Data protection

Information on the processing of customer and supplier data:

Information on the processing of your personal data and associated rights can be found here.

1. Introduction

1.1 Privacy Policy

We appreciate your visit to our website and your interest in our company and our products. The protection of your personal data is very important to us. Bürstner GmbH & Co. KG (hereinafter "Bürstner," "we," or "us") attaches great importance to the security of user data and compliance with data protection regulations.

The Bürstner websites may contain links to websites of other providers, to which this privacy policy does not apply. The data collected by the operators of these websites is beyond our knowledge and control. Information can be found in the privacy policy of the respective website.

Below, we provide detailed information about how we handle your data.

1.2 Definitions

This privacy policy is based on the terms of the General Data Protection Regulation (GDPR).

  • "Personal data" is all information relating to an identified or identifiable natural person (hereinafter "data subject") (Article 4 No. 1 GDPR). Your personal data includes information such as your basic data (first and last name, address, and date of birth), your contact details (telephone number, email address), your billing information (bank account details), and much more.

  • “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • “Data subject” means any identified or identifiable natural person whose personal data is processed by the controller.

  • "Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

  • “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller..

  • "Recipient" means a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be considered recipients.

  • “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons authorised to process personal data under the direct authority of the controller or processor.

  • “Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

1.3 Collection and processing of personal data

You can generally use our website without providing any personal data. However, if you wish to use special services offered by our company via our website, processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

2. Purposes of collection – Category of data – Legal basis for processing

2.1 Anonymous data collection

You can visit our website without actively providing personal information. However, each time you access the website, we automatically save access data (server log files) such as the name of your Internet service provider, the operating system used, the website from which you visit us, the date and duration of the visit or the name of the requested file. For security reasons, e.g. to detect attacks on our website, we also save the IP address of the computer used for a period of 14 days. This data is evaluated solely to improve our offering and does not allow any conclusions to be drawn about you personally. This data will not be merged with other data sources. The legal basis for the processing of the data is Art. 6 (1) GDPR. We process and use the data for the following purposes: 1. Provision of the Bürstner websites, 2. Improvement of our websites and 3. Prevention and detection of errors/malfunctions as well as misuse of the websites. Data processing of this type is carried out either to fulfill the contract for the use of the Bürstner websites or we pursue a legitimate interest in ensuring the functionality and error-free operation of the Bürstner websites and adapting these websites to the requirements of the users.

2.2 Use of cookie tracking

To make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on our websites. These are a standard internet technology used to store and retrieve login and other usage information for all users of Bürstner websites. Cookies are small text files that are stored on your device. They enable us, among other things, to save user settings so that our websites can be displayed in a format tailored to your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies to recognize your browser the next time you visit (so-called persistent cookies).

You can set your browser to inform you when cookies are set and to decide individually whether to accept them, or to exclude cookies for specific cases or generally. Cookies can also be deleted subsequently to remove data that websites have stored on your computer. You can quickly find instructions for this online. Disabling cookies may result in some limitations in the functionality of the Bürstner websites.

2.3 Use of Google Analytics

This website uses functions of the web analysis service Google Analytics. Provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to and stored by Google on servers in the USA. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where third parties process the data on Google’s behalf.

Prevent cookies from being saved

You can prevent cookies from being saved by selecting the appropriate settings in your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

IP-Anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA.

Objection to data collection

If you do not want Google to receive data from your browser when you visit our pages, you can find the link to the opt-out solution for Google Analytics here: http://tools.google.com/dlpage/gaoptout?hl=de , This plug-in prevents the browser from requesting the Analytics code, so Google does not receive any data when the page is accessed. The plug-in is only available for Microsoft Internet Explorer 11, Google Chrome, Mozilla Firefox, Apple Safari, and Opera. According to Google, the browser blocks the Google Analytics script after installation. Further information on terms of use and privacy can be found at 
 http://www.google.com/analytics/terms/de.html and
 http://www.google.com/intl/de/analytics/privacyoverview.html.

Please note that Google Analytics has been extended on this website with the code "gat.anonymizeIp" to ensure the anonymized collection of IP addresses (so-called IP masking).

Demographic characteristics in Google Analytics

This website uses the "demographic characteristics" feature of Google Analytics. This allows reports to be created that contain information about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third parties. This data cannot be assigned to a specific individual. You can deactivate this feature at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as described in the "Objection to data collection" section.

2.4 Use of Google Remarketing

This website uses Google Remarketing technology from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). This is a retargeting technology that allows us to retarget visitors to our website with targeted advertising on websites of the Google advertising network. The advertising is displayed using so-called cookies.

