Privacy Terms and conditions Privacy Imprint

Privacy

Preliminary note
This privacy policy informs you,

  • how we process your personal data (hereinafter: "data") when you visit our website;
  • why and on what legal basis we process the data; and
  • What data protection rights and choices you have.

We explain the details in the following chapters. The structure of this statement is based on the EU General Data Protection Regulation (hereinafter: DS-GVO) and the German Federal Data Protection Act (BDSG).

In Chapter 17. we explain some data protection terms.

 

Chapter overview

1. whom do i contact if i have questions about data protection on this website?
(Contact details of the person responsible, duty to inform according to Art. 13 para. 1 a DS-GVO).

2. why do we process your data?
(Purposes of the processing, duty to inform according to Art. 13 para. 1 c DS-GVO).

3. what personal data do we process?
(Type of data processed, duty to inform according to Art. 13 para. 1 c DS-GVO).

4. why is this data processing permitted?
(Legal basis of the processing and legitimate interest of the controller, duty to inform pursuant to Art. 13 (1) c DS-GVO).

5. to whom is my data disclosed?
(Recipients / categories of recipients, duty to inform according to Art. 13 para. 1 e DS-GVO)

6. who is affected by the data processing?
(Data subjects, duty to inform according to Art. 13 para. 1 DS-GVO). 7.

7. Will my data be transferred to a country outside the European Union (EU)?
(Transfer of data to third countries, duty to inform according to Art. 13 para. 1 f DS-GVO).

8. how long will my data be stored? When will they be deleted?
(Duration of data storage, duty to inform according to Art. 13 para. 2 a DS-GVO).

9. what rights do I have?
(Rights of the data subject, duty to inform pursuant to Art. 13 (1) b - d DS-GVO).

9.1 How can I exercise my right to information?

9.2 When and how can I have my data corrected?

9.3 When must my data be deleted?

9.4 What does "right to restriction of processing" mean?

9.5 What does "right to data portability" mean?

9.6 How do I exercise my right to object?

9.7 How can I revoke consent?

9.8 When and how can I complain to the supervisory authority?

10 Is it required by law or contract that I provide my data?
(Provision of data required by law or contract, duty to inform pursuant to Art. 13 (2) e DS-GVO).

11. do automated decision-making processes take place in connection with my data?
(Existence of automated decision-making including profiling, duty to inform pursuant to Art. 13 para. 2 f DS-GVO).

12. What general functions and offers does our website provide?

13. What special functions and offers does our website provide?
13.1 Data processing on our website
Google Analytics
Google Maps
Google Tag Manager
Google Web Fonts
Contact form
Newsletter
13.2 Data processing via social media plugins
Facebook
LinkedIn
Pinterest
YouTube
XING
13.3 Further data processing
Applications

14. does cooperation with processors and third parties take place?

15. what security measures do we use to protect your data?

16. changes to this privacy policy

17. explanation of some data protection terms

18. video surveillance


1. who do i contact if i have questions about data protection on this website?

Responsible for the processing of your data on this website is:

BRUMBERG Leuchten GmbH & Co. KG
Hellefelder Straße 63
59846 Sundern, Germany.

Telephone: (0 29 34) 96 11-0

represented by: Johannes Brumberg
Benedikt Brumberg

This privacy policy informs you about which data is processed by visiting our website. You are also welcome to contact us via the following e-mail address if you have any further questions about this: info@brumberg.com.


Art. 4 (7) DS-GVO defines the term "data controller":

"controller"[:] the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.


Data Protection Officer
You can reach our data protection officer at.

ORA GmbH
Idafehn-Nord 41
26842 Ostrhauderfehn
dsb@ora-gmbh.com

or via our postal address with the addition of "the data protection officer".

 

2 Why do we process your data?

We process your data to ensure the proper operation of our website and to provide you with our online offer and the content of the site. The processing also takes place in order to process your contact requests and to be able to communicate with you.
The specific further processing purposes are stated under points 12 (What general functions and offers does our website provide?) and 13 (What special functions and offers does our website provide?).
We process your data for purposes other than those described there only,

  • if a legal regulation permits this or
  • you have consented to the changed purpose of the data processing.

We will inform you before we process your data for purposes other than those for which the data were originally processed. We will then provide you with all relevant information about the other purposes.

 

3. what personal data do we process?

