We lead our websites according to the following principles:
We oblige to adhere to the legal regulations of the data protection and try to take the principles of data avoidance and data minimization into account.
1. Name and address of the person responsible and the data protection officer
a) The one in charge according to the General Data Protection Regulation and other national data protection acts of the member states of the European Union as well as other data protection regulations is:
Büroforum planen und einrichten GmbH
Geschäftsführer: Jochen Bähr, Daniel Rüttiger
Phone: +49 (0)931 / 80992 – 200
Fax: +49 (0)931 / 80992 – 199
b) The data protection officer of the one in charge is:
Our data protection declaration is developed according to the principles of clarity and transparency. Should there still be uncertainty in relation to the use of the different terminology the corresponding definitions can be viewed here.
3. Legal basis for the processing of personal data
We only process your personal data like your surname and name, email address and IP address, etc. only when the legal basis is given. According to the basic data protection regulation three provisions are considered:
a) You have given your consent for the processing of your personal data for one or more purposes, Art. 6 Abs. 1 S. 1 lit. a GDPR. In connection with this you will be informed in detail about the purpose or purposes and your explicit consent is documented with us.
b) The processing of your personal data is necessary for the fulfillment of a contract or for the performance of pre-contractual measures, Art. 6 Abs. 1 S. 1 lit. b GDPR.
c) The processing of personal data is necessary to ensure our legitimate interest, as long as your interests or basic right and fundamental freedom do not prevail, Art. 6 Abs. 1 S. 1 lit. f GDPR.
We point this out to you again at the respective point on which legal basis the processing of personal data is made.
4. Transmission of personal data
A transmission of your personal data to third parties for other purposes than the following is not done. We only give your personal data to third parties if:
a) you gave your explicit consent according to Art. 6 Abs. 1 S. 1 lit. a GDPR
b) the transmission is necessary according to Art. 6 Abs. 1 S. 1 lit. f GDPR for the assertion, exercise or defense of legal claims and there is no reason for the assumption that you have an overriding interest preventing the transmission to third parties,
c) there is a legal obligation for the transmission according to Art. 6 Abs. 1 S. 1 lit. c GDPR
d) this is permitted by law and necessary for the settlement of the terms and conditions of the contract with you according to Art. 6 Abs. 1 S. 1 lit. b GDPR.
5. Duration of storage and deletion
We save all your personal data which you send us only as long as the purposes for which the data is transmitted are fulfilled or as long as prescribed by law. With purpose fulfillment and / or expiry of the legal retention period the data is deleted or blocked by us.
6. SSL encryption
This website uses a SSL encryption for security reasons and protection of the transmission of confidential contents like enquiries which you send us as the website operator. An encrypted connection can be recognized by you as follows: the address bar of the browser changes „http://" to „https://" and the lock symbol in your browser bar.
Data which is transmitted to us cannot be read by third parties when the SSL-encryption is active.
7. Collection and storage of personal data and their nature and purpose of use
a) While visiting the website
When calling up our website information is send automatically to the server of our website via the browser used on your terminal device. This information is saved temporary in a so called Logfile. The following information are recorded without any action on your part and saved until the automatic deletion:
• IP-address of the requesting computer
• Date and time of the access
• name and URL of the accessed file
• website from which the access is done (Referrer-URL)
• used browser and maybe the operation system of your computer and the name of your access-provider
The mentioned data is processed by us for the following purposes:
• Guarantee of a smooth connection establishment of the website
• Guarantee of a comfortable use of our website
• Evaluation of the system security and stability
• further administrative purposes
Data which allows conclusions of you like the IP address are deleted 7 days later at the latest. Should we store the data after this period of time, this data is anonymized so that an allocation to you is impossible.
The legal basis of the data processing is Art. 6 Abs. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the above mentioned purposes of the data collection. In no case we use the collected data for the purpose of drawing conclusions to you.
b) Contractual relationship
aa) conclusion of contract
Within the scope of the contractual relationship consistent with Art. 6 Abs. 1 S. 1 lit. b GDPR only the absolutely necessary personal data needed for the contract processing is processed.
Insofar as you give optional details these are only processed on the basis of your given consent according to Art. 6 Abs. S. 1 lit a GDPR. The optional data is used by us to offer a customer-friendly service and to optimize it steadily.
bb) Customer account
You have the possibility to create a customer account with us. Besides your personal data for the contract processing your further optional data and your past purchases are stored and processed. This can be viewed anytime to get an overview of your past purchases. This data is used for your to login with your login data at the next purchase easily. It should also help you with the management of your purchasing activities.
The legal bases is provided by your given consent according to Art. 6 Abs. 1 S. 1 lit. a GDPR.
