Privacy Notice
According to the Requirements of the General Data Protection Regulation (GDPR)
You can update your cookie consent here: [cookies_revoke]
We wish to provide you with comprehensive information concerning the legal requirements and obligations governing the types of data we collect and how these are processed. In connection with presenting our products and services, we are informing you below of the policies and procedures we have in place for the handling your data.
I. Name and address of the controller
The controller, as defined in the GDPR and other national data protections laws of member states, as well as other data protection regulations is:
BUSE KSW GmbH & Co. KG and its affiliates (hereinafter: “BUSE”)
Sprudelstrasse 3
53557 Bad Hönningen
Germany
Telefon: +49 (0)2635 781-0
Telefax: +49 (0)2635 781-200
E-Mail: info@buse-group.com
Web: https://buse-group.com
Represented by the management board: Roland Bräkling.
II. Name and address of the the data protection officer
The data protection officer acting for the controller can be contacted at: datenschutz@buse-group.com or at:
BUSE KSW GmbH & Co. KG
Der Datenschutzbeauftragte
Sprudelstrasse 3
53557 Bad Hönningen
Germany
III. General information concerning data processing
1. Scope of personal data processing
In principle, we collect and use the personal data of our users only to the extent that this is necessary to provide a functional website together with its contents and our products and services including, in particular, our gas offering. At BUSE, we take the protection of personal data very seriously.
2. Legal basis for the processing of personal data
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and other applicable data protection regulations.
Where processing personal data is necessary for the performance of a contract to which the data subject is party, the legal basis for such processing is Art. 6 (1)(b) of the GDPR. The same applies to processing operations that are necessary in order to take steps prior to entering into a contract. In principle, the provision of gas solutions is based on a services contract. Processing is therefore carried out, in particular, to provide the services and other additional products you have selected in accordance with your orders and wishes, and includes the services, measures and activities that are necessary for this purpose. This essentially includes, contract-related communications, the traceability of transactions, orders and other agreements, as well as quality control by means of corresponding documentation, good-will measures, measures to control and optimize business processes and to comply with general duties of care, control and monitoring by affiliated companies (e.g. parent company); statistical evaluations for corporate management, cost accounting and controlling, reporting, internal and external communication, emergency management, accounting and tax evaluation in respect of operational services, risk management, enforcement of legal claims and conducting defense in the event of legal disputes; ensuring IT security (including system and plausibility tests) and general security, including building and plant security, to assure and safeguard our right to keep out trespassers (e.g. by means of access controls); ensuring the integrity, authenticity, and availability of data, to prevent and investigate criminal offenses; monitoring by supervisory boards or monitoring authorities (e.g. auditing).
If we obtain the data subject’s consent to the processing of personal data, the legal basis for such processing is Art. 6(1)(a) of the GDPR. An exception shall apply in cases where it is not possible, for practical reasons, to obtain consent in advance but where the processing of data is authorized by statutory provisions. If processing of personal data is based on Art. 6 (1)(a) of the GDPR, which will be the case if data subjects have given their consent to the processing of personal data concerning them for one or more specific purposes or if processing is based on Art. 9(2)(a) of the GDPR, which governs express consent to the processing of specified categories of personal data, the data subject shall have the right, under Art. 7(3), sentence 1 of the GDPR, to withdraw his or her consent at any time.
In accordance with Art. 7(3), sentence 2 of the GDPR, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In accordance with Art. 7(3), sentence 4 of the GDPR, it shall be as easy to withdraw as to give consent. Hence, consent can always be withdrawn by the same method that was used to give consent or by any other means considered to be easier by the data subject. If a data subject wishes to withdraw consent that has been given to us, it shall suffice to send a simple email to our data protection officer. Alternatively, data subjects may use any other method to inform us of the fact that they are withdrawing their consent.
Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis for such processing is Art. 6 (1)(c) of the GDPR. In the case of statutory requirements, the legal basis shall include requirements issued by regulatory or other official bodies as well as other statutory reporting procedures (e.g. to the tax office, social insurance providers). Processing purposes include, where applicable, identity and age verification, fraud and money laundering prevention, the prevention, fighting and investigation of terrorist financing and criminal offenses giving rise to asset endangerment, checking European and international anti-terror lists, compliance with monitoring and reporting obligations specified under tax law as well as archiving data for the purposes of data protection and data security and for audits by tax and other authorities. It may also be necessary to disclose personal data in connection with official/court measures for the purposes of collecting evidence, conducting criminal prosecutions or enforcing civil claims.
