This privacy statement of BASTRA GmbH informs you of the type, scope and purpose
of processing your personal data on the pages of our
online site and using the associated services.
This privacy statement is based on the terminology used by the European Regulations and Directives Body in creating the General Data Protection Regulation (GDPR). To ensure that you will understand this statement, we will first of all explain the terminology. Inasmuch as you will find references to statutory regulations and acts without specifying their exact name, reference is made to the GDPR.
1. Personal data
“Personal data” is any information that relates to an individual who can be directly or indirectly identified ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Third party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
II. Contact details of the controller responsible for processing and of the data protection officer
Controller responsible for processing:
59759 Arnsberg Germany
Phone: +49 (0)29324 81-0
Data protection officer contact details:
Prof. Dr. Thomas Jäschke
40597 Düsseldorf, Germany
Phone: +49 (0)211 93190700
III. Type and scope of the processing of personal data
We will generally process you personal data only to the extent necessary to provide this website and our services. Data will be processed only if allowed by statutory regulations. Provided that you agree, data may also be processed to a higher degree than that.
1. Visiting our website
When you are visiting our website, your browser will automatically transfer information to the our website server. The following details will be temporarily stored in log files:
- Date and time of accessing the website
- Your Internet protocol address (IP address)
- Internet service provider of the accessing system
- Type of browser and operating system
- Websites you visited before accessing our website
- Websites your system used to access from our website
The legal basis of storing data and log files is Art. 6,1 lit. f of the GDPR.
Data is processed to ensure that our website is operative. Data is also used for technically optimising the website as well as to ensure the security and stability of our IT system.
We use the data neither for marketing nor for drawing conclusions regarding your person.
We erase personal data when they are no longer needed for the purpose they were originally captured for.
Data stored in log files will be erased not later than seven days after capturing it.
In cases where data will be stored for longer periods of time, we will delete or pseudonymise your IP address.
Processing data in log files is necessary for providing the website. You thus have no right of objection at this point.
While you are visiting our website, we will process further personal data by means of cookies. Refer to section IV. of this privacy statement for details.
2. Establishing contact
When you contact us (e.g. via email, contact form, phone or social media), your personal data is used to process and handle the contact request. The legal basis of processing this set of data is Art. 6,1 lit. b of the GDPR. We erase the data when they are no longer needed for the purpose they were originally collected for – i.e. normally after finishing the conversation with you. The conversation ends when its subject matter has been finalised. Otherwise, the statutory retention periods apply. None of the data will be disclosed to third parties.
IV. Analysis service: cookies & tracking
Our website uses so-called cookies, i.e. small text files stored automatically by your Internet browser or transferred by the browser to your terminal equipment (e.g. your computer, tablet, smartphone etc.) whenever you visit our website. Cookies contain characteristic strings that clearly identify the Internet browser when it accesses the website the next time. Some functions of our website need to be able to identify the accessing browser even after visiting another page. Cookies are normally pseudonymised, that is to say, we are unable to identify you as a person. Pseudonymisation does not apply to persons logging in to our website as customers. We therefore need to recognise you and your browser as a registered customer/user in order to provide you with all functions of our website. Cookies are not used to create user profiles, of course. We also delete the cookies when you completely leave our website.
We need the data processed by means of the cookies for the above purposes and to protect our and some third parties’ legitimate interests pursuant to Art. 6,1 lit. f of the GDPR.
To object to the placing of cookies for an unlimited period of time, you may set up your Internet browser to prevent our website from placing cookies. Another option is to use your Internet browser or any other program to delete cookies stored previously. All standard Internet browser support this functionality. Setting up your Internet browser to prevent our website from placing cookies may also prevent you from utilising all functions otherwise provided by our website.
2. Our social media offerings
Unless otherwise specified in our privacy statement, we process your personal data for handling the requests you send us while communicating via social media networks and virtual platforms, e.g. by sending us messages. The legal basis of processing the data transferred is Art. 6,1,1 lit. b of the GDPR.
To optimise our Internet presence, our website also displays offerings of third-party service providers by integrating their content and services such as videos or fonts in our website (the “Services”). This requires the providers of such Services to know and process your IP address. Since this cannot be prevented for technical reasons, processing your IP address is unavoidable if such Services is to be used and realised. We are always trying to only embed Services whose providers solely use your IP address directly for rendering their Services. Third parties may also make use of so-called pixel tags (invisible graphics that are often referred to as “web beacons”) for statistical or marketing purposes. Such web beacons allow the examination and analysis of various details such as your visit on our website. Since cookies stored on your terminal equipment may also contain pseudonymised information, technical details of your browser and operating system, linked-in websites, times of visits and other details about using our website may be processed. The legal basis of this kind of processing the data transferred is Art. 6,1 lit. f of the GDPR. The following Services may be embedded:
Embedded fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (refer to https://www.google.com/fonts). Visit https://www.google.com/policies/privacy/ to find the privacy statement of this third-party provider. For details about how to limit/disable the transfer of information/adverts visit https://adssettings.google.com/authenticated.