For this purpose, cookies are placed on your computer, which third parties, including Google, use to record which of our websites you have visited with your browser. This information can then be used to present our ads to you at a later time on other websites, e.g., within Google Search or on websites within the Google network. Further information on data protection at Google and how remarketing works can be found at: https://www.google.de/intl/de/policies/privacy/. You can also deactivate the storage of cookies through the settings of your browser and/or prevent the collection of data within the scope of Google Remarketing through https://www.google.com/policies/technologies/ads/ 

2.5 Use of Google AdWords

On our website we use Google Conversion Tracking, an analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Google AdWords places a cookie on your computer ("conversion cookie") if you have reached our website via a Google ad. These cookies expire after 30 days and are not used for personal identification. If you visit certain of our pages and the cookie has not yet expired, we and Google can recognize that someone has clicked on the ad and been redirected to our site. Each AdWords customer receives a different cookie. Cookies cannot therefore be tracked across the websites of AdWords customers. The information collected using the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. AdWords advertisers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in tracking, you can object to this use by preventing the installation of cookies through the appropriate settings in your browser software (deactivation option). You will then not be included in the conversion tracking statistics. Further information on terms of use and data protection can be found at:http://www.google.de/policies/privacy/.

2.7 Use of Google Maps

We use Google Maps to display maps and create directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

By using this website, you consent to the collection, processing, and use of automatically collected data and data you enter by Google, one of its agents, or third parties.

The terms of use for Google Maps can be found at:

 https://www.google.com/intl/de_de/help/terms_maps.html .

Detailed information can be found in the Privacy Center of google.de: Transparency and choice as well as data protection provisions under https://policies.google.com/privacy?hl=de&gl=de .

2.8 Use of Google Doubleclick

We use Doubleclick by Google. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Doubleclick by Google uses cookies to show you ads that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser to check which ads were displayed in your browser and which ads were accessed. The cookies do not contain any personal information. The use of Doubleclick cookies simply enables Google and its partner websites to display ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for evaluation and stored there. Google will only transfer data to third parties if required by law or within the framework of order data processing. Under no circumstances will Google combine your data with other data collected by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website.

Detailed information can be found in the Privacy Center of google.de: Transparency and choice as well as data protection provisions under https://policies.google.com/privacy?hl=de&gl=de.

2.9 Use of Google Tag Manager

This website uses Google Tag Manager. This service allows website tags to be managed via an interface. Google Tag Manager simply implements tags. This means that no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If deactivation has been performed at the domain or cookie level, it remains in effect for all tracking tags implemented with Google Tag Manager.

Detailed information can be found in the Privacy Center of google.de: Transparency and choice as well as data protection provisions under https://policies.google.com/privacy?hl=de&gl=de

2.10 Use of Google AdSense

We have integrated Google AdSense into our website. The provider of the Google AdSense component is Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google AdSense is an online service that enables advertising on third-party websites. Google AdSense is based on an algorithm that selects the advertisements displayed on third-party websites based on the content of the respective third-party website. Google AdSense allows interest-based targeting of internet users, which is implemented by generating individual user profiles.

The purpose of the Google AdSense component is the integration of advertisements on our website. Google AdSense sets a cookie on the information technology system of the data subject. By setting the cookie, Alphabet Inc. is enabled to analyze the use of our website. With each call-up to one of the individual pages of this website, which is operated by the controller and on which a Google AdSense component was integrated, the Internet browser on the information technology system of the data subject is automatically prompted through the respective Google AdSense component to transmit data for the purpose of online advertising and the settlement of commissions to Alphabet Inc. As part of this technical procedure, Alphabet Inc. gains knowledge of personal data, such as the IP address of the data subject, which serves Alphabet Inc., inter alia, to trace the origin of visitors and clicks and subsequently enable commission settlements.

The data subject can prevent the setting of cookies by making the appropriate settings in the Internet browser used, thereby permanently denying the setting of cookies. Such a setting in the Internet browser used would also prevent Alphabet Inc. from placing a cookie on the information technology system of the data subject. Furthermore, a cookie already set by Alphabet Inc. can be deleted at any time via the Internet browser or other software programs.

Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic embedded in websites to enable log file recording and analysis, which can be used for statistical evaluation. Using the embedded tracking pixel, Alphabet Inc. can determine whether and when a website was opened by a data subject and which links were clicked by the data subject. Tracking pixels are used, among other things, to evaluate the flow of visitors to a website.

Through Google AdSense, personal data and information, including the IP address, which is necessary for the collection and billing of the displayed advertisements, is transferred to Alphabet Inc. in the United States of America. This personal data is stored and processed in the United States of America. Alphabet Inc. may transfer this personal data collected through this technical process to third parties.