You can change or delete the data in your customer account at any time and delete the whole account. If you use this function your customer account with all stored data is deleted at once.
cc) Transmission of the data for shipments
The necessary data for the shipment of our goods (name and surname, address, email address, phone number if necessary for goods send by forwarder) is transmitted to the correspondent shipper for the notification/coordination of the delivery of goods.
The legal bases of the transmission is consistent with Art. 6 Abs. S. 1 lit. b GDPR.
We transmit your data in this case to one of the following shippers. These give you further information for the processing of your data:
DHL Paket GmbH, Sträßchensweg 10, Zip/location: 53113 Bonn, phone: +49/ (0) 228/ 18 20, E-Mail: firstname.lastname@example.org; https://www.dhl.de/de/toolbar/footer/datenschutz.html
Kühne + Nagel
Kühne + Nagel (AG & Co.) KG, An der Zeil 15, D-96215 Lichtenfels, phone.: +49 / 9571 / 7870, https://de.kuehne-nagel.com/de_de/footer-links/datenschutzerklarung/
DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany, email@example.com, phone. 06021 843-0; https://www.dpd.com/de/siteutilities/data_protection
United Parcel Service Deutschland S.à r.l. & Co. OHG, Görlitzer Straße 1, DE-41460 Neuss, 01806 882 663, https://www.ups.com/de/de/help-center/legal-terms-conditions/privacy-notice.page
dd) Passing on data when using Online payment providers
Should you decide to use one of the offered online payment providers in the scope of your order, your contact data is transmitted to them in the scope of the order done. The lawfulness of passing on data consisting with Art. 6 Abs. S. 1 lit. b GDPR, for the implementation of the payment method selected as well as our legitimate interest according to Art. 6 Abs. S. 1 lit. f GDPR to enable a user-friendly and uncomplicated payment processing.
The personal data transmitted to the online payment providers includes the name, surname, address, phone number, IP address, email address or other data which are needed for order processing and data related to the order, like the quantity of articles, article number, invoice amount and tax in percent, invoice information, etc.
This transmission is needed for the processing of your order with the selected payment method, especially for the acknowledgement of your identity, for the administration of your payment and customer relationship.
Please note: personal data can be passed on to service providers, subcontractors or other connected companies insofar as it is necessary for the fulfillment of the contractual obligations of your order or personal data should be processed in the order.
According to the selected payment method via PayPal, like invoice or direct debit, the personal data transmitted to Paypal is given by Paypal to credit agencies. This transmission is done for identity check and credit assessment regarding the order placed by you. Which agencies these are and which data is collected, processed, stored and transmitted by each provider can be gathered from each data protection declaration of the provider:
PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Amazon Payments Europe s.c.a., and secondly by Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three located in 5, Rue Plaetis L 2338 Luxemburg (hereinafter »Amazon Payments«)
For further data protection information, regarding amongst others the used agencies, please refer to the data protection declaration of Amazon Payments: https://pay.amazon.com/de/help/201751600
payolution GmbH, Am Euro Platz 2, 1120 Wien, Austria https://www.payolution.com/datenschutz/
Credit card (Concardis)
Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany, phone: +49 69 7922-0, Telefax: +49 69 7922-4500, E-Mail: firstname.lastname@example.org
If you want to comment a blog article then your name, email address and the IP address and the date and time of your comment are collected and stored. The legal base is consistent with Art. 6 Abs. S. 1 lit. f GDPR in order to observe legitimate interests, as the storage of this data is necessary for our security as we might be held liable for illegal contents on our website.
Content of the newsletter and login details
We only send you a newsletter if you subscribe with us and given your consent according to Art. 6 Abs. S. 1 lit. a GDPR. The contents of the newsletter are described in detail when subscribing for the newsletter. For the registration your email is sufficient. If you want to give further optional data like your name and/or your sex, these are only used for personalization of the newsletter send to you.
Double-Opt-In and recording
For security reasons we use the so called Double-Opt-In act for the registration for our newsletter so no one can register with a foreign email address. You will receive an email asking you to confirm your registration. Only with the confirmation of the registration it will take effect.
Moreover your registration for the newsletter is recorded. The recording includes the storage of the registration and confirmation time, your entered data and your IP address. If you change your data this changes will also be recorded.
If you do not want to receive our newsletter anymore you can revoke your consent at any time for the future. For this you can click on the link to unsubscribe from the newsletter located on the bottom of each newsletter or send us an email to the following email address: Info@bueroforum.net
By the revocation of consent the legality of the carried out processing until revocation is not affected
Use of CleverReach
We use the email tool CleverReach (CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany) for sending our newsletter.
The data given by you is transmitted to CleverReach and processed by them. With this tool we can evaluate how the newsletters are opened and used.
We have concluded³ a contract for order processing with CleverReach. CleverReach does not acquire the right to pass on your data.
