Contact
LinkedIn
Youtube
Data protection

Privacy Notice

Modern information and communication technologies play an increasingly important role in the activities of the BÜFA Group. Protecting your privacy and the personal data you provide to us is therefore of great importance to us. Compliance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) is a matter of course for us. Below, we inform you about what data we may collect and how we handle it.
 

Controller

BÜFA Composite Systems GmbH & Co. KG
Stubbenweg 40
26125 Oldenburg, Germany
Phone: +49 441 9317-0
Email: info@buefa.de
 

Data Protection Officer Contact Details

Dr. Uwe Schläger
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen, Germany

Website: www.datenschutz-nord-gruppe.de
Email: office@datenschutz-nord.de
Phone: +49 421 69 66 32 0
 

Collection and Processing of Personal Data

You can visit our websites without us requiring any personal data from you. We only learn the name of your internet service provider, the website from which you visit us, and the pages you access on our site. Personal data will only be collected if you use certain services or provide it to us voluntarily.
 

Purposes of Data Processing

We process personal data exclusively to provide the services you have requested or to protect our legitimate business interests. Voluntarily provided information will be treated confidentially.
 

Disclosure to Third Parties

Personal data will only be disclosed to third parties insofar as this is necessary to provide the requested service or if there is a legal obligation to do so.
 

Use of IP Addresses

This website uses Google Analytics with the “_anonymizeIp()” extension. This means that IP addresses are processed in truncated form to prevent any direct personal reference.
 

Cookies

We use cookies to provide our services in a more personalized way during your visit. No personal data is collected through cookies. You can control the use of cookies via your browser settings.
 

BÜFA Session Storage

In order to more precisely define and evaluate our lead and revenue sources in the future, we use a proprietary BÜFA session storage on our website to store marketing information about website users. This allows us to evaluate which BÜFA measures and campaigns lead to success and calculate the cost-effectiveness of marketing measures. For this purpose, the source of the contact request (e.g., source, medium, and campaign) is stored in a session storage and transmitted to our CRM (Customer Relationship Management) when a user completes and submits a contact form on one of our websites.

The information stored in the session storage includes:

  • Sources, e.g., Google, LinkedIn, Facebook, Instagram, trade fairs, print materials, newsletters, etc.
  • Medium, e.g., email, organic and paid search, organic and paid social, QR code
  • Campaign information, such as the name and ID of the campaign

The information is stored in the session storage for the duration of the session and deleted after the session ends.

The legal basis for processing personal data is your consent pursuant to Art. 6 (1) lit. a GDPR, provided you have given your consent via our banner. If you have not given consent, no data will be stored via the cookie.
 

Consent Banner

On our websites, we use a consent management platform (consent or cookie banner). Processing in connection with the use of the consent management platform as well as the logging of your settings is carried out on the basis of Art. 6 (1) sentence 1 lit. f GDPR, in our legitimate interest to display our content according to your preferences and to be able to prove your given consent(s).

Your chosen settings, the consent(s) given, and parts of your usage data are stored in a cookie. This ensures that they remain available for subsequent page requests and that your consent can continue to be verified. You can change the cookie settings at any time via the blue fingerprint button at the bottom left of the website.

The provider of the consent management platform acts as a strictly instructed service provider (processor) for us. A processing agreement pursuant to Art. 28 GDPR has been concluded.

Provider of the consent management platform: Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. Processed data: Consent status, timestamp, settings (e.g., in LocalStorage/Cookie). Possible domains/endpoints: app.usercentrics.eu, api.usercentrics.eu, consent-api.service.consent.usercentrics.eu, uct.service.usercentrics.eu. Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest) as well as proof and management of granted consents.
 

Google Services
 

Google Consent Mode (Basic)

We use Google Consent Mode V2 (Basic Mode). This means that regardless of your banner settings, your IP address is transmitted to Google. However, Google deletes it immediately after collection and does not log it. Processing takes place in our legitimate interest to better control and use certain functions of the consent-required Google services used on the website (Art. 6 (1) lit. f GDPR).
 

Google Tag Manager

For our website, we use the Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Tag Manager is a tool for managing tracking or analytics tools and other technologies. It does not itself create user profiles, store cookies, or perform independent analyses; instead, it triggers other tags that may collect data.

