Data protection information
Data protection is a high priority for the management of BE Maschinenmesser GmbH & Co.KG. We, BE Maschinenmesser GmbH & Co.KG, would like to take this opportunity to inform you about data protection in our company.
Within the scope of our responsibility under data protection law, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: " DSGVO ") in order to ensure the protection of personal data of the person affected by a processing operation (we also address you as a data subject hereinafter with "customer", "user", "you", or "data subject").
Insofar as we decide either alone or jointly with others on the purposes and means of data processing, this includes above all the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (cf. Articles 13 and 14 DSGVO). With this statement (hereinafter: "data protection information"), we inform you about the manner in which your personal data is processed by us.
1. Definitions
Our data protection information uses terms that are used by the European Directive and Regulation Maker in the General Data Protection Regulation (EDPR). Our data protection information should be easy to read and understand for all users of the website, our clients, customers, and business partners. To this end, we explain the terms used in advance:
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
c) Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
e) Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or person responsible for processing.
The controller or person responsible for processing is the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
h) Processor
Processor means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Controller.
i) Recipient
Recipient means a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.
j) Third Party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
k) Consent
Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
2. Name and address of the controller.
The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions with data protection character is:
BE Maschinenmesser GmbH & Co.KG: Am Winkel 3-4: 15528 Spreenhagen; Germany (DEU).
Tel.: 0333633/ 888 0, E-Mail: info@be-maschinenmesser.com; Website: www.be-maschinenmesser.com
3. Name and address of the data protection officer:
BE Maschinenmesser GmbH & Co.KG: Am Winkel 3-4 : 15528 Spreenhagen; Germany (DEU) Tel.: 0333633/ 888 0, E-mail: info@be-maschinenmesser.com; Website: www.be-maschinenmesser.com
Any data subject may at any time contact our data protection officer directly with any questions or suggestions regarding data protection.
4. Collection of general data and information
We, BE Maschinenmesser GmbH & Co.KG, process personal data that we receive from you in the scope of the use of our website and, if applicable, our business relationship.
In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software, notification of successful retrieval.
Furthermore, we receive your personal data if you contact us via contact form or e-mail. Personal data here are, for example, name, address, e-mail, telephone number and, if applicable, the data you send us as a message (hereinafter referred to as "contact data").
5. Purpose and legal basis of data processing
We process personal data in accordance with the provisions of the European Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG) for the following purposes and on the basis of the following legal grounds:
Purposes | Legal basis |
---|---|
Insofar as you have given us consent to process personal data for certain purposes, in particular for contacting you (e.g. via our contact form or by e-mail for processing and handling the inquiry), the lawfulness of this processing is based on your consent. A given consent can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is therefore not affected by the revocation. The revocation can be sent to the contact details above or to info@be-maschinenmesser.com. |
Consent, Art. 6 para. 1 sentence 1 lit. a) DSGVO |
When contacting us (via contact form or e-mail), your information will be processed to handle the contact request and its processing. | Implementation of pre-contractual measures at the request of the person, Art. 6 para. sentence 1 lit. b) DSGVO |
When you contact us (via contact form or e-mail) in connection with your application, we process your data in order to check your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process. Your applicant data will be screened by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers responsible for the respective open position. There, a decision will be made on the further procedure. In principle, only those persons in the company have access to your data who require this for the proper conduct of our application process. | Establishment of an employment relationship, § 26 BDSG and after completion of the application process in case of rejection to protect legitimate interests, Art. 6 para. 1 sentence 1 lit. f) EDPR (defense against claims), if applicable, if consent has been given, Art. 6 para. 1 sentence 1 lit. a) DSGVO |
We process your access data (see data listed above under point 4) to protect legitimate interests of us or of third parties. In particular, we pursue the following legitimate interests: • Ensuring IT security, in particular the security of the website; • Assertion of legal claims and defense in legal disputes; |
Within the framework of the balance of interests for the protection of legitimate interests, Art. 6 para. 1 sentence 1 lit. f) DSGVO |
6. Passing on of your data
Within BE Maschinenmesser GmbH & Co.KG, access to your data is granted to those offices that need it to fulfill our contractual and legal obligations.
Contractors used by us (Art. 28 DSGVO) may also receive data for the above-mentioned purposes. These are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, advice and consulting, and sales and marketing. If we pass on data to our service providers, they may only use the data to perform their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects, ensure an appropriate level of data protection and are carefully monitored by us.
Data is only passed on to third parties who are not order processors within the framework of the legal requirements. We only pass on users' data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 sentence 1 lit. b) DSGVO for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) DSGVO in the economic and effective operation of our business operations, or if you have consented to the transfer of data. In the case of purely informational use of the website, we generally do not pass on any data to third parties.