If you contact us by e-mail or via the form on our website, we store the data you provide (your e-mail address, your name, if applicable, and your telephone number) in order to answer your questions. We delete the resulting data as soon as storage is no longer necessary, or restrict processing if there are legal retention obligations.
Other data that we process when you visit our website are indicated in sections 12 and 13 of this statement.

 

4. why is this data processing permitted?

In principle, we may only process your data if there is a legal permission or permission given by you. In sections 12 and 13 of this privacy statement, we specify the operations for which we process your data and the basis on which the processing takes place.

In principle, we base the processing of your data on the following legal bases of the DS-GVO:

  • Article 6 (1) a, Article 7 DS-GVO: Your consent;
  • Article 6 (1) b DS-GVO: Processing of your data in order to be able to fulfill a contract with you or to carry out (pre-) contractual measures;
  • Article 6 (1) c DS-GVO: Data processing in order to comply with a legal obligation to which we are subject;
  • Article 6 (1) d DS-GVO: if vital interests of you or another natural person need to be protected;
  • Article 6 (1) f DS-GVO: Our legitimate interest if it overrides your interest or your fundamental rights and freedoms.

 

5. to whom is my data disclosed?

If your data is disclosed not only to us, but also to other recipients, these are listed under Section 13 of this Privacy Policy (What special features and offers does our website provide?).

 

6. who is affected by the data processing?

We process the data of visitors and users of our online offer, as well as our customers, interested parties and business partners who access it.

 

7. Will my data be transferred to a country outside the European Union (EU)?

We also process your data in countries outside the European Union (EU) if you have given us your consent to do so. The processing concerns the services described in chapter 13.

Note on data transfer to the USA
Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. Therefore, it cannot be ruled out that US authorities may process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

 

8. How long will my data be stored? When will they be deleted?

We delete or anonymize your data as soon as it is no longer required for the purposes for which we processed it and the deletion does not conflict with any statutory retention periods. If we need your data for other, legally permissible purposes, we do not delete the data. This is the case, for example, if we have to retain it for reasons of commercial or tax law. However, we then only process the data in a restricted manner, e.g. by blocking it.

We base your right to erasure on Article 17 DS-GVO ("right to be forgotten") and Article 18 DS-GVO (right to restriction of processing).

 

9 What rights do I have?

You have the following rights vis-à-vis us with regard to your data:

- Right to information, Art. 15 DS-GVO
- Right to rectification, Art. 16,
- Right to erasure, Art. 17 DS-GVO
- Right to restriction of processing, Art. 18 DS-GVO
- right to object to processing, Art. 21 DS-GVO
- right to data portability, Art. 20 DS-GVO
- the right to complain to a data protection supervisory authority about our processing of your personal data.

In the following sections 9.1 to 9.8, we inform you in detail about your rights.

 

9.1 How can I exercise my right to information?

You can request information from us at any time about which data we process concerning you. Simply write us a letter or send us an e-mail to the contact address given in section 1 of this data protection declaration.

The type and scope of the right to information are derived from Art. 15 DS-GVO.

 

9.2 When and how can I have my data corrected?

Is the data we process from you incorrect? Then you can demand that we correct this data without delay. To do so, please contact us at the address given in section 1.

 

9.3 When must my data be deleted?

Under certain circumstances, you have the right to demand that we delete your data. You can exercise this right, for example, if

  • Your data is no longer required for the purposes for which it was processed;
  • in the event of unlawful processing;
  • if you have objected to the processing; or
  • if there is an obligation to delete data under Union law or German law.

If you would like us to delete your data, please contact us at the contact address mentioned in section 1.

Art. 17 DS-GVO describes which requirements must be met in order to request the deletion of the data.

 

9.4 What does "right to restriction of processing" mean?

Under certain conditions, you can demand that we only process your data in a restricted manner, e.g. if

  • there is a dispute between us and you as to whether the data we have processed about you is correct: We may only process your data on a restricted basis for the duration of the review;
  • you are entitled to the right of erasure (see above), but you request restricted processing from us instead;
  • we no longer need your data for the purposes we are pursuing, but you need it to assert, exercise or defend legal claims; or
  • you have exercised your right to object, but it is still disputed whether the objection was justified.

You can contact us at the address mentioned in section 1 to exercise your right to restrict processing.

The right to restriction of processing follows from Art. 18 DS-GVO.

