Privacy policy

Data protection is highly valued at Bihl+Wiedemann GmbH. Use of the website is essentially possible without providing any personal data. Should a data subject however wish to make use of special services of our company through our website, processing of personal data may be required. If there is no legal basis for such processing, we generally request permission from the data subject.

Processing of personal data is always in accordance with the GDPR (General Data Protection Regulation) and in agreement with the prevailing country-specific data protection regulations. By means of this Privacy Policy our company would like to inform the public of the type, scope and purpose of the personal data we gather, use and process. This Privacy Policy also serves to inform data subjects of their rights.

Bihl+Wiedemann GmbH as a controller has implemented numerous technical and organizational measures for ensuring the greatest possible protection of the personal data processed through this website. Nevertheless, Internet-based data transmission inherently has security gaps, so that 100% security cannot be assured. For this reason it is up to each individual data subject to decide whether to use alternative ways of providing us with personal data, such as by telephone.

1. Definitions

The Privacy Policy of Bihl+Wiedemann GmbH is based on definitions which were used by the European legislature when enacting the GDPR. Our Privacy Policy should be readable and understandable both for the public and for our customers and business partners. To ensure this we would like to begin with a list of terms and definitions.

a) Personal data

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

Any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.

d) Restriction of processing

The marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Any form of automated processing of personal data consisting of the use of personal data to evaluate, analyze or predict certain personal aspects.

f) Pseudonymization

Processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.

g) Controller

Natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

Natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party

Natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

The responsible entity in the context of the GDPR, other data protection laws applicable in the Member States of the European Union and other regulations of a data protection nature is Bihl+Wiedemann GmbH.

Address:

Bihl+Wiedemann GmbH

Flosswoerthstrasse 41

68199 Mannheim

Germany

E-Mail: datenschutznospam@bihl-wiedemann.de

Tel: +49 621 33996-0

3. Cookies

Cookies are text files which an Internet browser files and stores on a computer system with an ID.

Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers.

A cookie can be used to optimize the information and offers on our website in the interest of the user.

The data subject can at any time prevent cookies from being set by our site using a certain setting of his or her browser and thereby permanently deny cookie setting. Already set cookies can also be deleted at any time from a browser or other software programs. This is possible in all commonly used browsers. If the data subject disables setting of cookies in the browser, not all functions of our site may be available.

Use of Google Analytics

This page uses Google Analytics, a web analysis service provided by Google Inc. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyze a user's activities across devices. Google Analytics uses cookies for this purpose. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, by using IP anonymisation on this website, Google's IP address will be reduced within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We would like to point out that on this website Google Analytics has been extended to include IP anonymisation in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. The legal basis for the use of Google Analytics is the consent pursuant to Art. 6 Par. 1 S.1 Point a DSGVO. The linked data will be deleted automatically after 11 months. An opt-out cookie can be set to revoke your consent. Opt-out cookies prevent the future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used.

You can also prevent capturing the data generated by the cookie and related to your use of the web site (including your IP address) on Google as well as the processing of this data by Google by downloading and installing the browser plug-in at the following link:

Download Browser-Plugin (new Window)

Instead of the browser plug-in you can also prevent processing of your data by clicking on the following link. This sets a so-called “opt-out cookie” which disallows processing in your current browser.

Reject data processing / Set Opt-Out-Cookie

More information on terms of use and data protection for Google Inc. can be found at http://www.google.com/analytics/terms/us.html or at https://www.google.com/intl/us/policies/. Please note that on this Google Analytics web site the code „gat._anonymizeIp();“ has been added, which ensures anonymous capturing of IP addresses (so-called IP masking).

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

4. Collection of general data and information

Each time the web page is opened by a person or automated system a series of general data and information is generated. This general data and information are stored in the log files of the server, and can include (1) the browser types and versions used, (2) the operating system used for access, (3) the Internet page from which an accessing system arrives at our Internet page (so-called referrer), (4) the sub-sites which directed to our website through an accessing system, (5) the date and time of an access to the website, (6) an Internet Protocol (IP) address, (7) the Internet Service Provider of the accessing system, and (9) other similar data and information which serve to defend against danger in case of attacks on our IT systems.

In using this general data and information Bihl+Wiedemann GmbH is unable to associate it with the data subject. This information is rather used (1) to correctly deliver the contents of our website, (2) to optimize the contents of our website as well as the advertising for it, (3) to ensure uninterrupted function of our IT systems and the technology of our website, as well as (4) to provide law enforcement authorities with the information needed for prosecution in case of a cyberattack.

This anonymously collected data and information is evaluated by Bihl+Wiedemann GmbH therefore on one hand statically but also with the goal of increasing data protection and data security in our company so as to ensure an optimum level of protection for the personal data we process. The anonymous server log files are stored separately from all the personal data provided by a data subject.

