The data controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is
August Brötje GmbH
We attach particular importance to protecting your personal data. Your personal data is processed in accordance with the data protection regulations, in particular the General Data Protection Regulation of the European Union (GDPR) and the German Federal Data Protection Act (BDSG).
The following information provides an overview of the nature, extent and purpose of collecting, processing and transferring personal data as well as the safety measures deployed to protect these data.
Personal data are individual information on personal or factual circumstances of an identified or identifiable natural person such as e.g. your name, address, telephone number, your date of birth as well your e-mail and IP address.
Personal data will be deleted as soon as the purpose for storage no longer applies. Due to legal retention periods, we may be obliged to store the data for a longer period of time.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights towards the data controller.
Right to information
You have the right, at any time upon request, to obtain information from us about personal data concerning you within the scope of Art. 15 GDPR.
Right to rectification
Pursuant to Art. 16 GDPR you have the right to demand immediate rectification and/or completion of your personal data from us if the personal data processed concerning you is incorrect or incomplete.
Right to delete
Pursuant to Art. 17 GDPR you have the right to demand that the personal data concerning you be deleted without delay.
Right to restriction of processing
Pursuant to Art. 18 GDPR you have the right to demand that the processing of the personal data concerning you be restricted.
Right to information
If you have the right to rectify, delete or restrict the processing in relation to us, we will notify all recipients to whom the personal data concerning you has been disclosed of such rectification or deletion of the data or restriction of processing, unless to do so proves to be impossible or would be associated with a disproportionate amount of effort. Pursuant to Art. 19 GDPR, you have the right to ask us to be informed by us about these recipients.
Right to data portability
Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you that you supplied to us in a structured, common and machine-readable format and to transmit this data to other data controllers. You also have the right to have the personal data concerning you transmitted directly by us to another data controller, insofar as technically feasible.
Right to object
Pursuant to Art. 21 GDPR, you have the right at any time, for reasons arising from your particular situation, to lodge an objection to the processing of any personal data concerning you that is taking place based on Art. 6 para. 1 lit. f GDPR.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purposes of such marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Exercise of your rights
If you wish to exercise one or more of the above rights, please contact our data protection officer.
Right to revoke the data protection consent declaration
Pursuant to Art. 7 para. 3 GDPR, you have the right to revoke any data privacy declarations of consent issued by you at any time. The revocation of consent does not affect the legality of the processing carried out based on the consent until the revocation.
Right to complain to a supervisory authority
Pursuant to Art. 77 GDPR you have the right to complain to a supervisory authority if you believe that the processing of personal data concerning you breaches the GDPR. If you have any questions regarding the processing of your personal data, you can contact our data protection officer, who is ready to assist with any enquiries, suggestions and complaints that you may have.
Data protection officer of
August Brötje GmbH
We reserve the right to make changes to our privacy statement to ensure that our privacy statement is always up to date with the current legal regulations. This applies also when the privacy statement needs to be adjusted due to new or redesigned services. The new privacy statement will then take effect the next time you use our services.
Use of hosting service providers
Our website is hosted on servers of a hosting provider, which is located in the EU, based on an order processing according to Art. 28 GDPR. Within the scope of its services, the hosting service provider may have access to personal data of our users, in particular to technical data, which arise within the scope of the technical communication between you and our website (e.g. server log files). However, he may not use them for his own purposes. The use of a hosting service provider is based on our legitimate interests pursuant to Art. 6 (1) f GDPR in the provision of infrastructure and platform services, computing capacity, e-mail dispatch and security services.
When you visit our website or use our services the device used for accessing the site automatically transmits log data (connection data) to our servers. The relevant information consists of:
The data collected are used exclusively for evaluating the data statistically to ensure operation and safety and to optimise processing of the offer. For security grounds, however, we reserve the right to inspect log files retroactively if we have sufficient grounds to suspect illegal usage. The data will not be stored for longer than necessary. This collection is carried out on the basis of our legitimate interest under Art. 6 (1) f GDPR.
We make use of so-called "functional cookies" that render surfing and browsing on our website more convenient for you. Thus, for example, website settings, login status or language settings are saved. These cookies are either deleted immediately after browser is closed or else they are stored on your computer system for a specified period of time. After that period expires, they are then deleted automatically. The length of the relevant storage periods may differ, depending on the cookie.
