Data protection

Information on the processing of customer and supplier data:

Information on the processing of your personal data and associated rights can be found here.

Introduction 

Many thanks for visiting our website. Bürstner GmbH & Co. KG (hereinafter referred to as “Bürstner”, “we” or “us”) attaches great importance to the security of user data, as well as our compliance with prevailing data protection regulations. We would like to inform you below about the processing of your personal data on our website. 

Data controller and data protection officer 

Data controller: 


Bürstner GmbH & Co. KG, Weststraße 33, 77694 Kehl, Germany  


Phone:+49 (0) 7851/ 85-0 


E-mail: info@buerstner.com  

External data protection officer: 


DDSK GmbH
Phone: +49 7542 949 21 - 00
E-mail: datenschutz@buerstner.com 

Terms 


The technical terms used in this Privacy Policy are to be understood as legally defined in Art. 4 General Data Protection Regulation (GDPR). 

Notes on data processing 

Automated data processing (log files etc.) 

Our website can be visited without actively providing any personal details. However, we automatically store access data (server log files) – such as the name of the Internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit or the name of the requested file, as well as for security reasons, e.g. to recognise attacks on our website, the IP address of the terminal device used – for a maximum period of 7 days. This data is analysed exclusively, in order to improve our offer and does not allow any conclusions to be drawn about the user themselves. The resulting data is not merged with other data sources.  

We process and use the data for the following purposes: the provision of the website, the improvement of our websites, the prevention and detection of errors/malfunctions and misuse of the website. 

Legal basis: legitimate interest, pursuant to Art. 6 (1) lit. f) GDPR 


Legitimate interests: ensuring the functionality as well as the error-free and secure operation of the website and adapting this website to the requirements of the users. 

Use of cookies (general, functioning, opt-out links, etc.) 

We use cookies on our website to render your visit to our website more attractive, and to enable the use of certain functions. The use of cookies serves our legitimate interest in making your visit to our website as pleasant as possible and is based on Art. 6 (1) lit. f) GDPR. Cookies are a standard internet technology for storing and retrieving login and other usage information for all users of the website. Cookies are small text files that are stored on the end device. Among other things, they enable us to save user settings so that our website can be displayed in a format customised to the user’s device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing the browser (these are so-called “session cookies”). Other cookies remain on the user’s end device and enable us or our partner companies to recognise the browser on the next visit (these are so-called “persistent cookies”). 

The browser can be set so that the user is informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases, or in general. Furthermore, cookies can be deleted retrospectively, in order to remove data that the website has stored on the user’s computer. The deactivation of cookies (a so-called “opt-out”) can lead to some restrictions in the functionality of our website. 

Categories of data subjects: website visitors, users of online services 

Opt-out:


Internet Explorer: https://support.microsoft.com/de-de/help/17442    


Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen 


Google Chrome: https://support.google.com/chrome/answer/95647?hl=de  


Safari: https://support.apple.com/de-de/HT201265 

Legal basis: Consent (Art. 6 [1] lit. a) GDPR); legitimate interests (Art. 6 [1] lit. f) GDPR) 

The relevant legal basis is specifically named with the corresponding tool.  

Legitimate interests: storage of opt-in preferences, presentation of the website, thereby ensuring the website’s functionality, maintaining user status across the entire website, recognition for next website visitors, user-friendly online offer, ensuring chat function 

 

Consent Management Platforms 

We use a consent management procedure on our website, in order to be able to store and manage the consent given by website visitors in a verifiable manner in accordance with data protection requirements.  

The consent management platform we use helps us to recognise all cookies and tracking technologies, and to manage these on the basis of a consent status. Simultaneously, visitors to our website can use the consent management service we have integrated to manage the consents and preferences given (optional setting of cookies and other technologies that are not required) or withdraw their consent at any time using the button.  

The consent status is stored on the server and/or in a cookie (a so-called “opt-in cookie”) or a comparable form of technology, in order to be able to assign the consent to a user or their device. The time of the declaration of consent is also recorded. 

