Data Privacy Statement

1. Introduction

With the following information we would like to give you as the “data subject” an overview of how we process your personal data and your rights under the data protection laws. Using our Internet sites is possible without the disclosure of personal data. However, if you wish to use special services of our company through our website, it may be necessary for us to process your personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address or e-mail address, is always in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific privacy regulations applicable to “BAUFORMAT Küchen GmbH & Co. KG”. By means of this data policy statement we would like to inform you of the scope and purpose of the personal data collected, used and processed by us.

We have implemented many technical and organizational measures as controllers of the processing in order to ensure the most complete protection possible for personal data processed through this website. Nevertheless, Internet-based data transmissions can in principle have security gaps such that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us in alternative ways, such as by phone or by post.

2. Controller

Bauformat Küchen GmbH & Co. KG
Kattwinkel 1
D-32584 Löhne

Tel: +49 (0) 57 32 / 1 02-0
Fax: +49 (0) 57 32 / 1 02-208
E-mail: info(at)bauformat(dot)de

VAT-ID No.: DE 124323068

District court: Stendal, HRB 56

Company headquarters: Löhne, Germany
Managing Directors: Delf Baumann, Michael Assner, Matthias Berens, Sabine Brockschnieder

3. Data Protection Officer

You can contact the data protection officer via the following media:

Tel: +49 (0) 52 21 / 8 54 96-90
Fax: +49 (0) 52 21 / 8 54 96-99
E-mail: datenschutz(at)bauformat(dot)de

You can contact our data protection officer at any time with any questions or suggestions regarding data protection.

4. Definitions

This data privacy statement is based on the terminology used by the European legislature and legislature in the adoption of the General Data Protection Regulation (GDPR). Our data privacy statement should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain in advance the terminology used.

Amongst others, we use the following terms in this data privacy statement

a. Personal data
Personal data is all information relating to an identified or identifiable natural person. A natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b. Data subject
The Data Subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

c. Processing
Processing is considered to be any process or series of operations related to personal data, such as retrieval, collection, organization, ordering, storage, adaptation or modification, read-out, queries, use, disclosure by transmission, dissemination or other form of provision, matching or linking, restriction, deletion or destruction performed with or without the aid of automated procedures.

d. Restriction of processing
Restriction of processing is the marking of personal data stored with the aim of limiting its future processing.

e. Profiling
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f. Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

g. Processor
The Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

h. Recipient
The Recipient is a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not the recipient is a third party. However, authorities which may receive personal data under Union or Member State law within the framework of a specific mandate for investigation are not considered as recipients.

i. Third party
A Third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data.

j. Consent
Consent is considered to be any expression of will voluntarily given by the data subject in an informed and unambiguous manner in the form of a statement or other unambiguous confirmatory act in which the data subject indicates that they are provide consent to the processing of the personal data concerned.

5. Legal Basis of the Processing

Art. 6 (1) a, GDPR serves our company as the legal basis for processing operations where we obtain consent for a particular processing purpose.

If the processing of personal data is necessary to fulfil a contract of which you are a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, the processing is based on Art. 6 (1) b, GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 (1) c, GDPR.

In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Processing in such cases would be based on Art. 6 (1) d, GDPR.

Finally, processing operations could be based on Art. 6 (1) f, GDPR. On this legal basis, processing operations that are not covered by any of the above legal bases are required if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the data subject concerned prevail. Such processing operations are particularly allowed to us because they have been specifically mentioned by the European legislator. This takes effect insofar as a legitimate interest could be assumed if you are a customer of our company (recital 47 (2), GDPR).

6. Additional information for the data subject concerning the collection of personal data

  • General information for the data subject concerning the collection of personal data as an employee, apprentice, trainee, intern or working student
  • General information for the data subject concerning the collection of personal data as a communications partner and contact
  • Information for the data subject concerning the collection of personal data as a customer, prospective customer, service provider or supplier

Information employee DSGVO
Information consumer DSGVO
Information communications partner DSGVO

7. Technology

7.1 SSL/TLS Encryption
 

This site uses SSL or TLS encryption to ensure the security of the data processing and to protect the transmission of confidential content, such as orders, login details or contact requests that you send to us as the operator. An encrypted connection can be recognized by the fact that the address bar of the browser contains “https://” instead of an “http://” and the lock symbol in your browser bar.

When SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.