The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f GDPR. Our legitimate interest arises from the data collection purposes outlined above. In no case do we use the data collected in order to draw any conclusions about you.
Security of Your Data
We deploy technical and organisational security measures to adequately protect the data that you have made available to us from being unintentionally or intentionally manipulated, lost, destroyed or accessed by unauthorised persons. Therefore, we are using SSL encryption for the transmission of confidential content e.g. enquires which you send to us as the site operator. An encrypted connection can be recognised when the web address changes from "http://" to "https://" and a padlock symbol is shown in your browser bar. When SSL encryption is activated, third parties cannot read the data that you transmit to us. Our security measures are kept up-to-date.
If you contact us (e.g. via contact form, e-mail, telephone, social media), your personal data will be stored and processed by us for the purpose of processing the enquiry and any related follow-up questions pursuant to Art. 6 (1) b GDPR (within the framework of pre-contractual / contractual measures) or pursuant to Art. 6 (1) f GDPR (general enquiries). Depending on your request, the data you have input may be processed further in a specific way. In certain cases, data is passed on to third parties (service providers, e.g. Brötje Customer Service GmbH, logistics service provider) if this is necessary to processed the query / order. If and as long as you do not consent to any other use, the data will be processed exclusively for the purpose of processing queries / orders.
The data entered into the contact form remain with us until you request that they be deleted, you withdraw your consent to the storage of your data, or the purpose of the data storage is no longer given (i.e. after the successful processing of your request), provided there are no legal storage obligations to the contrary.
Only commercially interested parties and customers can apply on our website for registration as a Brötje Partner. An application for registration is made via a registration form. The data required is marked in the input mask. Additional data can be added to the required data voluntarily, using the form.
We process data, in order to enable traders and their employees to register as Brötje partners. Whenever personal data of an applicant are processed, this is carried out based on Art. 6 para. 1 lit. b GDPR.
The data collected is required, in order to enable us to verify registration as a Brötje Partner, whether or not the request for registration was made by an authorised employee, and also to manage access permissions in the event of registration.
Based on the data submitted, we check whether registration as a Brötje Partner can take place. In the event of rejection, you will receive a corresponding message via e-mail. All data transmitted will be deleted thereafter.
In the event of successful registration, the registration data will be stored for as long as the registration is active. After deactivation of the registration, personal data will be deleted, unless it is necessary to store it for longer for commercial or tax reasons pursuant to Art. 6 para. 1 lit. c GDPR.
Registered customers have the option of cancelling their registration at any time. You can always change or have the data saved in this way changed yourself. Simply send us a message via the contact form or send an e-mail to email@example.com.
Publication of reference installations
The data you provide in the registration form will be processed based on your consent (in accordance with Art. 6 (1) (a) of the EU GDPR) to represent our company as part of reference investments. Providing your data is voluntary.
Your consent (in accordance with Art. 6 para. 1 lit. a EU DS-GVO) for producing and publishing photo and video recordings is for the purpose of representing the company. Publication refers to our corporate communications in the press, on our website and on our own social media pages as well as in print media (flyers, brochures, etc.). Dissemination takes place within the company, to commissioned printing service providers and agencies as well as publication on the Internet.
Your data is deleted if you revoke your consent.
The mere fact of using the training portal makes the collection, processing and use of personal data by August Brötje GmbH unavoidable. First and foremost, data processing is used to create, implement and terminate contracts with customers. The primary legal basis for this is Art. 6 (1)(b) EU GDPR. The length of time data that is stored is determined by the statutory retention periods. Within August Brötje GmbH, the only people who are granted access to users’ personal data of users are those who need it in order to perform their contractual and statutory obligations.
The analysis measures listed below and used by us are carried out on the basis of Art. 6 (1) a GDPR (consent) and Art. 6 (1) f GDPR. With the use of these analysis measures, we want to ensure that our website is designed to meet requirements and is continuously optimised. Using the analysis tools, we record the use of our website under a pseudonym and evaluate it for the purpose of optimising our services. These interests must be regarded as justified within the meaning of the above-stated provision.
