. This data is processed on the basis of Article 6(1)(f) of the GDPR on the basis of the legitimate interest in direct marketing. You have the right at any time to object to the processing of your personal data, without giving any reasons, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement. You can also use the dedicated link in the promotional e-mail. There are no other costs involved in sending this notification other than the transmission costs in accordance with the basic tariffs.

 

5. Credit Check

We wish to point out that we are entitled to send all relevant data concerning outstanding claims made on the basis of non-contractual behaviour to credit agencies, in compliance with the statutory requirements.

If we make advance outlays, for example, if you pay on account or on credit, we reserve the right to obtain a credit rating. To do this, we submit the personal data required for a credit check to a credit agency. We use the information obtained about the statistical probability of default for making a balanced decision with respect to the conclusion, execution or termination of the contract. Your legitimate interests will be taken into account in accordance with the legal requirements.

This data is processed on the basis of Article 6(1)(f) of the GDPR on the basis of the aforementioned legitimate interest. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you can contact us at any time, as the Data Controller. The credit information can contain probability values (score values), which are calculated on the basis of scientifically recognised mathematical-statistical methods.


6. Processing of Personal Data

When creating a quotation or offer acceptance, we collect and use personal data only as necessary to generate, fulfil and process quotes and/or contracts, as well as to process requests in this regard. This data must be provided in order to conclude the contract.

This data is processed on the basis of Article 6(1)(b) of the GDPR and is necessary to conclude and execute a contract with you. Service providers employed by us and acting on our behalf (order processors, see Article 28 GDPR) can process data for purposes mentioned in Section IV, Part A.

Existing services which the contractor generally uses with third parties as an ancillary service, in support of its operation or its business in the context of order processing, also fall within the sense of this statement. In such cases, personal data is processed by the operator under contract in accordance with Article 28 of the GDPR in connection with Section of the 62 BDSG.

Inasmuch as ancillary services also need to be used for the processing, the processing is based on Article 6(1)(f) GDPR on the basis of the legitimate interest in maintaining business operations. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement. These include ancillary services to ensure the confidentiality, availability, integrity and capacity of the computer hardware and software used and called upon by the contractor, such as:

  • telecommunications providers as part of maintenance and services
  • cleaning and/or security services
  • auditors in the context of certifications
  • waste disposal services
  • data centre services
  • postal/transportation services
  • IT service providers for system maintenance and user service.



7. Data Transfer

Your data is not disclosed to third parties, who then process it under their own responsibility, without your express consent. Only our service partners which we need to conduct the contractual relationship or service providers we use in the course of order processing are excluded from this. The scope of the disclosure of data is limited to a minimum. In all cases, we assure you that when choosing our service providers which we use in individual cases, we select these carefully and in good faith, in terms of their suitability and reliability, ensuring that they satisfy our own requirements and standards.

8. Transmissions

Personal data is transmitted to authorised national institutions and authorities only within the framework of relevant laws or unless we are required by a court decision to do so. This data is processed on the basis of Article 6(1)(e) of the GDPR. We may transmit your personal data to the companies referred to under Section II. A. and to companies affiliated with us, to the extent permitted by the purposes set out in Section IV. A. and the lawful bases referred to in Section IV. B.

9. Data Transfer to a Third Country

We do not envisage transmitting your data to a third country. If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the relevant offer.

 

10. Categories of Recipients

Within BDT Media Automation GmbH, only those persons who receive your data and are entrusted with processing the contract or handling your request. Otherwise, personal data is processed on our behalf, on the basis of contracts pursuant to Article 28 of the GDPR in conjunction with Section 62 of the BDSG. In addition to the recipient named in the respective provisions of this data protection statement, this may be to recipients in the following categories:

  • commercial agencies
  • shipping providers
  • payment service providers
  • enterprise resource planning service providers
  • logistics providers
  • cloud and IT service providers
  • tax and business consultants.


The recipients can be also our affiliates, insofar as this is allowed for within the purposes set forth in this statement and lawful bases.

