In A Nutshell:
In general, our website may be used anonymously. Providing personal data is purely voluntary and you will always be informed if and for what purpose we want to store your data. Personal data are data that enable us to identify you personally and/or to contact you, such as your name, address or e-mail address.
1. Who We Are And How You Can Reach Us
The controller of the processing of personal data on this website is BeamXpert GmbH, Max-Planck-Straße 3, D-12489 Berlin, telephone +49 30 40 36 69 72-0, e-mail firstname.lastname@example.org.
2. What Data We Do (Not) Process, For What Purpose, For How Long And On What Legal Basis
2.1 Anonymous Use Of Our Website
You may use our website anonymously. When you visit our website, your web browser tells our web server your IP address so that communication is possible. Your IP address may be used to identify you. However, we store your IP address only in anomymized form, which means that the last octet will be deleted (e.g. 192.168.1.XXX). Further, we store the anonymous data date and time, exact name (URL) of the requested data file(s), HTTP status code, volume of data transferred, referrer (website from which the file was requested), browser identification string that is sent from your browser (User Agent String). You remain completely anonymous to us when visiting our website.
2.2 Logging And Evaluation In Case Of Attacks
Error messages – usually caused by attack attempts – are recorded and evaluated for reasons of security. Only the following data that may allow identification are used with respect to the recording of error messages: Your IP address, date and time, exact name (URL) of the requested data file(s), HTTP status code, volume of data transferred, referrer (website from which the file was requested), browser identification string that is sent from your browser (User Agent String). Such data shall be deleted after seven days if they are no longer useful (possibly for evidence).
The legal basis for data processing is Art. 6 para. 1 subpara. 1 letter f GDPR. The legitimate interests in processing on the basis of Art. 6 para. 1 para. 1 letter f GDPR are ensuring of the functionality and security of our website as well as defence against attacks and other abuses.
2.3 Data Processing Upon Contact
If you call us or send us a message, for example via the contact form or by e-mail, we need your e-mail address, your postal address or a telephone number if you want us to reply to you. You may also use a pseudonym instead of your name. We will use this data as well as data and time of your contact exclusively to handle your request. Your data will not be passed on to third parties but only internally to the department responsible for your particular request. We will delete your data as soon as it is no longer needed for this purpose, i.e. usually three months after the last contact with you. If you have any further questions, please contact us again within three months. The legal basis for the data processing is Art. 6 para. 1 subpara. 1 letters b and f GDPR. The legitimate interest in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is to fulfil your request.
Exceptions: We are required to retain business and commercial letters and other tax-relevant documents in order to fulfil our commercial and tax law archiving obligations; we will delete them by 31 March of the seventh calendar year following their creation, and in the case of booking receipts of the eleventh calendar year following their creation. Our accounting department has access to these data. The legal basis for tax law retention is Art. 6 Para. 1 Para. 1 Letter c GDPR in connection with sections 147 AO, 257 HGB. We will keep information on safety-related incidents and accidents or customer complaints for 31 years after the end of product distribution in order to comply with our product monitoring obligation and to establish or exercise legal claims or to defend against legal claims. Our customer service, development department and legal department have access as required. The legal basis for data processing is Art. 6 para. 1 para. 1 letters b and f GDPR, in view of our product monitoring obligations also Art. 6 para. 1 para. 1 letter c GDPR in conjunction with the relevant jurisdiction. The legitimate interest in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is to comply with our product monitoring obligations, as well as the exercise or establishment of legal claims or the defence against legal claims.
If your request is for a special purpose (e.g. ordering, quotation request, newsletter subscription), only the explanations in the respective section for that special purpose apply to data processing in this context. You may receive these separately.
2.4 Data Processing For Orders, Information And Quotation Requests
When you place an order or request information or a quotation, we require certain information from you depending on the type of product or service and delivery. The order or quotation form indicates what information is required and what information is voluntary; if you contact us informally and the necessary information is missing, we will get in touch with you or ask for it. Your data will not be passed on to third parties. Any exceptions (e.g. if we only arrange third-party services) are clearly communicated when you place your order. We use your data only for handling your enquiry, processing orders and complaints, for customer service and to send you advertisements about similar goods and services from us and to prove that we may send you such advertisements. We are also required to store your order and any related communication and invoice and payment data for tax and commercial law reasons; we will delete this data in the case of business and commercial letters and other tax-relevant documents by 31 March of the seventh calendar year after creation, and in the case of booking receipts of the eleventh calendar year after creation. For the purpose of order and complaint processing we will delete your data 27 months after delivery of your order or three months after expiry of the warranty period if the warranty period is longer than 24 months; for the purpose of customer service (including handling your inquiry), as soon as you object or by 31 March of the fifth calendar year following your last order, request for information or offer or expression of interest; for the purpose of advertising as soon as you object or we finally discontinue advertising activities; for the purpose of proving your order and the similarity of the advertised goods and services by March 31 of the fourth calendar year following the last advertising campaign. Your data can be accessed by our marketing department, our customer service and our accounting department, and the legal department if required.
