Data Privacy Statement

Website www.beisheim.com/de/de

We are pleased to welcome you to our website. We give a high priority to data privacy and data security for our users. We comply with the data privacy regulations, in particular the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).

In this Data Privacy Statement we explain to you what information (including personal data) is processed by us during your visit and your use of our aforementioned Internet service ("Website").

I. Who is the data controller?

The data controller under data protection law for the processing of personal data and the service provider within the meaning of the TMG is Beisheim Group GmbH & Co KG, Benrather Straße 18-20, 40213 Düsseldorf, Germany, tel. +49 211 687 75 60, kontakt@beisheim.com. Where this Data Privacy Statement refers to "we" or "us", this refers in each case to the aforementioned company.

II. What principles do we follow?

In compliance with data protection regulations, we only process your personal data if we are permitted to do so by law or if you have given your consent.

On this website we may also collect information that does not in itself allow us to directly identify you. In certain cases, in particular when combined with other data, this information may nevertheless be considered as "personal data" within the meaning of data protection law. We may also collect information on this website that does not allow us to directly or indirectly identify you, such as aggregate information about all users of this website.

III. What data do we process?

You can access our website without directly providing any personal data (such as your name, postal address or email address). In this case too, we have to collect and store certain information to enable you to access our website. In addition, we use an analysis process on our websites and have integrated links to other websites whose operators may process further (personal) data. To access certain functionalities on our website, it is necessary to give personal data.

  1. Log files: When you visit this website, our web server automatically saves the domain name or the IP address of the requesting computer (usually your Internet access provider) including the date, time and duration of your visit, the subsites/URLs you visit and information about the applications and devices you use to view our sites.
  2. Website analysis using Google Analytics: We use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to continuously improve our website. Google Analytics uses cookies, which are small files stored in the web browser you use enabling the analysis of the use of the website. The information generated by the cookie about your use of this website is generally sent to a Google server in Europe (or in a member state of the European Economic Area Agreement) to make the IP address anonymous, so that it cannot be traced back to any individual. Only after the IP address has been anonymised will the abbreviated IP address be transmitted to a Google server in the USA and stored there. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there. Google Analytics is used on our website with an extension for the anonymous collection of IP addresses (so-called IP masking). On our behalf, Google will use the information collected to evaluate your use of the website, compile reports on website activity and provide other services to us in connection with website activity. The IP address transferred by your browser as part of Google Analytics is not linked with other data from Google. You can prevent the storage of cookies by using the appropriate settings in your browser software. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google collecting the data generated by the cookie and related to your use of the website (including your IP address) and processing this data by downloading and installing the browser plugin available here. An opt-out cookie will be placed to prevent your data from being collected in future when you visit this website. You will find more information about data privacy at Google Analytics here and here.
  3. Contact us: If you contact us using the methods indicated on our website, we will collect the personal data you have provided in connection with your contact, such as your name, email address, postal address, telephone and/or fax number.

IV. For what purposes and on what legal basis do we process your data?

  1. Any personal data contained in the log files is processed in order to enable you to use our website; this is done on the basis of Section 15(1) TMG or Article 6(1()f) GDPR.
  2. The processing of the data collected within the scope of the web analysis – where it concerns personal data – takes place for the purposes of the needs-based design of our website on the basis of Section 15(3) TMG or on the basis of Article 6(1) GDPR in order to safeguard our legitimate interest in the operation and analysis of the use of our website.
  3. The processing of the personal data transmitted to us as part of the enquiry addressed to us using the contact channels shown on the website is carried out to process the respective enquiry in order to safeguard our legitimate interest in the performance of our other business activities on the basis of Article 6(1f) GDPR.
  4. We may also process the data transmitted in connection with your use of our website in order to fulfil the legal obligations to which we are subject; this takes place on the basis of Article 6(1)(c) GDPR.
  5. If necessary, we process your data beyond the aforementioned purposes also to safeguard our further legitimate interests or the interests of third parties; this takes place on the basis of Article 6(1)(f) GDPR. Our legitimate interests include:

    a. he assertion of legal claims and defence in legal disputes;

    b. the prevention and investigation of criminal offences;

    c. the management and further development of our business activities, including risk management.

V. Am I obliged to provide data?

In order to answer an enquiry addressed to us using the contact channels shown on our website, we require information in order to be able to contact you (e.g. email address, address, telephone and/or fax number); without the provision of at least one contact detail, we cannot answer your enquiry.