Where processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis for such processing is Art. 6(1)( d) of the GDPR.
If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and these legitimate interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for such processing is Art. 6(1) (f) of the GDPR. Possible purposes include: advertising or market and opinion research, provided that you have not objected to the use of your data; obtaining information from and exchanging data with credit agencies, where this goes beyond our economic risk; testing and optimizing requirements analysis procedures; the further development of services and products as well as existing systems and processes; the disclosure of personal data in connection with due diligence procedures associated with company sale negotiations; to enrich our data including; inter alia, through using or researching publicly accessible data; for statistical analyses or market analyses; for benchmarking; enforcement of legal claims and conducting defense in the case of legal disputes that cannot be directly attributed to the contractual relationship; storing data in restricted form if, owing to the specific means of storage, deletion is not possible or would be possible only by incurring unreasonably high costs; the development of scoring systems or automatic decision-making processes; building and plant security (e.g. by means of access controls and video surveillance), insofar as this exceeds general duties of care; internal and external investigations, security checks; possible listening in on or recording of telephone conversations for quality control and training purposes; obtaining and maintaining certifications of a private-law or official nature; ensuring and safeguarding our right to keep out trespassers by means of appropriate measures as well as through video surveillance to protect our customers and employees as well as to preserve evidence in the event of criminal offenses and to prevent the same.
If the processing of personal data is based on Art. 6(1) (f) of the GDPR, our legitimate interest consists of conducting our business activity to promote the well-being of all of our company stakeholders including, in particular, the shareholders and employees. In connection with provision of the website, the legitimate interest can include, in particular, a customer oriented presence of BUSE on the Internet including various contact options, as well as defending attacks against the website.
3. Erasure of data and duration of storage
In principle, the personal data relating to the data subject will be erased or made unavailable as soon as the purpose of storage lapses. Storage of data may also take place if this has been provided for by European or national legislators in EU Regulations, statutes or other regulations to which the controller is subject.
The legislator has enacted many retention obligations and periods. These include tax-law based retention obligations. Upon expiry of these periods, the corresponding data will be routinely erased:
- Compliance with retention obligations under commercial law and tax law: Particularly relevant laws include the Commercial Code (Handelsgesetzbuch, HGB), the Tax Code (Abgabenordnung, AO) and the Money Laundering Act (Geldwäschegesetz, GwG). The periods for retention and documentation specified therein range from two to ten years.
- Preservation of evidence in connection with statutory provisions on limitation periods: In accordance with sections 195 et seq. of the Civil Code (Bürgerliches Gesetzbuch, BGB) these limitation periods may last for up to 30 years, whereby the regular limitation period is 3 years.
Insofar as data are unaffected by such requirements they will be erased when the above-mentioned purposes cease to apply. If the data are no longer necessary in order to comply with contractual or statutory obligations, they will be routinely erased, unless their – time limited – .further processing is necessary to fulfill the above-mentioned purposes. In such cases, we are entitled to store and, where applicable, use your data, even after termination of our business relationship or our pre-contractual legal relationship, for a period that is compatible with the purposes.
Data will also be made unavailable or erased if a retention period stipulated in the specified rules expires, unless there is a need for continued storage of the data in order to conclude or perform a contract.
For specific retention periods or erasure deadlines relating to use of a contact form or for log files, see below:
4. The recipient or categories of recipients of personal data, if necessary for the performance of tasks
Your data will be passed only to the following external agencies:
- Public bodies, if overriding legal provisions require this, and always in accordance with the legal confidentiality obligations;
- e.g. to authorities, credit agencies, debt collection agencies, lawyers, courts, expert assessors, group companies, and supervisory boards and monitoring bodies etc., if there is a legitimate interest under Art. 6(1)(f) of the GDPR;
- External agents, such as service providers/processors (Art. 28 of the GDPR), who are engaged to carry out normal business processing or to perform a contract, and are subject to the legal regulations in the case of cross-border engagements (e.g. external data centers, support/maintenance of computer/IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and plausibility assessments, data destruction, purchasing/procurement, customer management, letter-shops, marketing, media technology, research, risk control, billing, telephony, website management, audit services, credit institutes, printing companies or data disposal companies, courier services, logistics);
- Third parties, where consent has been given for a transfer to the specific third parties;
Your personal data will be processed by employees of BUSE as well as at any existing home-based offices. This relates to internal departments involved in the execution of the relevant business processes. Where necessary, BUSE also uses freelancers, interns and guest students.