Google AdSense is available at this link www.google.de/intl/de/adsense/start/ explained in more detail.

2.11 Use of Hotjar

Our website uses Hotjar, a web analysis tool from Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta (“Hotjar”). Hotjar anonymously records interactions between randomly selected individual users and the website. This creates a log of, for example, mouse movements and clicks with the aim of identifying opportunities for improvement on the respective website. In addition, information about the operating system, browser, incoming and outgoing references (links), geographical origin, as well as the resolution and type of device is evaluated for statistical purposes. The information generated by the “tracking code” and “cookie” about the user’s visit to the ACTICO GmbH website is transmitted to the Hotjar servers in Ireland and stored there. This information is not personal and is not passed on to third parties by Hotjar. If the user does not wish to be tracked, they can deactivate this on all websites that use Hotjar by setting the DoNotTrack header in their browser. Information on the opt-out option can be found on the following page: http://overheat.de/opt-out.html.  

Further information about Hotjar can be found at https://www.hotjar.com/ Hotjar’s privacy policy can be found atr https://www.hotjar.com/privacy 

2.12 Use of Bing Ads

We use Universal Event Tracking (UET) from Microsoft Bing Ads. This service is provided by Microsoft Corporation (“Microsoft”), One Microsoft Way, Redmond, WA 98052-6399, USA. This enables us to track the activities of our users if our website is reached via a Microsoft Bing ad. If users reach our website via such an ad, a cookie is placed on your computer. A Bing UET tag is integrated into our website. This is a code which, in conjunction with the cookie, stores some non-personal data about the use of the website. This includes, among other things, the length of time spent on the website, which areas of the website were accessed and which ad users accessed the website via. Information about your identity is not collected. The information collected is transferred to Microsoft servers in the USA and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by deactivating cookies. This may limit the functionality of the website. For more information about Bing's analytics services, please visit the Bing Ads website at: https://help.bingads.microsoft.com/#apex/3/de/53056/2 .

For more information about data protection at Microsoft and Bing, please see the Microsoft privacy policy at: https://privacy.microsoft.com/de-de/privacystatement .

2.13 Use of AdForm

We use cookies to deliver targeted advertising based on the interests of our website visitors. For this purpose, we use the service AdForm A/S, Wildersgade 10B, 1, 1408 Copenhagen K, Denmark.
This service may collect and process personal data in pseudonymized form, such as click behavior, abbreviated IP addresses, or metadata about the device (browser, operating system). Depending on your consent, a connection to other websites and advertising platforms may be established.

The legal basis for the processing of your data is your voluntarily given consent within the meaning of Art. 6 (i) (a) in conjunction with Art. 7 GDPR. You grant your consent by confirming it via our consent management system when you (first) access the site. You can revoke or change this consent at any time via the consent settings. Your consent can therefore be revoked at any time with effect for the future. The cookie stored stores the data for a period of 12 months.

You can also object to the processing of your data directly with AdForms. We provide the following opt-out link for this purpose: https://site.adform.com/datenschutz-opt-out/. The opt-out then applies to the respective device used to access the page. Further information about data processing by AdForms can be found here: https://site.adform.com/privacy-center/overview/

 

2.14 Use of social media

Social media features can be used on our website.

When you access one of these pages, a connection may be established to the respective social media servers. These servers will be informed that you have visited our website using your IP address. If you comment or like something, etc., and you are logged into your respective account, the social media platform may be able to associate your visit to our website with you and your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the transmitted data or how it is used.

These services are provided by the following companies:

  • Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA

  • Google+ Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

  • Linkedin Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA

  • Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, USA

  • Xing AG, Dammtorstraße 30, 20354 Hamburg, Germany

  • YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA

  • Kununu GmbH, Wollzeile 1-3 Top 5.1, 1010 Wien, Austria

  • Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA

The purpose and scope of data collection and the further processing and use of the data by the providers as well as your rights and setting options for the protection of your personal data can be found in the data protection information of the respective providers:

If you do not want the respective social media to be able to assign your visit to our site to your respective account, you must log out of the respective service before visiting our website.

2.14.1 Facebook Pixel

Facebook-Pixel

In order to continuously increase our reach and the awareness of our online offering, we process personal data as part of online marketing, in particular with regard to potential interests and the measurement of the effectiveness of our marketing measures.