If we collect further personal data from you in connection with the further development of our website (in particular in the case of supplementary functionalities), we will inform you at the time of collection whether the provision of this information is required by law or contract or is necessary for entering into a contract. As a rule, we flag information that is provided voluntarily and is not based on any of the aforementioned obligations or is not necessary for entering into a contract.

VI. Who receives my data?

Your personal data will be processed within our company. Depending on the type of personal data, only certain departments/organisational units may have access to your personal data. A role and authorisation concept limits access within our company to those functions and the scope that are required for the respective purpose of processing.

We may also transfer your personal data to third parties outside our company to the extent permitted by law. These external recipients may include in particular:

­1. companies or entities of the Beisheim Group Germany to which we transfer personal data for internal administrative purposes;

  1. the service providers engaged by us, who provide services for us on a separate contractual basis, which may also include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent; ­3. non-public and public agencies, to the extent that we are required to do so under legal obligations to transfer your personal data.

VII. Is automated decision making used?

In connection with the operation of our website, we generally do not use automated decision-making (including profiling) within the meaning of Art. 22 GDPR. If we use such procedures in individual cases, we will inform you of this separately to the extent provided by law.

VIII. Is data transferred to countries outside the EU or the European Economic Area?

The processing of your personal data takes place strictly within the EU or the European Economic Area.

Only in connection with the cooperation between the companies of the Beisheim Groups in Germany and Switzerland and/or the provision of IT services in connection with the operation of the website (such as the use of applications for website analysis) may information be transferred to recipients in so-called "third countries". "Third countries" means countries outside the European Union or the European Economic Area in which a level of data protection comparable to that in the European Union cannot readily be assumed.

If the information transferred also includes personal data, we will ensure that the appropriate level of data protection is safeguarded in the third country in question or by the recipient in the third country before such a transfer takes place. In the case of the Beisheim Group Switzerland companies based in Switzerland, the appropriate level of data protection results from a so-called "Adequacy Decision" of the European Commission establishing an adequate level of data protection for Switzerland as a whole. Further information on this and other adequacy decisions can be found on the European Commission's website here. Alternatively, we can also base the transfer of the data on the so-called "EU standard contractual clauses" agreed with a recipient (more information here) or – in the case of recipients in the USA – on compliance with the principles of the so-called "EU-US Privacy Shield" (more information on the participants here). We will be happy to provide you with additional information on the appropriate and reasonable safeguards for compliance with an appropriate level of data protection upon request; the contact details can be found at the beginning of this Data Privacy Statement.

IX. How long will my data be stored?

We store your personal data as long as we have a legitimate interest in this storage and your interests in the discontinuation of the storage do not override them.

Even without a legitimate interest, we can continue to store the data if we are legally obliged to do so (for example, to fulfil retention obligations). We will erase your personal data even without any action on your part as soon as the information is no longer necessary for the fulfilment of the purpose of the processing or the storage is otherwise legally inadmissible.

As a rule

  • the log data is erased within seven days unless further storage is required for legally required purposes such as the detection of misuse and the recognition and elimination of technical faults;
  • the data collected in connection with making contact is erased after it has been processed and the applicable statutory retention periods have expired. The personal data that we have to store in order to fulfil our retention obligations will be stored until the end of the respective retention obligation period. If we store personal data exclusively for the fulfilment of retention obligations, it are generally blocked so that access can only be granted if this is necessary with regard to the purpose of the retention obligation.

X. What rights do I have?

­Right of objection under Art. 21 GDPR

A data subject shall have the right to object at any time, for reasons relating to his/her particular situation, to the processing of personal data concerning him/her based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. In the event of such an objection, we shall no longer process the personal data relating to this person unless we can prove compelling legitimate grounds for processing which override the interests, rights and freedoms of the person concerned, or the processing is for the establishment, exercise or defence of legal claims.

­Further rights

As a data subject, you have the right

­* ­to information on the personal data stored about you, Art. 15 GDPR;

  • ­­to rectify inaccurate or incomplete data, Art. 16 GDPR;
  • ­to erasure of personal data, Art. 17 GDPR;
  • ­­to restriction of processing, Art. 18 GDPR;
  • ­­to data portability, Art. 20 GDPR.

To exercise these rights, you can contact us at any time - e.g. using one of the contact channels indicated at the beginning of this Data Privacy Statement.

If you have any questions regarding the processing of your data, you can also contact our data protection officer.

You are also entitled to lodge a complaint with a competent data protection supervisory authority, Art. 77 GDPR.