The respective opportunities to submit an objection are shown in the corresponding analysis tools themselves.
Google Tag ManagerThis website uses Google Tag Manager. Google Tag Manager is a solution offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland, with which the company can administer website tags via an interface. The tool itself (which implements the tags) is a cookie-free domain that collects no personal data. Google Tag Manager triggers other tags which may collect data. Google Tag Manager does not access this data. If on the domain or the cookie level a deactivation is configured by the user, such deactivation is retained for all tracking tags that were implemented with Google Tag Manager. The tags used are named separately below and can be individually edited by you in the privacy settings, for example by deactivating cookies for these elements.
Google Universial Analytics (with IP anonymization)
We use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. ("Google"), to analyze the use of our website and to regularly improve our website for users. Google Analytics uses "Cookies", text files that are stored on your computer system and that allow an analysis of your use of the website. The information generated by the analysis cookie about your use of this website (including your IP address) is usually transmitted to and stored by Google on servers in the United States.
On this website, however, the IP anonymization (code extension "_anonymizeIP ()") has been activated, so that the IP address of the Google user's computer system within member states of the European Union or in other contracting states of the European Agreement is shortened, before being transferred to the United States, so that there is no direct personal reference contained in the analysis data. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will use this data on our behalf, to evaluate the use of the website, to compile reports on website activities and to provide us with other services related to the use of the website and the Internet.
The analysis data collected will be deleted after 14 months.
We use Google Analytics in its current implementation as "Universal Analytics". When using "Universal Analytics", the user behaviour recorded may be based on a pseudonymous user ID and thus a pseudonymous profile of the user may be created, consisting of data derived from the use of different devices ( "Cross-device tracking"). The recording of user behaviour by means of a user ID is deactivated on this website. This website does not use Google Analytics for cross-device analysis of visitor behaviour by means of a user ID.
You can prevent the storage of the analysis cookies by means of a corresponding setting in your browser software, which would disables the automatic setting of cookies in general; however, we would point out that in this case you may not then be able to use all of the functions of this website to the fullest extent.
You may also prevent Google from collecting the data generated by the analysis cookie and relating to your use of the website (including your IP address) as well as from processing this data; this is achieved by downloading and installing the browser plug-in, which is available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en
As an alternative to the browser plug-in, especially for browsers on mobile devices, you can prevent this type of data collection by Google Analytics by clicking on diesen Link. An opt-out cookie will then be set, which would prevent future collection of your data whenever you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will then need to set the opt-out cookie again.
This website uses Google AdWords. AdWords is an online advertising programme of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google").
As part of Google AdWords, we use what is known as "conversion tracking". If you click on an ad served by Google, a cookie will be set for the purpose of conversion tracking. These conversion cookies lose their validity after 30 days and are not used to identify users personally. If the user visits particular pages on this website and the conversion cookie has not yet expired, Google and ourselves are able to identify that the user clicked on the ad and was redirected to this page.
Each Google AdWords customer receives a different cookie. These cookies cannot be tracked via the websites of advertisers. The information gathered using the conversion cookie is used to generate conversion statistics for those AdWords advertisers who have opted for conversion tracking. We learn the total number of users who clicked on our ad and were redirected to a conversion tracking tag page. However, we do not receive any data that identifies users personally.
The storage of cookies for conversion tracking is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour, in order to optimize both its website and its advertising.
If you do not wish to participate in this tracking, you can object to this type of use by configuring a browser setting to exclude the acceptance of cookies generally. You will not then be included in the conversion tracking statistics. However, you may not be able to use all of the functionality of our website.
You can also disable cookies used for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com".
Based on the legitimate interest of the provider according Art. 6 (1) f GDPR, a situation can arise where contents, services and benefits of third parties are integrated which complement our service offerings. With the use of the following services, we want to ensure a customized design and the continuous optimization of our website.
We use the map service Google Maps on our website to display maps. Google Maps is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland. Within the framework of the services, information on the use of our website are transferred to Google servers. The use of Google Maps serves the interest of an appealing presentation of our online offers and an easy finding of the places indicated by us on the website.
Detailed information can be found in the Data Privacy Centre under google.com: Transparency and choice http://www.google.com/intl/en/privacy/ and data privacy provisions http://www.google.com/intl/en/privacy/privacy-policy.html.