Content relation to BUSE’s subsidiary companies and participations are integrated into its own website.
5. Recipients in a third country, appropriate or reasonable guarantees and the procedure for obtaining a copy of these, or where they are available.
No data processing outside the EU or the EEA takes place for the provision of this website. In the context of the provision of cookies and the use of social media services, data may be transferred to the USA.
We will neither sell your personal data to third parties nor market it in any other way.
Pursuant to Art. 46 (1) GDPR, the controller or a processor may transfer personal data to a third country only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Appropriate safeguards may be provided for by standard data protection clauses, without requiring any specific authorisation from a supervisory authority, Art. 46(2)(c) GDPR.
By agreeing standard data protection clauses, it is ensured that all processing of personal data is subject to appropriate safeguards, enforceable rights and effective legal remedies resulting from the EU standard data protection clauses. Any data subject may obtain a copy of the standard data protection clauses. The standard data protection clauses are also available in the Official Journal of the European Union (OJ 2010 / L 39, p. 5-18).
In the context of the provision of the contact form, data may be transferred to countries outside the EU. All contact form enquiries are first sent to the address info@buse-group.com. If your contact request is addressed to locations outside the EU (currently Macedonia, United Kingdom), your message and any personal data contained therein will be transferred to the corresponding third country in accordance with data protection law.
6. Statutory or contractual regulations on the provision of personal data; Necessity for the conclusion of contracts; Data subject’s obligation to provide personal data; possible consequences of non-provision
We would like to point out that in some cases the provision of personal data is required by law (e.g. tax regulations, social security regulations) or may be a requirement under the terms of the contract (e.g. information on the contract partner).
In order to conclude a contract, it may sometimes be necessary for a data subject to provide us with personal data that we will then need to process. For example, the data subject is required to provide us with personal data if our company is concluding a contract with him/her. Not providing the personal data would therefore mean that the contract cannot be concluded with the data subject.
The data subject may contact the controller before providing personal data. The controller shall then clarify for the data subject, in relation to the individual case, whether provision of personal data is required by law or contract, or is necessary in order to conclude a contract, whether there is an obligation to provide personal data, and the consequences that would ensue in the event that the personal data is not provided.
7. The existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
As a responsible company, we do not use automatic decision-making processes or profiling. If, in the future, we engage in such processes in individual cases, we will inform you of this separately, insofar as this is required by law.
In some circumstances, we will process your data partly in order to evaluate certain personal aspects (profiling). We may use analysis tools in order to provide you with targeted product information and advice. This enables products to be designed according to requirements, as well as communication and advertising, including market and opinion research.
Such processes may also be employed in order to assess your financial standing and credit-worthiness, as well as to fight money laundering and fraud. “Score values” may be used in order to assess your financial standing and creditworthiness. Scoring uses mathematical methods to calculate the probability that a customer will meet its payment obligations in accordance with the contract terms. Hence, by way of example, such score values can help us to assess your creditworthiness and take decisions during the process of closing product sales, and are also used to support our risk management operations. The calculation is based on mathematical-statistical, recognized and proven methods and is performed using your data including, in particular, income, expenditures, existing liabilities, profession, employer, duration of employment, experience from the business relationship to date, repayment of previous credit in accordance with the contract terms, as well as information from credit ratings agencies.
We will not process data concerning nationality or special categories of personal data according to Art. 9 of the GDPR.
IV. Provision of the website and the creation of log files
1. Description and scope of data processing
For each request to our website, our system automatically collects data and information from the computer system of the requesting computer.