7.2 Data Collection during Visits to the Websites

If our website is merely used for information purposes, i.e. if you do not register or communicate any other information to us, we only collect the personal data that you browser transfers to our server (in server log files). Our website collects a series of general data and information each time a page is accessed by you or an automated system. This general data and information is stored in the log files of the server. Data that could be collected includes:

  • The browser types and versions used
  • The operating system used by the accessing system
  • The website from which an accessing system arrives at our website (the referrer)
  • The sub-web pages that are accessed via an accessing system on our website
  • The date and time the website was accessed
  • A shortened Internet Protocol address (anonymised IP address)
  • The Internet service provider used by the accessing system.

When using this general data and information, we do not draw any conclusions on your person. Rather, this information is used for:

  • Delivering the contents of our website correctly
  • Optimising the content of our website as well as the advertising for it
  • Ensuring the long-term functionality of our IT systems and the technology of our website
  • Providing law enforcement with the necessary information for prosecution in the event of a cyber attack.


This collected data and information is therefore evaluated by us statistically on the one hand and on the other hand with the aim of increasing the data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.

The legal basis for this data processing is Art 6 (1.1) f, GDPR. Our legitimate interest follows from the data collection purposes listed above.

8. Cookies

8.1 General Information on Cookies


We use cookies on our website. These are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software.

Information is stored in the cookie which results in connection with the specific terminal used. However, this does not mean that we are immediately aware of your identity.

The use of cookies serves on the one hand to make the use of our offerings more convenient for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted when you leave our website.

Furthermore, we also use temporary cookies that are stored on your device for a specified period of time to optimise usability. The next time you visit our site to take advantage of our services, it will automatically recognize that you have already been with us and what inputs and settings you have made, so you do not have to re-enter them.

On the other hand, we also use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offerings. These cookies allow us to automatically recognize when you visit our site again that you have already visited us before. These cookies are automatically deleted after a defined time.

The data processed by cookies are for the purposes mentioned in order to safeguard our legitimate interests as well as third parties as required in accordance with Art. 6 (1.1) f, GDPR.

Most browsers accept cookies automatically. However, you can configure your browser such that no cookies are stored on your computer or such that a message always appears before a new cookie is created. However, disabling cookies completely may mean that you can not use all features of our website.

9. Content of our Website

9.1 Registration as a User


You have the option of registering on our website by providing personal information.

Which personal data is transmitted to us depends on the respective input mask which is used for the registration. The personal data entered by you is collected and stored solely for internal use by us and for our own purposes. We may arrange for the transfer to one or more order processors, such as a parcel service, who also uses the personal information solely for internal use attributable to us.

By registering on our website, the IP address assigned by your Internet service provider (ISP) as well as the date and time of registration are stored. This data is stored only against the background of preventing the misuse of our services, and such that this data makes it possible to clarify committed offenses where necessary.

In this respect, the storage of this data is required for our protection. This data will not be disclosed to third parties unless there is a legal obligation for us to do so or the disclosure serves law enforcement obligations.

Your registration under the voluntary provision of personal data also serves us to offer you content or services that, due to the nature of the case, can only be offered to registered users. Registered persons are free to change the personal data given at registration at any time or to have it deleted completely from our database.

We will give you information on request at any time about which of your personal data is stored. Furthermore, we will correct or delete personal data at your request, as far as there are no statutory storage requirements. A data protection officer named specifically by name in this data protection declaration and all other employees are available to the data subject in this context as a contact person.

Your data is processed in the interest of the convenient and easy use of our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) f, GDPR.

9.2 Making Contact / Contact Form

When contacting us (for example via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used solely for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 (1) f, GDPR. If your contact is aimed at concluding a contract, then an additional legal basis for processing is Art. 6 (1) b, GDPR. Your data will be deleted after final processing of your request; this is the case if it can be inferred from the circumstances that the matter in question is finally clarified and provided that this is not in conflict with any statutory storage requirements.

9.3 Application Management / Vacancies

We collect and process the personal data of applicants for the purpose of completing the application process.

The processing can also be performed electronically. This is particularly the case if an applicant submits the relevant application documents electronically, for example by e-mail or via a web form on the website. If we conclude a contract of employment with an applicant, the transmitted data will be stored for the purpose of the employment relationship in compliance with the legal requirements. If we do not conclude a contract of employment with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests on our part. Other legitimate interests in this sense are, for example, a burden of proof in a procedure under the German Federal Act of Equal Treatment (AGG).

In this respect, data processing takes place solely on the basis of our legitimate interest in accordance with Art. 6 (1) f, GDPR.