 

9.5 What does "right to data portability" mean?

According to Art. 20 DS-GVO, you have the right to receive your data that you have provided to us in a structured, common, machine-readable format. To do so, please contact the address mentioned in section 1.

 

9.6 How do I exercise my right to object?

If we base the processing of your data on a balance of interests, you may object to the processing. When you exercise such an objection, we will ask you to state the reasons why we should not process your data as we have done. If your objection is justified, we will examine the facts. We will then either stop or adjust the data processing or, if applicable, show you our compelling legitimate grounds on the basis of which we will continue the processing.

Of course, you can object to the processing of your data for purposes of advertising and data analysis at any time. You can inform us of your objection to advertising using the contact details listed in section 1.

Article 6 (1) f DS-GVO determines when data processing is permissible based on a balancing of interests. The provision forms a so-called exceptional circumstance for cases in which processing is not possible according to the alternatives Article 6 (1) (a) to (e). The legitimate interest of the data controller must outweigh the interest of the data subject.
The right of withdrawal against such processing is regulated in Article 21 (1) DS-GVO.

 

9.7 How can I revoke consent?

If you have given your consent to the processing of your data, you can revoke it at any time. If you revoke your consent, the permissibility of processing your data changes.

 

9.8 When and how can I complain to the supervisory authority?

If you do not agree with how we process your data or respond to your data protection concerns, you can contact the competent supervisory authority. The contact details of the authority are:

North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information
P.O. Box 20 04 44
40102 Düsseldorf, Germany.

Phone: (02 11) 38 424-0
Fax: (052 11) 38 424-10
E-mail: poststelle@ldi.nrw.de

 

10. is it required by law or contract that I provide my data?

You are not required by law or contract or for any other reason to provide us with your data on our website.
We also do not need the data processed by visiting our website to conclude a contract, unless you wish to conclude a contract with us in this way.
However, if you do not provide us with the data we require, you may not be able to make full use of our online services.

 

11. Do automated decision-making processes take place in connection with my data?

No automated decision-making or profiling is used on our website.

 

12. What general functions and offers does our website provide?

If you use our website solely for your information (and do not register or submit information to us through the site), we only collect the data that your browser sends to our server. When you view the website, we collect the data listed below. They are technically necessary to display our website to you and to ensure its stability and security:

- IP address,
- date and time of the request,
- time zone difference to Greenwich Mean Time (GMT),
- content of the request (concrete page),
- access status/HTTP status code,
-amount of data transferred in each case,
- website from which the request comes,
- browser,
- operating system and its interface,
- language and version of the browser software.

The legal basis for the processing is Article 6 para. 1 p. 1 f DS-GVO.

In addition to this data, cookies are stored on your computer when you use our website. A cookie consists of a key-value pair with the elements "Key" = name of the cookie (e.g. dt_id) and "Value" = content of the cookie (e.g. hfcjakdf3424fnewl).
As a result, certain information flows to us. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and efficient overall.

Use of cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

- Transient cookies (for this purpose b),
- Persistent cookies (for this purpose c).

b) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are deleted automatically after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

d) You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.

 

13) What special functions and offers does our website provide?

We not only provide information on our website, but also offer various functions and services that you can use if you are interested. As a rule, further data must be processed in order to use the respective functions and services. Our above data processing principles also apply to this data.
We offer the following additional functions and services on our website:

 

13.1 Data processing on our website

Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google Inc ("Google"), if you have given us your consent to do so in our cookie banner. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

(3) You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

(4) This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in abbreviated form, thus excluding the possibility of personal references. Insofar as the data collected about you is related to a person, this is therefore immediately excluded and the personal data is thus immediately deleted.

(5) We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO.

(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User conditions: https://www.google.com/analytics/terms/de.html,
Overview of data protection: https://support.google.com/analytics/answer/6004245?hl=de, as well as the data protection declaration: https: //policies.google.com/privacy?hl=de&gl=de.

Google Maps
(1) On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to comfortably use the map function.

(2) By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned in section 12 of this declaration will be transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

(3) For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: https://policies.google.com/privacy. Google also processes your personal data in the USA.

Google Tag Manager
We also use the Google Tag Manager. This service can be used to manage website tags. Google Tag Manager only sets up tags - tags are code used to measure visitor traffic and behavior. The tags come from other services - in our case from Google Analytics (see above). The Google Tag Manager is only used to manage these tags, no cookies are set and no personal data is collected. If tracking has been deactivated, this also applies to all tracking tags that are managed with the Google Tag Manager.

