Part 1: Information on data protection related to our data processing in accordance with the articles 13, 14 and 21 of the GDPR (General Data Protection Regulation).
We take data protection seriously and hereby inform you about how we process your data and what claims and rights you are entitled to under the data protection regulations. Valid from 25 May 2018.
1. Competent person for data processing and contact data
The competent person according to the data protection law:
Boll & Kirch Filterbau GmbH
Siemens Straße 10 - 14
D-50170 Kerpen, Germany
Fax: +49 (0)2273-562-223
E-mail address: firstname.lastname@example.org
Contact details of our data protection officer:
Datenschutz & Informationssicherheit Meschke
Am Haarberg 27
D-52080 Aachen (Germany)
E-mail address: email@example.com
2. Purposes and legal basis of our data processing
We process personal data in accordance with the provisions of the GDPR (General Data Protection Regulation, in German: DSGVO), the Federal Data Protection Act (in German: BDSG) and other applicable data protection regulations (see details below). Which forms of data are processed in detail and how they are used depends on what is requested or agreed related to the offered services. Further details or additions for the purposes of data processing can be found in the respective contractual documents, forms, in a declaration of consent and/or other information provided to you (e.g. in the context of the use of our website or our terms and conditions of business). In addition, the present privacy information may be updated from time to time, as you may see on our website www.bollfilter.com/de/datenschutz.html.
2.1 Purposes of performance of a contract or pre-contractual measures (according to art. 6 para. 1 b, GDPR)
The processing of personal data takes place for the execution of our contracts with you and the execution of your orders as well as for the execution of measures and activities in the context of pre-contractual relations, e.g. with interested parties. In particular, the processing serves the provision of supplies and services in the production and sale of filters, apparatus and machines of all kinds according to your orders and wishes. It includes the required services, measures and activities. This essentially includes contract-related communication with you, the traceability of transactions, orders and other agreements as well as the quality control through appropriate documentation, goodwill procedures, measures for the control and optimisation of business processes and to fulfil general duties of care, control and monitoring by affiliated companies (e.g. parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, accounting and tax assessment of operational services, risk management, assertion of legal claims and defence in legal disputes; guarantee of IT security (e.g. system and plausibility tests) and general security, including building and plant security, securing and exercising domiciliary rights (e.g. through access controls); ensuring the integrity, authenticity and availability of data, prevention and investigation of criminal offences; and the control by supervisory or control bodies (e.g. auditors).
2.2 Purposes in the context of our legitimate interest or of the interest of third parties (according to art. 6, para. 1 f GDPR)
Beyond the actual fulfilment of the contract or preliminary contract if required we process your data if it is necessary to protect our legitimate interests or those of third parties, in particular for the purposes listed below:
- Advertising, market and opinion research, provided you have not objected to the use of your data
- Collection of information and data exchange with credit agencies, insofar as this goes beyond our economic risk;
- Testing and optimisation of procedures for needs analysis;
- Further development of services and products as well as existing systems and processes;
- Disclosure of personal data in the context of due diligence in the context of company sales negotiations;
- Comparison operations with European and international anti-terrorist lists, insofar as this goes beyond the legal obligations;
- Enhancement of our data, including the enhancement through the use or research of publicly accessible data;
- Statistical evaluations or market analysis;
- Assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship;
- Limited storage of data, if deletion is not possible or only possible with disproportionate effort due to the special type of storage;
- Development of scoring systems or automated decision-making processes;
- Prevention and investigation of criminal offences, if not exclusively for the fulfilment of legal requirements;
- Building and system security (e.g. through access controls and video surveillance), insofar as this goes beyond the general duty of care;
- Internal and external investigations, safety reviews;
- Possible monitoring or recording of phone conversations for quality control and training purposes;
- Preservation and maintenance of certifications of a private-law or official nature;
- Securing and exercising domestic authority through appropriate measures as well as through video surveillance to protect our customers and employees and to secure evidence in the event of criminal offences and to prevent them.
