Information on the responsible body
The body responsible for the data processing on this website is:
Data protection officer
We have appointed a Data Protection Officer for our company:
BEREDI Marketing GmbH
Telephone: 040 22861374
Legal basis for the data processing
As a general rule, we only process personal data in running this website if this is required to provide a functional website, our content and the services associated with it.
We base this policy on the following legal foundations:
- consent pursuant to Art. 6 (1)(a) GDPR
- fulfilment of contracts pursuant to Art. 6 (1)(b) GDPR
- fulfilment of a legal obligation pursuant to Art. 6 (1)(c) GDPR
- legitimate interest pursuant to Art. 6 (1)(f) GDPR.
We will specify the relevant legal basis for any particular processing in these data protection notes.
If we process personal data on the basis of your consent, you have the right at any time to inform us that you are revoking your consent, effective for the future.
If we process data on the basis of weighing up competing interests, you as the data subject have the right to object to the processing of personal data taking account of the specifications contained in Art. 21 GDPR.
Erasure of data
As a matter of principle, we delete personal data if there is no requirement for their further storage. In particular, a requirement may apply if the data are still needed to enable us to fulfil contractual services and verify, grant or reject warranty or guarantee claims. In the case of statutory retention duties defined in EU directives, laws or other regulations under European or national legislation to which the controller is subject, data will only be considered for erasure after the relevant retention period expires.
Place of data processing
If personal data are processed outside the European Union, you can learn this from explanations of particular processing activities.
You can visit our website without giving any personal details. However, when you call up this website, the browser used on your device automatically sends information to the website’s server. This information is stored temporarily in a so-called log file.
The following information is registered without any involvement from you and stored until the record of your visit to the website is automatically deleted:
- The web server’s access logs record which pages are viewed and at what time. These logs contain the following data: IP, directory protection user, date, time, pages viewed, protocols, status code, data volume, referrer, user agent, hostname called up.
- IP addresses are stored in anonymised form. To do so, the number of the last octet is deleted and replaced by a 0, i.e. 18.104.22.168 becomes 22.214.171.124. Ipv6 addresses are also anonymised. The anonymised IP addresses are stored for 60 days. Details of the directory protection user employed are anonymised after one day.
- Error logs which record faulty page views are erased after seven days. As well as the error messages, they include the accessing IP address and, depending on the error, the website visited.
- Log files for email traffic through our mail server are erased after four weeks. The longer retention period is required for the analysis of malfunctions in the sending or receiving of emails as well as to ensure the functionality of mail services and combat spam.
- Mail logs for mails sent through our mail server are deleted after four weeks. The longer retention period is required to ensure the functionality of mail services and combat spam.
- Websites called up by the user’s system via our website
The legal basis for processing personal data is our legitimate interest under Art. 6 (1) Sentence 1 (f) GDPR. The information specified is used
- to ensure that the website runs without hitches
- for evaluation purposes to improve our offering
- to guarantee a smooth connection
- to enhance the ease of use of this website
- to enable us to evaluate the system security and stability of this website
- for further administrative purposes
As a matter of principle, we do not use the data we collect to draw conclusions about you personally.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content such as in enquiries which you send to us as the operator of the site, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar in the browser changes from “http://” to “https://” and by the padlock symbol in your browser bar.
If SSL or TLS encryption is activated, the data which you send to us cannot be read by third parties.
Hosting by a third-party provider
This website is hosted by an external provider. We have concluded a hosting contract with this provider as well as a corresponding processing contract. The host’s servers are located in Germany.
All the data collected in the course of using this website or in forms provided for this purpose are processed on this host’s servers. Such data can include IP addresses, website visits, meta data and communication data, enquiries and other data generated by a website.
The host is used to protect our legitimate interest under Art. 6 (1)(f) GDPR in the correct presentation of our offering and the fast, secure and efficient delivery of our website; this interest outweighs all other interests.
Enquiry by email, telephone or fax
If you contact us by email, telephone or fax, your enquiry including all personal data resulting from it (name, enquiry) is stored and processed on our premises for the purpose of responding to the matter you have raised. We will not forward these data without your consent.
These data are processed on the basis of Art. 6 (1)(b) GDPR if your enquiry is connected to the fulfilment of a contract or is required to implement pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1)(a) GDPR) and/or on our legitimate interests (Art. 6 (1)(f) GDPR) as we have a legitimate interest in the effective processing of enquiries directed at us.