5. Registering on our website

The data subject has the opportunity to register on the website of the controller by providing personal data. Which personal data are transmitted for the controller is a function of the input screen used for the registration. The personal data entered by the data subject is collected and stored solely for internal use and for the controller’s own purposes. The controller can for example share with one or more contract processors, for example a parcel service, who likewise uses the personal data solely internally.

By registering on the website of the controller the IP address of the data subject provided by the Internet Service Provider (ISP), the data and the time of registration are stored. This data is stored with the idea of preventing misuse of our services, and when needed this data can be used to elucidate committed offenses. To this extent the storage of this data is necessary in order to protect the controller. This data is not shared with third parties unless there is a legal obligation to do so or unless it is used in a legal proceeding.

Registration of the data subject with voluntary provision of personal data is used by the controller to offer the data subject content or services which by their nature can only be offered to registered users. Registered persons are free to change the information they provided at the time of registration or to delete it completely from the controller’s database.

The controller shall on request and at any time tell the data subject which personal data about the data subject are stored. Furthermore the controller shall correct or delete the personal data on request or notice from the data subject unless there is a legal requirement to preserve the information. Any employee of the controller is available to the data subject as a contact in this respect.

6. Subscribing to our newsletter

On the website of Bihl+Wiedemann GmbH users are given the opportunity to subscribe to our company’s newsletter. Which personal data are provided to the controller when ordering the newsletter is a function of the input screen used.

Our company’s newsletter can be received by the data subject only if (1) the data subject has a valid e-mail address, and (2) the data subject has registered for sending of the newsletter. For legal reasons a confirmation mail is sent to the e-mail address first provided by the potential subscriber following the double opt-in procedure. This confirmation e-mail serves to verify whether the owner of the e-mail address as data subject has authorized receipt of the newsletter.

When registering for the newsletter we also store the IP address at the time of registration provided by the ISP of the data subject as well as the date and time of registration. This data must be collected in order to pursue possible misuse of the e-mail address of the data subject at a later time, and therefore serves as legal protection for the controller.

The data collected as part of registering for the newsletter are used solely for sending our newsletter. No personal data collected as part of the newsletter service are shared with a third party. Subscription to our newsletter may be cancelled by the data subject at any time. Consent to store personal data which the data subject has shared for sending of the newsletter may be withdrawn at any time. A corresponding link is provided in each newsletter for the purpose of withdrawing consent. It is also possible to cancel the subscription to the newsletter directly on the website of the controller or to notify the controller by other means.

7. Newsletter tracking

The newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic which is embedded in such e-mails which are sent in HTML format to enable a log file recording and a log file analysis. This allows statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel Bihl+Wiedemann GmbH can determine whether and when an e-mail was opened by a data subject and which links contained in the e-mail were followed by the data subject.

Such personal data obtained by the tracking pixels in the newsletters are stored and analyzed by the controller in order to optimize sending of the newsletter and to better adapt the contents of future newsletters to needs of the data subject. This personal data is not shared with third parties. Data subjects may at any time revoke their consent declared through the separate double opt-in procedure. After revoking, this personal data is deleted by the controller. Cancellation to subscription of the newsletter is automatically interpreted by Bihl+Wiedemann GmbH as a revocation of consent.

8. Contact options from the website

For legal reasons the website of Bihl+Wiedemann GmbH contains information which enable fast electronic contacting as well as direct communication with us. To the extent that a data subject uses e-mail or a contact form to make contact with the controller, the personal data provided by the data subject are automatically stored Such personal data voluntarily provided by the data subject to the controller are stored for the purposes of processing or for contacting the data subject. This personal data is not shared with third parties.

9. Routine deletion and blocking of personal data

The controller shall process and store personal data of the data subject only for as long as is required for achieving the purpose of storage to the extent that this has been provided for by the European directive and regulation agencies or by another legal body in the form of laws or regulations to which the controller is subject.

If the storage purpose no longer applies or if a storage time limit mandated by the European directive and regulation agencies has expired, the personal data are routinely and in accordance with the legal requirements blocked or deleted.