To measure the effectiveness of our marketing efforts and identify potential interests, relevant information is stored in cookies or similar processes are used. The data stored in cookies may include content viewed, online presences visited, settings, and functions and systems used. However, no user data is generally processed for the purposes described. The data is then modified in such a way that the actual identity of the user is unknown to us or the provider of the tool used. The modified data is often stored in user profiles.

If user profiles are stored, the data can be read, supplemented and added to on the server of the online marketing provider when visiting other online offers that use the same online marketing process.

We can determine the success of our advertisements based on aggregated data made available to us by the provider of the online marketing method (so-called conversion measurement). These conversion measurements allow us to understand whether a marketing measure has led to a purchase decision by a visitor to our website. This evaluation is used to analyze the success of our online marketing.

Categories of data subjects: Website visitors, users of online services, interested parties, communication partners, business and contractual partners
Categories of data: User data (e.g., websites visited, interest in content, access times), meta and communication data (e.g., device information, IP addresses), location data, contact data, content data (e.g., text information, photographs, videos)
Purposes of processing: Marketing (partially interest-based and behavior-related), conversion measurement, target group building, click tracking, development of marketing strategies, and increasing campaign efficiency
Legitimate interests: Optimization and further development of the website, increasing profits, customer retention and acquisition
Service used: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Data protection: https://www.facebook.com/privacy/explanation
Opt-Out-Link: https://www.facebook.com/settings?tab=ads

Legal basis: Consent (Art. 6 (1) (a) GDPR)

2.15 Registration on the website

You have the option of registering on our website. Registration serves the purpose of offering the data subject content or services that, by their very nature, can only be offered to registered users. We collect the following data: customer number and email address. The information marked as mandatory is required for registration; any additional information is voluntary and can be revoked at any time.

By registering on our website, the IP address assigned to the data subject by the Internet service provider (ISP), the date, and time of registration are also stored. This data is stored to prevent misuse of our services and, if necessary, to enable the investigation of committed crimes. Therefore, storing this data is necessary for our security. This data will generally not be passed on to third parties unless there is a legal obligation to do so or the transfer serves the purpose of law enforcement.

Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from our database, provided that this does not conflict with any statutory retention periods.

2.16 Contact form/inquiries

You have the option of sending us inquiries via our contact form. Your information from the contact form (content of your inquiry, any attached files, your chassis number (if applicable) and the date), including the contact details you provided there (gender (optional), first name, last name, address, telephone number, fax number (optional), and email address), will be stored by us for the purpose of processing your inquiry and in case of follow-up questions. We will not share this data without your consent. The legal basis for the collection and processing of this data is Art. 6 (1) GDPR.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular, retention periods—remain unaffected.

2.17 Email Contact

If you send us inquiries or information by email, your details (email address, content of your email, subject of your email, and date), including the contact information you provide (first name, last name, telephone number if applicable, address), will be stored by us for the purpose of processing your inquiry and in case of follow-up questions. We will not share this data without your consent. The legal basis for the collection and processing of this data is Art. 6 (1) GDPR.

The user is advised that emails can be read or altered during transmission without authorization and without being noticed. Bürstner uses software to filter unwanted emails (spam filters). The spam filter can reject emails that have been incorrectly identified as spam based on certain characteristics.

The data you enter will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular, retention periods—remain unaffected.

2.18 Competitions/Special Promotions

From time to time, you have the opportunity to participate in competitions and/or special promotions on our website. Participation is voluntary and independent of any other offers on our website. When registering for the competition, you provide us with your email address (and, if applicable, your first and last name, telephone number, date of birth, and address). The purpose of collecting this information is to conduct the competition, determine the winner, and send the prize. The legal basis is Art. 6 (1) (a) GDPR. Further data is not collected or is only collected on a voluntary basis.

However, in the event of a win, participants agree to provide their first name (last name with initials only) for editorial purposes. We will only store the data you provide until the competition has been completed, unless you have consented to further storage of the data. Mandatory legal provisions – in particular retention periods – remain unaffected.

2.19 Subscription to our newsletter

On our website you have the option of subscribing to our company newsletter. We use this to regularly inform our customers and business partners about our company offers. For this we require a valid email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. For legal reasons, a confirmation email will be sent using the double opt-in procedure to the email address entered by a data subject for the first time for newsletter delivery. We use this data exclusively for sending the newsletter and do not pass it on to third parties. The legal basis for the collection and processing of the data is Art. 6 (1) GDPR.

When registering for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to be able to trace the (possible) misuse of the email address of a data subject at a later date and therefore serves our security purposes.

You can revoke your consent to the storage of your data, your email address, and their use for sending the newsletter at any time, for example, via the "Unsubscribe"/"Unsubscribe" link in each newsletter. Alternatively, you can also send your unsubscribe request to info@buerstner.com by email. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter.