The data which you send to us through enquiries remain with us until you request us to delete them, withdraw your consent to their storage or the purpose for storing the data no longer applies (e.g. after the processing of your enquiry has been completed). Statutory provisions – in particular, statutory retention periods – remain unaffected.
Transfer of data
We will never pass on data which we receive from you to third parties, in particular for their advertising purposes. As a general rule, your personal details are only passed on to third parties if this is necessary to fulfil the contract with you, transfer is permissible on the basis of weighing up interests as defined by Art. 6 (1)(f) GDPR, we are legally obliged to transfer them or you have given your consent in this regard.
However, we deploy service providers, for example, to operate this website. On occasion, a service provider may become aware of personal data. We select our service providers with care – particularly with regard to data protection and data security – and implement all the measures required under data protection legislation for permissible data processing.
This website uses functions of the web analysis service Google Analytics. The supplier is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the operator of a website to analyse the behaviour of visitors to its site. The operator of the website receives various usage data such as page views, length of time spent, operating systems used and where the user comes from. These data may be combined by Google in a profile which is assigned to each user or their device.
Google Analytics uses technologies which enable the user to be recognised for the purpose of analysing their habits (e.g. cookies or device fingerprinting). The information recorded by Google on the use of this website is usually transmitted to a Google server in the USA and stored there.
The legal basis for using this analytical tool is given by Art. 6 (1)(f) GDPR. The operator of the website has a legitimate interest in analysing user habits in order to optimise both his online offering and his advertising. If corresponding consent has been requested (e.g. consent to the storage of cookies), data will be processed exclusively on the basis of Art. 6 (1)(a) GDPR; the consent can be revoked at any time.
We have activated the function of IP anonymisation on this website. As a result, your IP address will be truncated by Google within Member States of the European Union or other parties to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases is a full IP address transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website in order to evaluate your use of the website, compile reports on website activity and provide further services relating to use of the website and internet usage for the website operator. The IP address conveyed by your browser as part of Google Analytics will not be collated with any other data by Google.
You can prevent Google from recording and processing your data by downloading and installing the browser plugin available on the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on the way Google Analytics handles user data in Google’s data protection notice: https://support.google.com/analytics/answer/6004245?hl=de.
We have concluded a contract with Google for processing, and in using Google Analytics, we implement the strict requirements of the German data protection authorities in full.
Length of storage
Data stored at Google on a user and event level which are linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android Advertising ID), are anonymised or deleted after 14 months. You can find details on this on the following link: https://support.google.com/analytics/answer/7667196?hl=de
Demographic characteristics at Google Analytics
This website uses Google Analytics’ “demographic characteristics” function to enable suitable ads to be displayed to website visitors within the Google advertising network. As a result, reports can be compiled containing information on the age, gender and interests of visitors to the site. These data originate from Google’s interest-related advertising as well as from visitor data of third-party suppliers. These data cannot be matched with any particular person. You can deactivate this function at any time via the ad settings in your Google account or prevent your data from being registered by Google Analytics in general as described in the section “Objection to data collection”.
This website uses the following cookies:
Session cookies: These serve to make the use of our website a more pleasant experience for you by recognising which individual pages you have already visited on our website. They are automatically deleted at the end of your visit.
Persistent cookies: We use persistent cookies to record statistics and to optimise our website. If you return to the site, these cookies allow us to automatically recognise that you have already been with us. These cookies will be automatically deleted after a defined period of time, and you can take the length of storage from the overview in the cookie settings of your web browser.
The data processed by cookies are needed for the purposes specified to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) Sentence 1 (f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer. Alternatively, you can be notified before any new cookie is installed.
Every browser handles cookie settings differently. This is described in the help menu which will also explain how to change your cookie settings. However, the complete deactivation of cookies may mean that you are not able to use all the functions of our website.
Our website uses the video portal Vimeo for the integration of videos. The provider is Vimeo Inc., USA.
You can find further information on the treatment of user data in Vimeo’s privacy notice at: https://vimeo.com/privacy.
The legal basis for the integration of the Vimeo videos and the associated third-country processing is the exception in Art. 49 Para. 1 lit. b) GDPR. In order to ensure an adequate level of data protection when transmitting data to the USA, we have concluded the EU standard contractual clauses with Vimeo in the so-called “controller to controller” variant.