In this respect, the following data will be collected:
- information about the browser type and the version used (e.g. Mozilla Firefox, Google Chrome or Microsoft Internet Explorer, Apple Safari, Opera etc.);
- the user’s operating system;
- the user’s internet service provider;
- the user’s IP address;
- the date and time of access (the “time stamp”);
- websites that the user’s system accesses via our website;
- the page from which the file was requested (known as the referrer URL);
- the name of the file;
- the transferred data volumes;
- the access status (data transferred, data not found etc.);
- username (if logged in to the website);
- HTTP status code request;
- HTTP status code reply;
- the size of the reply in bytes.
The data will also be saved in our systems’ log files. This does not include the user’s IP address or other data that enables the data to be matched with a user. Such data will not be stored together with other personal data of the user. The data will not be passed to third parties for either commercial or non-commercial purposes.
2. Legal basis for the data processing
The legal basis for the processing of personal data using technically necessary cookies (“Essential”) is Art. 6(1)(f) GDPR.
The legal basis for the processing of personal data using cookies is Art. 6(1)(a) GDPR. An exception applies in those cases where prior consent cannot be obtained for practical reasons and where the processing of the data is permitted by law.
If the processing of personal data is based on Art. 6(1)(a) GDPR, which is the case if the data subject has granted his or her consent to the processing of personal data relating to him or her for one or more specific purposes, the data subject has the right to withdraw his or her consent at any time pursuant to Art. 7(3) sentence 1 GDPR. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of this consent until its withdrawal, Art. 7(3) sentence 2 GDPR. The withdrawal of consent must be as simple as the granting of consent, Art. 7(3) sentence 4 GDPR. Therefore, the withdrawal of consent may always be effected in the same way as the consent was granted or by any other means that the data subject may consider easier. If the data subject wishes to withdraw consent that he or she has granted us, a simple email to our data protection officer is sufficient for this purpose. Alternatively, the data subject may choose any other way to notify us of the withdrawal of consent.
3. Purpose of data processing
a) Essential Cookies
Session cookie (_PHPSESSID): Technical and essential cookie containing the session identifier.
Storage duration: until the end of the browser session.
Consent to cookies (cookie_notice_accepted): This cookie registers the fact that the visitor has read the cookie notice in the cookie banner.
Storage duration: one year.
Preferred language (“_icl_visitor_lang_js”, “_icl_current_language” and “wpml_browser_redirect_test”): Saves the user’s preferred language on the website.
Storage duration: until the end of the browser session or a maximum of 1 day.
b) Cookies for statistics and external media
The analysis cookies are used for the purpose of improving the quality of our website and its contents. Through the analysis cookies we learn how the website is used and can therefore constantly optimise our offer.
Use of Google Analytics: This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files that are saved on your computer and allow your use of our website to be analysed. Cookie-generated information on your use of our website will normally be transferred to a Google server in the USA where it is saved. However, if IP anonymisation is activated on this website, Google will first shorten your IP address in a member state of the European Union or in another state party to the Agreement on the European Economic Area. Only in exceptions will your full IP address be transferred to a Google server in the USA and shortened there. Google will use this information to assess your use of the website, compile reports about website activities and to perform other services relating to the use of our website and the internet on behalf of the operator of this website.
The IP address transferred by your browser through Google Analytics will not be merged with other Google data.
You may prevent cookies from being saved through your browser settings; however, please note that this may prevent you from fully using every function of this website.
Furthermore, you may prevent the transfer to and processing by Google of cookie-generated data on your use of our website (including your IP address) by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are further processed in a shortened form, excluding the possibility of direct personal assignment.
The use of Google Analytics is in compliance with the requirements agreed between the German data protection authorities and Google. Third party information:
Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: https://marketingplatform.google.com/about/analytics/terms/us/,
Data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html,
and the privacy policy https://policies.google.com/privacy?hl=en.
This website also reserves the right to use Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “personal data”.
Storage duration:
_ga: 2 years
_gid: 24 hours
Use of social media:
We use social media plug-ins. We use – as far as possible – the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognise the provider of the plug-in by the mark on the box by its initial letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in by clicking the button. The plug-in provider will only receive the information that you have accessed the corresponding website of our online offer if you click on the marked field and activate it In the case of Facebook, the IP address is anonymised as soon as it is collected, according to the respective providers in Germany. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data via cookies in particular, we recommend that you delete all cookies using your browser’s security settings before clicking on the greyed-out box.
We have no influence on the collected data and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also do not have any information about the erasure of the collected data by the plug-in provider.