2.19.1 Newsletter-Tracking

The newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format to enable log file recording and analysis. This allows us to conduct a statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, we can determine whether and when an email was opened by a data subject and which links in the email were accessed by the data subject.

Such personal data collected via the tracking pixels contained in the newsletters is stored and evaluated by us on the basis of legitimate interests in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to the interests of the data subject. The legal basis is Art. 6 Para. 1 GDPR. This personal data will not be passed on to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent given via the double opt-in procedure. After revocation, this personal data will be deleted by the person responsible for processing. Unsubscribing from the newsletter is interpreted as an automatic revocation.

2.20 Career Area/Online Application

On our website, you have the option of using the careers section and/or submitting applications by email. The personal data (master data, contact details, attachments such as cover letters, CVs, references, etc.) of applicants are collected and processed for the purpose of processing the application process. Processing may also take place electronically. This is particularly the case if an applicant submits relevant application documents to the controller, e.g., by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted three months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with deletion. Other legitimate interests in this sense include, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG). The legal basis for the collection and processing of data is Art. 6 (1) GDPR.

2.20.1 Applicant pool

When applying online, you have the option of explicitly consenting to us storing and using your data beyond the current application process. With this consent, we can then inform you about new job postings or vacancies that may be of interest to you.

2.21 Arranging test drives and consultation appointments

You have the option of arranging a test drive and/or a consultation appointment via our website. For this purpose, the necessary personal data will be collected and transmitted to the dealer you have selected: name, title, email address, preferred vehicle type. If you wish to be contacted by telephone or post by your selected dealer, your telephone number and/or address will also be collected and transmitted as voluntary information. To ensure that the appointment is carried out as agreed, we will send you a confirmation and an appointment reminder. This collection, storage and transmission of data is based on your voluntarily given consent within the meaning of Art. 6 (1) (a) in conjunction with Art. 7 GDPR. You can revoke this consent at any time atdatenschutz@buerstner.com or by mail to Bürstner GmbH & Co. KG, Weststraße 33, 77694 Kehl, with future effect. You can also assert your rights against the retailer. To do so, contact the retailer you selected.

3. Transmission of data

3.1 Transmission internally, within Bürstner

We transfer your data internally to fulfill our contractual or legal obligations. Your data will only be transferred or disclosed to the extent necessary for this purpose and in compliance with the applicable data protection regulations.

3.2 Transmission group-wide/group-wide

Bürstner is a global company headquartered in Germany. The data you provide to us is stored in our centralized customer database in Germany and shared within the group for administrative purposes. If data is shared within the group/concern, this is done to fulfill a contract or as a condition of use for the websites. There may also be an interest in sharing this data for internal administrative purposes. If your data is processed outside of Europe, for example, in India, Brazil, Russia, China, Switzerland, Singapore, or the USA, this transfer will take place in compliance with all applicable data protection laws, particularly in accordance with Articles 44 et seq. of the GDPR.

3.3 Transmission to third parties

We transmit your data to certain third parties in order to provide corresponding applications and services (so-called "processors") who provide external services for us. For example, newsletter services, IT providers, tax offices, etc. Transfer to other third parties may also occur if necessary to fulfill our obligations (authorities, banks, social security providers, etc.). Third parties process the data only in accordance with our instructions and are prohibited from using this data for their own commercial purposes that do not correspond to the agreed purposes.

We must disclose personal data if we are required to do so in the context of ongoing legal proceedings, due to an injunction, by law, or under applicable law (Art. 6 (1) (f) GDPR).

We will only share your personal information with third parties if:

  • You have given your express consent pursuant to Art. 6 (1) (a) GDPR,
  • the transfer is necessary pursuant to Art. 6 (1) (f) GDPR to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • in the event that there is a legal obligation to disclose data pursuant to Art. 6 (1) (c) GDPR, and
  • this is legally permissible and necessary for the processing of contractual relationships with you pursuant to Art. 6 (1) (b) GDPR.

If your data is processed outside of Europe, for example in India, Brazil, Russia, China, Switzerland, Singapore or the USA, this transfer will take place in compliance with all applicable data protection laws and in particular in accordance with Art. 44 et seq. GDPR.

3.4 Transfer to a third country or international organization

We transfer your data to countries outside the EU or the EEA (so-called third countries) for the purposes stated above (group-wide transfer (No. 4.2) and transfer to third parties (No. 4.3)). The transfer only takes place to fulfill our contractual and legal obligations or with your consent. This transfer takes place in compliance with all applicable data protection laws, particularly in accordance with Art. 44 et seq. GDPR. In particular, either due to adequacy decisions issued by the European Commission or due to certain guarantees (e.g., standard data protection clauses, etc.).