Data categories: consent data (consent ID and number, time consent was given, opt-in or opt-out), meta and communication data (e.g. device information, IP addresses) 


Purposes of processing: fulfilment of accountability, consent management 


Legal basis: legal obligation (Art. 6 [1] lit. c) GDPR in conjunction with Art. 7 GDPR)  

Cookiebot 

Recipient: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark 


Third country transfer: does not take place. 


Privacy Policy: https://www.cookiebot.com/de/privacy-policy/  

Hosting (incl. content delivery network) 

Our website is hosted by an external service provider. Data of visitors to our website – in particular, so-called log files – are stored on the servers of our service provider. By using a specialised service provider, we can provide our website efficiently. The hosting provider we use does not process the data for its own purposes.  

We also use a so-called Content Delivery Network (CDN), in order to be able to provide the content of our website more quickly. When website visitors access graphics, scripts or other content, for example, these are provided quickly and optimised with the help of servers that are distributed regionally and internationally. When the files are retrieved, a connection is established to the servers of a CDN provider, whereby the personal data of visitors to our website is processed, for example, the IP address and browser data.  

Data categories: user data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses) 


Purposes of processing: proper presentation and optimisation of the website, faster and location-independent accessibility of the website,  


Legal bases: consent (Art. 6 [1] lit. a) GDPR); legitimate interests (Art. 6 [1] lit. f) GDPR) 


Legitimate interests: avoidance of downtime, high scalability, reduction of the bounce rate on the website 

Google Static 

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Legal basis: Consent (Art. 6 [1] lit. a) GDPR)
Third country transfer: On the basis of the adequacy decision of the European Commission for the country USA
Privacy Policy: https://policies.google.com/privacy?hl=en-US  

 

Microsoft  

Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Legal basis: legitimate interest (Art. 6 [1] lit. f) GDPR)
Third country transfer: on the basis of the adequacy decision of the European Commission for the country USA
Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement  

Website support and consulting, web agency 

We have commissioned a web agency to provide support and advice pertaining to services and applications on our website. This supports us in all activities associated with the design and functionality of our website. In this context, the web agency selected by us receives the access data for our website, in order to make necessary adjustments and changes – such as the design of forms or other programming activities.  

The web agency also supports us in maintaining and managing our social media accounts, our content management system and our accounts with search engine providers.  

Access to personal data – such as data from forms or log data of website visitors – cannot be ruled out. The web agency, therefore, acts as a so-called data processor for us, and works exclusively on our instructions. Data is not processed for other purposes.  

Data categories: usage data (e.g. access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. e-mail address), content data (e.g. text details), evaluation data from social media accounts (e.g. anonymised statistics) 

Purposes of processing: support for web analysis and optimisation, analysis of user behaviour on the website (website interaction) for web optimisation efforts and reach measurement, checking the utilisation of the website 

Legal basis: legitimate interests (Art. 6 [1] lit. f) GDPR) 

Legitimate interests: support for and assistance with website maintenance through high level of expertise, efficiency through outsourcing 

Web agency 

Recipient: BUTTER.Agency GmbH, Kornprinzenstraße 87, 40127 Düsseldorf, Germany
Third country transfer: does not take place.
Privacy Policy: https://www.butter.de/datenschutz  

Web agency 

Recipient: MARKENSZENE GmbH, Rütersbarg 46, 22529 Hamburg, Germany
Third country transfer: Does not take place.
Privacy Policy: https://markenszene.media/datenschutz/  

Web agency 

Recipient: PANSOFT GmbH, Tullastr. 28, 76131 Karlsruhe, Germany
Third country transfer: Does not take place.
Privacy Policy: https://www.pansoft.de/de/home/datenschutz/index.html  

Web agency 

Recipient: yukon consulting gmbh, Waldpromenade 40b, 82131 Gauting, Germany
Third country transfer: Does not take place.
Privacy Policy: https://yukon-consulting.de/datenschutz/  

Web analysis and optimisation 

We use tools for web analysis and reach measurement, so that we can analyse visitor flows on our website. To this end, we collect information about the behaviour, interests or demographic information of our visitors – such as age, gender or similar details. This helps us to recognise at what time our online offering, its functions or content are most frequented or invite repeat visits. We can also use the information collected, in order to determine whether our online offering needs to be optimised or adapted.  