The plug-in provider stores the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluations are carried out in particular (also in the case of users who are not logged in) for the purpose of displaying advertising that meets the needs of the users and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles. You must contact the respective plug-in provider to exercise this right. Via the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.
The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data we collect from you will be directly assigned to your existing account with the plug-in provider. If you press the activated button and e.g. link the page, the plug-in provider will also store this information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will help you avoid being assigned to your profile with the plug-in provider.
Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the data protection declarations of these providers, which are provided below. There you will also receive further information about your rights and settings to protect your privacy.
Further information can be found in the following explanations of the specific social media integrations that we use:
YouTube
For the integration of videos we use the provider YouTube among others. YouTube is operated by YouTube LLC with headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with its registered office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, respectively, provided that you grant us consent. The provision of the videos is only possible if consent is granted. The legal basis for the processing is Art. 6(1)(a) GDPR.
The privacy policy, for both Google+ and YouTube, can be found at
https://policies.google.com/privacy or, in German, at: www.google.de/intl/de/policies/privacy/
The option to object with effect for the future is available under https://adssettings.google.com/authenticated
Online offers on social media profiles
We offer online services on some of the integrated social media platforms in order to provide information there and to be able to contact you. We have no influence on the processing of personal data by the respective platform operator. As a rule, when you visit our social media offers, the platform operator stores cookies in your browser, in which your usage behaviour or interests are stored for market research and advertising purposes. The usage profiles obtained from this – usually across different devices – are used by the platform operators to display personalised advertising. The data processing may also affect persons who are not registered as users on the respective social media platform. Your data may be processed outside the territory of the European Union, which may make it difficult to enforce your rights. When selecting such social media platforms, however, we make sure that the operators commit themselves to comply with EU data protection standards.
The processing of your personal data when you visit one of our social media offerings is based on our legitimate interest in a diverse external presentation of our company, as well as the use of an effective information opportunity and communication with you. The legal basis for this is Art. 6(1)(f) GDPR. Under certain circumstances, you may also have granted your consent to a platform operator for data processing, in which case Art. 6(1)(a) GDPR is the legal basis.
Detailed information on data processing in connection with the use of our social media offers, opt-out options and the assertion of information rights can be obtained from the data protection declaration of the respective platform operator. The links to the data protection declarations of the platform operators can usually be found in our explanations regarding the respective platforms.
4. Duration of storage
The data will be deleted as soon as their retention is no longer necessary in order to achieve the purpose. Where data are collected in order to enable rendering of the website, this will be the case when the respective session is terminated. Where personal data are collected for the purposes of contractual relationship, or to take pre-contractual measures, the necessity shall end at the same time as the period necessary for the contractual relationship.
5. Options to object or request erasure
The collection of data for the purposes of providing the website and the storage of data in log files is absolutely essential for the purposes of operating the Internet site. Consequently, there is no possibility for the user to object to this.
V. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are small text files that are stored in your web browser, or placed on the user’s computer system by the web browser. When a user visits a website, a cookie can be stored on the user’s operating system. Data are stored in the cookie and kept in readiness for a subsequent visit. This cookie contains a distinctive character string that enables the browser to be definitively identified during a new visit to the website.
This website uses the following types of cookies, whose scope and functionality is set out below:
- Transient cookies (see: a)
- Persistent cookies (see: b).
a) Transient cookies are deleted automatically when you close the browser. These include session cookies in particular. These store a “session ID”, which is used to enable different requests from your browser to be assigned to the common session. This enables your computer to be recognized again if you return to our website. Session cookies are deleted when you log out or close your browser
b) Persistent cookies are deleted after a specified time, which can vary depending on the cookie. You can delete the cookies at any time via the security settings of your browser.
User data collected in this way will be pseudonymiszed by means of technical measures. Hence, it will no longer be possible for the data to be matched with the requesting user. The data will not be stored together with other personal data of the user.
You can prevent cookies from being saved by adjusting the settings on your browser application; however, please note that in this case you may be unable to use all of the functions on this website to their full extent.
2. Legal basis for the data processing
The legal basis for the processing of personal data through the use of cookies is Art. 6(1) (f) of the GDPR.