4. Further notification obligations

4.1 Existence of automated decision-making, including profiling

As a responsible company, we do not use automated decision-making or profiling.

5. Final part of the data protection declaration

5.1 Duration of storage

We generally store your data for as long as necessary to provide our services, or as provided for by the European legislator or other legislators in laws or regulations to which the controller is subject. In all other cases, we delete your personal data after the purpose has been fulfilled, with the exception of data that we are required to retain to fulfill legal obligations (e.g., we are obligated to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).

5.2 Technical safety

Bürstner uses technical and organizational security measures to protect your data managed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

For security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator, this site uses SSL encryption (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. This is generally 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit technology instead. You can tell whether an individual page of our website is being transmitted encrypted by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL encryption is activated, the data you send to us cannot be read by third parties.

We would like to point out that data transmission over the Internet (e.g., when communicating via email) may be subject to security gaps. Complete protection of data from access by third parties is not possible.

5.3 Legal basis for processing

Art. 6 I lit. a GDPR serves as the legal basis for our company for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary to fulfill a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 (1) (b) GDPR. The same applies to processing operations necessary to carry out pre-contractual measures, such as in cases of inquiries about our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Art. 6 I lit. c GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third party. In this case, the processing would be based on Art. 6(1)(d) GDPR.

Ultimately, processing operations could be based on Art. 6 (1) (f) GDPR. This legal basis applies to processing operations that are not covered by any of the aforementioned legal grounds if the processing is necessary to protect the legitimate interests of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override them. If the processing of personal data is based on Article 6 (1) (f) GDPR, our legitimate interest is conducting our business for the benefit of the well-being of all our employees and our customers.

5.4 Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We would like to clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also arise from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for a data subject to provide us with personal data in order to conclude a contract, which must then be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before the data subject provides personal data, the data subject must contact one of our employees. Our employee will clarify to the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of non-provision of the personal data would be.

5.6 Rights of data subjects

You have the right to information about the data we store, the duration of the data, the purpose and legal basis for storage, as well as the origin and recipient of transmissions. Inaccurate data must be corrected, and data stored improperly or no longer required must be deleted. In addition, the data subject has the right to object, the right to restriction of processing, and the right to data portability.

This information will be provided upon your request. This information is provided free of charge.

You also have the right to lodge a complaint directly with a supervisory authority.

5.7 Revocation of your consent to data processing

Some data processing operations are only possible with your express consent. You have the option to revoke your consent at any time. To do so, simply send an informal message to datenschutz@buerstner.com by email. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.

5.8 Verantwortliche Stelle und Kontaktdaten des externen DSB

5.8 Responsible body and contact details of the external DPO

Bürstner GmbH & Co. KG
Weststraße 33
77694 Kehl
Tel.: 07851 85 0
E-Mail: datenschutz@buerstner.com

Contact details of the external data protection officer:

Stefan Fischerkeller
German Data Protection Law Firm
Tel.: 07542 94921 01

1. General

Bürstner GmbH & Co. KG takes the protection of your personal data very seriously. Your privacy is important to us. We process your personal data in accordance with the applicable statutory data protection requirements for the purposes listed below. Personal data, as defined in this privacy policy, is all information that relates to you personally.

Below, you will learn how we handle this data. For a better overview, we have divided our privacy policy into chapters.

The controller responsible for data processing is

Bürstner GmbH & Co. KG
Weststraße 33
77694 Kehl
Tel.: 07851 85 0
E-Mail: datenschutz@buerstner.com

If you have any questions or comments regarding data protection (for example, regarding access to and updating of your personal data), you can also contact our data protection officer.

Stefan Fischerkeller
Deutsche Datenschutzkanzlei
Dr.-Klein-Str. 29, 88069 Tettnang
+49 7542 949 21 00
datenschutz@buerstner.com

2. Processing framework

2.1 Source of data collection

We process personal data that we have collected directly from you.

To the extent necessary for the provision of our services, we process personal data lawfully received from other companies or other third parties (e.g., credit agencies, address publishers). We also process personal data that we have lawfully obtained, received, or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, residents' registers, debtor lists, land registers, the press, the internet, and other media) and are permitted to process.

