Privacy Policy of Hermann Biederlack GmbH + Co. KG


Thank you for your interest in our company. We take data protection seriously. 

You can use our website without providing any personal data. If a data subject wants to use services of our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and if there is no legal basis for such processing, we will always obtain the consent of the data subject.
 
The processing of personal data (e.g. the name, address, e-mail address, or telephone number of a data subject) shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to us. 

With the following data protection declaration, we would like to inform you about the type, scope and purpose of the personal data collected and processed by us. Likewise, data subjects are informed by this privacy policy about the rights to which they are entitled. 

As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through our website. However, data transmissions via the Internet can always contain security vulnerabilities. Therefore, 100% protection cannot be guaranteed. Therefore, every data subject can of course also transmit personal data to us alternatively, e.g. by telephone.



1. Definitions

This data protection declaration is based on the definitions used by the European Directive and Regulation Maker when adopting the GDPR (Article 4 GDPR). 

The aim of our privacy policy is to inform you in a simple and understandable way about the processing of your personal data on our websites. To ensure this, we would first like to explain the terminology used. In this data protection declaration, these definitions, among others, are used: 

  •  "personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 
  •  "data subject" means any natural person about whom personal data are processed 
  • "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 
  • "controller' means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.


2. Name and contact details of the controller

This privacy notifice applies to data processing by:

Hermann Biederlack GmbH + Co. KG
represented by the managing directors Dr. Ottenjann, Mrs. Lotty Biederlack, Mr. Ralf Rensmann
Biederlackstr. 21
48268 Greven, Germany 
E-mail: b2b@biederlack.de
Phone: +49 (0)2571 – 808 - 0
Fax: +49 (0)2571 – 808 - 404

3. Contact details of the Data Protection Officer
Data Protection Officer, Hermann Biederlack GmbH + Co. KG
Biederlackstr. 21
48268 Greven, Germany 
Phone: +49 (0)2571 – 808 - 0
Fax: +49 (0)2571 – 808 - 404
E-mail: dsb@biederlack.de

4. Deletion and restriction of personal data
We process and store personal data of the data subject only for the period of time necessary to achieve the purpose of storage or if provided for by the applicable laws to which the controller is subject.
 
If the purpose of storage no longer applies or if a legally prescribed retention period expires, the personal data is routinely restricted or deleted in accordance with the statutory provisions.


5. Explanations on the legal basis of the processing
Article 6 para. 1 lit. a GDPR serves Hermann Biederlack GmbH + Co. KG as the legal basis for processing operations for which consent must be obtained for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract, the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to processing operations that are necessary for the performance of pre-contractual measures, for example in cases of inquiries about our services and products. If Hermann Biederlack GmbH + Co. KG is subject to a legal obligation which requires the processing of personal data, the processing is based on Art. 6 para. 1 lit. c GDPR.

Furthermore, processing operations could be based on Art. 6 para. 1 lit. f GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis, if the processing is necessary for the protection of a legitimate interest of Hermann Biederlack GmbH + Co. KG, provided that the interests, fundamental rights and freedoms of the data subject are not overridden.


6. Consideration of legitimate interests Art. 6 para. 1 lit f of the GDPR

If the processing of personal data is based upon Article 6 para. 1 lit. f of the GDPR, the legitimate interest of Hermann Biederlack GmbH + Co. KG is the performance and fulfillment of our business activities for the benefit of our employees and shareholders.



7. Collection and storage of personal data and the nature and purpose of their use

Server log files

When visiting the website
You may in principle use our website without disclosing your identity. When you visit our website, the browser used on your terminal automatically sends information to the server for our website. This information is temporarily stored in a so-called log file. The following information will be collected here without your intervention and stored until its automated deletion:
  • the IP address of the requesting computer,
  • the date and time of access,
  • the name and URL of the retrieved file,
  • the website from which the access is made (referrer URL), browser used and, if applicable, the operating system of your computer as well as 
  • the name of your access provider.

The data mentioned is processed by us for the following purposes:
  • ensuring a smooth connection of the website,
  • ensuring comfortable use of our website,
  • evaluation of the system security and stability and
  • for further administrative purposes.

The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person. 

We use external service providers for the provision and hosting, who act as order processors for us. Corresponding contractual arrangements have been made for this.



