Data protection declaration and information obligations according to GDPR

Data protection and the protection of your personal data is our top priority. We will inform you below about the processing of your personal data on our website and in the company. The processing of personal data is carried out in accordance with the provisions of the Telemedia Act (TMG), the Telecommunications Telemedia Data Protection Act (TTDSG), the General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG-new).


1.      Name and address of the person responsible

BASTRA GmbH, Kleinbahnstr. 12-16, D-59759 Arnsberg

represented by the management: Friedrich Wilhelm Brinkmeyer

Telephone: +49 (0) 2932 / 481-0, Email:


2.      Contact details of the data protection officer

Detlef Breuker, c/o C&S Consulting, An der Blanken Mühle 17, 49328 Melle



3.      Processing

3.1      Provision of the website and creation of log files

Simply visiting our website and accessing the information contained therein does not require that you provide any personal data.

When you visit our website, we only collect and use data that your internet browser automatically sends to us:

  • Date and time of access to one of our websites
  • Your browser type
  • Your browser settings
  • Your IP add
  • the pages you visit

We use this data to technically enable you to visit our site. We also use this data for statistical purposes and to improve the design and layout of our website. We store the IP address for the purposes of ensuring and maintaining IT security (e.g. detecting and defending against so-called DOS attacks) and functionality.

The legal basis for the temporary storage of the data is Article 6 Paragraph 1 Letter f GDPR.

3.2      Personal data, forms

Personal data is only collected if you provide it voluntarily as part of a contact or service request or as part of an application.

3.3      Contact form, service request, application

There are several contact forms on our website that can be used to contact us electronically. If you use these options, the data entered in the input mask will be transmitted to us and stored. This data depends on the respective form:

  • company
  • First name
  • Last name
  • position
  • E-mail address
  • Phone number
  • Training
  • Job desire

Your consent may be obtained for the processing of data as part of the sending process and reference is made to this data protection declaration.

The data sent via the form is transmitted to us in encrypted form.

Alternatively, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be stored.

3.4      Purposes and legal basis for data processing

We process the personal data from the input masks solely to process the contact. If you contact us via email, this also represents the necessary legitimate interest in processing the data.

The legal basis for the processing of data transmitted when sending an email is Article 6 Paragraph 1 Letter f GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Letter b GDPR.

3.5      Duration of storage

Contact forms: If the purpose for storing the data no longer applies, the personal data will be blocked or deleted as long as this does not conflict with legal retention requirements.

3.6      Recipients or categories of recipients of the data (if data transfer takes place)

Within the company, those departments that need it to fulfill your request receive your data.

3.7      Information on the rights of those affected

Every data subject is entitled to the following data protection rights under the GDPR:

Right to information

As a data subject, you have the right to request confirmation from the person responsible as to whether personal data concerning you is being processed; If this is the case, you have a right to information about this personal data (Article 15 GDPR). You can request information about the following information:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  4. if possible, the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining that period;
  5. the existence of a right to rectification or deletion of personal data concerning you or to restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. if the personal data are not collected from the data subject, all available information about the origin of the data;
  8. the existence of automated decision-making, including profiling , in accordance with Article 22 paragraphs 1 and 4 and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You also have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

Right to rectification

As a data subject, you have the right to immediately request that the person responsible correct incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - including by means of a supplementary declaration (Art. 16 GDPR).

Right to deletion

As a data subject, you generally have the right to request that the person responsible delete your personal data immediately if one of the following reasons applies:

  1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. The data subject revokes his or her consent to which the processing is based in accordance with Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a, and there is no other legal basis for the processing.
  3. The data subject objects to the processing in accordance with Article 21 paragraph 1 and there are no overriding legitimate reasons for the processing.
  4. The data subject objects to the processing in accordance with Article 21 (2).

If the person responsible has made the personal data concerning you public and is obliged to delete it for the above reasons, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to ensure that those responsible for data processing who are responsible for the personal data to inform that a data subject has requested the deletion of all links to that personal data or copies or replications of that personal data.

This right to deletion does not apply if processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. to fulfill a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the field of public health in accordance with Article 9 paragraph 2 lit. h and i and Article 9(3);
  4. for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes referred to in Article 89(
    1), to the extent that the law referred to in paragraph 1 is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
  5. to assert, exercise or defend legal claims.