The information collected for this purpose is stored in cookies or similar procedures, and is used for range measurement and optimisation. The data stored in the cookies may include content viewed, online presences visited, settings and functions and systems used. As a rule, however, no clear user data is processed for the purposes described. In this case, the data is modified in such a way that neither we nor the provider of the tool used are aware of the actual identity of the user. The data modified in this way is often stored in user profiles. 

Categories of data subjects: website visitors, users of online services 


Categories of data: user data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. e-mail address, telephone number), content data (e.g. text details, photographs, videos) 


Purposes of processing: website analysis, reach measurement, utilisation and evaluation of website interaction, lead evaluation 


Legal basis: consent (Art. 6 [1] lit. a) GDPR) 

 

Facebook Connect 

Service used: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Data protection: https://www.facebook.com/privacy/explanation  


Legal basis: Consent (Art. 6 [1] lit. a) GDPR)  

Google Analytics 

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data protection: https://policies.google.com/privacy  


Opt-Out link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/  


Legal basis: Consent (Art. 6 [1] lit. a) GDPR)  

Online marketing 

In order to consistently increase our reach and the awareness of our online offering, we process personal data in the context of online marketing, in particular, with regard to potential interests and measuring the efficacy of our marketing measures. 

For the purpose of measuring the efficacy of our marketing measures and recognising sources of potential interest, relevant information is stored in cookies or similar procedures are used. The data stored in the cookies may include content viewed, online presences visited, settings and functions and systems used. As a rule, however, no clear user data is processed for the purposes described. The data is then modified in such a way that neither we nor the provider of the tool used are aware of the actual identity of the user. The data modified in this way is often stored in user profiles. 

If user profiles are stored, the data can be read, supplemented and added to on the online marketing provider’s server when visiting other online offers that use the same online marketing process.  

We can determine the success of our adverts on the basis of summarised data made available to us by the provider of the online marketing process (a so-called “conversion measurement”). As part of these conversion measurements, we can track whether a marketing measure has led to a purchase decision by a visitor to our online offering. This evaluation is used to analyse the success of our online marketing. 

Categories of data subjects: website visitors, users of online services, interested parties, communication partners, business and contractual partners 


Categories of data: user data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), location data, contact data, content data (e.g. text details, photographs, videos). 


Purposes of processing: marketing (partly also interest-based and behaviour-related), conversion measurement, target group formation, click tracking, development of marketing strategies and increasing the efficiency of campaigns 


Legal basis: consent (Art. 6 [1] lit. a) GDPR); legitimate interests (Art. 6 [1] lit. f) GDPR) 


Legitimate interests: optimisation and further development of the website, increasing profits, customer retention and new customer acquisition 

Adform Flow 

Service used: Adform, Rosenborggade 15, 2nd floor, 1130 Copenhagen K, Denmark
Data protection: https://site.adform.com/privacy-center/overview/  


Opt-out link: https://site.adform.com/datenschutz-opt-out/ 


Legal basis: consent (Art. 6 [1]lit. a) GDPR)  

Google Ads  

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data protection: https://policies.google.com/privacy  


Opt-Out link: https://tools.google.com/dlpage/gaoptout?hl=de  or https://myaccount.google.com/  


Legal basis: Consent (Art. 6 [1] lit. a) GDPR)  

Google AdSense  

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data protection: https://policies.google.com/privacy  


Opt-Out link: https://tools.google.com/dlpage/gaoptout?hl=de  or https://myaccount.google.com/  


Legal basis: Consent (Art. 6 [1] lit. a) GDPR)  

Google Double Click  

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data protection: https://policies.google.com/privacy  