The processing of personal data in connection with the use of the Google Tag Manager can be legitimized based on our legitimate interests in the efficient management of the tracking tools used (Art. 6 (1) lit. f GDPR). We have concluded a data processing agreement with Google in accordance with Art. 28 GDPR. For transfers to the USA, an adequate level of data protection is ensured due to the provider's certification under the EU-U.S. Data Privacy Framework. Further information: https://www.google.com/intl/en/tagmanager/use-policy.html
 

Google Analytics & Google Search Console

We use the web analytics tool “Google Analytics” including “Google Search Console” from Google Ireland Limited. Google Analytics creates pseudonymous usage profiles and stores permanent cookies on your device. This enables the recognition of returning visitors. Data processing is based on your consent (Art. 6 (1) lit. a GDPR), provided you have given it via our banner. For transfers to the USA, the transmission is based on Art. 49 (1) lit. a GDPR.

Further information:
https://marketingplatform.google.com/about/analytics/terms/en/
https://policies.google.com/privacy?hl=en
 

Google Photos

Google Photos is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the provision and integration of image and media content. When accessing a page where Google Photos content is embedded, your IP address and possibly other technical information (e.g., browser type, language settings, screen resolution) are transmitted to Google.

Legal basis: Your consent (Art. 6 (1) lit. a GDPR, § 25 (1) TDDDG). For transfers to the USA, the EU-U.S. Data Privacy Framework applies.

Further information: https://policies.google.com/privacy?hl=en
 

Google Signals

We use the technical extension Google Signals to perform cross-device tracking, provided you have activated “personalized advertising” in your Google account. Legal basis: Your consent (Art. 6 (1) lit. a GDPR). Further information: https://support.google.com/ads/answer/2662922?hl=en
 

Google Ads Remarketing

We use Google Ads Remarketing to display interest-based advertising to visitors of our website within the Google advertising network. Cookies are set and data such as visited pages, clicked content, and technical information are stored. Legal basis: Consent (Art. 6 (1) lit. a GDPR, § 25 (1) TDDDG). For transfers to the USA, the EU-U.S. Data Privacy Framework applies. Further information: https://policies.google.com/technologies/ads?hl=en
 

Google Fonts

To display external fonts, we use Google Fonts, provided by Google Ireland Limited. When pages are accessed, technical information such as IP address, language settings, and browser data is transmitted. Legal basis: Consent (Art. 6 (1) lit. a GDPR). For transfers to the USA, the EU-U.S. Data Privacy Framework applies. Further information: https://policies.google.com/privacy?hl=en
 

Google Translate

Our website uses “Google Translate” for machine translation of content. In doing so, technical data such as IP address and browser settings are transmitted to Google. Legal basis: Consent (Art. 6 (1) lit. a GDPR). For transfers to the USA, the EU-U.S. Data Privacy Framework applies. Further information: https://policies.google.com/privacy?hl=en
 

gstatic.com

This domain is used as a content delivery network (CDN) by Google to provide static content such as JavaScript libraries or fonts. Technical information such as IP address and browser data is transmitted. Legal basis: Consent (Art. 6 (1) lit. a GDPR). For transfers to the USA, the EU-U.S. Data Privacy Framework applies. Further information: https://policies.google.com/privacy?hl=en
 

Google Syndication

We use googlesyndication.com for delivering ads and tracking pixels from the Google advertising network. IP address, browser information, and cookie IDs are transmitted to Google. Legal basis: Consent (Art. 6 (1) lit. a GDPR). For transfers to the USA, the EU-U.S. Data Privacy Framework applies. Further information: https://policies.google.com/privacy?hl=en
 

Embedded Videos (YouTube)

We embed videos from the YouTube service in three variants: Standard (youtube.com), No-Cookie (youtube-nocookie.com), and YT 2 (technical variation). Data such as IP address and usage information is only transmitted to Google when playback starts. The No-Cookie variant does not set advertising cookies before the start. Legal basis: Consent (Art. 6 (1) lit. a GDPR). For transfers to the USA, the EU-U.S. Data Privacy Framework applies. Further information: https://policies.google.com/privacy?hl=en
 

YouTube Images

Our website uses content from ytimg.com, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This service is used to provide thumbnails and other static content for YouTube videos. When loading this content, your IP address and technical information (e.g., browser data) are transmitted to Google.

Legal basis: Your consent (Art. 6 (1) lit. a GDPR, § 25 (1) TDDDG). For transfers to the USA, the EU-U.S. Data Privacy Framework applies.

Further information: https://policies.google.com/privacy?hl=en
 

Microsoft Services
 

Microsoft Advertising (formerly Bing Ads)

We use Microsoft Advertising, provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, to display targeted advertising to you based on your website visit and to measure the success of our advertising campaigns. Cookies are set, storing information such as dwell time, pages visited, and origin of the request. Legal basis: Consent (Art. 6 (1) lit. a GDPR, § 25 (1) TDDDG). For transfers to the USA, the EU-U.S. Data Privacy Framework applies. Further information: https://www.microsoft.com/en-us/privacy
 

Microsoft Forms CDN Script

Our website uses Microsoft Forms, provided via a Content Delivery Network (CDN) of Microsoft Corporation. When loading the forms, technical data such as IP address is transmitted to Microsoft. Legal basis: Consent (Art. 6 (1) lit. a GDPR). For transfers to the USA, the EU-U.S. Data Privacy Framework applies. Further information: https://www.microsoft.com/en-us/privacy
 

assets-eur.mkt.dynamics.com

This domain belongs to Microsoft Dynamics 365 Marketing and is used to provide marketing content and tracking scripts. IP address, browser information, and user interactions are processed. Legal basis: Consent (Art. 6 (1) lit. a GDPR). For transfers to the USA, the EU-U.S. Data Privacy Framework applies.
 

public-eur.mkt.dynamics.com

Like assets-eur.mkt.dynamics.com, this domain is also used for delivering marketing content by Microsoft Dynamics 365 Marketing. Legal basis: Consent (Art. 6 (1) lit. a GDPR). For transfers to the USA, the EU-U.S. Data Privacy Framework applies.
 

Dynamic Tracking

We use “Dynamic Tracking” to analyze user behavior and optimize marketing activities. IP address, cookie IDs, and usage information are collected. Legal basis: Consent (Art. 6 (1) lit. a GDPR). For transfers to the USA, the EU-U.S. Data Privacy Framework applies.
 

azureedge.net (Microsoft Azure CDN)

Our website uses the “Azure CDN” content delivery network via the domain azureedge.net, operated by Microsoft Corporation. It is used to provide content and may, in individual cases, be used for marketing or tracking purposes. IP address and technical connection data are transmitted. Legal basis: Consent (Art. 6 (1) lit. a GDPR). For transfers to the USA, the EU-U.S. Data Privacy Framework applies. Further information: https://www.microsoft.com/en-us/privacy
 

Other Services
 

Ad Block Net (Ad Block Detection)

Our website uses an “Ad Block Test” to check whether ad blockers are activated in your browser. This helps optimize our ad delivery. IP address, browser information, and cookie data may be processed. Legal basis: Consent (Art. 6 (1) lit. a GDPR).
 

Proxi PW

Our website uses “Proxi PW”, a proxy service for delivering content or scripts, which can also be used for tracking or marketing purposes. When loading such content, IP address and browser information are transmitted to the service provider. Legal basis: Consent (Art. 6 (1) lit. a GDPR). If a transfer to a third country occurs, it is based on Art. 49 (1) lit. a GDPR.
 

Apps Rocket (AppsFlyer Rocket)

We use “AppsFlyer Rocket” from AppsFlyer Ltd., 14 Maskit St., Herzliya 4673314, Israel, to measure the effectiveness of marketing campaigns and analyze user interactions. Collected data includes IP address, device information, approximate location data, and interactions. Legal basis: Consent (Art. 6 (1) lit. a GDPR). For transfers to Israel, an adequate level of data protection applies according to the EU Commission’s adequacy decision. Further information: https://www.appsflyer.com/legal/privacy-policy/
 

Hotjar

We use Hotjar to analyze user behavior and optimize our offering. Data collected includes anonymized IP address, screen size, device type, browser information, location (country only), and preferred language. Hotjar stores this information in a pseudonymized user profile. Legal basis: Consent (Art. 6 (1) lit. a GDPR). Transfer to third countries (including the USA) is based on Art. 49 (1) lit. a GDPR. Further information: https://contentsquare.com/privacy-center/services-privacy-policy/
 

Facebook Social Plugins

On certain pages, we use social plugins from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (e.g., “Like” and “Share” buttons). When loading the page, a connection to Meta servers (including connect.facebook.net, facebook.com) may be established. This may transmit your IP address, browser information, and the page visited.

Legal basis: Consent (Art. 6 (1) lit. a GDPR, § 25 (1) TDDDG). For transfers to the USA, the EU-U.S. Data Privacy Framework applies.

Joint controllership pursuant to Art. 26 GDPR is limited to this processing: essential contents of the agreement: https://www.facebook.com/legal/controller_addendum. Further information on data protection at Meta: https://www.facebook.com/privacy/policy.
 

Lottiefiles

Our website uses animations from the Lottiefiles service, operated by Design Barn Inc., 2261 Market Street #4244, San Francisco, CA 94114, USA. When loading these animations, technical data such as IP address, browser information, and usage data are transmitted to Lottiefiles. These data may be processed on servers in third countries (e.g., USA).

Legal basis: Your consent (Art. 6 (1) lit. a GDPR, § 25 (1) TDDDG). For transfers to the USA, the EU-U.S. Data Privacy Framework applies or, if not applicable, Art. 49 (1) lit. a GDPR.

Further information: https://lottiefiles.com/page/privacy-policy
 

Embedded Content
 

Embedded Videos

On our websites, we embed videos from third-party providers (e.g., YouTube) that are not stored on our servers. To ensure that data is not automatically transmitted to the third-party provider when loading our websites, we initially display only a preview image. Only after you click on the preview image will content from the third-party provider be loaded, and in doing so, data such as your IP address, browser information, and the page visited will be transmitted to that provider.

Legal basis: Consent (Art. 6 (1) lit. a GDPR, § 25 (1) TDDDG). Please note that, depending on the provider, data processing may also take place in third countries without an adequate level of data protection (e.g., USA). In such cases, the transfer will be based on Art. 49 (1) lit. a GDPR.

Provider: YouTube / Google LLC (USA) – Privacy Policy: https://policies.google.com/privacy
 

Map Services

Our websites may contain interactive maps from third-party providers (e.g., Google Maps) that are not stored on our servers. To protect your privacy, these maps are initially displayed as a preview image. Only after you click on the preview image will the map data be loaded from the third-party provider, and in doing so, information such as your IP address, browser information, and the page visited will be transmitted to that provider.

Legal basis: Consent (Art. 6 (1) lit. a GDPR, § 25 (1) TDDDG). Please note that, depending on the provider, data processing may also take place in third countries without an adequate level of data protection (e.g., USA). In such cases, the transfer will be based on Art. 49 (1) lit. a GDPR.

Provider: Google LLC (USA) – Privacy Policy: https://policies.google.com/privacy
 

Security

We have implemented technical and organizational measures to protect the personal data you provide against loss, destruction, manipulation, and unauthorized access. This includes encrypted data transmission using the sha256RSA (2048-bit) signature algorithm. All our employees and third parties involved in data processing are obligated to comply with the BDSG and to handle personal data confidentially.

We reserve the right to amend this statement at any time. It does not constitute any contractual or other formal right toward or on behalf of any party.
 

Right to Lodge a Complaint with a Supervisory Authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right to lodge a complaint may be exercised in particular with a supervisory authority in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.
 

Contact

You have the option to contact us via our contact form. To use our contact form, we require the data marked as mandatory fields. We use this data based on Art. 6 (1) sentence 1 lit. f GDPR to respond to your inquiry.

You may also choose to provide us with additional information. This information is provided voluntarily and is not required for contacting us. We process your voluntary information based on your consent (Art. 6 (1) sentence 1 lit. a GDPR).

Your data will be processed solely for the purpose of responding to your inquiry. We will delete your data if it is no longer required and no statutory retention obligations apply. If your data transmitted via the contact form is processed based on Art. 6 (1) sentence 1 lit. f GDPR, you may object to the processing at any time. You may also withdraw your consent to the processing of voluntary information at any time. Please contact the email address stated in the legal notice for this purpose.