3. Purpose of data processing
The analysis cookies are used for the purposes of improving the quality of our website and its contents. The analysis cookies enable us to understand how the website is used and hence to continuously optimize our offering.
Use of Google Analytics: Use of Google Analytics: This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, i.e. text files that are saved on your computer and enable analysis of your use of the website. Information on your use of this website that is generated by the cookie is usually transferred to a Google server in the USA and saved there. If IP anonymization is activated on this website, your IP address will first be truncated by Google within a member state of the European Union or other contracting state parties to the Agreement on the European Economic Area. Only in exceptional cases will a full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to analyze your use of the website, compile reports on website activities and to provide additional services to the website operator in connection with use of the website and the Internet.
The IP address that your browser transmits in connection with Google Analytics will not be pooled with other Google data.
You can prevent cookies from being saved by adjusting the settings on your browser application; however, please note that in this case you may be unable to use all of the functions on this website to their full extent.
In addition, you can prevent Google from collecting and processing the data relating to your use of the website that has been generated by the cookie (including your IP address) by downloading and installing the browser plugin which is available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension “_anonymizeIp()”. In this way, truncated IP addresses can be subjected to further processing but a direct link to a particular individual is thus excluded.
The use of Google Analytics is carried out in compliance with the conditions communicated to Google by the German Data Protection Authorities. Information concerning the third-party provider:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html,
Data protection summary: http://www.google.com/intl/de/analytics/learn/privacy.html,
And the privacy notice: http://www.google.de/intl/de/policies/privacy.
This website reserves the right to use Google Analytics also for cross-device analysis of the flow of visits made with a given user ID. You can deactivate cross-device analysis of your usage in your customer account under “My Data”, “Personal Data”.
For these purposes, our legitimate interest in the processing of personal data is also based on Art. 6(1)(f) of the GDPR. Our legitimate interest is based on optimization of our online offering and our web presence.
VISABLE web beacon: This web beacon for analysis and marketing purposes and products and services of Visable GmbH (www.visable.com/en_uk [4]) is a JavaScript code embedded on our website. This web beacon technology is used to collect, process and store data to create pseudonymized and, where possible, completely anonymous usage profiles. Collected data which may still include personal data is transmitted to or collected directly by Visable GmbH and used to create the stated usage profiles. IP addresses identified as personal are deleted immediately. Users of this website are therefore not personally identified and no other personal data is merged with these usage profiles.
4. Duration of storage, options to object or request erasure
Cookies are stored on the user’s computer, which transmits these to our site. Hence, you, as the user, are in full control of the use of cookies. You can deactivate or limit the transmission of cookies by adjusting the settings in your web browser. Any cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible for all of the website’s functions to be used to their full extent.
For individual details on the duration of storage and on the option to object or request erasure of the cookies concerned: see items V. 1 and 3 above.
VI. Links to other websites
1. Links
The on-line offering contains links to other websites (so-called external links). We have no influence over whether the operates of other websites are complying with data protection regulations.
As a provider, BUSE is responsible for its own content in accordance with general legislation. A distinction is to be drawn between this internal content and, inter alia, “links” to other content made available by other providers. BUSE accepts no liability for external content that is made available for use via links and identified accordingly, nor does it adopt such content as its own. The provider of the website referred to shall be solely liable for illegal, erroneous or incomplete content, as well as for losses or damage resulting from use or non-use of the information. The editorial department shall be responsible for third-party information only if they are positively aware of it, including any unlawful or criminal content, and it is technically possible and reasonable to prevent its use.
VII. Contact form and email contact
1. Description and scope of data processing
Our website contains a contact form which can be used for electronic communications with us. If a user avails him/herself of this option, the data entered into the input form will be transmitted to us and stored. These data consist of:
- your name;
- your email address and;
- the message.
At the time of submitting the message, the following data will also be stored:
- the date and time of submission,
No log files will be saved. Nor will your inquiries be stored in an internal inquiries database. Insofar as the web offering contains an option to enter additional personal or business data, the provision of such data by user is done on an expressly voluntary basis. Even in this case, your data will be handled confidentially and will not be passed to third parties. Nor will these data be linked to the above-mentioned access data.
Alternatively, it is also possible to contact us at the following email address: info@buse-group.com. In this case, the user’s personal data submitted with the email will be stored.
