Privacy policy

Scope

This privacy policy applies to all pages of https://www.bauwert.de/. It does not cover any linked websites of other providers.

Controller

The following party is known as the controller under data protection law and therefore responsible for the processing of personal data within the scope of this privacy policy:

BAUWERT Aktiengesellschaft
Lamer Straße 9, 93444 Bad Kötzting
Tel.: +49 30 8321150
Email: info@bauwert.de

Questions about data protection

If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer:

SPIRIT LEGAL Rechtsanwaltsgesellschaft mbH
Attorney-at-law and data protection officer
Peter Hense

Postal address:

Data protection officer
c/o BAUWERT Aktiengesellschaft, Lamer Straße 9, 93444 Bad Kötzting

Contact via encrypted online form:

Contact data protection officer

Security

We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, abuse, loss and other external disruption. To this end, we regularly review our security measures and adapt them to the latest standards.

Your rights

You have the following rights with regard to the personal data concerning you that you can assert against us:

• Right of access: You can request access to the personal data concerning you which we process, as set forth in Art. 15 GDPR.
• Right to rectification: If the information concerning you is not (or no longer) correct, you can request its rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
• Right to erasure: You may request the erasure of your personal data in accordance with Art. 17 GDPR.
• Right to restriction of processing: Pursuant to Art. 18 GDPR, you have the right to demand that the processing of your personal data be restricted.
• Right to object to processing: Pursuant to Art. 21(1) GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data which occurs based on Art. 6(1) Sentence 1(e) or (f) GDPR. If you object, we will not process your data further, unless we can prove compelling legitimate reasons for the processing which override your interests, rights and freedoms. Processing will also continue if the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). Furthermore, under Art. 21(2) GDPR you have the right to object at any time to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that this is related to such direct marketing. In this privacy policy, we draw your attention to this right to object when describing each processing operation.
• Right to withdraw your consent: If you have given your consent for processing, you have a right to withdraw that consent under Art. 7(3) GDPR.
• Right to data portability: You have the right to receive the personal data you have given us in a structured, commonly used, machine-readable format (“data portability”) and the right to transfer this data to another controller, if the prerequisites of Art. 20(1)(a), (b) GDPR are fulfilled (Art. 20 GDPR).

You can assert your rights by informing us using the contact details specified under “Controller” above or by contacting the data protection officer designated by us.

If you believe that the processing of your personal data violates data protection law, then under Art. 77 GDPR you also have the right to lodge a complaint with a data protection supervisory authority of your choice. This includes the data protection supervisory authority responsible for the controller:

Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, postal address: Postfach 1349, 91504 Ansbach, phone: +49981/180093-0, email: poststelle@lda.bayern.de, https://www.lda.bayern.de.

Using our website

In principle, you can use our website for purely informational purposes without disclosing your identity. When you access the individual pages of the website in this sense, this only results in access data being transferred to our web hosting service so that the website can be displayed to you. This involves the following data being processed:

• Browser type / browser version
• Operating system used
• Language and version of the browser software
• Date and time of access
• Hostname of the accessing device
• IP address
• Content of the request (specific page)
• Access status / HTTP status code
• Referrer URL (website visited before)
• Notification of whether the access was a success
• Volume of data transferred
• Time zone difference from GMT.

It is necessary for this data to be processed temporarily in order to make it technically possible for you to visit our website and to deliver the website to your device. The access data is not used to identify individual users and is not combined with other data sources. The data is also stored in log files, in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. We have legitimate interests in ensuring the functionality, integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to detect and prevent misuse. This includes, for example, defending against requests that would overload the service as well as against bots. Access data is erased after 14 days. In the case of recording the data to provide the website, this is the case when you end your visit to the website. The log data is generally stored directly and in such a way that it can only be accessed by administrators, and it is erased after seven days at the latest. After that, it is only indirectly available by reconstructing backups, and is finally erased after a maximum of four weeks.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Device information

In addition to the aforementioned access data, technologies are used when you use the website which store information on your device (e.g. desktop PC, laptop, tablet or smartphone) or access information which is already stored on your device. These technologies may include, for example, cookies, pixels, local storage, session storage, IndexedDB or browser fingerprinting technologies. These technologies can be used to recognise you across devices and websites.