In addition, the videos from Vimeo are always integrated in the "Do Not Track" variant, so that personal data is only transmitted to Vimeo in a minimal way.
We use the products of Google Maps, Google LLC, on our website. This enables us to directly display interactive maps on the website, thereby enabling you to use the map function with ease. The legal basis of this data processing is given by Art. 6 (1)(b) GDPR as the IP address is needed to supply the content.
In terms of data protection legislation, we collaborate with Google LLC on the basis of a contract governing joint responsibility as defined by Art. 26 GDPR that can be viewed at https://privacy.google.com/intl/de/businesses/mapscontrollerterms/.
As a visitor to our site, you enter into a direct user relationship with Google if you use Google Maps.
When you visit our website, Google will be informed if you view the relevant page on our website. The data automatically stored as a result of visiting our website will also be sent to Google. This transmission of data happens regardless of whether Google provides a user account through which you are logged in or there is no user account for you. If you are logged on to Google, your data will be directly linked to your account. If you do not want your data to be associated with your Google profile, you must log out before clicking on the button. Google will store your data as a user profile and use them for the purpose of advertising, market research and/or enhancing the design of its website. Any such evaluation is performed in particular to provide relevant advertising (even for users who are not logged in), and to inform other users of the social network of your activities on our website. You have the right to object to the creation of such user profiles but you must address Google in order to exercise this right.
You can find further information on the purpose and scope of the data collected and their processing by the provider of the plugin in the provider’s data protection notices. There you will also find further information on your rights in this regard and setting options to protect your privacy:
Google also processes your personal data in the USA.
We take data protection in social networks very seriously. Unfortunately, there is still no conclusive legal clarification of whether and to what extent social networks are in compliance with European data protection laws in offering their services. As soon as any new, legally secure findings are available, we will immediately implement them. Until such time, please check carefully what personal data you make available to social networks by using one of our sites.
Please remember that social networks store the data of their users (e.g. personal information, IP address) in accordance with their data usage guidelines and use them for business purposes. We have no control over the collection of data and their further use by social networks. We cannot discern to what extent, in what location and for how long data are stored, to what extent the networks meet their existing duties of erasure, what evaluations and links are made with the data and to whom the data are forwarded.
We have an account with Twitter (Twitter Inc.). Twitter Inc. (USA) is solely responsible for the processing of personal data when you visit our Twitter profile. You can find the data protection declaration at https://twitter.com/de/privacy, settings can be made at https://twitter.com/personalization.
We also have a company profile at Xing (New Work SE). You will find their data protection policy at https://privacy.xing.com/de/datenschutzerklaerung.
We also have a company page at LinkedIn (LinkedIn Ireland Unlimited Company). The legal basis for this processing is given by Art. 6 (1)(f) GDPR. You will find the data protection policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy. An opt-out can be exercised at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
No automated decision-making / profiling
We do not use any automated procedures for decision-making nor any profiling.
Rights of data subjects
You have the following rights with respect to us regarding personal data relating to yourself:
You have the right of access to personal data relating to yourself. You can turn to us for information at any time. If your request for information is not submitted in writing, we would ask you to appreciate that we may require evidence from you to show that you are the person who you claim to be.
You also have a right of rectification or erasure or to restrict the processing provided you are legally entitled to do so.
Finally you have a right of objection (see below) to the processing within the bounds of statutory requirements.
You also have a right to data portability as part of the requirements contained in data protection legislation.
Right of objection
If we process personal data as part of our overriding legitimate interests as described above, you can object to this processing with future effect. If the data are processed for direct marketing purposes, you can exercise this right at any time. If the processing is for other purposes, you only have a right of objection for reasons resulting from your particular situation.
If you lodge an objection, we will no longer process your personal data for these purposes unless we can show compelling reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
This does not apply if the processing serves direct marketing purposes. In that case, we will no longer process your personal data for this purpose.
Right of complaint to responsible regulatory authority
You have the right to complain about the processing of personal data by us to a regulatory body for data protection.
Objection to advertising mail
The use of contact details published as part of the mandatory legal notice to send advertising and information material which have not been expressly requested, is hereby forbidden. The operators of the websites explicitly reserve the right to take legal action if unsolicited advertising information is sent, e.g. through spam mails.
Last amended: 21/08/2020