Right to restriction of processing

You have the right to request that the controller restrict processing if one of the following conditions applies:

  1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject refuses the deletion of the personal data and instead requests the restriction of the use of the personal data;
  3. the controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims, or
  4. the data subject has objected to the processing pursuant to Article 21(1), pending the verification whether the legitimate grounds of the controller override those of the data subject.

If processing has been restricted, these personal data - with the exception of storage - may only be used with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State are processed.

If you have obtained the restriction of processing, you will be informed by the controller before the restriction is lifted.

Right to object

As a data subject, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you based on Art. 6 Para. 1 lit. e or f GDPR, you have to lodge an objection. This also applies to profiling based on these provisions .

The controller will no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If the person responsible processes personal data in order to conduct direct advertising, you have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is related to such direct advertising. If you object to the person responsible for processing for direct advertising purposes, he will no longer process the personal data for these purposes.

If you would like to exercise your right to object, all you need to do is send us a message (see section II for contact details).

Furthermore, in connection with the use of information society services - regardless of Directive 2002/58/EC - you have the opportunity to exercise your right to object using automated procedures that use technical specifications.

Right to revoke your data protection consent

You have the right to revoke your declaration of consent under data protection law at any time with effect for the future. The revocation does not affect the lawfulness of the processing carried out based on the consent up to the revocation.

Right to information

If you have asserted the right to rectification, deletion or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction of processing, unless , this turns out to be impossible or involves disproportionate effort.

You have the right to be informed about these recipients by the person responsible.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that

  1. the processing is based on consent in accordance with Article 6 paragraph 1 lit. a or Article 9 paragraph 2 lit. a or on a contract in accordance with Article 6 paragraph 1 lit. b is based and
  2. the processing takes place using automated procedures.

When exercising this right, you also have the right to have the personal data transmitted directly from one controller to another controller, to the extent that this is technically feasible.

You do not have the right to data portability if the processing of the data is necessary for the performance of a task that is in the public interest or in the exercise of official authority vested in the person responsible.

To exercise your above-mentioned rights and to revoke your consent, please contact the email address given in the legal notice.

You have the right to lodge a complaint with a supervisory authority. You may exercise this right with a supervisory authority in the Member State of your residence, place of work or the place of the alleged infringement.

Before you contact the relevant supervisory authority with a complaint, we would like to ask you to clarify this matter with our data protection officer.

3.8      Planned data transfer to third countries

There is currently no data transfer to third countries and is not planned in the future.


4.      Use of cookies

We use so-called “cookies” on our website. These are small text files that are sent from our web server to your computer in order to identify it for the duration of your visit. We do not collect any personal data through these cookies.

It is also possible to display our website without storing cookies. You can deactivate the storage of cookies in your browser settings or set it so that it informs you about the intended storage by a website. In this case, you decide whether to accept the cookie. However, for technical reasons, it is necessary to allow temporary cookies in full in order for our website to function fully.


5.      Facebook

We use social plugins from the social network, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The plugins can be recognized by one of the Facebook logos. When you access a website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. By clicking the button, Facebook receives the information that a user has accessed the corresponding page of the offer. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. When users interact with the plugins, for example by clicking the Like button or making a comment, the corresponding information is transmitted from your browser directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of data collection and the further processing and use of the data by Facebook as well as the related rights and setting options to protect the privacy of users can be found in Facebook's data protection information: .

If a user is a Facebook member and does not want Facebook to collect data about them via this offer and link it to their membership data stored on Facebook, they must log out of Facebook before visiting the website.


6.      Youtube

This website contains a plugin from YouTube, belonging to Google Inc., based in San Bruno/California, USA. As soon as you visit pages on our website equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which specific page of our website you visited. If you are also logged into your YouTube account, you would enable YouTube to assign your surfing behavior directly to your personal profile. You can cancel this option of assignment if you log out of your account beforehand. Further information on the collection and use of your data by YouTube can be found in the data protection information there at


7.      Security measures

We use technical and organizational security measures to protect personal data, in particular against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments. We would like to point out that when data is transmitted on the Internet, despite all security measures, third parties may take note of or falsify this data.


8.      Contact

If you have any questions or suggestions about this data protection declaration, please contact the contact address given in the legal notice.


9.      Updating our privacy policy

The ongoing technical developments in the area of IT technology and the Internet also require an adjustment to the existing data protection declaration. We therefore reserve the right to make additions or changes to this data protection declaration.