1. General information on the processing of personal data
(1) Protecting your personal data (“Data”) is particularly important to us. Therefore, we hereby wish to inform you in detail which Data are processed when you use our websites and services (“Data Processing Activities”).
(2) In accordance with Art. 4 Nr. 7 of the General Data Protection Regulation (“GDPR”), the controller is
bmp Ventures AG
Telefon: +49 (0)30 20 30 50
(hereinafter “bmp“). More detailed information can be found in our imprint.
(3) You can reach our data protection officer at email@example.com or by written mail to our address with the addition “Data Protection Officer”.
(4) We process personal data in strict compliance with the applicable data protection regulations. This means the data will only be processed with legal permission; in particular, if the processing of the data is necessary for the provision of our contractual and online services, e.g. when consent is legally required, as well as on grounds of our legitimate interest (i.e. interest in the analysis, optimization and economic operation and security of our online content within the meaning of Art. 6 para. 1 lit. f. GDPR, especially for range measurement, creation of profiles for advertising and marketing purposes, collection of access data and use of third-party services).
(5) The legal basis of consent is Art. 6 para. 1 lit. a. and Art. 7. GDPR. The legal basis for the processing of data in order to provide our service and execute contractual duties is Art. 6 para. 1 lit. b. GDPR. The legal basis for the processing of data in order to fulfill our legal obligations is Art. 6. Para. 1 lit. c. GDPR, and the legal basis for the processing of data for the safeguarding of our legitimate interests is Art. 6, para 1. lit. f. GDPR.
2. Data Processing Activities when visiting our websites
(1) If you use our websites for informational purposes only, i. e. if you do not register, leave ratings or otherwise provide us with information, we only collect the personal Data that your browser transmits to our server. If you wish to view our websites, we collect the following Data, which are technically necessary in order for us to display our websites to you and to guarantee stability and security:
- Date and time of the request,
- Duration of the website visit
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the request (specific site/page),
- Access status/HTTP-status code,
- Respective data amount transferred,
- Website that the request is coming from,
- Webpages that you visit on our website
- Internet service provider
- Server Log Files,
- Operating system and its interface
- Language and version of the browser software.
(2) The legal basis is Art. 6 Para. 1 Sent. 1 lit. f. GDPR and the Data are saved only for the duration of your visit.
3. Data processing through cookies (Tracking)
(1) In addition to the data usage mentioned above, cookies will be stored on your device when you use our website. Cookies are small text files that are saved to your hard disk by your web browser and provide us with information. They serve to make our website more effective and user-friendly. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f. GDPR, which is our legitimate interest in improving the usability of our website and analyzing our online marketing activities.
(2) You can configure your browser settings to meet your preferences, for instance by refusing to accept cookies. We do point out that you may not be able to use all of the functions and features of our websites.
3.1 Google Analytics
(2) If IP-anonymization is activated, Google shortens your IP-address within member states of the European Union and other parties to the Agreement on the European Economic Area. Only in exceptional cases the full IP-address is transmitted to a Google server in the USA and shortened there. IP-anonymization is activated on our web service. Upon our request, Google shall use this information to analyse the use of our websites, to compile activity reports and to provide us with other services related to the use of our websites and the internet.
(1) Due to our legitimate interest in the analysis, optimization and economic operation of our online offer and for these purposes within the meaning of Art. 6 (1) f. of the GDPR we use the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
(2) With the help of the Facebook pixel, Facebook is on the one hand able to determine the visitors of our online offer as a target group for the presentation of advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel to display our Facebook Ads only to Facebook users who have shown an interest in our Websites or who have specific characteristics (e. g. interests in certain topics or products determined by the websites visited) that we submit to Facebook (so-called "custom audiences"). With the help of the Facebook pixel, we also want to make sure that our Facebook Ads are in line with the potential interest of users and do not have a nuisance effect. Using the Facebook pixel, we can also track the effectiveness of Facebook Ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook Ad (so-called "conversion").
(3) The Facebook pixel is directly integrated into our web pages by Facebook and can store a so-called cookie, i. e. a small file, on your device. If you then log in to Facebook or visit Facebook when you are logged in, your visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, i. e. it does not allow us to draw conclusions about the identity of the users. However, the data is stored and processed by Facebook so that it can be linked to the respective user profile and used by Facebook as well as for its own market research and advertising purposes. If we transfer data to Facebook for comparison purposes, it is encrypted locally in the browser and only then sent to Facebook via a secure https connection. This is done with the sole purpose of matching the data encrypted by Facebook.
(4) Facebook's processing of the data is governed by Facebook’s Data Usage Policy. For specific information and details about the Facebook pixel and how it works, please visit the Facebook Help Center.
(5) You may object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set what kind of ads you see on Facebook, you can go to the page set up by Facebook and follow the instructions on how to set up use-based advertising.