11. Duration of Storage

The Data Controller processes and stores the personal data of the Data Subject only for the period that is necessary to achieve the purpose of the storage. After completion of the contract, the data is first stored for the duration of the warranty period; then, taking into account any legal and, in particular, tax and commercial retention periods, your data is stored and then deleted after this period, unless you have agreed to further processing and use or unless this is otherwise determined by the European Commission or any other laws or regulations to which the Data Controller is subject.

 

12. Confidentiality and Data Protection

Our employees and the service companies commissioned by us are contractually bound to confidentiality and to comply with data protection, in accordance with regulations of the German Federal Data Protection Act.

13. Children and/or Young People

Our offer is essentially aimed at adults. Persons below the age of 18 should not transmit personal data to us without the consent of their parents or legal guardians.

We generally require no personal data from a child or children or a young person or young people, and we do not collect and or disclose such data to third parties. Nevertheless, in special circumstances, we may need and request such personal data to process an application, under our legitimate interest in the application for the establishment of a possible employment relationship.

In such cases, personal data is processed on the basis of Article 6(1)(f) of the GDPR, for the legitimate interest of the aforementioned purpose and to obtain the necessary written consent of one or more parents or guardians in the processing.

The parents or guardians may revoke their consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

If the Data Controller concludes an employment or placement contract with an applicant, the data to be transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. This data is processed on basis of Section 26(1) in conjunction with (8)(2) of the BDSG in the course of employment.

14. Job Applications

Insofar as the application is necessary to fulfil a contract with the applicant or to carry out pre-contractual measures, the lawful basis for processing the data is based on Article 6(1)(b) of the GDPR.

 

If this is a speculative application, the data is processed based on Article 6(1)(a) GDPR, with the consent of the applicant.

 

You can revoke consent provided under the lawful basis of Article 6(1)(a) of the GDPR at any time by informing us, without affecting the lawfulness of the processing carried out on the basis of consent until the time of revocation.

Insofar as ancillary services are to be used for processing, the processing is carried out on the basis of Article 6(1)(f) of the GDPR, based on the legitimate interest in the handling of the application process. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

 

The lawful basis for processing the data beyond any other lawful basis is in any case the consent of the applicant in accordance with Article 6(1)(a) of the GDPR.

 

As part of the application process, we obtain the consent of the applicant. You can revoke consent provided under the lawful basis of Article 6(1)(a) of the GDPR at any time by informing us, without affecting the lawfulness of the processing carried out on the basis of consent until the time of revocation.

If the processing of personal data is necessary and there is no lawful basis for such processing, we generally obtain consent for the processing the data of the Data Subject. You can revoke consent provided under the lawful basis of Article 6(1)(a) of the GDPR at any time by informing us, without affecting the lawfulness of the processing carried out on the basis of consent until the time of revocation.

As far as employment between you and us is concerned, we may process the personal data already obtained from you for employment purposes. The lawful basis flows from Section 26(1) in conjunction with (8)(2) of the BDSG if this is necessary for the creation, implementation or termination of the employment relationship or for exercising or fulfilling the rights and obligations of the employees resulting therefrom.

Otherwise, the application process ends with the receipt of the rejection by the applicant.

In the event that an employment relationship between you and us does not come into effect, we may also continue to store data based on Article 6(1)(f) of the GDPR to the extent necessary to defend against possible legal claims. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

15. Processing in the Employment Context

Data is processed on the basis of Article 88 of the GDPR in conjunction with Section 26 of the BDSG.



SECTION VII. – TECHNICAL AND ORGANISATIONAL MEASURES

We have taken technical and organisational security measures to protect your personal information against loss, destruction, manipulation and unauthorised access. Our security measures are continuously updated in accordance with technological development and the state of the art,as far as economically viable and acceptable, so as to keep the confidentiality, integrity, availability and resilience of our systems and services always at the highest level.

1. Organisational Measures

All of our employees and all persons involved in data processing are contractually obliged to observe the data protection laws and provisions and are also bound to the confidential handling of personal data as well as to data protection and confidentiality.