Pursuant to Sect. 25(1) of the German Telecommunications and Digital Services Data Protection Act (TDDDG), we generally require your consent for the use of these technologies. Pursuant to Sect. 25(2) TDDDG, this is only not required if the technologies either enable the transmission of a message via a public telecommunications network or if they are strictly necessary to provide a telemedia service that you have expressly requested.

Technically necessary device information

Some elements of our website serve the sole purpose of transmitting a message (Sect. (2) No. 1 TDDDG) or are strictly necessary to provide you with our website or individual features thereof (Sect. 25(2) No. 2 TDDDG):

• Language settings
• Log-in information
• Session cookies
• Cookies for spam prevention.

The elements are erased at the latest upon expiry of the specified storage period.

You can prevent processing by adjusting your browser settings accordingly. For elements whose storage duration is not limited to the session, you can adjust your browser settings so that the elements are erased after your session has expired.

Technically non-essential device information

Our website also uses elements that are not technically essential. We only use these technologies with your consent in accordance with legal requirements. Information about the individual technologies and features can be found in our settings within the consent management platform (cookie banner) as well as in the following information, which is sorted according to the individual features.

Consent management platform

To make it easier for us to ask for your consent to the use of cookies or other tracking technologies so that we can process your device information and personal data when you visit our website, we use a consent tool. This gives you the opportunity to accept or decline the processing of your device information and personal data using cookies or other tracking technologies for the purposes listed. Such processing purposes may include the integration of external elements, integration of streamed content, statistical analysis, reach measurement, personalised product recommendations, or personalised advertising.

You can grant or refuse your consent for all processing purposes, or grant or refuse your consent for individual purposes or third-party providers.

You can change your settings again later on. The purpose of integrating the consent management platform is to allow users of our website to decide whether to allow cookies and similar technologies, and to offer them the opportunity to change settings that they have already made when they continue to use our website.

When the consent management platform is used, we process personal data as well as information from the devices used. The information about the settings you have made is also stored on your device.

The legal basis for the processing is Art. 6(1) Sentence 1(c) GDPR in conjunction with Art. 7(1) GDPR, insofar as the processing serves to fulfil the legally standardised obligations to provide evidence for the granting of consent. Otherwise, Art. 6(1) Sentence 1(f) GDPR is the relevant legal basis. Our legitimate interests in this processing lie in the storage of users’ settings and preferences with regard to the use of cookies and the evaluation of consent rates.

A new request for your consent will be made twelve months after you saved your user settings. Your user settings will then be saved again for this period, unless you delete the information about your user settings yourself beforehand in your device settings.

You may object to the processing, insofar as processing is based on Art. 6(1) Sentence 1(f) GDPR. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

The recipient of the personal data processed in this context is the provider of the consent management platform we use:

• Borlabs GmbH (Hamburger Str. 11, 22083 Hamburg, Germany) with regard to the Borlabs consent management platform.

Contacting our company

When you contact our company, e.g. by email on the website, we will process the personal data you provide so that we can respond to your request. The provision of a first and last name, a valid email address, the company name and the subject matter of the enquiry, as well as any further information you choose to include in your message to us, is mandatory for the processing of enquiries submitted via the contact form. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR and Art. 6(1) Sentence 1(b) GDPR, if the contact is made with the intention of concluding a contract. If the request is aimed at concluding a contract, it is necessary for you to provide your data. If you do not provide your data, it will not be possible to conclude/execute a contract and process the request. We erase the data arising in this context once processing is no longer necessary – as a rule, two years after the end of the communication.

You may object to the processing, insofar as it is based on Art. 6(1) Sentence 1(f) GDPR. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above.

Marketing via email and messenger services

Advertising to existing customers

We reserve the right to use the email address you provide when ordering in accordance with the statutory provisions in order to send you the following content by email at the time of or after your order, unless you have already objected to this processing of your email address:

• Interesting offers from our portfolio, in particular relating to new construction projects
• New offers involving our products and services
• Individual customer support
• Invitations to company events.