Further information of the data privacy of CleverReach can be viewed here.
The use of the shipping provider CleverReach is based on our legitimate interest according to Art. 6 Abs. 1 S. 1 lit. f GDPR. Our interest is the use of a user-friendly and safe newsletter system which serves our business related interests and to meet the expectations of the users.
e) Contact form / E-Mail-contact
We provide form on our website for you so that you have the opportunity to contact us anytime. To use the contact form you need to enter a name for a personal form of address and a valid email address so that we know from whom the enquiry is and process it accordingly.
If you send us inquiries via contact form, your details will be included in the enquiry form including your contact details as well as your IP address acc. Art. 6 para. 1 lit. b and f GDPR for the processing of pre-contractual measures that are carried out at your request or for the purpose of exercising our legitimate interest, namely to carry out our business activities.
You are also welcome to send us an e-mail using the e-mail address provided on our website. In this case, we store and process your e-mail address as well as the information you provided in the e-mail according to Art. 6 para. 1 lit. b and f GDPR to process your message.
The requests and associated data will be deleted no later than 3 months after receipt, unless they are needed for a further contractual relationship.
f) Google Fonts
We use Google Fonts on our website. It enables the display of fonts. Google Fonts is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The integration of these web fonts is done by a server call, usually a Google server in the USA. This may result in the following being transmitted to the server and stored by Google:
• name and version of the browser used
• Website that triggered the request (referrer URL)
• operating system of your computer
• Screen resolution of your computer
• I IP address of the requesting computer
• Language settings of the browser or operating system used by the user
The use of Google Fonts is intended to make the reading of our website easier and graphically more pleasant and is therefore based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR.
The data processed by cookies is needed for the purposes mentioned in order to safeguard our legitimate interests as well as those of third parties according to Art. 6 para. 1 lit. f GDPR
Most browsers automatically accept cookies based on browser preference. However, you can configure your browser so that either no cookies are stored on your terminal device or at least a hint is displayed before a new cookie is stored. If you completely disable the cookie function in your browser, you may not be able to use all features of our website.
Below we explain the different types of cookies we use.
a) Session Cookies
To make the use of our offer more pleasant, we use so-called session cookies to recognize that you have already visited individual pages on our website.
These session cookies are automatically deleted after leaving our site.
b) Temporary Cookies
These temporary cookies are stored on your terminal device for a specific period of time.
c) Cookies for marketing and optimization purposes
9. Analysis- and tracking tools
We use the following listed analysis and tracking tools on our website. These serve to ensure the continuous optimization of our website and to design it as needed.
These interests are justified according to Art. 6 para. 1 lit. f GDPR. The respective data processing purposes and data categories can be found in the corresponding tools.
a) Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited (https://www.google.com/intl/com/about/) (Gordon House, Barrow Street, Dublin 4, Irland; hereinafter „Google“).
• Name and version of the browser used
• operating system of your computer
• Website from which access takes place (referrer URL)
• IP address of the requesting computer
• Time of server request
are usually transmitted to a Google server in the US and stored there.
However, as we have activated IP anonymization on our website, your IP address will be shortened by Google beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
On our account Google will use this information to evaluate your use of our website, to compile reports on website activity, and to provide us with other services related to website usage and internet usage. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by a corresponding setting of your browser software. We point out, however, that in this case you may not be able to use all functions of our website to their fullest.
In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading the browser plug-in available under the following link and install https://tools.google.com/dlpage/gaoptout?hl=en
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set which will prevent the collection of your data on future visits to our website: deactivate Google Analytics
b) Google Remarketing
We use the remarketing feature of Google Analytics to direct advertising campaigns, including Google AdWords campaigns, to visitors of our website.
Here, based on your previous visits to our website, you will be presented with relevant advertisements when you visit other websites of the Google Display Network.
The DoubleClick cookie allows Google to specifically display advertising to ourselves and other third parties that matches the interests based on your previous visits to our website and / or other websites. This advertisement may appear on websites of Google and / or other Google Network operators. We also use the Google Analytics advertising features to analyze the effectiveness of our own advertising campaigns.
You can personalize your Google ad settings and opt out of Google interest-based ads. In this case, the cookie ID of the DoubleClick cookie (assigned individually for each cookie) is overwritten and can no longer be linked to a specific browser.
If you delete all cookies from your device, a new DoubleClick cookie may be placed. If so, you may need to renew your opposition settings. You can disable the DoubleClick Cookie permanently by downloading and installing the appropriate browser plugin here: https://support.google.com/ads/answer/7395996?hl=en.You may disable the use of third-party cookies for the purpose of online advertising on the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/.