2.2 Origin and categories of data not collected directly from you

To the extent necessary for the provision of our services, we process personal data lawfully obtained from other companies or other third parties. We also process personal data that we have lawfully obtained, received, or acquired from publicly accessible sources (press, internet, and other media) and are permitted to process. Relevant personal data categories may include, in particular:

  • Personal data (name, date of birth, place of birth, nationality, marital status, occupation/industry, and similar data)

  • Contact details (address, email address, telephone number, and similar data)

  • Payment/coverage confirmation for bank and credit cards

  • Customer history

  • Data about your use of the telemedia services we offer (e.g., time of access to our websites, apps, or newsletters, pages/links clicked from our website or entries, and similar data)

  • Video and image recordings

  • Credit information

  • Information about the registration of your vehicle (chassis or serial number, first registration date, warranty information/warranty applications)

2.3 Purposes and legal bases of the processed data

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the new version of the Federal Data Protection Act (BDSG-neu), and other applicable data protection regulations (details below). Which data is processed and how it is used depends largely on the services requested or agreed upon. Further details or additions to the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent, and/or other information provided to you (e.g., when using our website or our terms and conditions).

Purposes for the performance of a contract or pre-contractual measures (Art. 6 (1) (b) GDPR)

Personal data is processed to execute our contracts with you and your orders, as well as to carry out measures and activities within the framework of pre-contractual relationships, e.g., with interested parties. This essentially includes: contract-related communication with you, the corresponding billing and associated payment transactions, the verifiability of orders and other agreements, and quality control through appropriate documentation, goodwill procedures, measures to control and optimize business processes and to fulfill general due diligence obligations, management and control by affiliated companies; statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and tax assessment of operational services, risk management, assertion of legal claims, and defense in legal disputes; ensuring IT security (including system and plausibility tests) and general security; safeguarding and exercising house rules (e.g., through access controls). Ensuring the integrity, authenticity and availability of data, preventing and investigating criminal offenses, and monitoring by supervisory bodies or control authorities (e.g. audit).

Purposes within the scope of a legitimate interest of us or third parties (Art. 6 (1) (f) GDPR)

Beyond the actual fulfilment of the contract or preliminary contract, we may process your data if necessary to protect our legitimate interests or those of third parties, in particular for purposes

  • advertising or market and opinion research, provided you have not objected to the use of your data;
  • testing and optimizing needs analysis procedures;
  • further developing services and products as well as existing systems and processes;
  • enriching our data, including through the use or research of publicly available data;
  • statistical evaluations or market analysis; benchmarking;
  • asserting legal claims and defending against legal disputes that are not
  • directly related to the contractual relationship;
  • limited storage of data if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage;
  • developing scoring systems or automated decision-making processes;
  • preventing and investigating criminal offenses, unless exclusively for the purpose of fulfilling legal requirements;
  • ensuring building and facility security (e.g., through access controls), insofar as this goes beyond general due diligence obligations;
  • internal and external investigations and security audits;
  • obtaining and maintaining certifications of a private or official nature;
  • ensuring and exercising house rules through appropriate measures (such as video surveillance), as well as securing evidence in connection with criminal offenses and preventing them.

Purposes within the scope of your consent (Art. 6 para. 1a GDPR)

Your personal data may also be processed for specific purposes (e.g., using your email address for marketing purposes) based on your consent. You can generally revoke this consent at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e., before May 25, 2018. You will be informed separately in the corresponding text of the consent about the purposes and consequences of revoking or not granting consent. In principle, the revocation of consent only takes effect for the future. Processing that occurred before the revocation is not affected and remains lawful.

Purposes to fulfil legal requirements (Art. 6 (1) (c) GDPR) or in the public interest (Art. 6 (1) (e) GDPR)

Like everyone involved in business, we are subject to a variety of legal obligations. These primarily include statutory requirements (e.g., commercial and tax laws), but may also include regulatory or other official requirements. The purposes of processing may include fulfilling tax control and reporting obligations, archiving data for data protection and data security purposes, and audits by tax and other authorities. Furthermore, the disclosure of personal data may be required as part of official/judicial measures for the purposes of gathering evidence, criminal prosecution, or enforcing civil law claims.

Scope of your obligations to provide us with data

You only need to provide the data that is necessary for establishing and conducting a business relationship or for a pre-contractual relationship with us, or that we are legally obligated to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also apply to data required later within the scope of the business relationship. If we request additional data from you, you will be specifically informed that this information is voluntary.

Existence of automated decision-making in individual cases (including profiling)

We do not use purely automated decision-making processes pursuant to Article 22 GDPR. Should we use such a process in individual cases in the future, we will inform you separately, provided this is required by law. We may process some of your data for the purpose of evaluating certain personal aspects (profiling).