The legal basis of the data processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests in the processing described lie in enhancing and optimising our services, conducting direct marketing and ensuring customer satisfaction. We erase your data when you end the usage process.

We would like to point out that you can object to receiving direct marketing and to the processing of the data for direct marketing purposes at any time without incurring any costs other than the transmission costs according to the basic rates. Here you have a general right of objection without giving reasons (Art. 21(2) GDPR). To do this, click on the unsubscribe link in the relevant email or send us your objection to the contact details provided under “Controller”.

Information about new projects

You have the option to request information on new projects via the website, through which we will regularly inform you about the following content:

• Interesting offers from our portfolio, in particular relating to new construction projects
• New offers involving our products and services
• Individual customer support
• Invitations to company events.

To receive the information, you must provide your name (name or pseudonym) and your email address (the information that we send by email). We process this data for the purpose of sending the information and for as long as you have subscribed to the information.

The legal basis of the processing is Art. 6(1) Sentence 1(a) GDPR. We will process your data until you withdraw your consent.

You can withdraw your consent to the processing of your email address for the purpose of sending you information at any time, either by clicking directly on the unsubscribe link in the email or by sending us a message using the contact details provided under “Controller”. This will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

Double opt-in procedure

To document your registration and prevent misuse of your personal data, registration for our email updates takes place by means of the so-called double opt-in procedure. Once you have entered the data marked as mandatory, we will send you an email to the email address you have provided, in which we ask you to expressly confirm your subscription by clicking on a confirmation link. We process your IP address, the date and time of your registration and the time of your confirmation. This is how we ensure that you really want to receive information from us by email.

We are legally obliged to be able to demonstrate that you have consented to the processing of your personal data in connection with registering (Art. 7(1) GDPR). Due to this legal obligation, this data processing is carried out on the basis of Art. 6(1) Sentence 1(c) GDPR.

You are not obliged to provide your personal data during the registration process. However, if you do not provide the required personal data, we may not be able to process your subscription or process it in full. If you do not confirm your subscription within 24 hours, we will block the information transmitted to us and erase it automatically after one month at the latest. Once you confirm your registration, we will process your data for as long as you have subscribed to the information.

Hosting

We use external hosting services provided by DomainFactory GmbH (Neuturmstrasse 5, 80331 Munich), which serve to provide the following services: infrastructure and platform services, computing capacity, storage resources and database services. For these purposes, all of the data required for the operation and use of our website – including the access data mentioned under “Using our website” – is processed. The provider processes your personal data on the basis of a data processing agreement pursuant to Art. 28 GDPR, acting as our processor.

Integration of third-party content

Mapbox

This website uses the Mapbox service provided by Mapbox (Mapbox GmbH, Westendstr. 28, 60325 Frankfurt am Main, and Mapbox, Inc., 1133 15th St NW, Suite 825, Washington, DC 20005, US; hereinafter referred to as: “Mapbox”) for the purpose of displaying maps or sections of maps, thereby enabling convenient use of the map function on the website. When you visit the website, Mapbox receives the information that you have accessed the relevant subpage of our website. Mapbox processes the following data: identifiers, such as a randomly generated session ID, as well as the IP address, for the purpose of providing the service. This data is erased within 30 days after the end of the website visit. In addition, Mapbox processes internet or other electronic network activity, such as timestamps of received data elements, and interaction data, such as your departure from a specific navigation route, as well as browser information and the operating system – see the section “Using our website”. Furthermore, Mapbox collects your geolocation data, the association of which with a generated session ID is removed within 24 hours. As an end user, you may at any time change your location permissions for specific licensed applications via your mobile device and disable access to location data.

With regard to the storage of and access to information on your device, your consent is the legal basis pursuant to Sect. 25(1) TDDDG; for further processing, your consent is also the legal basis pursuant to Art. 6(1) Sentence 1(a) GDPR. Mapbox also processes your personal data in the US. The EU Commission has issued an adequacy decision for data transfers to the US. Mapbox, Inc. is certified under this.