2.3 Purposes within the scope of your consent (according to art. 6, para. 1 a GDPR)
With your consent, your personal data may also be processed for certain purposes (e.g. use of your e-mail address for marketing purposes). As a rule, you can revoke this consent at any time. This principle also applies to the withdrawal of declarations of consent given to us before the beginning of the term of validity of the GDPR, i.e. before the date of the 25 May 2018. In the corresponding text of the consent, you will be separately informed of the purposes and consequences of your revocation or the non-issuance of consent from your side.
In general, the revocation of consent is only effective for the future. Processing operations performed prior to the revocation are not affected by the revocation.
2.4 Purposes to meet legal requirements (according to art. 6, para. 1 c GDPR) or when it is in the public interest (according to art. 6, para. 1 e GDPR)
Like everyone who participates in economic activities, we are also subject to a large number of legal obligations. These are primarily legal requirements (e.g. commercial and tax laws), but also regulatory or other official requirements (e.g. within the framework of air freight regulations as an approved known consignor). The purposes of processing may include identity and age verification, fraud and money laundering prevention, the prevention, combating and investigation of terrorist financing and offences endangering assets, comparisons with European and international anti-terrorist lists, the fulfilment of tax law control and reporting obligations and the archiving of data for data protection and data security purposes as well as verification by tax and other authorities. Furthermore, the disclosure of personal data within the framework of official/judicial measures may become necessary for the purposes of taking evidence, prosecution or enforcement of civil law claims.
3. Categories of data processed by us, unless we receive data directly from you, and their origin
As far as this is necessary for the provision of our services, we process personal data legitimately received from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we process personal data that we are permitted to collect, receive or acquire and process from publicly accessible sources (such as telephone directories, trade and association registers, registration registers, debtor registers, land registers, press, Internet and other media).
In particular, relevant categories of personal data may be:
- Personal data (name, date of birth, place of birth, nationality, marital status, occupation/industry and comparable data)
- Contact details (address, email address, telephone number and similar data)
- Address data (reported financial data and comparable data)
- Payment/Coverage Confirmation for Bank and Credit Cards
- Information about your financial situation (creditworthiness data including scoring, i.e. data for assessing the economic risk)
- Client history
- Data about your use of the telemedia offered by us (e.g. time of calling up our websites, apps or newsletters, clicked pages/links from us or entries and comparable data)
- Video data
4. recipients or categories of recipients of your data
Within our company, those internal departments or organisational units receive your data which are required to fulfil our contractual and legal obligations or within the framework of the processing and implementation of our legitimate interest. Your data will be forwarded to external parties exclusively
- in connection with the execution of the contract;
- for the purposes of fulfilling legal requirements according to which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest (cf. Section 2.4);
- if external service companies process data on our behalf as contract processors or function holders (e.g. external computer centres, support/maintenance of EDP/IT applications, archiving, document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or a plausibility check, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, accounting, telephony, website management, auditing services, credit institutions, printers or companies for data disposal, courier services, logistics);
- on the basis of our legitimate interest or the legitimate interest of the third party for the purposes stated in Section 2.2 (e.g. in authorities, credit agencies, debt collection, lawyers, courts, experts, companies belonging to the Group and bodies and controlling bodies);
- if you have given us your consent to transfer your data to third parties.
We will not pass on your data to third parties. As far as we commission service providers within the scope of an order processing, your data are subject there to the same security standards as with us. In all other cases, recipients may only use the data for the purposes for which they were provided.
5. Duration of storage of your data
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
In addition, we are subject to various retention and documentation obligations, which derives, among other things, from the German Commercial Code (HGB) or the local Tax Code (AO, in German: "Abgabenordnung"). The periods for storage or documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Furthermore, special legal regulations may require a longer storage period, e.g. the preservation of evidence within the framework of the legal statute of limitations. According to the §§ 195 ff. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also apply (e.g. according to KTA regulations).