10. Newsletter Dispatch

10.1 Newsletter Dispatch to Regular Customers


If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services such as those already purchased from our range by e-mail. We do not have to obtain separate consent from you to do so in accordance with § 7 (3) German Federal Law against Unfair Competition (UWG). In this respect, data processing takes place solely on the basis of our legitimate interest in personalised direct marketing in accordance with Art. 6 (1) f, GDPR. If you object to the use of your e-mail address for this purpose at the time of submission, we will not send you mail. You are entitled to object to the use of your e-mail address for the purpose described above at any time with effect for the future by sending a message to the persons responsible named above. For this purpose, you only have to pay transmission costs in accordance with the standard rates. Upon receipt of your objection, the use of your e-mail address for marketing purposes will cease immediately.

11. Our Activities in Social Networks

In order that we can communicate with you in social networks and provide information on our services, we are represented there with our own pages.

We are not the original provider (controller) of these pages, but use them only in the context of the options offered by the respective provider.

Therefore, as a precautionary measure, we point out that your data may also be processed outside the European Union or the European Economic Area. Use can therefore have privacy risks for you, because the protection of your rights, e.g. information, deletion, opposition, etc. can be difficult and processing in social networks is often performed directly for advertising purposes or to analyse user behaviour by providers without us being able to influence this. If user profiles are created by the provider, cookies are often used or the usage behaviour is assigned directly to your own member profile of the social networks (if you are logged in here).

The described processing operations of personal data is performed in accordance with Art. 6 (1) f, GDPR, based on our legitimate interest and the legitimate interests of the respective provider in order to communicate with you in a timely manner or to inform you of our services. If you have to give consent to the respective providers for the data processing as a user, the legal basis for this is Art. 6 (1) a, GDPR, cf. Art. 7 GDPR.

Since we have no access to the databases of the providers, we point out that it is best for you to assert your rights (for example, to information, correction, deletion, etc.) against the respective provider directly. We have listed below further information on the processing of your data in the social networks and the possibility of exercising your right of objection or revocation (so-called opt-out) with the respective provider of the social networks that we use:

11.1 Facebook

Controller for data processing in Europe:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Data Privacy Statement (data guidelines):
https://www.facebook.com/about/privacy

Opt-out and advertising settings:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Facebook is a participant within the EU-US Privacy Shield agreement:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
https://de-de.facebook.com/about/privacy/

11.2 Google+ / YouTube

Controller for data processing:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data Privacy Statement:
https://policies.google.com/privacy

Opt-out and advertising settings:
https://adssettings.google.com/authenticated

Google is a participant within the EU-US Privacy Shield agreement:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

11.3 LinkedIn

Controller for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Data Privacy Statement:
https://www.linkedin.com/legal/privacy-policy

Opt-out and advertising settings:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

LinkedIn is a participant within the EU-US Privacy Shield agreement:
https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

11.4 Twitter

Controller for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Data Privacy Statement:
https://twitter.com/de/privacy

Information on your data:
https://twitter.com/settings/your_twitter_data

Opt-out and advertising settings:
https://twitter.com/personalization

Twitter is a participant within the EU-US Privacy Shield agreement:
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

11.5 XING

Controller for data processing in Germany:
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany

Data Privacy Statement:
https://privacy.xing.com/de/datenschutzerklaerung

Information requests for XING members:
https://www.xing.com/settings/privacy/data/disclosure

11.6 Instagram

Controller for data processing in Europe:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Data Privacy Statement:
https://help.instagram.com/519522125107875

Opt-out and advertising settings:
https://help.instagram.com/1896641480634370?ref=ig

Information requests for Instagram members:
https://www.instagram.com/accounts/privacy_and_security/

11.7 Pinterest

Controller for data processing in Europe:
Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

Data Privacy Statement:
https://policy.pinterest.com/de/privacy-policy

Opt-out and advertising settings:
https://policy.pinterest.com/de/privacy-policy

Pinterest is a participant within the EU-US Privacy Shield agreement:
https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM&status=Active

11.8 Houzz

Controller for data processing in Europe:
Houzz Inc., 285 Hamilton Avenue, 4th Floor, Palo Alto, CA 94301, USA

Data Privacy Statement:
https://www.houzz.de/privacyPolicy

Opt-out and advertising settings:
https://www.houzz.de/cookiePolicy

Information requests for Houzz members:
https://help.houzz.com/s/?language=en

12. Plug-ins and Other Services

12.1 Google Maps

We use Google Maps (API) on our website, provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (country) maps to visually display geographic information. By using this service you can, for example, see our location and make it easier to get there.