You can withdraw your consent to the processing at any time by moving the slider back for the specific third-party provider in the consent tool settings. Please note that this will not affect the lawfulness of the processing before your withdrawal.

Services for statistical, analysis and marketing purposes

We use services from third parties for statistical, analysis and marketing purposes. This enables us to offer you a user-friendly, optimised experience when visiting the website. The third-party providers use cookies, pixels, browser fingerprinting or other tracking technologies to control their services. In the following, we inform you about the services from external providers currently in use on our website, about the related processing in each case, and about how you can withdraw your consent.

Google Analytics 4

In order to tailor our website perfectly to user interests, we use Google Analytics, a web analytics service from Google (Google Ireland, Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US; hereinafter referred to as: “Google” and “Google Analytics 4”). Google Analytics 4 uses so-called cookies, which are stored on your device for recognition purposes, as well as similar tracking methods for the purpose of device recognition such as tracking pixels, device fingerprinting and programming interfaces (e.g. APIs and SDKs) in order to process information from your device. For this purpose, your device is assigned a randomly generated identification number (cookie ID / device ID).

Google uses these technologies to process the information generated about the use of our website by your device as well as access data for the purpose of statistical analysis – such as the fact that you have visited a certain page; the number of unique visitors; entry and exit pages; time spent by the visitor on the website; clicking, swiping and scrolling behaviour; activation of buttons; registration for the newsletter; bounce rate; and similar user interactions. For this purpose, it is also possible to determine whether different devices belong to you or to your household. Access data includes in particular the IP address, browser and device information, cookie ID / device ID, the website visited before and the date and time of the server request.

In Google Analytics 4 systems, no individual IP addresses are logged or stored. At the time of collection of your IP address by Google in dedicated local data centres in the EU, your IP address will be used to determine location information. The IP address is then erased before the access data is stored in a data centre or on a server for Google Analytics. In Google Analytics 4 no precise data about the geographical location is provided, but only general location information such as the region and city of the device’s location derived from the IP address. Google will process this information for the purpose of evaluating your use of this website, compiling reports for us on website activity, and – where we point this out separately – providing us with other services relating to website usage. If you are registered with a Google service, Google can associate the visit with your account and create and evaluate user profiles across applications.

In addition, a cross-platform analysis of usage behaviour is carried out on websites and apps that use Google Analytics 4 technologies. This enables equal recording, measurement and comparison of usage behaviour across different environments. For example, user scrolling events are automatically recorded to provide a better understanding of how websites and apps are used. For this purpose, different cookie IDs / device IDs are used for different devices. Subsequently, we are provided with anonymised statistics on the use of the various platforms, compiled according to selected criteria.

With the aid of Google Analytics 4, audiences are automatically created for specific cookie IDs / device IDs or mobile advertising IDs, which are subsequently used for personalised advertising communication. Audience criteria may include but are not limited to: users who have viewed products but not added them to a shopping cart or have added them to a shopping cart but not completed the purchase OR users who have purchased certain items. An audience comprises at least 100 users. With the help of the Google Ads tool, interest-based ads can then be displayed in search results. Similarly, it is possible to recognise users of websites on other websites within the Google advertising network (in Google Search, on YouTube, so-called Google Ads, or on other websites) and present them with ads tailored to the specified audience criteria.

With regard to the storage of and access to information on your device, your consent is the legal basis pursuant to Sect. 25(1) TDDDG; for further processing, your consent is also the legal basis pursuant to Art. 6(1) Sentence 1(a) GDPR. Google also processes the data in part in the US. The EU Commission has issued an adequacy decision for data transfers to the US. Google, LLC is certified under this. So-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at: https://cloud.google.com/terms/sccs. Your data processed in connection with Google Analytics 4 will be erased after 24 months at the latest. For further information about privacy at Google, please refer to: http://www.google.de/intl/en/policies/privacy.

You can withdraw your consent to the processing at any time by moving the slider back in the consent tool “Settings”. This does not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

Copyright by Spirit Legal