If the data are no longer required for the fulfilment of contractual or statutory obligations and rights, they are regularly deleted, unless their - limited - further processing is necessary for the fulfilment of the purposes listed under 2.2 for reasons of overriding legitimate interest. Such a predominant legitimate interest also exists, for example, if the deletion is not possible or can only be carried out with disproportionate effort due to the special type of storage and processing for other purposes is excluded by suitable technical and organisational measures.
6. Processing your data in a third country or by an international organisation
The data are transmitted to offices in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) if it should be necessary to execute an order/contract from or with you, if it is required by law (e.g. tax reporting obligations), if it is in the context of a legitimate interest of us or a third party or if you have given us your consent to do so.
The processing of your data in a third country can also take place in connection with the involvement of service providers in the context of order processing. If the EU Commission does not decide on an appropriate level of data protection for the country concerned, we guarantee that its rights and freedoms are adequately protected and guaranteed in accordance with EU data protection regulations. In this case we will provide you with detailed information on request. Information on the appropriate or appropriate guarantees and the possibility of obtaining a copy of you may be requested from the company's data protection officer.
7. Your data protection rights
Under certain conditions you can assert your data protection rights against us
- You have the right to receive from us information about your data stored by us according to the rules of Art. 15 GDPR (possibly with restrictions according to § 34 BDSG).
- At your request, we will correct the data stored about you in accordance with Art. 16 GDPR (General Data Protection Regulation) if it is inaccurate or incorrect.
- If you ask for, we will delete your data according to the principles indicated under Art. 17 GDPR (General Data Protection Regulation) provided that other legal regulations (e.g. legal storage obligations or the restrictions according to § 35 BDSG) or a predominant interest on our part (e.g. to defend our rights and claims) do not oppose this deletion.
- By taking into account the requirements of Art. 18 GDPR (General Data Protection Regulation), you can ask us to limit the processing of your data.
- You can also object to the processing of your data in accordance with Art. 21 GDPR (General Data Protection Regulation), which requires us to stop processing your data. However, this right of objection only applies in the event of very special circumstances of your personal situation, whereby our company's rights may conflict with your objection right.
- You also have the right to receive your data in a structured, common and machine-readable format or to transmit them to a third party under the conditions of Art. 20 GDPR (General Data Protection Regulation).
- In addition, you have the right to revoke any agreement in the processing of personal data at any time with effect for the future (see section 2.3).
- You also have a right to appeal to a data protection supervisory authority (according to art. 77 GDPR (General Data Protection Regulation)). However, in this case we recommend that you always address a complaint to our data protection officer first.
If possible, your applications for the exercise of your rights should be addressed in writing to the above address or directly to our data protection officer.
8. Scope of your obligations to provide us with your data
You only need to provide those data which are necessary for the establishment and implementation of a business relationship or for a pre-contractual relationship with us or to whose collection we are legally obliged. Without this information, we will usually not be able to conclude or execute the contract. This may also refer to data required later in the course of the business relationship. If we request further data from you, you will be separately informed of the voluntary nature of the information.
9. Existence of automated decision making in individual cases (including profiling)
We do not use purely automated decision-making procedures in accordance with Article 22 GDPR (General Data Protection Regulation). If we should nevertheless use such a procedure in individual cases in the future, we will inform you about it separately, insofar as this is prescribed by the applicable law.
We may process some of your data with the aim of evaluating certain personal aspects (so-called profiling). In order to provide you with targeted information and advice on services, we use evaluation tools. These enable demand-oriented communication and advertising, including market and opinion research.
Such procedures can also be used to assess your creditworthiness and solvability and to struggle against money laundering and fraud. So-called German "score values" can be used to assess your creditworthiness and solvability. In the scoring operation, the probability is calculated using mathematical methods with which a customer will meet his payment obligations in accordance with the contract. Such score values thus support us, for example, in assessing creditworthiness and decision-making in the context of product transactions and flow into our risk management. The calculation is based on mathematically and statistically recognised and proven procedures and is based on your data, in particular the ones concerning income, expenditure, existing liabilities, occupation, employer, length of employment, experience from the previous business relationship, contractual repayment of earlier loans as well as information from credit agencies.
