Modern information and communications technologies play an increasingly large role in the activities of the BÜFA Group. That is why we take the protection of your privacy and personal particulars that you make available to us very seriously. We observe the provisions of the German Federal Data Protection Act as a matter or course. Details of any data we possibly collect and how we handle such data are set out below.

Responsibility

BÜFA GmbH & Co. KG
Stubbenweg 40
26125 Oldenburg, Germany
Phone +49 441 9317-0
E-mail: info@buefa.de

What personal data are collected and processed?

You can visit our websites without us requiring any personal data from you. We only learn the name of your Internet Service Provider, the website from which you visit us and the pages that you visit on our website. Personal data are only requested and processed if you use specific services. Your attention is then specifically drawn to this in the menu.

For what purposes do we collect and process your personal data?

As we are constantly endeavouring in a continuous process to improve both our services and your experience with our websites, the above general data are evaluated statistically. However, for this purpose we are interested in your personal opinion and your sphere in this connection. That is why at some points we request you to provide additional information. This information is voluntary and we naturally treat it confidentially.

If you use our services, generally we only collect such data as we need to provide the services. In as far as we ask you for any further data, this comprises voluntary information. The personal data are processed solely to perform the service requested and to maintain our own justified business interests.  

Are personal data passed on to third parties?

We will only pass on your personal data to third parties in as far as this is absolutely necessary to provide the service requested. Beyond this we will not disclose, pass on, sell or otherwise market your personal data to other enterprises or institutions unless your express declaration of agreement to this is received. The situation is different if we are obligated to disclose and transmit the data by law or by a court judgement.

Cookies

We insert cookies in some areas on our website. These are codes that allow us to individualise our services to you during your visit. We do not use cookies to collect personal data. If you would like to be informed about or exclude the use of cookies by your browser, you should activate the corresponding browser settings. 

Contacting

You have the possibility to contact us in several ways. By contact form, by e-mail, by telephone or by post. If you contact us, we will use the personal data that you voluntarily provide to us for the sole purpose of contacting you and processing your enquiry.

The legal basis for this data processing is Art. 6 para. 1 letter a), Art. 6 para. 1 letter b), Art. 6 para. 1 letter c) GDPR and Art. 6 para. 1 letter f) GDPR.

Google Analytics

We use the web analysis tool "Google Analytics" (including "Google Search Console") to design our websites according to your needs. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read out by us. In this way we are able to recognise returning visitors and count them as such.

Google Ireland Limited and Google LLC support us within the framework of Google Analytics. (USA) support us as processors according to Art. 28 GDPR. Data processing can therefore also take place outside the EU or EEA. With regard to Google LLC, no adequate level of data protection can be assumed due to the processing in the USA. There is a risk that authorities may access the data for security and monitoring purposes without your being informed or having the right to appeal. Please take this into account if you decide to give your consent to our use of Google Analytics. 

The data processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or § 15 TMG, if you have given your consent via our banner. The transfer to a third country takes place on the basis of Art. 49 para. 1 lit. a GDPR.  

Embedded videos

On our websites we embed videos that are not stored on our servers. In order to ensure that calling up our web pages with embedded videos does not automatically lead to the reloading of third-party content, in a first step we only display locally stored preview images of the videos. This does not provide the third party provider with any information.

Only after a click on the preview image, content from the third party provider is loaded. The third party provider receives the information that you have called up our site and the usage data that is technically required in this context. We have no influence on further data processing by the third party provider. By clicking on the preview image, you give us the consent to reload contents of the third party provider. 

The embedding takes place on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or § 15 TMG, if you have given your consent by clicking on the preview picture. Please note that the embedding of many videos leads to your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without you being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer to an insecure third country is based on Art. 49 para. 1 lit. a GDPR.

Provider: YouTube / Google (USA) 

Maximum storage period: Google does not specify a specific duration for this.

Adequate level of data protection: No adequate level of data protection. The transmission is based on Art. 49 para. 1 lit. a GDPR.

Revocation of consent: If you have clicked on a thumbnail, the contents of the third party provider are immediately reloaded. If you do not wish such reloading on other sites, please do not click on the thumbnails anymore.

Map services

On our web pages we embed map services that are not stored on our servers. In order to ensure that calling up our web pages with embedded map services does not automatically lead to third-party content being loaded, we only display locally saved preview images of the maps in a first step. This does not provide the third party provider with any information.

Only after a click on the preview image will the content of the third party provider be loaded. The third party provider is then informed that you have called up our site and receives the usage data that is technically required for this purpose. We have no influence on further data processing by the third party provider. By clicking on the preview image, you give us the consent to reload contents of the third party provider. 

The embedding takes place on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or § 15 TMG, provided that you have previously given your consent by clicking on the preview image. 

Please note that the embedding of some card services means that your data will be processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer to an insecure third country is based on Art. 49 para. 1 lit. a GDPR. 

Provider: Google LLC (USA)

Maximum storage period: Google does not specify a specific duration for this.

Adequate level of data protection: No adequate level of data protection. The transmission is based on Art. 49 para. 1 lit. a GDPR. 

Revocation of consent:  If you have clicked on a thumbnail, the contents of the third party provider are immediately reloaded. If you do not wish such reloading on other sites, please do not click on the thumbnails anymore.

Use of IP addresses

It is pointed out that this website uses Google Analytics with the extension "_anonymizeIp()" and therefore IP addresses are only processed in abbreviated form in order to exclude direct personal references. 

Security

We have taken technical and organisational measures to prevent the personal data you provide against loss, destruction, tampering and unauthorised access. This includes the encrypted transmission of data using sha256RSA (2048 bits) signature algorithm. All our staff and third parties participating in data processing are obligated to observe the German Federal Data Protection Act and treat personal data confidentially.

We reserve the right to modify this declaration at any time. It does not constitute any contractual or other formal right vis-à-vis or on behalf of any party.

Information pursuant to Art. 13 Basic data protection regulation for applicants

The information regarding data protection for applicants can be found here.

Basic data protection regulation for social media

The information regarding the data protection of our social media presences can be found here.

Your rights as a user

When processing your personal data, the GDPR grants you as a website user certain rights:

1.) Right to information (Art. 15 GDPR): 

You have the right to request confirmation as to whether personal data relating to you are being processed; if this is the case, you have the right to access this personal data and the information specified in Art. 15 GDPR. 

2.) Right to rectification and cancellation (Art. 16 and 17 GDPR):

You have the right to demand the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete personal data. 

They also have the right to demand that personal data relating to them be deleted immediately if one of the reasons specified in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued. 

3.) Right to limit the processing (Art. 18 GDPR): 

You have the right to demand the restriction of the processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have lodged an objection against the processing for the duration of any examination. 

4.) Right to data transferability (Art. 20 GDPR): 

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.  

5.) Right of objection (Art. 21 GDPR): 

If data is collected on the basis of Art. 6 para. 1 lit. f (data processing to safeguard legitimate interests), you have the right to object to such processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are verifiable compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.

Right of appeal to a supervisory authority

Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority if you are of the opinion that the processing of the data concerning you violates data protection provisions. The right of appeal can be asserted in particular with a supervisory authority in the member state of your residence, your place of work or the place of the presumed infringement.

Contact details of the Data Protection Officer

We are supported by our data protection officer in fulfilling our data protection obligations. In the event of an enquiry, please name the company concerned which is involved. The contact details of our data protection officer are as follows: 

Dr. Uwe Schläger
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen, Germany

Web: www.datenschutz-nord-gruppe.de
E-mail: office@datenschutz-nord.de
Phone: 0421 69 66 32 0