7. Data deletion and storage period
For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted (see point 4 above). Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via contact form or e-mail.
Applicant data is deleted after 6 months in the event of a rejection. In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted if you revoke your consent or after 2 years at the latest. If we fill the advertised position with you, your data will be stored in our personnel management system.
In addition, we are subject to various retention and documentation obligations, which result, among other things, from the German Commercial Code (GCC) and the German Fiscal Code (GFC). The retention and documentation periods specified there are two to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.
Insofar as you assert your rights as a data subject, we will store the information provided to you in this regard until the expiry of the statutory limitation period pursuant to Section 31 (2) No. 1 OWiG, Section 41 (1) BDSG, Article 83 (5) lit b DSGVO for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of the limitation period (e.g. in the context of inquiries by the supervisory authorities).
8. Conditions for the transfer of personal data to third countries
In the course of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the fulfilment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer in the following at the relevant points.
Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be obtained here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact our data protection officer (see under 3.) if you would like more information on this.
9. No obligation to provide personal data
BE Maschinenmesser GmbH & Co.KG does not make the conclusion of contracts with you dependent on you providing personal data beforehand. As a client/customer, you are under no legal or contractual obligation to provide BE Maschinenmesser GmbH & Co.KG your personal data; however, BE Maschinenmesser GmbH & Co.KG may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the services and products offered by BE Maschinenmesser GmbH & Co.KG presented below, you will be informed of this separately.
10. Legal obligation to transfer certain data
BE Maschinenmesser GmbH & Co.KG may under certain circumstances be subject to a specific legal or statutory obligation to make the legitimately processed personal data available to third parties, in particular public bodies (Art. 6 para. 1 p. 1 lit. c DS-GVO).
11. Data security
BE Maschinenmesser GmbH & Co.KG uses appropriate technical and organizational security measures in order to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Security measures are continuously improved in line with technological developments.
We will be happy to provide you with more detailed information on request. Please contact our data protection officer for this purpose
12. Rights of the data subject
Every data subject has
- The right for information according to Art. 15 DSGVO (i.e. you have the right to request information about your personal data stored by us at any time),
- the right to correction according to Art. 16 DSGVO (i.e. in the event that your personal data is incorrect or incomplete, you may request that this data will be corrected),
- the right to erasure under Art. 17 DSGVO and the right to restriction of processing under Art. 18 DSGVO (i.e. you may have the right to request erasure or restriction of processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal retention obligations do not require continued storage),
- the right to data portability under Article 20 DSGVO (i.e. you may have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transfer this data to another controller without obstruction).
Furthermore, you can revoke consents, in principle with effect for the future.
In addition, you have the right to file a complaint with a data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
In addition, we would like to point out your right of objection according to Art. 21 DSGVO:
Information about your right of objection according to Art. 21 DSGVO
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) sentence 1 (e) of the DSGVO (data processing in the public interest) and Article 6 (1) sentence 1 (f) of the DSGVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4 No. 4 of the DSGVO.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
In individual cases, we process your personal data to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made form-free and no transmission costs other than those according to the prime rates will be incurred.
If you wish to exercise your right to object, an informal communication, e.g. to the contact details above, is sufficient.
13. Legitimate interests in the processing pursued by the controller or a third party.
If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.
14. Existence of automated decision-making
As a responsible company, we do not use automated decision-making or so-called profiling.
15. Cookies
We use cookies on our Internet pages. Cookies are small text files, usually consisting of letters and numbers, that are placed on the user's computer when visiting certain web pages.
Some of these cookies are essential to the functioning of our website, while other cookies help us improve our website by providing us with insights into how you use the website.
By default, we only use necessary cookies. Necessary cookies enable the core functionality of our website. The website cannot be displayed properly without these cookies or individual areas may not function properly. Necessary cookies can only be prevented by appropriate settings in your browser.
16. Our social media presence
You can find us with presences within social networks and platforms so that we can also communicate with you there and inform you about our services there.
We would like to point out that your data may be processed outside the European Union and that the data is usually processed for market research and advertising purposes. User profiles can be created from the user behavior and resulting interests of the users. These user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the users' computers, in which the users' behavior and interests are stored. Other data may also be stored in these user profiles, especially if the users are members of the respective platforms and are logged in to them.
We only link to our company profiles on the respective social networks on our website. However, please note that when you click on a link to the social networks, data is transmitted to their servers. If you are logged in to the respective social network at this time with your user name and password, the information that you have visited our company profile on the respective social network from our website will be transmitted there and the respective provider can store this information in your user account.