We may allow third-party companies, including ad networks, to serve advertisements, providing other advertising services and/or collect certain information when you visit our website. Third-party companies may use pseudonymised personal data (e.g., click stream information, browser type, time and date, subject of advertisements clicked or scrolled over) during your visit to this website in order to provide advertisements about goods and services likely to be of interest to you. To learn more about Interest-Based Advertising or to opt-out of this type of advertising, you can visit AboutAds.info/Wahlen or www.networkadvertising.org/choices/.
Some third-party companies may also use non-cookie technologies, such as statistical IDs. Please keep in mind that your web browser may not permit you to block the use of these non-cookie technologies, and those browser settings that block cookies may have no effect on such techniques. If the third-party company uses the non-cookie technologies for interest-based advertising, you can opt out at www.networkadvertising.org/choices. Please note the industry opt out only applies to use for interest-based advertising and may not apply to use for analytics or attribution.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
Links to websites of third parties
Based on the legitimate interest of the provider, it may occur that contents, services and benefits of third parties are integrated which complement our service offerings. When you access web pages which are linked on this website, information such as your name, IP address, browser details etc. can retrieved again. This Privacy Statement does not govern the collection, dissemination or the processing of personal data by any third parties. In this regard, please also pay attention to the individual privacy statements of the respective third-party providers and service providers to which we link on our website.
We maintain publicly accessible online presences in social networks to communicate with the customers and interested parties active there and to present our services.
The processing of users' personal data is carried out on the basis of our legitimate interests in providing users with effective information and communicating with users in accordance with Art. 6 (1) f GDPR. If the users are asked by the respective providers of the platforms for consent to data processing or if the user voluntarily sends information to our online presences, the legal basis for processing is Art. 6 (1) a GDPR in conjunction with Art. 7 GDPR. If such information contains contract-relevant contents, Art. 6 (1) b GDPR serves as the legal basis.
For a detailed representation of the respective processing and the possibilities of objection (Opt-Out), we refer to the following linked information of the providers.
Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information. Should you nevertheless need help, you can contact us.
If you interact with our Facebook fan page (comment, link posts or send us a message) your data will be stored by us.
The operation of a fan page is a joint responsibility under data protection law between Facebook Ireland Ltd. and our company pursuant to Art. 26 GDPR. Accordingly, we have concluded an agreement with Facebook Ireland in which the respective obligations under the GDPR are regulated: https://www.facebook.com/legal/terms/page_controller_addendum.
The legal bases for the processing of the data are:
Facebook provides fan page operators with statistics and insights into the types of actions our fan page visitors take ("Page Insights"). We have no control over the collection of this information by Facebook. According to Facebook, this information is provided to us anonymously so that the user cannot be identified from the information.
Personal data is deleted as soon as the purpose for which it was stored no longer applies. Storage can also take place if this is provided for by statutory retention obligations to which our company is subject.
We principally address adult persons with our online offer. Personal information of persons under 16 years of age may only be made available to us with the explicit consent of their legal guardian (Art. 8 GDPR). Processing without the consent of the legal guardian is not permitted. We therefore reserve the right to delete all data relating to minors unless we have the consent of a parent or guardian.
The responsible entity as defined in the DSGVO (the General Data Protection Regulation) and other national data protection laws of the member states and other data protection regulations is:
August Brötje GmbH is part of the BDR Thermea Group (https://www.bdrthermeagroup.com)
August Brötje GmbH
Data privacy officer
D 26180 Rastede
The apps we currently use are designed to minimize data. In terms of statistically evaluating app use, we only collect information related to when and how often the apps are started, used, closed and updated. This information is only collected as a stand-alone, unlinked event, and the data is evaluated without any personal reference whatsoever. This means that the fact that the app is turned on is counted, for example, but not who turned it on. To keep it anonymous, the IP addresses of the devices that use the app only flow into the evaluation in an anonymous format. Processing is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f General Data Protection Regulation. If personal data such as location information and device identification number are collected and used, then it is only because you have given your explicit permission in accordance with Art. 6 para. 1 lit. a GDPR.
However, we have no control over what data network providers and operating system manufacturers collect and store when you use the app, nor do we have any control over how long they use this information.