Using our contact form on our website
For questions of any kind, we offer you the opportunity to contact us via a form provided on our website. The following information must be entered so that we know from whom the request originates and to be able to answer it:
  • Surname and first name
  • E-mail
  • Subject
  • Message
  • Phone number (optional)

The data processing for the purpose of contacting us takes place according to Art. 6 para. 1 lit. a GDPR on the basis of your consent. By sending your message, you consent to the processing. 

The personal data collected by us for the use of the contact form will be automatically deleted after completion of your request, unless the deletion is contrary to legal retention periods.



8. Use of cookies

We use cookies on our website. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our website. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. 

In the cookie, information is stored that arises in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity. 

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our website. 

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to make use of our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 7). These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time. 

For the data processed by cookies, we obtain your consent for the aforementioned purposes pursuant to Art. 6 para. 1 lit. a GDPR. You can control this at any time via the Consent Manager.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.



Google Tag Manager

The "Google Tag Manager" service is used on this website. The Tag Manager is a managing tool for so-called tags, which are used for tracking in Online-Marketing. The Tag Manager itself does not process any personal data, as it is used purely for the administration of other services - e.g. Google Analytics 4, etc. . 
You can find more information about the Tag Manager at: https://www.google.com/intl/de/tagmanager/use-policy.html


Tags
Google Analytics 4

For the purpose of demand-oriented design and ongoing optimization of our pages, we use Google Analytics 4, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymized usage profiles are created and cookies (see under item 5) are used. The information generated by the cookie about your use of this website such as:
  •  the Browser type/version, 
  •  the operating system used, 
  •  the Referrer URL (the previously visited page), 
  •  the host name of the accessing computer (IP address), 
  •  the time of the server enquiry, 

are transferred to a Google server in the USA and stored there. 
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to the use of the website and the Internet for the purposes of market research and demand-oriented design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).


The legal basis for the processing is your consent pursuant to Art. 49 para. 1 lit. a GDPR. If you do not want the aforementioned data to be collected and processed, you can refuse your consent via the Consent Manager or change or revoke your consent via the Consent Manager. 

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. 

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on the aforementioned link. An opt-out cookie will be set, which prevents the future collection of your data when visiting our website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. 

 Further information on data protection in connection with Google Analytics can be found at the following link in the Google Analytics help: 
https://support.google.com/analytics/answer/6004245?hl=de


Google Ads Conversion Tracking 

In order to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. In this process, Google Ads sets a cookie (see section 5) on your computer if you have accessed our website via a Google ad. 

These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Google Ads customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. 

Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across Google Ads customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. The Google Ads customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. 

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example, via a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the "www.googleadservices.com" domain. Google's privacy policy on conversion tracking can be found at the following link: https://services.google.com/sitestats/de.html 

 In addition, you have the option to make the settings via the Consent Manager in each case.


Facebook Customs Audience Facebook Pixels

On this website, the service "Facebook Custom Audiences" is used. Facebook Pixel is used for this service. 
These services are operated by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland. Facebook Custom Audiences allows us to target the user with interest-based advertising on the social network - Facebook. This tag establishes a direct connection with Facebook servers when the website is visited. Facebook thereby receives information about the pages you have visited on our site. 
Facebook then matches this information with your Facebook user account. The next time you visit Facebook, you will then be shown personalized, interest-based advertisements (Facebook Ads). In addition, Custom Audiences is used to personalize and optimize the website. 
With the help of Facebook Custom Audiences, the following data is collected and processed:

  • Facebook user ID 
  • IP address 
  • Browser information 
  • Non-sensitive custom data 
  • Facebook cookie information 
  • Referrer URL 
  • Pixel specific data 
  • Pixel ID 
  • Social media friend network 
  • Usage data/user behaviour 
  • Views and interactions with content and ads and services 
  • Respected content 
  • Device information 
  • Marketing campaign success 
  • Transaction information 
  • Hardware/software type 
  • Browser type 
  • Device operating system 
  • Geographical location 
  • Cookie ID 
  • Information from third-party sources 
  • User agent 
  • Conversions

The legal basis for the processing is your consent pursuant to Art. 49 para. 1 lit. a GDPR.If you do not want the aforementioned data to be collected and processed via Facebook Custom Audiences, you can refuse your consent or revoke it at any time with effect for the future.
 