If you have consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalize your Google Account, Google will use your data with Google Analytics Data to create target group lists for cross-device remarketing. To do so, Google Analytics will first collect Google-authenticated IDs associated with your Google Account for you as a user on our website. Subsequently, Google Analytics will temporarily associate these IDs with Google Analytics data to optimize our target groups.
c) Google AdWords
We use Google AdWords on our website, an online advertising program provided by Google Inc. This also includes conversion tracking. With this tool, Google AdWords sets a cookie on your terminal device when you visit our website via a Google ad.
The cookie is no longer valid after 30 days. It does not serve any personal traceability. If you visit our website as a user and the cookie is still working, we and Google will recognize that you clicked on the ad and were redirected to our site. Each Google AdWords customer is assigned a different cookie. Cookies are thus not traceable via the websites of the advertisers.
With the data generated by Conversion cookies conversion statistics for AdWords customers are obtained. As a Google AdWords customer, we get the total number of people who responded to our ad and then were forwarded to a web page that was tagged with a conversion tracking tag. We do not receive any information in this process that could personally identify you as a user.
If you decline the tracking process, the cookie of the Google conversion tracking can be deactivated via your Internet browser.
The logo of our partner idealo (idealo internet GmbH, Ritterstraße 11, 10969 Berlin) is integrated on our website. When you visit our website, the browser used on your terminal device automatically sends information to the Idealo server. This information is temporarily stored in a so-called server log file for 7 days. The following information will be collected without your intervention and stored until automated deletion:
• IP address of the requesting computer,
• date and time of access,
• name and URL of the retrieved file,
• Website from which access is made (referrer URL),
• the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The temporary storage of the IP address by the system is necessary to enable presentation of the website. To do this, the IP address must remain stored for the duration of the session. Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of information technology systems. There is no storage of this data together with other personal data. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GD-PR. "
11. Rights of the person concerned
You have the following rights:
According to Art. 15 GDPR you have the right to request information about your personal data processed by us. This right to information includes information about
• the intended purposes
• the categories of personal data
• the recipients or categories of recipients to whom your information has been or will be disclosed
• the planned storage duration or at least the criteria for determining the storage duration
• the right to rectification, deletion, limitation of processing or opposition
• the existence of a right to complain to a supervisory authority
• the source of your personal data, if these were not collected from us
• the existence of automated decision-making including profiling and possibly meaningful information about the details
According to Art. 16 GDPR you have the right to immediate correction of incorrect or incomplete stored personal data.
According to Art. 17 GDPR you have the right to request us to immediately delete your personal data, as far as further processing is not necessary for one of the following reasons:
• to exercise the right to freedom of expression and information
• to fulfill a legal obligation that requires processing under the law of the European Union or of the Member States to which the processor is subject, or to perform a task of public interest or in the exercise of official authority delegated to the processor
• for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR
• for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render the achievement of processing impossible or seriously affect it
• to assert, exercise or defend legal claims
d) Restriction of processing
In accordance with Art. 18 GDPR, you may request the restriction of processing of your personal data for one of the following reasons:
• You deny the accuracy of your personal data
• The processing is illegal and you refuse the deletion of your personal data
• We no longer need your personal data for processing purposes, but you need it to assert, exercise or defend your legal claims
• You appeal against the processing according Art. 21 Abs. 1 GDPR
If you have requested the rectification or deletion of your personal data or a restriction of processing under Art. 16, Art. 17 (1) and Art. 18 GDPR, we will inform all recipients of your personal data unless this proves to be impossible or is associated with a disproportionate effort. You can demand of us to inform you about these recipients.
You have the right to receive your personal information provided to us in a structured, common and machine-readable format.
You also have the right to request the transfer of this data to a third party, provided that the processing was carried out using automated procedures and upon consent according to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a or based on a contract according to Art. 6 para. 1 sentence 1 lit. b GDPR.
According to Art. 7 (3) GDPR, you have the right to revoke your consent to us at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation. In the future, we are not allowed to continue the data processing that was based on your revoked consent.
According to Art. 77 GDPR you have the right to complain to a supervisory authority if you believe that the processing of your personal data violates the GDPR.
If your personal data is processed based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying the particular situation. If you would like to exercise your right of revocation or objection, please send an e-mail to Info@bueroforum.net
j) Automated decision for individual cases, including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
i. is required for the conclusion or performance of a contract between you and us
ii. is legal under the laws of the European Union or of the Member States to which we are subject, and that legislation contains reasonable measures to safeguard your rights and freedoms and your legitimate interests
iii. is made with your express consent
However, these decisions must not be based on special categories of personal data according to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (i) and (iii), we shall take reasonable steps to uphold the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on our part, to express one 's own position and to challenge the decision.
12. Change of privacy statement
If we change the privacy statement, this will be indicated on the website and the registered customers will be informed by e-mail.
As of 08.05.2018