1 General
Bürstner GmbH & Co. KG takes the protection of your personal data very seriously. Your privacy is important to us. We process your personal data in accordance with the applicable legal data protection requirements for the purposes specified below. Personal data, as defined in this data protection notice, refers to any information that relates to an individual.
In the following, you will learn how we handle such data. For a clearer overview, we have divided our data protection notice into chapters.
1.1 Data Controller for the Processing of Data
Bürstner GmbH & Co. KG
Weststrasse 33
77694 Kehl, Germany
Tel.: 07851 85 0
E-Mail: datenschutz@buerstner.com
1.2 Data Protection Officer
If you have any questions or comments about data protection (for example, about how to access and update your personal data), you can also contact our Data Protection Officer directly.
DDSK GmbH
Stefan Fischerkeller
Dr.-Klein-Str. 29
D – 88069 Tettnang
Tel.: +49 (0) 7542 949 21 00
E-Mail: datenschutz@buerstner.com
2 Scope of Processing
2.1 Source of Data Collection
We process personal data that we have collected directly from you.
To the extent necessary for the provision of our services, we process personal data legitimately received from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we process personal data that we have legitimately collected, received or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, civil registers, debtors’ registers, land registers, the press, the Internet and other media) and are permitted to process.
2.2 Data Categories
Relevant categories of personal data may include in particular:
2.2.1 Data Categories within the Supplier Relationship
2.2.2 Data Categories as a Trading Partner
2.2.3 Data Categories in Customer Service:
2.3 Purposes and Legal Basis of the Data Processed
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the new version of the German Federal Data Protection Act (BDSG-Neu) and other applicable data protection regulations (details below). The specific data processed and the manner in which it is used depend primarily on the requested or agreed-upon services. You can find additional details or supplements on the purposes of data processing in the respective contractual documents, forms, a declaration of consent and/or other information provided to you (e.g. in the context of using our website or our terms and conditions).
2.3.1 Purposes for the Fulfilment of a Contract or Pre-contractual Measures (Art. para. 1 b GDPR)
Personal data is processed for the purpose of executing contracts with you and carrying out orders, as well as for the purpose of carrying out measures and activities in the context of pre-contractual relationships, e.g. with interested parties. In this context, contractual partners with whom you have a contractual relationship (e.g. business partners) may also receive personal data from us, insofar as this is necessary for the fulfilment of your request in accordance with this legal basis. This includes the following:
contract-related communication with you, corresponding billing and associated payment transactions, the traceability of orders and other agreements, as well as quality control through appropriate documentation, goodwill proceedings, measures for managing and optimising business processes, and fulfilling general due diligence obligations; management and control by affiliated companies; statistical analysis for business management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and tax assessment of business services, risk management, asserting legal claims and defence in legal disputes; ensuring IT security (including system or plausibility tests) and general security, ensuring and exercising property rights (e.g. through access controls); ensuring the integrity, authenticity and availability of data, preventing and investigating crimes, and controls by supervisory bodies or oversight authorities (e.g. auditing).
2.3.2 Purposes within the Scope of a Legitimate Interest of Us or a Third Party (Art. 6 para. 1 f GDPR)
2.3.3 Purposes within the Scope of Your Consent (Art. 6 para. 1 a GDPR)
The processing of your personal data for specific purposes (e.g., using your email address for marketing purposes, utilising other communication channels for the clarification of facts) may also occur based on your consent. Generally, you can revoke your consent at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into effect, i.e. before 25 May 2018.
You will be informed separately about the purposes and consequences of revoking or not granting consent in the relevant text of the consent. Generally, the revocation of consent only takes effect for the future. Processing that took place before the revocation is not affected by this and remains lawful.
2.3.4 Purposes for the Fulfilment of Legal Requirements (Art. 6 para. 1 c GDPR) or in the Public Interest (Art. 6 para. 1 e GDPR)
As with anyone involved in business, we are subject to a broad range of legal obligations. These are primarily legal requirements (e.g. commercial and tax laws), as well as regulatory or other official requirements where applicable. The purposes of processing include, where applicable, the fulfilment of control and reporting obligations under tax law and the archiving of data for data protection and data security purposes as well as auditing by tax and other authorities. Furthermore, the disclosure of personal data may become necessary in the context of official/court measures for the purpose of collecting evidence, criminal prosecution or the enforcement of civil claims.
2.4 Automated Decisions on an Individual Basis, including Profiling (Art. 22 GDPR)
We do not use purely automated decision-making processes. If we do use such a procedure in the future on an individual basis, we will inform you of this separately, insofar as this is required by law.
2.5 Consequences of Failure to Provide Data
In the course of the business relationship or communication with you, you must provide the personal data that is necessary for the establishment, execution and termination of the contractual agreement and the fulfilment of associated contractual obligations, or for the processing of your inquiry, or data that we are legally obliged to collect. Without this data, we will not be able to carry out the legal transaction with you or to satisfactorily process your enquiry/request.
3 Recipient of the Data
3.1 Within the EU
Within our company, those internal departments or organisational units receive your data that require it for the fulfilment of our contractual and legal obligations or in the context of processing and implementing our legitimate interests.
Your data will only be passed on to external bodies
We will not disclose your data to third parties beyond the above. If we commission service providers to process your data, they are subject to the same security standards as we are. In all other cases, the recipients are only allowed to use the data for the purposes for which they were transmitted to them.
3.2 Outside of the EU
Data is transferred to bodies in countries outside the European Union (EU) or the European Economic Area (EEA), so-called third countries.
3.3 Recipient Overview
The following recipients receive your data within the scope of the data processing described here:
Recipient: Tef-Dokumentation GmbH, Angelestr. 56, 88214 Ravensburg
Third country transfer: No third country transfer takes place.
Recipient: Erwin Hymer Group SE, Holzstraße 19, D-88339 Bad Waldsee
Third country transfer: No third country transfer takes place.
4 Retention Periods
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
In addition, we are subject to various retention and documentation obligations, which stem from the German Commercial Code (HGB) and the German Fiscal Code (AO), among other regulations. The periods specified therein for retention or documentation are up to ten years to the end of the calendar year beyond the end of the business relationship or the pre-contractual legal relationship.
Moreover, specific legal provisions may require a longer retention period, such as the preservation of evidence within the framework of statutory limitation provisions. According to §§ 195 et seq. of the German Civil Code (BGB), the standard limitation period is three years; however, limitation periods of up to 30 years may also be applicable.
If the data is no longer required for the fulfilment of contractual or legal obligations and rights, it is regularly deleted, unless its - temporary - further processing is necessary for the fulfilment of the purposes for an overriding legitimate interest. Such overriding legitimate interest exists, for example, when deletion is not possible or only possible with disproportionate effort due to the particular nature of the retention, and processing for other purposes is excluded by appropriate technical and organisational measures.
5 Your Rights
You can assert your data protection rights against us under certain conditions. Your requests about the exercise of your rights should be addressed, if possible, in writing or by e-mail to the address given above or directly in writing or by e-mail to our Data Protection Officer. Thus, you have the right to receive information from us regarding your data that we have stored in accordance with the provisions of Art. 15 GDPR (if applicable, with restrictions in accordance with § 34 of the German Federal Data Protection Act (BDSG)).
You can contact the supervisory authority responsible for us at:
The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg (Der Landesbeauftragte
für den Datenschutz und die Informationsfreiheit Baden-Württemberg)
Postfach 10 29 32, 70025 Stuttgart
Lautenschlagerstraße 20, 70173 Stuttgart
Telephone 0711 6155410
poststelle@lfdi.bwl.de