Opt-Out link: https://tools.google.com/dlpage/gaoptout?hl=de  or https://myaccount.google.com/  


Legal basis: Consent (Art. 6 [1] lit. a) GDPR)  

Google Tag Manager 

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data protection: https://policies.google.com/privacy  


Opt-Out link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/  


Legal basis: legitimate interest (Art. 6 [1] lit. f) GDPR)  

Meta Pixel 

Service used: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland 


Meta Platforms, Inc1 Meta Way, Menlo Park, CA 94025, USA
Data protection: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redi rect&entry=1  


Opt-Out link:   https://www.facebook.com/policies/cookies/  

Social media presence 

We maintain an online presence on various social networks and career platforms, in order to exchange information with the users registered there and to be able to contact them easily.  

In some cases, user data is used in social networks to conduct market research and for advertising purposes. User profiles can be created and used to adapt advertisements to the interests of target groups based on user behaviour, for example, by specifying interests. Cookies are regularly stored on users’ end devices to this end, in some cases irrespective of whether they are registered users of the social network.  

In connection with the use of social media, we also use the associated messengers to communicate easily with users. We would like to point out that the security of individual services may depend on the user’s account settings. Even in the case of end-to-end encryption, the service provider can draw conclusions about the fact that users communicate with us (and when) and, if necessary, collect location data. 

Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This can result in risks for users, for example, because it makes it more difficult to enforce their rights.  

Categories of data subjects: registered users and non-registered users of the social network 


Categories of data: master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text details, photographs, videos), usage data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP address). websites visited, interests, access times), meta and communication data (e.g. device information, IP address) 


Purposes of processing: expansion of reach, networking 


Legal bases: legitimate interests (Art. 6 [1] lit. f) GDPR), consent (Art. 6 [1] lit. a) GDPR) 


Legitimate interests: interaction and communication on social media presence, profit increase, insights into target groups 

Instagram 

Service used: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Data protection: https://help.instagram.com/519522125107875 and https://www.facebook.com/about/privacy 


Opt-out link: https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/ 

Facebook 

Service used: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Data protection: https://www.facebook.com/privacy/explanation 


and https://www.facebook.com/legal/terms/page_controller_addendum 


Opt-Out link: https://www.facebook.com/policies/cookies/   

LinkedIn 

Service used: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Data protection: https://www.linkedin.com/legal/privacy-policy 


Opt-Out link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out 

Kununu 

Service used: New Work SE, Dammtorstr. 30, 20354 Hamburg, Germany
Data protection: https://privacy.xing.com/de/datenschutzerklaerung 

Xing 

Service used: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
Data protection: https://privacy.xing.com/de/datenschutzerklaerung 

YouTube 

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data protection: https://policies.google.com/privacy?hl=de&gl=de  


Opt-Out link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/  

Plug-ins and integrated third-party content 

We have integrated functions and content obtained from third-party providers into our online offering. For example, videos, images, buttons or contributions (hereinafter referred to as content) can be integrated.  

In order to display content to visitors to our online offering, the respective third-party provider processes, among other things, the user’s IP address, in order that the content can be transmitted to the browser and displayed accordingly. The display of third-party content is not possible without this processing operation.  

In certain cases, additional information is collected via so-called pixel tags or web beacons, whereby the third-party provider receives information about the use of the content or visitor traffic on our online offer, technical information about the user’s browser or operating system, the time of visit or referring websites. The data obtained in the process is stored in cookies on the user’s end device.  

In order to protect the personal data of visitors to our website, we have taken certain security precautions to prevent the automatic transmission of this data. This data is only transmitted when users use the buttons or click on the third-party content.  