V. Your rights as a data subject
Whenever your personal data is processed, you are considered a data subject pursuant to the GDPR. You therefore have the following rights against the controller:
1. Right to be informed
As a data subject, you have the right to request the controller for a confirmation as to whether your personal data is being or will be processed; if so, you have the right of being informed of the personal data concerned (Art. 15 of the GDPR). You may request to be informed about the following details:
- the purposes that your personal data is processed for;
- which categories of personal data will be processed;
- the recipients or categories of recipients that your personal data have been or will be disclosed to;
- the scheduled period of storing your personal data, if at all possible or, if this is not possible, the criteria of determining this period of storage;
- whether you have the right of rectification or erasure of your personal data, or the right of limiting the processing by the controller, or the right of objection against such processing;
- whether you have the right of complaint at a supervisory authority;
- all information available regarding the data origin if personal data is not collected from the data subject;
- whether a decision is made automatically, including any profiling pursuant to Art. 22,1&4, and – at last in these cases – meaningful information about the logic involved as well as the consequences and the desired effects of such processing on the data subject.
You also have the right to request information about whether your personal data will be transferred to a third country or an international organisation. In this context, you may also request to be informed about suitable guarantees pursuant to Art. 46 of the GDPR with regard to such data transfer.
2. Right to rectification
As the data subject, you have the right to request the controller to immediately rectify any inaccurate personal data. Taking into account the purposes of processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement (Art. 16 of the GDPR).
3. Right to erasure
As the data subject, you have the general right to request the controller to erase your personal data without undue delay where one of the following reasons applies:
- The personal data are no longer necessary for the purposes they were collected or otherwise processed for.
- The data subject withdraws its consent on which the processing is based pursuant to Article 9,2 lit. a and there is no other legal basis of processing.
- The data subject objects to the processing pursuant to Article 21,1 and there are no overriding legitimate reasons for processing,
or the data subject objects to the processing pursuant to Article 21,2.
- The personal data has been processed unlawfully.
- The personal data must be erased for compliance with a legal obligation under EU or Member State law to which the controller is subject.
- The personal data has been collected in relation to the offer of information society services referred to in Article 8,1.
Where the controller has made the personal data public and is obliged, for the above reasons, to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, this personal data
The right to erasure does not apply to the extent that processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by EU or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health pursuant to Article 9,2 lit. h and i as well as Article 9,3;
- for archiving purposes in the public interest or for scientific or historical research or statistical purposes pursuant to Article 89,1
in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
4. Right to restriction of processing
You have the right to request the controller to restrict the processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
- the data subject has objected to processing pursuant to Article 21,1 pending the verification whether the legitimate reasons of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or a Member State.
If you requested a restriction of processing, you will be informed by the controller before the restriction of processing is lifted.
5. Right of objection
As the data subject, you have the right to object, for reasons relating to your particular situation, at any time to the processing of your personal data based on Article 6,1 lit. e or f. This shall also apply to any profiling based on these provisions.
The controller will no longer process the personal data, unless we demonstrate compelling legitimate reasons for processing which override the interests, rights and liberties of the data subject or for the establishment, exercise or defence of legal claims.
Where the controller processes personal data for direct marketing purposes, you have the right to object, at any time, to processing your personal data for such marketing. This also applies to any profiling related to such direct marketing. Where you object to processing for direct marketing purposes, the controller will no longer process your personal data for such purposes.
Whenever you wish to exercise your right of objection, it will be enough to send us a message to that effect (refer to section II for contact details).
In the context of the use of information society services and notwithstanding Directive 2002/58/EC, you may exercise your right of objection by automated means using technical specifications.
6. Right to revoke a consent relevant to data protection
You have the right to revoke the consent to data protection you declared at any time and for future reference. Revocation shall not affect the lawfulness of any processing carried out before such revocation based on your prior consent.
7. Notification obligation
Inasmuch as you requested the controller to rectify or erase your personal data or restrict the processing of your data, the controller will communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to request the controller to inform you of those recipients.
8. Right to data portability
You have the right to receive the personal data you provided a controller with in a structured, commonly used and machine-readable format. You also have the right to transfer that data to another controller without hindrance by the controller to which the personal data was first transferred to, provided that:
- processing is based on consent pursuant to Article 6,1 lit. a or Article 9,2 lit. a or on a contract pursuant to Article 6,1 lit. b; and
- processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where this is technically feasible.
The right to data portability shall not applyif processing the data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly and significantly affects you.
This shall not apply if the decision
- is necessary for entering into or performing a contract between the data subject and a data controller;
- is permissible with reference to EU or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights, liberties and legitimate interests; or
- is based on your explicit consent.
In the cases referred to in section (a) and (b) above, the data controller will implement suitable measures to safeguard the data subject’s rights, liberties and legitimate interests and at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.
10. Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority – in particular in the Member State of your habitual residence, place of work or place of the alleged infringement – if the data subject is of the opinion that the processing of your personal data infringes this Regulation.
The supervisory authority with which the complaint has been lodged will inform you as the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
11. Data security
We employ technical and organisational means aimed at comprehensively protecting your personal data to the best of our abilities. Since transferring data via the Internet may still have general security vulnerabilities, nobody can assure absolute data protection. You may therefore choose to transfer your personal data to use by other means, e.g. via mail, fax or phone.