2. SSL Encryption

To best protect your transmitted data, we use SSL encryption on our websites. You can recognise encrypted connections by the prefix “https://” in the page link in the address line of your browser. Unencrypted pages are identified by “http://”. All data that you send to these SSL websites – such as inquiries or logins – cannot be read by third parties thanks to SSL encryption.

3. Automated Decision-Making

As a responsible company, we do not use automatic decision-making.

4. Profiling

Profiling is carried out only for logistical reasons to process your order within our enterprise resource planning system.

 

 

SECTION VIII. – RIGHTS OF DATA SUBJECTS

You have the following rights pursuant to the statutory requirements under Article 15 to 21 and Article 77 of the GDPR in connection with Section 29 of the BDSG. If you wish to avail yourself of any of the following rights, you may contact our data protection officer or us, as the Data Controller, at any time using the contact details provided in this statement.

  • Information about your data which we store and how we process it
  • Correction of incorrect personal data
  • Deletion of your data which we store, or limitation of data processing, if we are not yet allowed to delete your data due to legal obligations
  • Objection to your data being processed by us
  • Data portability, if you have consented to data processing or have concluded a contract with us.
  • If you have given us your consent, you can revoke it with future effect at any time.

 

 

Right to objection under Article 21 of the GDPR

Any Data Subject has the right granted by the European Commission, for reasons arising from their particular situation, to object to the processing of personal data relating to them at any time, which is processed on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

BDT Media Automation GmbH will no longer process personal data in the event of an objection, unless we can prove there are compelling reasons to continue the processing which outweigh the interests, rights and freedoms of the Data Subject, or that the processing serves to assert, exercise or defend legal claims.

If BDT Media Automation GmbH processes personal data for direct mailing purposes, the Data Subject has the right to object to the processing of personal data for the purpose of such marketing at any time. This also applies to any profiling connected with such direct marketing.

If the Data Subject objects to BDT Media Automation GmbH’s processing for direct marketing purposes, BDT Media Automation GmbH may no longer process the personal data for these purposes.
The Data Subject has the right, for reasons arising from his/her particular situation, to object to the relevant processing of personal data which BDT Media Automation GmbH carries out for scientific or historical research purposes or for statistical purposes, in accordance with Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task in the public interest.

The Data Subject is also free to exercise their right of objection in relation to the use of services of an information company, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Without prejudice to any other administrative or judicial remedy, you have the right, in accordance with Article 77 of the GDPR in conjunction with Section 29 of the BDSG, to contact the supervisory authority if you believe that the processing of your personal data is not lawful.

The competent supervisory authority varies depending on your country of residence, your work or the nature of the alleged infringement. A list of supervisory authorities (for the non-public sector) and their addresses can be found (in German) at: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

You also have the right to an effective judicial remedy if you consider that your rights under this regulation have been infringed as a result of processing of your personal data in breach of this regulation.




SECTION IX. – Integrated Processing Components

Google Analytics

On our web pages we use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/en/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymised user profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this site such as
1. browser type/version,
2. the operating system used,
3. referrer URL (the previously visited page),
4. host name of the accessing computer (IP address),
5. time of the server request,
are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website and Internet use for market research purposes and to design these Internet pages in line with requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You have given your consent to this via our opt-in cookie banner within the meaning of Article 6(1)(a) GDPR.
You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from capturing data by clicking the following link: Disable Google Analytics. An opt-out cookie is set to prevent your data from being collected in the future when you visit this website. The opt-out cookie applies only in this browser and only to our website and is placed on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=en).

 

Google WebFonts

Our website uses so-called web fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google's servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our website.
You have given your consent to this via our opt-in cookie banner within the meaning of Article 6(1)(a) GDPR.
Google LLC, based in the United States, is certified under the U.S. European Privacy Shield Agreement, which ensures compliance with EU privacy standards.
For more information about Google Web Fonts, click the following link: developers.google.com/fonts/faq and the Google Privacy Policy: www.google.com/policies/privacy/



SECTION X. – STATUTORY OR CONTRACTUAL PROVISIONS

1. Provision of Personal Data

We inform you that the provision of personal data can partly be required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner).