Categories of data subjects: users of the plug-in or integrated third-party content 


Categories of data: usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, IP address), contact data (e.g. e-mail address, telephone number), master data (e.g. name, address) 


Purposes of processing: design of our online offering, increasing the reach of advertisements in social media, sharing posts and content, interest-based and behaviour-based marketing, cross-device tracking 


Legal basis: consent (Art. 6 [1] lit. a) GDPR), legitimate interest (Art. 6 [1] lit. f) GDPR) 


Legitimate interests: protection of our website against misuse, ensuring the functionality and error-free and secure operation of the website 

Vehicle configurator  

Service used: Erwin Hymer Group SE, Holzstraße 19, 88339 Bad Waldsee, Germany
Data protection: https://www.erwinhymergroup.com/de/footer/datenschutz  


Legal basis: consent (Art. 6 [1] lit. a) GDPR) 

Google Fonts 

Service used: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Data protection: https://policies.google.com/privacy?hl=de&gl=de  


Opt-out link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/  


Legal basis: consent (Art. 6 [1] lit. a) GDPR) 

Google ReCaptcha 

Service used: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Data protection: https://policies.google.com/privacy?hl=de&gl=de  


Opt-Out link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/  


Legal basis: legitimate interest (Art. 6 [1] lit. f) GDPR) 

Pimcore 

Service used: Pimcore GmbH, Söllheimer Straße 16, 5020 Salzburg, Austria
Data protection: https://pimcore.com/en/about/privacy  


Legal basis: consent (Art. 6 [1] lit. a) GDPR) 

Typography 

Service used: Hoefler&Co, A Monotype Company,600 Unicorn Park Drive Woburn, MA 01801, USA
Data protection: https://www.typography.com/policies/privacy  


Legal basis: consent (Art. 6 [1] lit. a) GDPR) 

YouTube 

Service used: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Data protection: https://policies.google.com/privacy?hl=de&gl=de  


Opt-out link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/  


Legal basis: consent (Art. 6 [1] lit. a) GDPR) 

Newsletter and broad communication (possibly with tracking) 

On our website, users have the option of subscribing to our newsletter or any notifications via various channels (hereinafter referred to as “newsletter”). We only send newsletters to recipients who have consented to receive the newsletter in accordance with the statutory provisions. We use a selected service provider to send our newsletter. 

In order to subscribe to our newsletter, you must provide an e-mail address. We may collect additional data, such as your name, in order to personalise our newsletter.  

Our newsletter will only be sent after the double opt-in procedure has been completed. Should visitors to our website decide to subscribe to our newsletter, they will receive a confirmation e-mail, which serves to prevent the misuse of false e-mail addresses and to prevent the newsletter from being sent by a simple, possibly inadvertent click. The subscription to our newsletter can be cancelled at any time for the future. An unsubscribe link (opt-out link) is included at the end of each newsletter. 

We are also obligated to provide proof that our subscribers actually wanted to receive the newsletter. To this end, we collect and store the IP address and the time of registration and de-registration.  

Our newsletters are designed in such a way that we are able to gain insights into improvements, target groups or the reading behaviour of our subscribers. This enables us to use a so-called web beacon or tracking pixel, which reacts to interactions with the newsletter, for example, whether links are clicked on, whether the newsletter is opened at all or at what time the newsletter is read. We can assign this information to individual subscribers for technical reasons.  

Categories of data subjects: newsletter subscribers 


Categories of data: master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), meta and communication data (e.g. device information, IP address), usage data (e.g. interests, access times) 


Purposes of processing: marketing, customer retention and new customer acquisition, analysis and evaluation of the success of the campaign 


Legal basis: consent (Art. 6 [1] lit. a) GDPR) 

Sales Team 

Service used: Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA
Data protection: https://www.salesforce.com/uk/company/privacy/  

Advertising communication 

We also use data provided to us for advertising purposes, in particular, to inform you about news from us or from our product portfolio on various channels. Advertising on our part takes place within the framework of the legal requirements and – if necessary – after obtaining consent.  

If the recipients of our advertising do not wish to receive it, they can inform us of this at any time. We will be happy to fulfil your request.  