The personal data will be kept for as long as it is necessary to fulfill the purpose of the processing. The data will be deleted as soon as they are no longer required to achieve the purpose.
The data may be transferred to the following recipients in addition to Facebook Ireland Limited as
part of the processing: Facebook Inc.


Within the scope of processing via Facebook, data may be transmitted to the USA. The security of the transfer is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance as part of the consent management system in accordance with Art. 49 para. 1 lit. a GDPR.



9. Analysis and tracking tools 

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 lit. a  of the GDPR in conjunction with § 25 Abs. 1 TTDSG, unless third-party technologies are involved, in which case consent is based on Art 49 para. 1 lit. a of the GDPR. With the tracking measures used, we would like to ensure a needs-based design and the ongoing optimization of our website. On the other hand, we use these tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our offer for you. These interests are considered legitimate in the sende fot the aforementioned provision. The processing is bases on your consent, which you can set individually via the Consent Manager. 

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

Integration of the Trusted Shops Trustbadge 

To display our Trusted Shops seal of approval and any reviews collected, as well as to offer Trusted Shops products to buyers after they have placed an order, the Trusted Shops trust badge is integrated on this website. 

This serves to protect our legitimate interests in an optimal marketing of our offer, which outweigh our interests in the context of a balancing of interests according to Art. 6 para. 1 p. 1 lit. f GDPR. The trust badge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. 

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. This access data is not evaluated and is automatically overwritten at the latest seven days after the end of your visit to the site. 

Further personal data is only transferred to Trusted Shops if you have consented to this, have decided to use Trusted Shops products after completing an order, or have already registered to use them. In this case, the contractual agreement between you and Trusted Shops applies.


10. Links to third party websites

The links published on our website are researched and compiled by us with the greatest possible care. However, we have no influence on the current and future design and content of the linked pages. We are not responsible for the content of the linked pages and expressly do not adopt the content of these pages as our own. 

For illegal, incorrect or incomplete contents as well as for damage, which develops from the use or non-use of the information, alone the offerer of the Website, to which one referred, is responsible. The liability of the person who merely refers to the publication by a link is excluded. We are only responsible for external references if we have positive knowledge of them, i.e. also of possible illegal or punishable content, and if it is technically possible and reasonable for us to prevent their use.


11. Note on data transfer to the USA and other countries 

Among other things, we use services from companies based in the USA or other third countries that are not secure under data protection law. When these services are active, your personal data is transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, U.S. companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. 

You can find more information about Google's privacy policy at:

https://policies.google.com/privacy?hl=en-US



You can find more information about Facebook's privacy policy at: 
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0



12. Data subject rights

Every natural person, i.e. data subject, has certain rights. You have the right to:
  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data, if they were not collected from yourself, as well as the existence of automated decision-making, including profiling and, if applicable. meaningful information about its details; in accordance with Art. 16 GDPR to immediately request the correction of inaccurate or completion of your personal data stored by us;
  • pursuant to Art. 17 GDPR to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims
  • pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • according to Art. 21 GDPR you can object to the processing.


13. Right of objection and revocation

If your personal data is processed on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. 

You have the option to revoke any consent given to us at any time with effect for the future. 

If you wish to exercise your right of revocation or objection, simply send an e-mail to shop@biederlack.de stating which processing you object to or which consent you wish to revoke.


14. Right of complaint


If you believe that the processing of personal data concerning you is in breach of the General Data Protection Regulation, you have the right to lodge a complaintwith a data protection supervisory authority (usually the State Commissioner for Data Protection and Freedom of Information) in accordance with Art. 77 para. 1 of the GDPR.In particular, the complaint can be filed with the supervisory authority that is competent in the place of your habitual residence, your place of work or the alleged violation. At our company's registered office, the following supervisory authority is responsible for data protection:

Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Postfach 20 04 44 
40102 Düsseldorf 
Tel.: 0211/38424-0 
Fax: 0211/38424-10 
E-Mail: poststelle@ldi.nrw.de


15. Data security

Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.


16. Up-to-dateness and modification of this privacy policy
This privacy policy is currently valid and has the status of July 2023.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can always be called up and printed out at any time on our website under the following link: