Data protection

Our privacy policy

Privacy policy

Modern information and communication technologies are playing an ever greater part in the activities of the BÜFA Group. We therefore take the protection of your privacy and the personal data that you provide to us very seriously. Compliance with the provisions of the German Federal Data Protection Act is a matter of course for us. Below we tell you what data we may collect from you and how we handle it.

Controller

BÜFA GmbH & Co. KG
Stubbenweg 40
26125 Oldenburg, Germany

Tel.: +49 441 9317 0
Email: info@buefa.de

What personal data do we collect and process?
You can visit our website without having to provide any personal data at all. We only obtain information about the name of your internet service provider, the website from which you have come to us and the pages of our website that you visit. Only if you use certain services do we collect and process personal data (IP address and terminal device data). Your attention is drawn specifically to this on the menu.

The administration of the technical components of the site (cookie management, embedding of videos and map services, management of technical third-party content, management of Google marketing tools) is handled by BÜFA GmbH & Co. KG, Stubbenweg 40, 26125 Oldenburg. For this purpose, the personal data required for this purpose is transmitted to BÜFA GmbH & Co. KG and processed there.
We have contractually regulated the order processing with BÜFA GmbH & Co. KG by contract. Data processing by BÜFA GmbH & Co. KG is therefore carried out exclusively in accordance with instructions and on our behalf pursuant to Art. 28 DSGVO.

For what purposes do we collect and process personal data?
As we are continuously attempting to improve both the service we offer and your experience of our website, the general data above is analysed statistically. In this context, however, we are interested in your personal opinion and background. At certain points, you are therefore asked for additional information. This is information that you provide voluntarily and that we naturally treat in confidence.

If you use our services, we generally only ask for the data that we need to provide that service. If we ask for any other data, it is provided voluntarily. Processing of personal data is carried out exclusively to provide the requested service and to pursue our own legitimate business interests.

Is personal data passed on to third parties?
We will pass your personal data on to third parties only insofar as is essential to provide the requested service. Beyond that, we will not disclose, pass on, sell or otherwise market your personal data to any other companies or institutions unless we have your express consent to do so. This does not apply, however, if we are obliged to disclose or pass on the data by law or court order.

Cookies
We use cookies in some sections of our website. These are identifiers that allow us to make our services available to you on a more individual basis while you are visiting us. We do not use cookies to collect personal data. If you wish to be notified of the use of cookies by your browser or to prevent their use, you should activate the corresponding browser settings.

Usercentrics / Consent banner

On our websites, we use a consent management platform (consent or cookie banner). The processing in connection with the use of the consent management platform and the logging of the settings you have made is based on Art. 6 (1) p. 1 lit. (f) GDPR, in our legitimate interest to play out our content according to your preferences and to be able to prove the consent(s) you have given. The settings you have made, the consent you have given and parts of your usage data are stored in a cookie. This is retained for subsequent page requests and your consents can still be traced. You can find more information on this under the bullet point "required cookies".

The provider of the consent management platform acts for us as a strictly instruction-bound service provider (order processor). An order processing contract pursuant to Art. 28 GDPR has been agreed.

Contact
You have the option to make contact with us in various ways. These include the contact form, email, phone and post. When you make contact with us, we use the personal data that you provide to us voluntarily in this context solely for the purpose of replying to you and processing your query.

The legal basis for this data processing is Art. 6(1) point (a), Art. 6(1) point (b) and Art. 6(1) point (f) GDPR.

Google Analytics
In the interest of an appropriate design for our website, we use the web analysis tool “Google Analytics” and its component “Google Search Console”. Google Analytics creates user profiles on the basis of pseudonyms. Permanent cookies are stored on your end device and read by us for this purpose. In this way, we are able to recognise returning visitors and count them as such.

Google Ireland Limited and Google LLC. (USA) support us in our use of Google Analytics as commissioned data processors in accordance with Art. 28 GDPR. Data processing may therefore also take place outside the EU and EEA. With regard to Google LLC, no appropriate data protection level can be assumed because the processing takes place in the USA. There is a risk that the authorities will access the data for security and surveillance purposes without notifying you or giving you an opportunity to lodge an appeal. Please remember this when deciding to give your consent to the use of Google Analytics.

Data processing is carried out on the basis of your consent in accordance with Art. 6(1) sentence 1, point (a) GDPR and Section 15 of the German Telemedia Act (TMG), provided that you have given your consent via our banner. Transmission to a third country is carried out on the basis of Art. 49(1) point (a) GDPR.

We use Google Consent Mode V2 (basic mode). This means that your IP address is transmitted to Google irrespective of your settings in the banner. However, this is deleted by Google immediately after collection and is not logged. The processing is based on our legitimate interest in being able to better control and use certain functions of the Google services used on the website that require consent. The legal basis for processing is Art. 6 (1) (f) GDPR.

Hotjar
We use Hotjar to better understand the needs of our users and optimize the experience on this website. Using Hotjar's technology, we get a better understanding of our users' experiences (e.g., how much time users spend on which pages, which links they click, what they like and don't like, etc.) and this helps us tailor our offerings to our users' feedback. Hotjar works with cookies and other technologies to collect information about our users' behavior and about their devices (in particular, IP address of the device (collected and stored only in anonymized form), screen size, device type (unique device identifiers), information about the browser used, location (country only), language preferred to view our website). Hotjar stores this information in a pseudonymized user profile. The information is not used by Hotjar or us to identify individual users or merged with other data about individual users. For more information, please see Hotjar's privacy policy here: https://www.hotjar.com/legal/policies/privacy.

You can object to the storage of a user profile and information about your visit to our website by Hotjar, as well as to the setting of Hotjar tracking cookies on other websites, by clicking on this opt-out link.

Embedded videos
We embed videos on our web pages that are not stored on our servers. In order to ensure that visiting our website does not automatically lead to content of third-party providers being downloaded subsequently, we only display locally stored preview images of the video at the first stage. The third-party provider does not receive any information in this way.

Only when you click on the preview image is content from the third-party provider loaded. As a result, the third-party provider is notified that you have accessed our page and is given the technically necessary user data in this context. We do not have any control over the subsequent data processing by the third-party provider. By clicking on the preview image, you are giving your consent to download the third-party content.

Embedding of the video is carried out on the basis of your consent in accordance with Art. 6(1) sentence 1 point (a) GDPR and Section 15 TMG, provided that you have given your consent by clicking on the preview image. Please note that in many cases, embedding the video means that your data will be processed outside the EU and EEA. In some countries, there is a risk that the authorities will access the data for security and surveillance purposes without notifying you or giving you an opportunity to lodge an appeal. Insofar as we use providers in unsafe countries and you give your consent, transmission to an unsafe third country is carried out on the basis of Art. 49(1) point (a) GDPR.

Providers: YouTube / Google (USA)

Maximum storage period: Google does not specify a period in this connection.

Adequate level of data protection: No adequate level of data protection. Transmission is carried out on the basis of Art. 49(1) point (a) GDPR.

Withdrawal of consent: Once you have clicked on a preview image, the content of the third-party provider is downloaded immediately. If you do not wish to download such content on other pages, please do not click on the preview images.

Card services
We embed card services on our web pages that are not stored on our servers. In order to ensure that visiting our website does not automatically lead to content of third-party providers being downloaded, we only display locally stored preview images of the cards at the first stage. The third-party provider does not receive any information in this way.

Embedding is carried out on the basis of your consent in accordance with Art. 6(1) sentence 1 point (a) GDPR and Section 15 TMG, provided that you have given your consent by clicking on the preview image.

Please note that in some cases, embedding the card services means that your data will be processed outside the EU and EEA. In some countries, there is a risk that the authorities will access the data for security and surveillance purposes without notifying you or giving you an opportunity to lodge an appeal. Insofar as we use providers in unsafe countries and you give your consent, transmission to an unsafe third country is carried out on the basis of Art. 49(1) point (a) GDPR.

Providers: Google LLC (USA)

Maximum storage period: Google does not specify a period in this connection.

Adequate level of data protection: No adequate level of data protection. Transmission is carried out on the basis of Art. 49(1) point (a) GDPR.

Integration of other technical third-party content and functions We use the technical functions and content of third-party providers listed below to present our websites.
When you call up our pages, the content of the third-party provider who provides these functions and content is reloaded. This provides the third-party provider with the information that you have accessed our site as well as the usage data technically required in this context.
We have no influence on the further data processing by the third-party provider.
The embedding takes place on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO and in the interest of making our site as appealing and informative as possible.

Use of IP addresses
Your attention is drawn to the fact that this website uses Google Analytics with the extension “_anonymizeIp()” and therefore that IP addresses are processed only in truncated form to prevent them being associated directly with an individual.

Security
We have taken technical and organisational measures to protect the personal data provided by you from loss, destruction, tampering and unauthorised access. This includes encrypted transmission of data by means of the sha256RSA (2048 bits) signature algorithm. All our employees and third parties involved in data processing are obliged to comply with the Federal Data Protection Act and to handle data confidentially.

We reserve the right to amend this policy at any time. It does not constitute any contractual or other formal right in respect of or on behalf of any party.

Information for applicants in accordance with Art. 13 of the General Data Protection Regulation
You will find the additional information regarding protection of data for applicants here.

General Data Protection Regulation in relation to social media
You will find the additional information regarding data protection on our social media pages here.

Your rights as a user
Under the GDPR, you have certain rights as the user of a website when your personal data is processed:

1.) Right of access (Art. 15 GDPR):

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed; where that is the case, you have the right to access the personal data and the information specified in detail in Art. 15 GDPR.

2.) Right to rectification and erasure (Art. 16 and 17 GDPR):

You have the right to demand rectification of inaccurate personal data concerning you and to have incomplete personal data completed without undue delay.
You have the right to demand erasure of personal data concerning you without undue delay if any of the reasons specified in Art. 17 GDPR exists, e.g. if the data is no longer required for the intended purposes.

3.) Right to restriction of processing (Art. 18 GDPR):

You have the right to demand restriction of processing if any of the conditions specified in Art. 18 GDPR exist, e.g. if you have objected to the processing, for the period required to carry out any check.

4.) Right to data portability (Art. 20 GDPR):

In certain cases as specified in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request that the data be transmitted to a third party.

5.) Right to object (Art. 21 GDPR):

If data is collected on the basis of Article 6(1) point (f) GDPR (data processing to pursue legitimate interests), you have the right to object to the processing at any time on the basis of reasons arising from your particular situation. We will then no longer process the data, unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing is being carried out for the establishment, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority
You also have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority if you believe that the processing of the data concerning you is in violation of data protection law. The right to lodge a complaint may, in particular, be exercised with regard to a supervisory authority in the Member State of your place of residence or the location of the alleged violation.

Assertion of your rights
Unless otherwise described above, please contact the office named in the imprint to assert your data protection rights.

Contact details of the data protection officer
We are supported by our data protection officer in fulfilling our data protection obligations. If you have any queries, please specify the company to which they relate. The contact details of our data protection officer are as follows:

Dr. Uwe Schläger
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen, Germany

Internet: www.datenschutz-nord-gruppe.de
Email: office@datenschutz-nord.de
Tel.: 0421 69 66 32 0