Categories of data subjects: communication partners 


Categories of data: master data (e.g. name, address), contact data (e.g. e-mail address, telephone number)  


Purposes of processing: direct marketing
Legal basis: consent (Art. 6 [1] lit. a) GDPR), legitimate interests (Art. 6 [1] lit. f) GDPR) 


Legitimate interests: retention of existing and acquisition of new contacts or contractual partners 

Prize draws and competitions 

We use our online presence to organise competitions and/or contests. In doing so, we process the data of the campaign participants required for the realisation of the respective campaign. This also includes data that we need in order to inform the winner and pay out the prize.  

Depending on the type of campaign, contributions by or about the campaign participants may be published, for example, when reporting on the respective campaign or if a vote on a contribution submitted by the participant is part of the campaign. The name of the participant will also be published. As to which data we process in individual cases depends on the specific campaign being performed, and which data we receive from the participant. 

The implementation of the respective campaign on our presence in a social network is also subject to the terms of use and data protection provisions of the respective network.  

Categories of data subjects: campaign participants 


Categories of data: master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photos, videos) 


Purposes of processing: competition organisation including prize distribution and announcement of the winner in various media  


Legal basis: consent (Art. 6 [1] lit. a) GDPR) 

Contact us 

We offer the opportunity to get in touch with us directly on our website or to obtain information via various contact options. In order to maintain an overview of any instance of contact established with us, we use a management tool to process corresponding enquiries. 

Should you contact us, we process the data of the person making the enquiry to the extent necessary to answer or process the enquiry. The data processed may vary depending on the way in which contact is made with us. 

Categories of data subjects: enquiring persons  


Categories of data: master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text input, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address). 


Purposes of processing: processing of enquiries 


Legal basis: consent (Art. 6 [1] lit. a) GDPR), fulfilment or initiation of a contract (Art. 6 [1] lit. b) GDPR) 

Zendesk 

Service used: Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA
Data protection: https://www.zendesk.de/company/customers-partners/privacy-policy/ 

Events and functions 

On our website, visitors have the opportunity to register for events and functions. The information collected by us and required for the initiation and fulfilment of the contract is marked as mandatory information. The provision of additional data is voluntary. 

Categories of data subjects: participants, interested parties 


Categories of data: master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), transaction data (bank details, invoices, payment history), contract data (e.g. subject matter of contract, term) 


Purposes of processing: contract initiation and execution  


Legal basis: contract initiation and execution (Art. 6 [1] lit. b) GDPR), consent (Art. 6 [1] lit. a) GDPR) 

Appointments for test drives/inspections/consultations at the dealer’s premises 

You can arrange a test drive and/or a consultation appointment via our website. To this end, the necessary personal data is collected and transmitted to the dealer you have selected: name, title, e-mail address, preferred vehicle type. Should you wish to be contacted by telephone by your selected retailer, your telephone number will also be collected and transmitted as voluntary information. For the sake of providing a general assurance that the appointment will be realised as agreed, we will send you a confirmation and an appointment reminder. 

This collection, storage and transmission of the data is based on your voluntarily granted consent within the meaning of Art. 6 (1) Sentence 1 lit. a) in conjunction with Art. 7 GDPR. You may revoke this consent at any time at datenschutz@buerstner.com or by post to Bürstner GmbH & Co. KG, Weststraße 33, 77694 Kehl with effect for the future. You can also assert your rights against the dealer. Please contact the dealer you have selected. 

Data transmission 

We are a globally active company with headquarters in Germany. The data of visitors to our online offering is stored in our centralised customer database in Germany in compliance with the relevant data protection regulations, and is processed in this context throughout the Group for internal administrative purposes. Processing beyond administrative purposes does not take place.  

Legal basis: legitimate interests (Art. 6 [1] lit. f) GDPR) 


Legitimate interests: a so-called “small Group privilege”, centralised management and administration within the company to exploit synergy effects, cost savings, increased effectiveness 


Recipient: https://www.erwinhymergroup.com/de/unternehmen/ueber-die-erwin-hymer-group  

In the event that we transfer data to a country outside the EEA for processing within the Group, we ensure that the processing is legally permissible in the manner we intend. In this instance, we have concluded binding corporate rules/standard data protection clauses – including a separate regulation of suitable technical and organisational measures – in order to protect the data of data subjects in the best possible way. A copy of the guarantee used is available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de

It may be necessary for us to pass on personal data for the performance of contracts or to fulfil a legal obligation. If the data required in this respect is not provided to us, it may not be possible to conclude the contract with the data subject.  

We transfer data to countries outside the EEA (so-called third countries). This is done for the above-mentioned purposes (transfer within the Group and/or other recipients). The transfer shall only take place, in order to fulfil our contractual and legal obligations or on the basis of the data subject’s prior consent.  

In the event that we transfer data to a country outside the EEA for processing, we ensure that the processing is legally permissible in the manner we intend. In this instance, we have concluded standard data protection clauses – including a separate regulation of suitable technical and organisational measures – in order to protect the data of data subjects in the best possible way. A copy of the guarantee used is available at  https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de 

Retention period 

We generally store the data of visitors to our website for as long as is necessary to provide our service, or if this has been provided for by the European legislator or another legislator in laws or regulations to which we are subject. In all other cases, we delete the personal data after the purpose has been fulfilled, with the exception of data that we must continue to store, in order to fulfil legal obligations (e.g. we are obligated to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law). 

Automated decision-making 

We do not use automated decision-making or profiling in accordance with Art. 22 GDPR. 

Legal basis 

Relevant legal bases result primarily from the GDPR. These are supplemented by national laws of the member states and may apply together with or in addition to the GDPR.  

Consent: Art. 6 (1) lit. a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.  

Contract fulfilment: Art. 6 (1) lit. b) GDPR serves as the legal basis for processing operations necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. 

Legal obligation: Art. 6 (1) lit. c) GDPR serves as the legal basis for processing operations that are necessary to fulfil a legal obligation.  

Vital interests: Art. 6 (1) lit. d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person. 

Public interest: Art. 6 (1) lit. e) GDPR serves as the legal basis for processing operations that are necessary for the performance of a task performed in the public interest or in the exercise of official authority vested in the data controller. 

Legitimate interest: Art. 6 (1) lit. f) GDPR serves as the legal basis for processing that is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular, where the data subject is a child. 

Rights of data subjects 

Right to the disclosure of information: pursuant to Art. 15 GDPR, data subjects have the right to request confirmation as to whether we are processing data concerning them. They may request information about this data, as well as the further information listed in Art. 15 (1) GDPR and a copy of their data. 

Right to rectification: pursuant to Art. 16 GDPR, data subjects have the right to request the rectification or completion of data concerning them and processed by us. 

Right to erasure: data subjects have the right under Art. 17 GDPR to request the erasure of data concerning them without undue delay. Alternatively, they can request that we restrict the processing of their data in accordance with Art. 18 GDPR.  

Right to data portability: pursuant to Art. 20 GDPR, data subjects have the right to request the provision of the data they have provided to us and to request that it be transferred to another data controller. 

Right to lodge a complaint: data subjects also have the right to lodge a complaint with the supervisory authority responsible for them in accordance with Art. 77 GDPR. 

Right to object: if personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) Sentence 1 lit. f) GDPR, data subjects have the right to object to the processing of their personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from their particular situation or the objection is directed against direct advertising. In the latter case, data subjects have a general right to object, which we will implement without specifying a particular situation. 

Revocation 

Some data processing operations are only possible with the express consent of the data subject. You have the option to revoke any consent you have already given at any time. All you need to do is send us a message (without any formality) or e-mail to datenschutz@buerstner.com . The legality of the data processing performed until the revocation remains unaffected by the revocation. 

External links 

Our website contains links to the online offers of other providers. We would like to point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers. 

Changes 

We hereby reserve the right to adapt this data protection information at any time in the event of changes to our online offer and in compliance with all prevailing data protection regulations, in order that it complies with the legal requirements. 

 

This Privacy Policy was created by DDSK GmbH 

 

Back to top
© Copyright Bürstner GmbH & Co. KG