1. Definition of terms
a. Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the “affected person”). A natural person is considered to be identifiable when the physical, physiological, genetic, mental, economic, cultural or social identity of this person can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features.
b. Affected person
The affected person (or “data subject”) is any identified or identifiable natural person whose personal data is processed by the controller.
Processing refers to any process or series of operations related to personal data (such as collecting, collecting, organizing, organizing, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures, disclosure by submission, dissemination or other form of provisioning, comparing or linking, restriction, erasure or destruction).
d. Restriction of processing
Restriction of processing refers to the marking of stored personal data with the intent to limit its processing.
Profiling refers to any kind of automated processing of personal data which evaluates that personal information to analyse or predict personal aspects relating to a natural person, in particular relating to job performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocations of that natural person.
Pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a specific affected person without additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
g. Controller (responsible for the processing)
The controller is the natural or legal person, public authority or body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by the laws of the Member States, the controller or the specific criteria for his designation may already be specified under Union or national law.
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, agency or other entity to whom personal data is disclosed (regardless of whether it is a third party). However, authorities which may receive personal data under Union or national laws in connection with a particular mission are not considered as recipients.
j. Third party
A third party is a natural or legal person, public authority or body other than the data subject, the controller, the processor or the persons authorized under the direct responsibility of the controller or the processor to process the personal data.
Consent is any permission voluntarily issued and unambiguously expressed in the form of a statement or other unambiguous confirmatory act by the affected person for the particular case, by which the affected person indicates that they consent to the processing of the personal data concerning them.
2. Name and contact details of the controller and the company’s data protection officer
Controller: B.I.G. Holding SE, Tom Lüders, Schwarze-Pumpe-Weg 16,12681 Berlin
Email: email@example.com Phone: +49 – 30 – 912074-10 Fax: +49 – 30 – 912074-29
The operational data protection officer of B.I.G. Holding SE can be reached at the above address (Attn: Ms. Sandra Grittke) or at firstname.lastname@example.org.
3. Collection and storage of personal data, and the nature and purpose of the data usage
a) When visiting the website
When you visit our website www.berlin.industrial.group, your web browser automatically sends information to the server hosting our website. This information is temporarily stored in a log file. The following information will be collected without your intervention and stored until it is automatically deleted:
– IP address of the calling computer,
– The date and time of access,
– Name and URL of the retrieved file,
– Website from which the access is made (referrer URL),
– Browser used and, if applicable, the operating system of your computer and the name of your access provider.
These data are processed by us for the following purposes:
– To ensure a smooth connection to the website,
– To ensure convenient use of our website,
– To evaluate the system’s security and stability,
– For further administrative purposes.
The legal basis for this data processing is article 6 para. 1 s. 1 of the GDPR. Our legitimate interest stems from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about you.
b) When registering for our newsletter
If, pursuant to article 6 para. 1 s. 1 of the GDPR, you have expressly consented, we may use your e-mail address to regularly send you our newsletter. It is sufficient to specify an e-mail address to receive the newsletter.
Unsubscribing is possible at any time (e.g. by using the link at the end of each newsletter).
c) When using our contact form
If you have questions, you may contact us using the form provided on our website. You must provide a valid e-mail address so that we know who the request came from and can answer. Further information may be provided voluntarily.
The data processing for the purpose of this contact is carried out in accordance with article 6 para. 1 s. 1 of the GDPR, based on your voluntarily consent.
The personal data collected by us for the use of the contact form will be automatically deleted after completion of the request made by you.
d) Applying for a customer login
When applying for a customer login, we collect your e-mail address, the company that you work for and your name. We use this data to assign you a customer login which we then e-mail to you. We will use your telephone number only for subsequent queries. The legal basis for this data processing is article 6 para. (b) of the General Data Protection Regulation.
4. Transfer of data
There is no transfer of your personal data to third parties for purposes other than those listed below.
We shall only share your personal information with third parties if:
- According to article 6 para. 1 s. 1 of the GDPR, you have given your express consent,
- The transfer, pursuant to article 6 para. 1 s. 1 of the GDPR, is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,
- In the event that transfer of the data, pursuant to article 6 para. 1 s. 1 of the GDPR, is a legal obligation,
- This is legally permissible and, according to article 6 para. 1 s. 1 of the GDPR, is required for the settlement of contractual relationships with you.
Information is stored in the cookie which is used for each subsequent connection with the specific device. However, this does not mean that we are immediately aware of your identity.
These cookies are used to make our website more pleasant for you to use. For example, we use session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after you leave our website.
To improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again to take advantage of our services, the system will automatically recognize that you have already been with us; inputs and settings you have made do not need to be re-entered.
The data processed by cookies are required for the purposes mentioned (in order to safeguard our legitimate interests as well as third parties) according to article 6 para. 1 s. 1 of the GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a notice appears before a new cookie is created. If you disable cookies completely, you may not be able to use all features of our website.
Should you want to retroactively change the cookie settings that were made when you first accessed the website, you can make this change here.
6. Analysis tools
The tracking measures that we use (listed below) are justified pursuant to article 6 para. 1 s. 1 of the GDPR. With the tracking measures in use, we want to ensure a needs-based website design and the continuous optimization of our website. We also use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our services for you. These interests are justified within the meaning of the aforementioned provision.
The associated data processing purposes and data categories can be found in the corresponding tracking tools.
For the purposes of customizing and continually optimizing our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com/intl/en/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereafter referred to as “Google”). Anonymous usage profiles are created and cookies are used (refer to section 4) for this purpose. Information generated by the cookie about your use of this website (such as
– browser type and version,
– operating system being used,
– referrer URL (the previously visited page),
– host name of the accessing computer (IP address),
– and time of server request)
is transmitted to a Google server in the US and stored there. This information is used to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties are required to process this data. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that user-specific assignment is not possible (using IP masking).
You can prevent the installation of cookies by setting your browser software accordingly; however, in this case, not all features of this website may be functional.
You can prevent the collection of data generated by the cookies related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https: //tools.google.com/dlpage/gaoptout?hl=en).
Should you want to retroactively change the Google Analytics setting that was made when you first accessed the website, you can make this change with the aid of this checkbox.
For more information about privacy related to Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).
Google Adwords Conversion Tracking
To statistically record the use of our website and to evaluate it for the purpose of optimizing our website, we also use Google conversion tracking. For this, Google Adwords sets a cookie (as described in section 4) on your computer if you have reached our website via a Google ad.
These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.
Every Adwords customer receives a different cookie. Thus, cookies cannot be tracked via the websites of Adwords customers. The information gathered using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers learn about the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information that personally identifies users.
Use of the remarketing or “similar target groups” function of Google Inc.
On our website we use the remarketing or “similar target group” function of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). This function serves the purpose of analyzing visitor behavior and interests.
This feature makes it possible to link advertising target groups created via Google Analytics Remarketing with the cross-device features of Google AdWords and Google DoubleClick. Thus, interest-related, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. mobile phone) can also be displayed on any other of your end devices (e.g. tablet or PC).
If you have granted your consent, Google will link your web browser history and app browser history to your Google account for this purpose. Thus, the same personalized advertising messages can be displayed on any end device, on which you sign in with your Google Account.
In this process, your data may also be transferred to the USA. A European Commission adequacy decision exists for data transfers to the USA.
Processing occurs on the basis of Article 6(1)(f) GDPR in the legitimate interest of delivering targeted advertising to visitors of the website by placing personalized, interest-related display ads for visitors to the provider’s website, when they visit other websites in the Google Display Network.
For reasons arising from your particular situation, you have the right at any time to object to this processing of your personal data based on Article 6(1)(f) GDPR.
Social media plug-ins
On our website we use social plug-ins of the social networks Facebook, Instagram, Xing and LinkedIn. Processing of users’ personal data occurs on the basis of our legitimate interests in effective user information and communication with users in accordance with Article 6(1)(f) GDPR. If the users are requested by the respective providers of the platforms to grant their consent to the data processing described above, the legal basis for the processing is Article 6(1)(a), Article 7 GDPR.
The responsibility for data protection-compliant operation must be guaranteed by the respective providers of these platforms. Facebook, Instagram, Xing and LinkedIn are primarily responsible for the processing of personal data in each of their respective social networks.
The integration of these plug-ins on our part occurs by means of the so-called two-click method, in order to protect visitors of our website in the best manner possible.
When you link to us or interact with us through social media sites, you allow us to receive certain information from your social media account (e.g., name, user ID, email address, profile photo, photos and videos, gender, birthday, a list of your friends and their contact information, people you follow and/or who follow you, the posts or “likes” you activate). We also receive information about your interaction with our content (e.g., displayed content and information about ads you have been shown or have clicked on).
Use of fan sites in social networks
If you would like to contact us through the B.I.G. Messenger, you will need either a Facebook Messenger account or an SMS feature on your mobile device. The use of Facebook Messenger is governed by the privacy policies of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, which can be viewed at https://www.facebook.com/about/privacy.
If you use the B.I.G. Messenger, we store your Facebook username or the phone number of the mobile device you are using, even beyond the chat record, to facilitate communication. Thus you do not have to identify yourself again every time you use the B.I.G. Messenger to contact us.
You can object to the storage of the above-mentioned data beyond the chat record at any time, within the framework of the statutory provisions, e.g. at email@example.com
Use of visitor action pixels from Facebook
With your consent, which you have granted as follows, “I agree to use of the visitor action pixel of Facebook”, we use the “visitor action pixel” of Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) within our website.
Facebook/Instagram will use the data collected to evaluate website usage, to compile reports on website activity and to provide other services relating to website usage and Internet usage. Facebook/Instagram may also transfer this information to third parties where required to do so by law or where such third parties process the information on Facebook/Instagram’s behalf.
Thus the behavior of users can be tracked after the users have been redirected to the provider’s website by clicking on a Facebook ad. This process is used to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and can contribute to optimizing future advertising measures.
We have entered into a contract data processing agreement with Facebook for this purpose. Some of the data will be transferred to the USA. The transmission of data to the USA is based on the Privacy Shield.
The collected data is anonymous for us and does not give us any indications of the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Usage Guidelines (https://www.facebook.com/about/privacy/). You can enable Facebook and its affiliates to serve ads on Facebook and outside of Facebook. Moreover, a cookie can also be stored on your computer for these purposes.
Consent to the use of the visitor action pixel may only be declared by users who are older than 13 years of age. If you are younger, please ask your parent or guardian for permission.
The legal basis for the processing of personal data using visitor pixels is Article 6(1)(f) GDPR, i.e. a legitimate interest on our part. Specifically, our legitimate interest lies in the analysis, optimization and profitable operation of our website and our online offerings.
You can object to collection through the Facebook pixel and the use of your information to display Facebook ads. To set what types of ads you see within Facebook, you can go to the page set up by Facebook and follow the instructions concerning the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they will be applied for all devices, such as desktop computers or mobile devices.
Should you want to retroactively change the Google Analytics setting that was made when you first accessed the website, you can make this change with the aid of this checkbox.
Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our pages that contains LinkedIn features, a connection is established to LinkedIn servers. LinkedIn will be informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to our website with you and your user account. We expressly state that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.
We use the retargeting tool, as well as the conversion tracking of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). For this purpose, the LinkedIn Insight Tag is integrated on our website; it enables LinkedIn to collect statistical, pseudonymous data about your visit and the use of our website and to provide us with corresponding aggregated statistics on this basis. As a rule, the following information, among other data, is recorded:
- LinkedIn user ID (cookie ID)
- IP address
- Metadata of the website visit, e.g. browser type, website visited
In addition, this information is used to provide you with offerings and recommendations that are specific and relevant to your interests, after you have informed yourself of specific services, information and offerings on the website. The relevant information is stored in a cookie.
Directly or indirectly we collect following the categories of personal data from you:
Social media data – including: Information that we obtain about your interaction with us through social media channels, such as Facebook, Instagram, Google, etc., for example any publicly available information in social media, such as social media identifiers, social media interactions and public postings, your “likes” and other reactions, your social media acquaintances, your publicly available photos or photos you provide to us by mentioning us or following our social media postings using social media identifiers or hashtags. We obtain this data directly from social media networks (e.g. Facebook, Instagram, etc.) or indirectly through third parties with whom we have contracts.
Requests for information
With regard to requests for information and the assertion of user rights, we expressly state that requests for information and user rights can be asserted with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. Nevertheless, if you should still need help, please do not hesitate to contact us.
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Statement / Opt-Out http://instagram.com/about/legal/privacy/.
7. Affected rights
You have the following rights:
- Pursuant to article 15 of the GDPR, you have the right to request information about your personal data processed by us. In particular, you can receive information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification, deletion, limitation of processing or opposition, the existence of a right to complain, the source of your data (if not collected from us), and the existence of any automated decision-making (including profiling) and, where appropriate, meaningful information about further details.
- Pursuant to article 16 of the GDPR, you have the right to demand the immediate correction of incorrect data or the completion of personal data stored by us.
- Pursuant to article 17 of the GDPR, you have the right to demand the deletion of your personal data stored by us, except where it is required for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
- Pursuant to article 18 of the GDPR, you have the right to demand the restriction of the processing of your personal data, when the accuracy of the data is disputed by you, the processing is unlawful, and whereby you reject their deletion and we no longer need the data; you must assert this exercise or defence of legal claims or you have objected to processing in accordance with article 21 of the GDPR.
- Pursuant to article 20 of the GDPR, you have the right to obtain the personal data that you provided to us in a structured, common and machine-readable format or to request the transfer to another responsible person.
- Pursuant to article 7 para. 3 of the GDPR, you have the right to revoke any consent that you once granted to us at any time. As a result, we may not continue the data processing based on this consent.
- Pursuant to article 77 of the GDPR, you have the right to complain to a supervisory authority. You may normally contact the supervisory authority of your usual place of residence or work, or of our law office.
8. Right of objection
If your personal data are being processed based on legitimate interests in accordance with article 6 para. 1 s. 1 of the GDPR, you have the right to file an objection against the processing of your personal data in accordance with article 21 of the GDPR, provided that there are reasons for this arising from your particular situation or that your objection is directed against direct mail. In the latter case, you have a general right of objection, which shall be acted upon by us without specifying any particular situation.
If you would like to exercise your right of revocation or objection, please send us an e-mail at firstname.lastname@example.org.
9. Data security
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, third parties cannot read the data you transfer to us.
We take the appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously being improved to keep pace with technological developments.