In order to provide you with targeted product information and advice, we may use evaluation tools. These enable needs-based product design, communication, and advertising, including market and opinion research. Information about nationality and special categories of personal data pursuant to Art. 9 GDPR are not processed.

2.4 Consequences of non-provision of data

As part of the business relationship, you must provide the personal data that is necessary for the establishment, execution, and termination of the legal transaction and the fulfillment of the associated contractual obligations, or which we are legally obligated to collect. Without this data, we will not be able to complete the legal transaction with you.

2.5 Recipients of the data within the EU

Within our company, your data will be passed on to those internal departments or organizational units that require it to fulfill our contractual and legal obligations or within the scope of processing and implementing our legitimate interests.

Your data will only be passed on to external parties

  • in connection with the execution of the contract;
  • for the purposes of fulfilling legal requirements under which we are obligated to provide information, report, or disclose data, or where the disclosure of data is in the public interest (see Section 2.4);

to the extent that external service providers process data on our behalf as processors or function providers (e.g. data centers, support/maintenance of IT applications, archiving, document processing, call center services, compliance services, controlling, data validation or plausibility checks, data destruction, purchasing/procurement, customer management, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printing companies or data disposal companies, courier services, logistics);

  • based on our legitimate interest or the legitimate interest of the third party for the purposes stated (e.g., to authorities, credit agencies, debt collection agencies, lawyers, courts, experts, subsidiaries, and committees and supervisory bodies);
  • if you have given us your consent to transmit your data to third parties.

We will not share your data with third parties beyond this. If we engage service providers to process your data, your data will be subject to the same security standards as we do. In other cases, the recipients may only use the data for the purposes for which it was transmitted.

2.6 Recipients of data outside the EU

Economic Area (EEA) (so-called third countries) does not take place.

2.7 Storage periods

We process and store your data for the duration of our business relationship. This includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

In addition, we are subject to various retention and documentation obligations, which arise, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified therein extend up to ten years to the end of the calendar year beyond the end of the business relationship or the pre-contractual legal relationship.

Furthermore, specific legal regulations may require a longer retention period, such as the preservation of evidence within the framework of statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), the standard limitation period is three years; however, limitation periods of up to 30 years may also apply.

If the data is no longer required to fulfill contractual or legal obligations and rights, it will be regularly deleted, unless its - limited - further processing is necessary to fulfill the purposes based on an overriding legitimate interest. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage, and processing for other purposes is excluded by appropriate technical and organizational measures.

2.8 Your rights

Under certain circumstances, you can assert your data protection rights against us.

  • You have the right to receive information from us about the data we store about you in accordance with the provisions of Art. 15 GDPR (possibly with restrictions under Section 34 of the German Federal Data Protection Act).

  • Upon your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.

  • If you so wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other legal regulations (e.g., statutory retention periods or the restrictions under Section 35 of the German Federal Data Protection Act) or an overriding interest on our part (e.g., to defend our rights and claims) do not conflict with this.

  • Subject to the requirements of Art. 18 GDPR, you can request that we restrict the processing of your data.

  • Furthermore, you can object to the processing of your data in accordance with Art. 21 GDPR, which requires us to stop processing your data. However, this right of objection only applies if there are very specific circumstances of your personal situation, whereby the rights of our company may conflict with your right of objection.

  • You also have the right to receive your data in a structured, common, and machine-readable format or to transmit it to a third party under the conditions of Art. 20 GDPR.

  • In addition, you have the right to revoke your consent to the processing of personal data at any time with future effect (see Section 2.3).

  • You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always first address a complaint to our data protection officer.

  • Your requests to exercise your rights should, if possible, be addressed in writing or by email to the address provided above, or directly in writing or by email to our data protection officer.

Special reference to your right of objection under Art. 21 GDPR

You have the right to object at any time to the processing of your data based on Art. 6 (1) (f) GDPR (data processing based on a balance of interests) or Art. 6 (1) (e) GDPR (data processing in the public interest) if there are reasons for doing so that arise from your particular situation.

This also applies to profiling based on this provision within the meaning of Art. 4 (4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

We may also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object at any time; this also applies to profiling insofar as it is related to such direct marketing. We will respect this objection in the future. We will no longer process your data for direct marketing purposes if you object to processing for these purposes.

The objection can be made in any form and should, if possible, be addressed to:

Bürstner GmbH & Co. KG
Weststraße 33
77694 Kehl
Tel.: 07851 85 0
E-Mail: datenschutz@buerstner.com

You also have the option of submitting a complaint to the aforementioned data protection officer or to a data protection supervisory authority.

The data protection supervisory authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Königstraße 10a
70173 Stuttgart