Information on nationality and special categories of personal data in accordance with Art. 9 GDPR are not processed.
Information about your right of objection Art. 21 GDPR (General Data Protection Regulation)
1. You have the right to object at any time to the processing of your data, which may be refused on the basis of art. 6 para. 1 f DSGVO (data processing on the basis of a balance of interests) or Art. 6 para. 1 e GDPR (Data Processing in the Public Interest), if there are reasons for doing so that arise from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
The responsible party will no longer process the personal data that concerns you, unless the party can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
2. We may also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this option at any time; this principle also applies to profiling, insofar as it is associated with such direct advertising. However, we will take this objection into account only for the future.
We will no longer process your data for direct marketing purposes if you object to this kind of processing.
The objection can be made without any condition related to form and should be addressed to:
Boll & Kirch Filterbau GmbH
Siemensstraße 10 - 14
D-50170 Kerpen, Germany
or sent per email to firstname.lastname@example.org
If you wish to contact us by e-mail, we would like to point out that the content of unencrypted e-mails can be viewed by third parties. We therefore recommend sending confidential information in encrypted form or by post.
Part 2: Supplementary data protection information to our website
When you visit one of our websites, information may be saved on your computer in form of a "cookie" which is then automatically recognised during you next visit to the site. Cookies are small text files which are sent from a web server to your browser and stored on the hard drive of your computer. No personal data of the user are stored, except from the Internet protocol address. This information is used to automatically recognise you during your next visit to our website and to facilitate navigation. Cookies enable us, for instance, to customise a website in line with your interests, or to store your password so that you do not have to enter it again before every visit to the website. Of course, you can also view our website without cookies. If you do not wish us to recognize your computer, please adjust your web browser settings accordingly. You can set your browser to block cookies before a cookie is saved by selecting the option "block all cookies". For full details about how this works, please read the browser manufacturer's instructions. However, if you do not accept cookies, you may limit the functionality of our services.
2. Google Analytics
This website uses Google Analytics, a web analytics service from Google Ireland Ltd (“Google”). Google Analytics uses "cookies” which are text files stored on your computer and that provide an analysis of use of the website by you. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in Ireland. Through the activation of IP anonymisation on this website, your IP address will first be truncated by Google within the area of Member States of the European Union or other contracting parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information in order to assess your use of the website, to create reports on website activity and to generate services linked to the website and internet use for the website operator. The IP address that your browser transmits within the scope of Google Analytics will not be associated with any other data held by Google.
You can prevent cookies from being stored via a setting of your browser software; however, please note that in this case, you may not be able to use all features of this website fully. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) for Google as well as the processing of these data by Google by downloading and installing the browser plugin available at the following link.
Alternatively to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie, which will prevent future data collection by Google Analytics within this website (this opt-out cookie only functions in this browser and only for this domain. If you delete your cookies in this browser you must click on this link again):
3.Data protection for YouTube
We use YouTube for the integration of videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
On some of our websites we use plugins from YouTube. When you access the websites on our website that are provided with such a plugin a connection to the YouTube servers is established and the plugin is displayed. This transmits to the YouTube server which of our Internet pages you have visited. If you are logged in as a YouTube member, YouTube assigns this information to your personal user account. When using the plugin, e.g. clicking the start button of a video, this information is also assigned to your user account.
You can prevent this assignment by logging out of your YouTube account and other user accounts of YouTube LLC and Google Inc. and deleting the corresponding cookies of the companies before using our website.
Further information on data processing and privacy protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/.
Our data protection declaration and the information on data protection regarding our data processing in accordance with the articles 13, 14 and 21 of the GDPR may change from time to time. All changes will be published on this page. Older versions are available in an archive.
Status Data Protection Information of 15.01.2019