2. Consequences of Failure to Provide Personal Data

A failure to provide personal data can mean that a contract cannot be concluded with you. Before providing any data, you are welcome to contact our data protection officer if you have any questions. They will inform you whether the provision of personal data is legally or contractually determined and whether it is absolutely necessary for the conclusion of the contract with you or whether there is an obligation to provide personal data and what the consequences of a failure to provide the personal data are.

3. Obligation to Provide Data

Sometimes you may be required to supply us with your personal data in order to conclude a contract, which must be processed by us as a result. For example, you are required to provide us with your personal data if our company wishes to enter into a contract with you.

4. Objection to Spam E-Mails

We hereby expressly object to the use of contact details for the purpose of sending unsolicited marketing and information material, which must be published within the scope of the imprint obligation. We expressly reserve the right to take legal action in the event of the unsolicited sending of marketing information, such as spam e-mails.

 

5. Links to Third Parties

If you use external links which appear on our website, then this data protection statement does not extend to these links. In so far as external links appear, we assure you that no breaches of the applicable data protection laws on the linked websites were identified at the time that the link was included. However, we have no influence on the compliance and implementation of the legal data protection regulations by other providers. Please visit the website of the respective provider to read its data protection policy and for details of its contact for data protection.

6. Responsibility for Contents

Under Section 7(1) of the German Telemedia Act [Telemediengesetz] (TMG), as a service provider we are responsible for our own content on this website in accordance with general legislation. According to Sections 8 to 10 to the TMG, as the operator of this website, we are not obliged to monitor information transmitted or stored on this site by third parties or to monitor the site for signs of illegal activity. Obligations to remove or block the use of information under general legislation remain unaffected.

The free and freely accessible contents of this website were produced with the utmost care. We however expressly point out that we accept no liability or other responsibility for the accuracy, timeliness or completeness of the content provided in this data protection statement. The contents do not serve as legal advice on which you can rely when complying with the legal regulations on data protection – in particular the GDPR – nor can this replace individual legal advice.

7. Liability

Liability claims against BDT Media Automation GmbH which refer to damages of a material or intangible or immaterial nature caused by applying the content presented in this data protection statement or using potentially incorrect and incomplete or misleading content are excluded, provided that on the part of BDT Media Automation GmbH no demonstrably intentional or grossly negligent fault exists.

8. Legal Effect and Choice of Jurisdiction

Insofar as sections or individual terms in this data protection statement are not, or are no longer or not fully, applicable to the legal situation in question, the content and validity of the remaining parts of the document remains unaffected. German law applies. For consumers, this choice of law applies only insofar as the protection provided is not revoked by mandatory provisions of the laws of the state in which the consumer has their habitual residence (favourability principle).

9. Other Provisions

Changes to the law or to our internal processes may required this data protection statement to be modified. In the event of such a change, we will inform you of this, insofar as possible, six weeks before the changes enter into force. You should read this policy every now and then to stay up to date on how we protect your data and continuously improve our website’s content. If we make material changes to the collection, use and/or disclosure of your personal data that you make available to us, we will advise you in a clear and prominent notification on the website.

You generally have a right of withdrawal with respect to the consent you have granted. Please note that unless you exercise your right of withdrawal), the current version of the privacy policy applies.

In the course of the development of legal provisions, BDT Media Automation GmbH expressly reserves the right to amend parts of the statement or the statement in its entirety without separate announcement, to supplement it, to delete it or to cease publication temporarily or permanently. In addition, due to our lack of intention to be legally bound, no contractual relationship between us and you as the user of this content is created by obtaining this freely accessible content. For questions and suggestions on the topic of data protection at BDT Media Automation GmbH, please contact: datenschutz@ddsb.de

We will update this data protection statement when needed, based on the current circumstances, such as changes to legal requirements. The version published here applies.


This data protection statement was created by BDT Media Automation GmbH.Last updated 09/2018

 

 

teufels Werk