When you visit any of the subpages where the Google Maps map is incorporated, information about your use of our website (such as your IP address) is transmitted to Google’s servers in the United States and stored there. This is done regardless of whether Google provides a user account that you are logged into, or if there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want this association with your profile on Google, you will need to log out of your Google Account. Google stores your data (even that of users that are not logged in) as usage profiles and evaluates them. According to Art. 6 (1) f, GDPR, such an evaluation is based on the legitimate interests of Google in the display of personalized advertising, market research and/or the customized design of its website. You have a right of objection to the formation of these user profiles, and you must assert your claim to these rights against Google directly

US-based Google LLC is certified under the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

If you do not agree with the future transmission of your data to Google when using Google Maps, you can also disable the Google Maps web service completely by turning off the JavaScript application in your browser. You will then no longer be able to use Google Maps and the map display on this website.

The use of Google Maps is in the interest of an attractive presentation of our online offerings and to facilitate easy location of the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) f, GDPR.

You can view the Google Terms of Use at https://www.google.de/intl/de/policies/terms/regional.html, and you will find the additional Google Maps Terms of Service at https://www.google.com/intl/de_US/help/terms_maps.html.

You will find further information on privacy in relation to the use of Google Maps, on the Google website (“Google Privacy Policy”): https://www.google.de/intl/de/policies/privacy/

12.2 Google Web Fonts

Our website uses web fonts provided by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States for consistent font representation. When you visit a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.

To do this, the browser you use must establish a connection to Google’s servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of the uniform and attractive presentation of our website.

This constitutes a legitimate interest within the meaning of Art. 6 (1) f, GDPR.

US-based Google LLC is certified under the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

You will find further information on Google Web Fonts at https://developers.google.com/fonts/faq and in the Google Privacy Policy: https://www.google.com/policies/privacy/

13. Your Rights as a Data Subject

13.1 Right to Confirmation

You have the right to ask us for confirmation that your personal data is being processed.

13.2 Right to Information, Art. 15 GDPR

You have the right at any time to receive free information from us about the personal data stored about you as well as a copy of this data.

13.3 Right to Rectification, Art. 16 GDPR

You have the right to demand the correction of incorrect personal data relating to you. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

13.4 Right to Deletion, Art. 17 GDPR

You have the right to demand that the personal data relating to you be deleted without delay, provided that one of the reasons provided by law applies and that processing is not required.

13.5 Restriction of Processing, Art. 18 GDPR

You have the right to demand that we restrict processing if one of the legal requirements is met.

13.6 Data Portability, Art. 20 GDPR

You have the right to receive personally identifiable information that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another person without hindrance by us, who has been provided with the personal data, provided that the processing is based on the consent pursuant to Art. 6 (1) a, GDPR or Art. 9 (2) a, GDPR or on a contract pursuant to Art. 6 (1) b, GDPR, and processed by automated means, unless the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority which has been entrusted to us.

Furthermore, when exercising your right to data portability under Art. 20 (1), GDPR, you have the right to effect that your personal data is transmitted directly from one controller to another, where technically feasible and insofar as the rights and freedoms of other persons are not affected.

13.7 Right to Object, Art. 21 GDPR

You have the right at any time for reasons arising from your particular situation to object to the processing of personal data relating to you which is processed on the basis of Art. 6 (1) e (data processing in the public interest) or f (data processing based on a balance of interests), GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4, GDPR.

If you object, we will no longer process your personal information unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if processing is for the purpose of enforcing, pursuing or defending legal claims.

In individual cases, we process personal data in order to operate direct marketing. You may at any time object to the processing of personal data for the purpose of such advertising. This also applies to profiling, insofar as it is associated with such direct marketing. If you object to our processing for direct marketing purposes, we will no longer process the personal data for these purposes.

Furthermore, you have the right, for reasons arising from your particular situation, to object to the processing of personal data relating to you by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) of the GDPR, unless such processing is necessary for satisfying a task that is in the public interest.

You are free within the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right of objection through automated procedures, in which technical specifications are used.

13.8 Revocation of a Data Protection Consent

You have the right to withdraw your consent to the processing of personal data at any time with future effect.

13.9 Complaints via a Regulatory Authority

You have the right to complain to a data protection supervisory authority about our processing of personal data.

14. Routine Storage, Deletion and Blocking of Personal Data

We process and store your personal data only for the period required to achieve the purpose of the storage or as provided by the legislation to which our company is subject.

If the purpose of the storage is no longer valid or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

15. Duration of the Storage of Personal Data

The criterion for the duration of the storage of personal data is the respective statutory retention period. Once this period has expired, the corresponding data will be routinely deleted, if it is no longer required to fulfil the contract or to initiate a contract.

16. Effectiveness of and Changes to the Data Privacy Statement

This Data Privacy Statement is currently valid and is valid as of May 2018.

Due to the continual development of our websites and offerings or due to changed legal or official requirements, it may be necessary to change this privacy statement. You can retrieve and print out the respective effective data privacy statement at any time on the website at “https://www.bauformat.de/datenschutz/”