When you access our app, we collect information using an automated system. That information consists of user identification (username), the device the user is using, the operating system and the version. This information also includes the user’s IP address, the date and time you accessed the app, the amount of data transferred and any application error messages. This collection and storage is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. The collected data is used exclusively in statistical evaluations for the purpose of operating, optimizing and improving the security of this app. For security reasons, however, we reserve the right to retrospectively check log data if a legitimate suspicion of unlawful use exists as based on specific evidence. This data is deleted within seven days at the latest.
Cookies are small text files that your browser automatically creates and that are stored on your device when you visit our apps. Cookies do not damage your device and do not contain viruses. Most of the cookies we use and which are referred to as “session cookies, “are deleted after the end of the browser session. Other cookies, referred to as “persistent or cross-session cookies,” remain on your device and allow us to recognize your device the next time you visit one of our apps. These files may allow you to see information on the page that is specifically tailored to your interests.
The purpose of using technically necessary accesses to data on the terminal device is to enable or simplify app usage. The user data collected by technically necessary accesses to data of the terminal are not used to create user profiles. Anonymous data is statistically analyzed for the sole purpose of improving app quality and its contents. Anonymous evaluations tell us how the app is used to help us continuously optimize it. Our legitimate interest in processing personal data pursuant to Art. 6 para. 1 lit. f DS-GMO is for the above-stated purposes. After completing the session and logging out of the app, the data collected on our server will be deleted unless the user himself has caused the data to be permanently stored. The user can delete this permanently stored content at any time. You may not be able to fully utilize all the features on a particular app if certain accesses to your device’s data are disabled. You can prohibit access to your systems, restrict access to certain content, or set your device to notify you when certain content is accessed.
You need an existing Internet connection to use our app or to access our online spare parts catalog.
We need access to your files or storage. Access is provided so that in addition to accessing individual information regarding spare parts, item numbers, prices, pictures and drawings, you can also find other documentation such as downloading installation instructions.
If you use the function “Send memo by email,” the data you have entered (your company, your name and your e-mail address) will be processed exclusively for sending your memo to yourself or to a person of your choice. Please note that in the case of sending the memo to another person, you agree in advance to data input (name, company, email address) from the latter. Your personal data is processed based on legitimate interest in accordance with Article 6 (1) (f) EU DS-BER) in order to expand and improve service to our app users. We do not pass your data onto third parties. Your data is deleted after the memo is sent.
Google Analytics cookies are stored on pursuant to Art. 6 para. 1 lit. f EU GDPR. The application operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. Deleting user and event data takes place automatically after 14 months.
We have activated the IP anonymization function in this application. Prior to transmission to the United States, Google will truncate your IP address within member states of the European Union or other parties who are part of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and then shortened there. Google will use this information on behalf of the operator of this app to evaluate how you use it, to compile reports on the app’s activities and to provide other services related to app and Internet usage to the operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other data that Google provides.
You can prevent cookies from being stored by activating the proper setting on your browser software; however, we would like to point out that in this case you may not be able to fully use all the app’s functions. In addition, you can prevent the collection of the data generated by the cookie and related to your use of the application (including your IP address) to Google and the processing of this data by Google by downloading the browser plug-in available under the following link and install:
As an alternative to the browser plug-in, especially for browsers on mobile devices, you can click on this Link to prevent Google Analytics from collecting data. An opt-out cookie will be set that prevents your data from being collected when you visit this app in the future. The opt-out cookie is only valid in this browser and only for our app and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Google is also certified under the Privacy Shield Agreement and under this agreement, guarantees that it will abide by the European data privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We have entered into an agreement with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
This application uses the “demographic features” feature of Google Analytics. As a result, reports can be created that contain statements about the age, gender and interests of app visitors. These data are from interest-based advertising from Google and from third-party visitor data. This data cannot be attributed or assigned to a specific person. You can disable this feature at any time through the ad settings in your Google Account, or generally prohibit the collection of your data by Google Analytics as outlined in the “Opposition to data collection” section.