The legal basis for data processing is Art. 6 para. 1 subpara. 1 letter b (for processing and handling your request or order) and f GDPR. For processing for the purpose of proof of your inquiry or order, the legal basis is Art. 6 para. 1 subpara. 1 letter c in connection with Art. 5 para. 2 GDPR and Art. 24 para. 1 GDPR as well as Art. 6 para. 1 subpara. 1 letter f GDPR. The legal basis for tax law retention is Art. 6 para. 1 subpara. 1 letter c GDPR in connection with sections 147 AO, 257 HGB. The legitimate interests in processing on the basis of Art. 6 para. 1 para. 1 letter f GDPR are the fulfilment of your request, the promotion of the sale of our products and services, corresponding advertising, the establishment or exercise of legal claims or the defence against legal claims.
2.5 Data Processing In Connection With Third-Party Content (vimeo)
Our website uses third-party content of vimeo. Normally, your web browser would automatically exchange information with these providers, such as your IP address. To prevent this, we use so-called two-click solutions: To use the third-party services, first activate data transmission to these third-party providers. Before that, no data is transferred from you to the third party provider and you remain unknown to the third party provider. If you activate this button, information is transferred directly from your web browser to the respective provider, which is beyond our control - just like if you follow any other link to another website. The legal basis is Art. 6 para.1 subpara. 1 lit. f GDPR; the legitimate interest is your wish to activate and use the third party content.
Data that are transmitted are, for example, from which page you clicked the button and your IP address. If you are logged in to the provider or the provider can otherwise identify you, for example via cookies stored on your computer, the provider can link the information that you have visited our website with the other information about you, such as your user account with the provider. If you do not want the provider to associate this information with your other information, you should log out there beforehand, preferably also delete the cookies in your web browser.
If you disclose data to third parties, they are subject to their respective privacy policies. We cannot make any representations for these. Please note that the country in which the third party is located may not have such strict data protection as ours. You can find out more about the privacy policies of the third-party provider here: https://vimeo.com/privacy.
2.6 Data processing Upon Payment By Credit Card
3. Voluntary Provision Of Your Data
You are not obliged to provide us with personal data. If you do not provide us with certain information that we need to handle your request (for example a way to contact you if you want an answer from us), we may not be able to do so. In the context of special procedures (e.g. when you place an order or register for our newsletter) it may be necessary for you to provide us with certain information because otherwise we will not be able to process your order or send you the newsletter. However, we will always point this out to you in the specific situation.
4. Recipients Of The Data
Your personal data will remain in our area of responsibility. In some cases it may be necessary to pass on your data to external advisors, for example in the case of legal disputes to lawyers (legal basis Art. 6 para. 1 subpara. 1 letter f GDPR; purpose and legitimate interest: establishment, exercise or defence of legal claims). Our administrators have the possibility to access data processed by IT. By virtue of Articles 37, 38 DSGVO, our data protection officer has comprehensive inspection rights and thus access to personal data (legal basis Art. 6 para. 1 subpara. 1 letter c in conjunction with Art. 37, 38 GDPR). We list further recipients of your data in the notes on the respective data processing. In certain cases, we may need to disclose your personal data to third parties so that you can obtain the desired service, in particular to vicarious agents such as banks and other payment service providers as well as postal and parcel service providers or forwarding companies.
In certain areas, such as web hosting and e-mail hosting, we use specialized service providers, especially for Hosting and IT-support the company All-INKL.COM - Neue Medien Münnich, as E-Mail provider the company QualityHosting AG, for customer data processing (CRM) the company weclapp SE and for sending of mass e-mails, and/or the newsletter the company CleverReach GmbH & Co. KG. These are strictly bound to our instructions by an agreement on commissioned data processing and may not process the data for their own purposes. Processing takes place only in Germany. Please note, however, that if you activate a third party content, your browser transfers data to the respective third party provider who can process this data outside the European Union in a country with a lower level of data protection (see also 7. Data Processing In Connection With Third-Party Content (vimeo)).
5. Automated Decision Making, Profiling
Automated decision making or profiling does not take place.
6. Your Rights
You have a right of access, to rectification or erasure, restriction of processing, to object to processing and to data portability under the respective statutory preconditions with regard to the personal data concerning you. In particular, you have the right to object to the processing of your data for advertising purposes at any time without incurring costs other than the transmission costs according to the basic rates of your provider (e.g. the costs of an e-mail = usually none). This applies, for example, if you have ordered something from us and do not want to receive offers for similar goods and services. If you want to exercise these rights, you can simply write to email@example.com or click on the unsubscribe link in any email to unsubscribe. If we call you, you can of course also tell us directly in the conversation.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data, for example to the supervisory authority responsible for us: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, D-10969 Berlin, telephone +49 30 13 88 9-0, e-mail firstname.lastname@example.org. If you have any questions or requests regarding data protection, please feel free to contact us at any time: Your contact is email@example.com.
7. Your Right To Object To Processing
To the extent that processing of your personal data is based on Art. 6 para. 1 subpara. 1 lit. e or f GDPR, you have the right to object to processing in accordance with Art. 21 GDPR. If your objection is made for reasons arising from your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms of or for the establishment, exercise or defence of legal claims. If your objection is directed against direct marketing, including profiling, insofar as it is connected with such direct marketing, we will no longer process your personal data for these purposes.
Last updated: January 2019