In principle, we have no significant influence on the data processing of the social networks. However, we receive statistics from the providers about the use of and visits to our company profiles on the social networks (e.g., information about the number of views, interactions such as likes and comments, and aggregate demographic and other information or statistics). For more information on the data used by the providers, please refer to the providers' privacy notices linked below.
Insofar as we receive your personal data in the context of our social media presences (e.g. in the context of a communication), you are entitled to the rights mentioned in this data protection information above in this regard. You can address your inquiries with regard to data processing within the scope of our company profiles to us via the contact data mentioned above.
If, in addition, you wish to assert rights against the provider of the social network, the easiest way to do so is to contact the respective provider directly. The provider knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing. The contact details can be found in each case in the data protection information linked below. We will also be happy to support you in asserting your rights, where possible.
The processing of users' personal data is generally based on your consent pursuant to Art. 6 (1) sentence 1 lit. a) DSGVO. The legal basis is also Art. 6 (1) lit. b DSGVO if we receive and process your data as part of a contract-related inquiry via our social media presence. The legal basis for the linking and operation of our company profiles in the social networks, including the receipt of statistics on the use of our company profiles, is Art. 6 (1) lit. f DSGVO based on our legitimate interest in our corporate communication in the respective social networks.
For information about the respective processing and the respective objection options, please refer to the privacy information of the providers linked below:
- Facebook (Meta Platforms Limited Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), We operate our Facebook page on the basis of an agreement on joint processing of personal data with Facebook - Privacy information: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.
- Instagram (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), online photo and video sharing service, privacy information https://help.instagram.com/519522125107875/?helpref=hc_fnav
- Google YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland), video portal - privacy information: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated
17. social media buttons used by us
To share content from our website on social networks, we have integrated social media buttons into our website.
Since the buttons offered by the social networks already transmit personal data such as the IP address or set cookies when loading the website on which they are integrated, they pass on information about your surfing behavior. To do this, you do not have to be logged in or a member of the respective network. Under data protection law, this is only permissible with the consent of the respective user. We have therefore integrated social media buttons in such a way that they are only activated when they are explicitly activated by clicking on them. As soon as you click on the social buttons yourself, you consent to your data being transferred to the respective services, Art. 6 para. 1 lit. a DSGVO.
a) Facebook
We use a plugin from Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on our website. You can recognize this by the Facebook logo or the "Like button" ("Like"). An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
For users from the Europe region, the social plugins "Like" and "Comment" are only supported if users are logged in to their Facebook account on the one hand and have given their consent to cookies for apps and websites on the other. Data is therefore processed exclusively on the basis of your consent.
The collected data is also transferred by Facebook to the USA and other third countries. Please note that the protection of personal data in the USA and third countries does not correspond to the level of data protection required by the EU. In particular, there is a lack of enforceable rights that safeguard the protection of your data against access by government authorities. Thus, there is a risk that these government agencies may be able to access the personal data without the data transmitter or the recipient being able to effectively prevent this. If you do not want Facebook to be able to associate your visit to this website with your Facebook user account, please log out of your Facebook user account.
The privacy information of Facebook can be found at https://www.facebook.com/about/privacy/
Setting for the processing of personal data and opt-outs can be made at the following link: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
b) Instagram
Our website may also use so-called social plugins ("plugins") from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The legal basis for the use of Instagram is your consent pursuant to Art. 6 para. 1 p. 1 lit. a) and Art. 49 para. 1 p. 1 lit. a DSGVO.
The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera".
When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Instagram. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged into Instagram.
This information, and in particular your IP address, is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plugins, for example by clicking the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there.
The collected data will also be transferred to the USA. Please note that the protection of personal data in the USA does not correspond to the level of data protection required by the EU. In particular, there is a lack of enforceable rights that safeguard the protection of your data against access by government agencies. Thus, there is a risk that these government agencies may access the personal data without the data transmitter or the recipient being able to effectively prevent this.
The processing of the data is the joint responsibility of Instagram and us pursuant to Art. 26 DSGVO. The primary responsibility for the processing of personal data in the context of the plugins lies with Instagram and all obligations under the GDPR are fulfilled with regard to the processing of personal data by Instagram (in particular, the information obligations pursuant to Art. 12 et seq. DSGVO, ensuring the rights of data subjects pursuant to Art. 15 et seq. DSGVO, notification of data breaches pursuant to Art. 33, 34 DSGVO).
The information will also be published on your Instagram account and shown to your contacts there.
If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting the website.