4. Shariff – Social Media Plugins
(1) In order to enable an extended data protection, we use instead of the usual plugins of the social media providers (Twitter, Facebook, etc.) on our sides the so-called two-click method called "Shariff". When visiting our website, your IP address will not be automatically forwarded to the provider. Only by pressing the activation button in the Share bar the IP address is transmitted and you can then use the "Like" button or a corresponding button. If you do not activate the button, your data will not be transmitted to the social media providers. For further information we refer to the privacy statements of each provider.
(2) Further information about the application "Shariff" can be found here.
5. Data Processing Activities when you contact us
When you contact us via e-mail, telephone or a contact form, we process the Data you provide (f. ex. e-mail address, name and/or telephone number) in order to respond to your questions or to process your requests. The consent you give in the course of contacting us provides the legal basis for such data processing activities (Art. 6 Para. 1 lit. b) GDPR).
(1) We send e-mails and other electronic notifications with advertising information (hereinafter "newsletter") only with your consent or a legal permission. The newsletters contain information about our products, offers, promotions and our company. By subscribing to our newsletter, you agree to the receipt.
(2) The registration for our newsletter takes place in a so-called double opt-in procedure. After registration, you will receive an e-mail asking you to confirm your registration. The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address.
(3) The use of a shipping service provider (Newsletter2go GmbH), the implementation of statistical surveys and analyzes as well as the logging of the registration process on the basis of our legitimate interests acc. Art. 6 para. 1 lit. f DSGVO. We are interested in using a user-friendly and secure newsletter system that both serves our business interests and meets your expectations.
(4) You can revoke your consent to receive our newsletter at any time.
7. Your rights
(1) You have the following rights in relation to us with regard to the personal data concerning you:
- Right of access (Art. 15 GDPR),
- Right to rectification and erasure (Art. 16 and 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object processing (Art. 21 GDPR),
- Right to data portability (Art. 20 GDPR).
(2) Furthermore, you have the right to complain to a supervisory authority for data protection about the processing of your Data by us.
(3) We would like to point out that any possible consent you have given pertaining to data protection can be revoked at any time, effective immediately. The same applies when you have given consent to be approached in a promotional manner. To do so, please contact us informally via e-mail at: firstname.lastname@example.org. Such revocation can result in our services no longer being available at all, or only with restrictions.
(4) Insofar as we base the processing of your personal data on a balance of interests (Art. 6 (1) sentence 1 lit. f DSGVO), you can object to the processing. In the event of such a disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.
8.Transmission of Data to third parties and third-party providers
(1) Data are only transmitted to third parties in a manner that is in compliance with the applicable statutory provisions. We only transmit user Data to third parties if, for example, doing so is necessary for contractual purposes pursuant to Article 6 Para. 1 lit. b. GDPR or on the basis of legitimate interests in economic and effective business operation within the meaning of Art. 6 Para. 1 lit. f. GDPR.
(2) In the event that we employ subcontractors in order to provide our services, we shall take appropriate legal precautions and corresponding technical and organisational measures in order to ensure that your personal Data are protected in accordance with the applicable statutory provisions.
(3) In case contents, tools or other means of third parties (hereinafter jointly referred to as “Third Party Providers”) are used in the framework of this privacy statement and the stated registered offices of those Third-Party Providers are situated in a third country, it should be assumed that Data are transferred to the countries in which the Third-Party Providers have their registered offices. Third countries are to be understood as such countries in which the GDPR does not constitute directly applicable law, i. e. in general countries outside of the EU or the European Economic Area. Data are only transferred to third countries if an adequate level of data protection is ensured, the user has given explicit consent or the law provides another form permission for such a transfer.
9. Data erasure
(1) The Data we store shall be deleted as soon as they are no longer needed for the purpose for which they are being stored and the law does not prescribe a statutory duty for the Data to be retained. In the event that user Data are not deleted on grounds that they are still required for other or legally admissible reasons, their processing shall be restricted. This means that the Data shall be blocked and shall not be processed for other purposes. This applies, for instance, for user Data that have to be kept for reasons pertaining to trade or tax law.
(2) In accordance with the pertinent legal provisions, such data shall be stored for 6 years pursuant to Section 257 Para. 1 German Commercial Code (commercial books, inventories, opening balance sheets, annual financial statements, trade letters, accounting records, etc.) and 10 years pursuant to Section 147 Para. 1 of the German Fiscal Code (accounts, records, situation reports, accounting records, trade or business letters, documents relevant for taxation, etc.).
10. Final provisions
(1) We employ technical and organizational security measures to protect the Data we have gathered, especially against accidental or deliberate manipulation, loss, destruction or attack by unauthorized persons. Our security measures are subject to continuous improvement in line with technological advances and development.