PRIVACY STATEMENT

Name and contact details of the controller
pursuant to Article 4 (7) GDPR

Bergmann & Steffen GmbH
Raiffeisenstr. 176
32139 Spenge

Managing Directors:
Klaus Bergmann, Uwe Bergmann
Tel.: +49 5225-8786-0
Fax: +49 5225-8786-27
info(at)bergmann-steffen.de

Security and protection of your personal data

We regard it as our primary duty to preserve the confidentiality of the personal data that you provide and to protect these against unauthorised access. We therefore take the utmost care and conform to the latest security standards to guarantee maximum protection of your personal data.

As a private company we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the German Federal Data Protection Act (BDSG). We have implemented technical and organisational measures that ensure the data protection regulations are observed both by us and by our external service providers.

Definitions
We are required by law to process personal data lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”). To guarantee this, we inform you of the individual legal definitions which are also used in this privacy statement:

1. Personal data
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Processing
”Processing” means any operation or set of operations which is performed in connection with personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

4. Profiling
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

5. Pseudonymisation
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

6. Filing system
“Filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

7. Controller
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8. Processor
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. Recipient
“Recipient” means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether this is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

10. Thirty party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11. Consent
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Lawfulness of processing

Processing shall be lawful only if there is a legal basis for the processing. In accordance with Article 6 (1) lit. a – f GDPR the following in particular can be deemed a legal basis for the processing:

a. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b. processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract;
c. processing is necessary for compliance with a legal obligation to which the controller is subject;
d. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Information about the collection of personal data

(1) Below we provide information about the collection of personal data when using our website. Personal data are e.g. name, address, email address, user behaviour.
(2) When you contact us via email we save the information disclosed by you (your email address, your name and your telephone number, where applicable) for the purpose of responding to your enquiry. Data obtained in this manner are deleted once they are no longer required, or processing is restricted if statutory retention obligations apply.

Collection of personal data when visiting our website
When you use the website purely informatively, i.e. you do not register or otherwise transmit information, we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data, which are necessary to display our website and to guarantee its stability and security (legal basis is Art. 6 (1) Sentence 1 lit. f GDPR):

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Respective volume of data transmitted
Website from which the request originated
Browser
Operating system and interface
Language and version of browser software.

Use of cookies
(1) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using; cookies supply specific information to the site that stores them. Cookies cannot run programs or transfer viruses to your computer. The purpose of cookies is to make the website more user-friendly and effective as a whole.
(2) This website uses the following types of cookies, whose scope and function is explained below:

Transient cookies (see a.)
Persistent cookies (see b.).

a. Transient cookies are automatically deleted when you close your browser. In particular these include session cookies. These store a “Session ID” to which your various browser requests during the entire session can be assigned. This means your computer can be recognised when you return to our website. The session cookies are deleted when you logout or close the browser.
b. Persistent cookies are deleted automatically after a specific period, which can vary depending on the cookie. You can delete cookies at any time in your browser security settings.
c. You can configure your browser settings according to your preferences and e.g. accept third-party cookies or disable all cookies. “Third-party cookies” are cookies that have been stored by a third party, therefore not by the actual website you are visiting at that time. Please note that disabling cookies may mean you lose some functions of this website.

Further functions and features of our website
(1) In addition to purely informative use of our website, we offer various services that you can use if interested. For this you generally have to provide further personal data that we use to render the respective service and which are subject to the aforementioned principles of data processing.
(2) We may instruct a third-party service provider to process your data on our behalf. Such parties have been carefully selected by us; they are subject to our instructions and are regularly monitored.
(3) Furthermore we may pass your personal data to third parties if we offer special deals, competitions, contract conclusions or similar services in cooperation with partners. Further information on this subject is provided when you enter your data, or below the description of the offer.
(4) Insofar as our service providers or partners are domiciled in a country outside the European Economic Area (EEA), we shall inform you of the impact of such in the offer description.

Children

Our products are targeted primarily at adults. Persons under the age of 18 should not disclose personal data to us without the consent of a parent or guardian.