10. Rights of the data subject as granted by the European directive and regulation agencies

a) Right of access

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to make use of this right of access, he or she may contact an employee of the controller at any time.

b) Right of access

The data subject shall have the right to obtain information at no charge and at any time concerning the personal data stored and to obtain a copy of this information. Access to the following information shall also be provided:

• The purposes of the processing
• The categories of personal data concerned
• The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
• Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
• The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
• The right to lodge a complaint with a supervisory authority
• Where the personal data are not collected from the data subject, any available information as to their source
• The existence of automated decision-making, including profiling, referred to in Art. 22 Par. 1 and 4 of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be so informed. When this is the case, the data subject further has the right to be informed of the appropriate safeguards relating to the transfer. If a data subject wishes to make use of this right to access, he or she can at any time do so by contacting any employee of the controller.

c) Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to make use of this right rectification, he or she can at any time do so by contacting any employee of the controller.

d) Right of erasure (‘right to be forgotten‘)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

• The personal data are no longer necessary in relation to the purposes for which they are collected or otherwise processed.
• The data subject withdraws consent on which the processing is based according to Art. 6 Par. 1 Point (a) GDPR or Art. 9 Par. 2 Point (a) GDPR, and where there is no other legal ground for the processing.
• The data subject objects to the processing pursuant to Art. 21 Par. 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 Par. 2 GDPR.
• The personal data have been unlawfully processed.
• The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
• The personal data have been collected in relation to the offer of information society services referred to in Art. 8 Par. 1 GDPR.

If one of the above reasons applies and a data subject wishes to have his or her personal data which are stored at Bihl+Wiedemann GmbH deleted, this can be accomplished at any time by contacting an employee of the controller.

Where Bihl+Wiedemann GmbH have made the personal data public and our company is obliged pursuant to Art. 17 Par. 1 GDPR to erase the personal data, Bihl+Wiedemann GmbH shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data to the extent that they are not necessary for processing.

e) Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

• The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
• The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
• The data subject has objected to processing pursuant to Art. 21 Par. 1 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the above conditions is met and a data subject would like to request restriction of processing of personal data stored by Bihl+Wiedemann GmbH, he or she may any time contact any employee of the controller. The data protection deputy of Bihl+Wiedemann GmbH or another employee will initiate restriction of processing.

f) Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. This shall apply where the processing is based on consent pursuant to Art. 6 Par. 1 Point (a) GDPR or Art. 9 Par. 2 Point (a) GDPR and the processing is carried out by automated means, presuming the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability pursuant to Art. 20 Par. 1 GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and to the extent that this is technically feasible and does not adversely affect the rights and freedoms of others.

To assert the right to data portability the data subject may contact an employee at any time.

g) Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6 Par. 1 Point (e) or (f) GDPR, including profiling based on those provisions.

Bihl+Wiedemann GmbH shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Where Bihl+Wiedemann GmbH process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89 Par. 1 GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object the data subject may turn directly to an employee. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

h) Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly affects him or her, presuming the decision (1) is not necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.

If the decision is necessary (1) for entering into, or performance of, a contract between the data subject and a data controller, or (2) is based on the data subject’s explicit consent, Bihl+Wiedemann GmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decison.

To assert his or her rights with respect to automated decision-making, the data subject may contact an employee at any time.

i) Right to withdraw consent

Every data subject shall have the right to withdraw his or her consent at anytime.

To exercise his or her right to withdraw consent, he or she may at any time contact an employee of the controller responsible for the processing. 

11. Data protection for application forms and in the application process

The data controller gathers and processes personal data from applicants for the purpose of carrying out the application process, including in electronic form. When the data controller forms an employment contract with an applicant, the transmitted data are retained for the purpose of the employment relationship according to legal requirements. If no contract is concluded with the applicant, the application documentation are automatically deleted two months after notification of the rejection decision unless there are no other legitimate interests for its processing. Other legitimate interest in this context is for example a burden of proof in a matter related to the General Equal Treatment Act (AGG).

12. Lawfulness of processing

Art. 6 Par. 1 Point (a) GDPR serves for our company as the legal basis for processing where the data subject has given consent to the processing or his or her personal data for a specific purpose. Where processing of personal data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, such as in cases of inquiries about our products or services, then such processing is based on Art. 6 Par. 1 Point (b) GDPR. When processing by our company is necessary for compliance with a legal obligation to which the controller is subject, such as compliance with tax obligations, the processing is based on Art. 6 Par. 1 Point (c) GDPR.

13. Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party

If the processing of personal data is based on Art. 6 Par. 1 Point (f) GDPR, our legitimate interest is the performance of our business activity for the welfare of all our employees.

14. Duration of personal data retention

The criterion for the duration of retention of personal data is the respective legal preservation period. After expiration of the period the corresponding data are routinely deleted unless they are still required for fulfillment or initiation of a contract.

15. Legal or contractual regulations for providing personal data; necessity for concluding a contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We are making you aware that providing of personal data is in part a legal requirement (e.g. for tax purposes) or can result from contractual obligations (e.g. information about the contractual partner). Sometimes the drawing up of a contract may require that a data subject provides us with personal data which consequently must be processed by us. Before the data subject provides personal data, he or she must contact our data protection deputy.

16. Existence of automated decision making

As a responsibility conscious company we do not engage in automated decision making or profiling.

GDPR: English abbreviation for General Data Protection Regulation.