If you contact us by email or via a contact form, we will store the data you have provided in order to respond to your queries. We will delete the data we receive in this connection once their storage is no longer necessary or, if statutory retention obligations apply, restrict their processing. No data will be passed to third parties in connection with this. The data will be used solely for the purposes of processing the communications.
2. Legal basis for the data processing
The legal basis for processing the data transmitted in the course of sending an email is Art. 6(1)(f) of the GDPR. If the email is sent with a view to concluding a contract, or in connection with the performance of a contract, an additional legal basis for the processing is Art. 6(1)(b) of the GDPR.
3. Purpose of data processing
We will process personal data from the entry form for the sole purpose of responding to the received communication. If contact is made by email, there will also be a necessary legitimate interest in processing the data.
The other data that are processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our technical information systems.
4. Duration of storage
The data will be deleted as soon as their collection is no longer necessary in order to achieve the purpose. With respect to personal data from the entry form’s input screen and data sent by email, this will be the case when the respective conversation with the user is terminated. The correspondence shall be regarded as terminated if the circumstances indicate that the issue concerned has been fully resolved.
5. Options to object or request erasure
If the user makes contact with us by email, he/she can object to the storage of his/her personal data. In such case, it will not be possible to continue with the correspondence.
An objection to the storage may be made by either email, post or fax.
In such case, all personal data that have been stored in connection with the received communication shall be erased.
VIII. Rights of the data subject
If your personal data are being processed, you are the data subject within the meaning of the GDPR and you have the following rights against the controller:
1. Right of access
You are entitled to request confirmation from the controller as to whether we are processing personal data concerning you.
If such processing is taking place, you are entitled to request the following information from the controller:
(1) the purposes for which the personal data are being processed;
(2) the categories of personal data that are being processed;
(3) the recipients, or categories of recipients, to whom the personal data concerning you have been, or will be, disclosed;
(4) the envisaged period for which the personal data concerning you will be stored or, if specific information on this cannot be provided, the criteria used to determine that period;
(5) the existence of a right to rectification or erasure of the personal data concerning you, or a right to restriction of processing by the controller or a right to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You shall have the right to be informed whether personal data concerning you are being transferred to a third country or an international organization. In this respect, you shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
2. Right to rectification
If processed personal data concerning you are incorrect or incomplete, you have the right to demand their rectification or completion by the controller. The controller must perform the rectification without undue delay.
3. Right to restriction of processing
You shall have the right to demand restriction of processing of the personal data concerning you where one of the following applies:
(1) if you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you opposes the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or;
(4) if you have objected to processing pursuant to Article 21(1) of the GDPR, pending the verification whether the legitimate grounds of the controller override your grounds.
Where processing of personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
4. Right to erasure
a) Duty of erasure
You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase such data without undue delay where one of the following grounds applies:
(1) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;
(4) the personal data concerning you have been unlawfully processed;
(5) the personal data concerning you have to be erased for compliance with a legal obligation under European Union or Member State law to which the controller is subject;
(6) the personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
Provision of information to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copies or replications of, those personal data.
Exceptions
The right to erasure shall not apply to the extent that the processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation that requires processing, under European Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR insofar as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defense of legal claims.
5. Right to notification
If you have exercised your right to rectification or erasure of personal data or restriction of processing against the controller, it shall communicate such rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to request the controller to inform you about these recipients.
6. Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to point (a) of Art. 6(1) of the GDPR or point (a) of Art. 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and
(2) the processing is carried out by automated means.
In exercising this right, you shall have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.
The exercise of the right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.
The controller no longer process your personal data, unless we can demonstrate compelling legitimate reasons for such processing, which outweigh your interests, rights and freedoms, or if such processing assists in the enforcement, exercise or defense of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw a declaration of consent given in accordance with data protection law
You have the right to withdraw your declaration of consent given in accordance with data protection law at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy under Article 78 of the GDPR.
You can contact the competent supervisory authority for BUSE as follows:
Landesbeauftragte für den Datenschutz und die Informationsfreiheit (The Rhineland-Palatinate State Commissioner for Data Protection and Freedom of Information)
Postfach 30 40
55020 Mainz
Phone: +49 (0)6131 20824-49
Fax: +49 (0)6131 20824-97
poststelle@datenschutz.rlp.de