Integration of Google Maps

(1) We use Google Maps on this website. This allows us to display interactive maps directly on the website and enables convenient use of the maps function.

(2) When you visit the website, Google is notified that you have retrieved the corresponding sub-page of our website. The data specified in Section 3 of this privacy statement are also transmitted. This happens irrespective of whether you are logged into a Google user account, and even when no such user account exists. If you are logged into Google, your data are assigned directly to your account. If you do not want Google to associate the data with your profile, you must logout before activating the button. Google stores your data as a user profile and uses it for the purposes of advertising, market research and/or targeted design of its websites. This evaluation is used in particular (only for non-logged-in users) to create targeted advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of this user profile; to do so, you must assert this right with Google directly.

(3) Further information on the purpose and scope of data collection and data processing by the plug-in provider is provided in the privacy statements of the provider. Here you can also obtain further information on your corresponding rights and configuration options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

Rights of the data subject

(1) Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Revocation of consent does not affect the legality of processing carried out on the basis of consent up to the time of revocation. For the exercise of the right of revocation, you can always contact us.

(2) Right of Access
You have the right to confirmation as to whether or not we process your personal data and, where we do, to access to the personal data, together with additional information including details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. You can request confirmation at any time using the contact details above.

(3) Right of Information
You may request confirmation from the data controller as to whether personal data concerning you will be processed by us.
In the event of such processing, you may request the following information from the data controller:
(1) the purposes for which the personal data will be processed;
(2) the categories of personal data processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;
(4) the planned duration of the retention of the personal data relating to you or, if it is not possible to provide specific information in this respect, criteria for determining the retention period;
(5) the existence of a right to rectify or delete personal data concerning you, a right to limit the processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the origin of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

(4) Right of rectification
You have the right to have your personal data corrected and/or completed by the data controller if the personal data processed concerning you is inaccurate or incomplete. The data controller must carry out the rectification without delay.

(5) Right of Deletion
(a) Duty to delete
You may request the controller to delete the personal data relating to you immediately and the controller is obliged to delete such data immediately if one of the following reasons applies:

(1) Personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR was based and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data relating to you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

b) Information to third parties
If the person responsible has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 para. 1 GDPR, he shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform the persons responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.

c) Exceptions
The right to deletion does not exist if the processing is necessary.

(1) the exercise of freedom of expression and information;
(2) to fulfil a legal obligation which the processing requires under the law of the Union or of the Member States to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;
(4) for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.

(6) Right to restriction of processing
Under the following conditions, you may request that the processing of your personal data be restricted:

(1) if you dispute the accuracy of the personal data concerning you for a period of time which allows the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the controller no longer needs the personal data for the purposes of the processing, but you need them for the assertion, exercise or defence of legal claims, or
(4) if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data - apart from their storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.

If the restriction on processing has been limited in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

(7) Right to data portability
You have the right to receive the personal data relating to you, which you have provided to the controller, in a structured, common, machine-readable format. You also have the right to transfer this data to another controller, without obstruction by the controller to whom you have provided the personal data, insofar as

a. The processing is based on consent in accordance with Art. 6 (1) a GDPR or Art. 9 (2) a GDPR or on a contract in accordance with Art. 6 (1) b GDPR and
b. Processing is carried out by an automated process.

When exercising this right you also have the right to arrange to receive the personal data relating to you direct from another controller insofar as this is technically feasible. Rights and freedoms of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data required to carry out a task in the public interest or which is carried out in the exercise of official authority that has been transferred to the controller.

(8) Right of objection
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The person responsible will no longer process the personal data relating to you unless he can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In connection with the use of information society services, you may exercise your right of objection by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

(9) Automated decision in individual cases including profiling
You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the person responsible,
(2) is authorised by legislation of the Union or of the Member States to which the person responsible is subject and contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
(3) with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to state his own position and to challenge the decision.

(10) Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State where you are staying, at your place of work or at the place where the alleged infringement is alleged, if you consider that the processing of your personal data is contrary to the GDPR.
The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

(11) Right to an effective judicial remedy
Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR, you have the right to an effective judicial remedy where you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data in non-compliance with this Regulation