Data Privacy Statement

Website www.beisheim.com/de/en/datenschutz

We are pleased about your visit to this website. Data protection and data security for our users have a high priority for us. We comply with the data protection regulations, in particular the EU General Data Protection Regulation ("GDPR"), the Federal Data Protection Act ("BDSG") and the Telemedia Act ("TMG").

In this Data Privacy Statement, we explain to you which information (including personal data) is processed by us during your visit and use of our aforementioned Internet offer ("website").

I. Who is the data controller?

The controller responsible under data protection law for the processing of personal data and service provider within the meaning of the TMG is Beisheim Group GmbH & Co KG, Breite Straße 22, 40213 Düsseldorf, Germany, telephone +49 211 687 75 60, kontakt@beisheim.com. Wherever this Data Privacy Statement refers to "we" or "us", this refers to the aforementioned company.

II. What principles do we observe?

In compliance with data protection regulations, we only process your personal data if we are permitted to do so by law or if you have given your consent.

On this website, we may also collect information that in itself does not allow us to draw any direct conclusions about your person. In certain cases, especially when combined with other data, this information may nevertheless be considered "personal data" in the sense of data protection law. Furthermore, we may also collect information on this website that does not allow us to identify you directly or indirectly; this is the case, for example, with aggregated information about all users of this website.

III. What data do we process?

You can access our website without directly providing any personal data (such as your name, postal address or email address). Even in this case, we have to collect and store certain information to enable you to access our website. In addition, we use an analysis process on our websites and have integrated links to other websites whose operators may process further (personal) data. The provision of personal data is required for certain functionalities on our websites.

1. Server log files: When you visit this website, our web server automatically collects and stores the information listed below in so-called server log files, which are transmitted to us by your web browser:

a) the domain name or IP address of the requesting computer (usually your Internet access provider);

b) the applications and end devices you use;

c) the date and time of the server request and the duration of your visit,

d) the website last visited before your visit to our website (referrer) as well as the subpages that you call up on our website.

The information in the server log files cannot be assigned to a specific person and this data is not merged with other data sources. The log files are stored in order to guarantee the functionality of the website and to ensure the security of our information technology systems.

2. IP geolocation: We use a geolocation application on our website based on the IP address of the requesting computer transmitted when the page is called up. For this purpose, we use an interface to the ipstack.com application, which is provided by apilayer Data Products GmbH, Elisabethstrasse 15/5, A-1090 Vienna/Austria. We use geolocation solely to show you, when you access a page, either the relevant version of our website based on the requesting IP address or a preview page that allows you to select the version of the website that is relevant to you. We do not combine this information with any other information about you that could identify you.

3. Website analysis via Matomo: We use the open source software tool Matomo on our website to analyse your usage behaviour. If you have consented to the use of tracking cookies, Matomo sets a cookie on your device. Further information on the use of cookies can be found in our Cookie Statement. The following data is stored with the set cookie:

a) the domain name or IP address of the requesting computer (usually your Internet access provider);

b) the website last visited before your visit to our website (referrer) as well as the subpages that you call up on our website;

c) the length of stay on the website and the individual sub-pages; and

d) the frequency with which the website is accessed.

The data is not passed on to third parties. We have adjusted the Matomo setting so that the IP address you use is not stored in full, but the last two bytes of the IP address are masked. This means that a personal assignment of the IP address is no longer possible.

4. Cookies: Information on the cookies we use can be found in our Cookie Statement, which can be accessed here.

5. Contacting us: If you contact us via the channels indicated on our website, we collect the personal data you have provided in connection with your contact, such as your name, e-mail address, address, telephone and/or fax number. 

IV. For what purposes and on what legal basis do we process your data?

  1. The processing of any personal data contained in the log files is carried out in order to enable you to use our website; this is done on the basis of Section 15(1) TMG or Article 6(1()f) GDPR.
  2. The processing of the possibly personal IP address for geolocation is carried out in order to be able to display the relevant version of our website to you or to enable you to make a corresponding selection; this is carried out on the basis of Article 6 (1) f) GDPR to protect our legitimate interest in a user-friendly design of our offer.
  3. The processing of personal data collected in the context of the use of Matomo for the purposes of web analysis as well as for the continuous improvement of our website is based on your consent in accordance with Article 6 (1) a) GDPR.
  4. The processing of personal data transmitted in the context of the enquiry addressed to us via the contact channels shown on the website is carried out for the purpose of processing the respective enquiry in order to safeguard our legitimate interest in carrying out our other business activities on the basis of Article 6 (1) f) GDPR. 
  5. We may also process data related to your use of our website in order to comply with legal obligations to which we are subject; this is done on the basis of Article 6(1)(c) GDPR.
  6. Where necessary, we also process your data beyond the aforementioned purposes in order to protect our further legitimate interests or the interests of third parties; this is done on the basis of Article 6(1) f) GDPR. Our legitimate interests include

    a) the assertion of legal claims and the defence in legal disputes;

    b) the prevention and investigation of criminal offences;

    c) the management and further development of our business activities, including risk management.