Upon written request, we will inform you in accordance with Article 15 EU GDPR and according to our legal obligation (article 12 EU DS-GVO) whether and which of your personal data we process/store. In addition, you have the right to correct erroneous data in accordance with Art. 16 EU GDPR, data transferability in accordance with Art. 20 EU GDPR, block and delete your personal data pursuant to Art. 17 EU GDPR—as long as doing so does not conflict with statutory retention requirements—and the right to restrict processing in accordance with Art. 18 EU GDPR. In addition, you have the right to contact the competent supervisory authority under Art. 77 EU GDPR.
In addition, you have the right to object in accordance with Art. 21 EU GDPR.
If you have the right to rectify, delete or restrict the processing to us, we will notify all recipients to whom your personal data has been disclosed of such rectification or deletion of the data or restriction of processing, unless it proves to be impossible to do or is associated with a disproportionate effort. According to Art. 19 EU GDPR, you have the right to ask us to inform you about these recipients.
Naturally, at any time, in accordance with Art. 7 (3) EU GDPR, you have the option of revoking your consent to us for the future. To do this, please contact the contact address below.
If you have any questions regarding how your personal data is processed, please contact our data protection officer, who will also be available to you in case of any requests regarding information, suggestions or complaints.
Data Protection Officer for
August Brötje GmbH
D 26180 Rastede
Last updated: March 20194. Information for applicants
Your data will be processed by us for the purpose of processing your application in accordance with Art. 88 GDPR i. c. w. § 26 BDSG-neu. If special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily communicated as part of the application procedure, their processing is also carried out in accordance with Art. 9 (2) b GDPR.
The recipients of your data are the departments involved in the human resources management process (including human resources, managers and heads of department) of the controller. Your data will be treated as strictly confidential and will not be passed on to third parties without your consent. A transfer to third countries or international organisations is not intended.
Your application data will be deleted 180 days after filling the position. If you are interested in future vacancies, we need your written consent for longer storage of your application documents. You can withdraw this consent at any time for the future in accordance with Art. 7 (3) GDPR. To do so, please send an e-mail with a corresponding note to the contact address given above.
The primary purpose of data processing is the creation, execution or termination the contractual relationship. The primary legal basis for this is Art. 6 (1) b GDPR. Without this type of use of your data, the business relationship existing between you and us cannot be carried out.
We also process your data on the basis of Art. 6 (1) f GDPR to protect our legitimate interests or those of third parties (e.g. public authorities). This may be necessary, for example, to maintain IT security and IT operations or for purposes of corporate management, internal communication and other administrative purposes. You can object to this processing by giving special reasons in accordance with Art. 21 GDPR.
In addition, we process your data to fulfil legal obligations, such as regulatory requirements, commercial and tax law storage obligations or documentation obligations. The legal basis for this is Art. 6 (1) c GDPR in conjunction with the nationally applicable laws.
In individual cases, it may also happen that we process your data on the basis of your separately granted consent in accordance with Artt. 6 (1) a, 7 GDPR (e.g. in the context of registering for our newsletter or publishing photo and video recordings). You are always free to decide whether you wish to give your consent. Once you have given your consent, you can withdraw it at any time with effect for the future. To do so, please send corresponding enquiries to the contact address given above.
Should we process your personal data for a purpose not mentioned above, we will inform you of this in advance.
Within our company, only those persons receive your personal data who need it to fulfil our contractual and legal obligations. In addition, we sometimes use different service providers to fulfill these obligations, so that it may be necessary to transfer your personal data to other recipients outside the company to the extent necessary to fulfill our contractual and legal obligations. These third parties can be, for example, authorities, financial institutions, suppliers, etc.
To process your data technically, we sometimes use external service providers. It is possible that we may transfer and process your data outside the country in which you have your residence / company headquarters or in one of the countries in which we operate. These may also be located outside the European Economic Area. If we transfer personal data to service providers or companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place. You can also request detailed information by using the contact information above.
We store your personal data only as long as they are necessary for the above-mentioned purposes. After termination of the contractual relationship, your personal data will be stored for as long as we are legally obliged to do so. This regularly results from legal obligations to provide evidence and to retain data, which are regulated in the German Commercial Code and the German Fiscal Code, among others. The storage periods thereafter are up to ten years. In addition, personal data may be stored for the time during which claims can be made against us (statutory limitation period of three or up to thirty years).