V. Am I obliged to provide data?

  1. The provision of personal data is mandatory in the following cases:The provision of personal data is mandatory in the following cases:

    a) The storage of the server log files is absolutely necessary for the operation of the website. Consequently, you have no possibility to object to the storage of the designated information in the server log files.

    b) In order to respond to an enquiry sent to us via the contact channels shown on our website, we require information in order to be able to contact you (i.e. e-mail address, address, telephone and/or fax number); we cannot respond to your enquiry without the provision of at least one piece of contact information.
  2. If we collect further personal data from you in connection with the further development of our website (in particular in the case of supplementary functionalities), we will inform you at the time of collection whether the provision of this information is required by law or contract or is necessary for the conclusion of a contract. In doing so, we generally mark the information whose provision is voluntary and is not based on one of the aforementioned obligations or is not required for the conclusion of a contract.

VI. Who receives my data?

Your personal data is generally processed within our company. Depending on the type of personal data, only certain departments / organisational units have access to your personal data. Through a role and authorisation concept, access within our company is limited to those functions and to that extent which is necessary for the respective purpose of the processing.

We may also transfer your personal data to third parties outside our company to the extent permitted by law. These external recipients may include in particular:

  • ­companies or offices of the Beisheim Groups in Germany and Switzerland to which we transfer personal data for internal administrative purposes; 
  • the service providers engaged by us who provide services for us on a separate contractual basis, which may also include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
  • ­non-public and public bodies, insofar as we are obliged to transfer your personal data due to legal obligations.

VII. Is automated decision making used?

In connection with the operation of our website, we generally do not use automated decision-making (including profiling) within the meaning of Art. 22 GDPR. If we use such procedures in individual cases, we will inform you of this separately to the extent provided by law.

VIII. Is data transferred to countries outside the EU/ EEA?

Your personal data is generally processed within the EU or the European Economic Area or Switzerland.

Only in connection with the cooperation between the companies of the Beisheim Groups in Germany and Switzerland and/or the provision of IT services in connection with the operation of the website (such as the use of applications for website analysis) may information be transferred to recipients in so-called "third countries". "Third countries" means countries outside the European Union or the European Economic Area in which a level of data protection comparable to that in the European Union cannot readily be assumed.

If the information transferred also includes personal data, we ensure prior to such transfer that the required adequate level of data protection is guaranteed in the respective third country or at the recipient in the third country. In the case of the companies of the Beisheim Group Switzerland located in Switzerland, the adequate level of data protection results from a so-called "adequacy decision" of the European Commission, which establishes an adequate level of data protection for Switzerland as a whole. Further information on this and other adequacy decisions can be found on the websites of the European Commission here. Alternatively, we may also base the data transfer on the so-called "EU Standard Contractual Clauses" agreed with a recipient (further information here) or – in the case of recipients in the USA – on compliance with the principles of the so-called "EU-US Privacy Shield" (more information on the participants here) and take the necessary supplementary measures. We will be happy to provide you with further information on the appropriate and adequate safeguards to ensure an adequate level of data protection upon request; the contact details can be found at the beginning of this privacy information. 

IX. How long will my data be stored?

We generally store your personal data as long as we have a legitimate interest in this storage and your interests in not continuing the storage do not outweigh this.

Even without a legitimate interest, we may continue to store the data if we are legally obliged to do so (e.g. to comply with retention obligations). We also delete your personal data without your intervention as soon as knowledge of it is no longer necessary to fulfil the purpose of the processing or the storage is otherwise legally inadmissible.

As a rule

  • the log data will be deleted within seven days, unless further storage is required for purposes provided for by law, such as the detection of misuse and the detection and elimination of technical faults;
  • the data collected in connection with a contact will be deleted after processing and expiry of any applicable statutory retention periods.

    Those personal data that we have to store in order to comply with retention obligations are stored until the end of the respective retention obligation. Insofar as we store personal data exclusively for the fulfilment of retention obligations, this data is generally blocked so that it can only be accessed if this is necessary with regard to the purpose of the retention obligation.

X. What rights do I have?

­Right of objection under Art. 21 GDPR

A data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this shall also apply to any profiling based on those provisions. In the event of such an objection, we shall no longer process the personal data concerning that person, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims.

­Other rights

As a data subject, you have the right

  • ­to information on the personal data stored about you, Art. 15 GDPR;
  • ­to rectification of inaccurate or incomplete data, Art. 16 GDPR;
  • ­­to erasure of personal data, Art. 17 GDPR;
  • ­to restriction of processing, Art. 18 GDPR;
  • ­­to data portability, Art. 20 GDPR.

To exercise these rights, you can contact us at any time - e.g. via one of the contact channels indicated at the beginning of this Data Privacy Statement.

If you have any questions about the processing of your data, you can also contact our data protection officer. 

You also have the right to lodge a complaint with a competent data protection supervisory authority, Art. 77 GDPR.

                                                             ***

Duesseldorf, 22. April 2021