Google Web Fonts
External fonts (Google Fonts) are used on these web pages. Google Fonts is a service of Google Inc ("Google"). The integration of these web fonts is done by a server call, usually a Google server in the USA. This transmits to the server which of our Internet pages you have visited. The IP address of the browser of the end device of the visitor to these Internet pages is also stored by Google. You can find more information in Google's privacy policy, which you can access here:
https://fonts.google.com/about#AboutPlace:about
https://policies.google.com/privacy?hl=en
The legal basis for the processing is Art. 6 (1) lit. f DS-GVO. Our legitimate interest lies in the highest possible functionality of the website. The use of Google Fonts improves the loading time of the fonts and thus of the website as a whole.

Contact form
If you send us inquiries via contact form or e-mail, we store the information you provide in the form or e-mail, including the contact data you provide there, in order to process your inquiry and, if necessary, to answer follow-up questions. The specification of your name and e-mail address is required to contact you, the other information in the contact form is voluntary. We do not pass on this data without your consent.
The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f DS-GVO and, if applicable, Art. 6 (1) lit. b DS-GVO if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal obligations to retain data. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f DS-GVO.

Newsletter

Subscription and unsubscription
You can register for our newsletter on our website. After registration, we will inform you regularly about the latest news on our offers. A valid e-mail address is required for registration. To verify the e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and name based on your consent. The processing is based on the legal basis of Art. 6 (1) a) DS-GVO. You can revoke your consent at any time with effect for the future, e.g. via the "unsubscribe" link in the newsletter or by contacting us via the channels mentioned above. The legality of the data processing operations already carried out remains unaffected by the revocation. When registering for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 lit. c) in conjunction with. Art. 7 para. 1 DS-GVO).

Analysis
We analyze the reading behavior and opening rates of our newsletter. For this purpose, aggregated usage data is collected and processed by us, which we do not merge with your e-mail address or your IP address. No profiling takes place. The legal basis for the analysis of our newsletter is Art. 6 (1) f) DS-GVO. The processing serves our legitimate interest in optimizing our newsletter. You can object to the future sending of our newsletter at any time with effect for the future: Either by using the link located at the bottom of each of our messages or by sending an e-mail to the e-mail address listed under "Contact". A separate revocation of the dispatch by the dispatch service provider or the statistical evaluation is unfortunately not possible, in this case the entire subscription must be cancelled.

Service provider CleverReach
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on CleverReach's servers in Germany or Ireland.
Our newsletters sent with CleverReach allow us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. For more information on data analysis by CleverReach newsletters, please visit: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
The data processing is based on your consent (Art. 6 para. 1 lit. a DS-GVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. If you do not want any analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the member area) remains unaffected by this. For more details, please refer to the data protection provisions of CleverReach at:
https://www.cleverreach.com/de/datenschutz/.

 

13.2 Data processing via social media plugins

Facebook
When you visit our Facebook page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Facebook Ireland Ltd (Ireland/EU - "Facebook"). For more information about the processing of personal data by Facebook, please visit https://www.facebook.com/privacy/explanation.
Facebook offers the option to object to certain data processing; related information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.
Facebook provides us with statistics and insights in anonymized form for our Facebook and Instagram page, which we use to gain insights into the types of actions that people take on our page (so-called "page insights"). These page insights are created based on certain information about individuals who have visited our page. This processing of personal data is carried out by Facebook and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these insights. The legal basis for this processing is Article 6 (1) (f) DS-GVO. We cannot associate the information obtained via Page Insights with individual Facebook profiles that interact with our Facebook page. We have entered into a joint controller agreement with Facebook, which specifies the distribution of data protection obligations between us and Facebook. For details about the processing of personal data to create Page Insights and the agreement entered into between us and Facebook, please visit https://www.facebook.com/legal/terms/information_about_page_insights_data.
In relation to these data processing operations, you have the option of asserting your data subject rights (see "Your rights" in this regard) against Facebook as well. Further information on this can be found in Facebook's privacy policy at https://www.facebook.com/privacy/explanation.
Please note that according to Facebook's privacy policy, user data is also processed in the USA or other third countries. Facebook only transfers user data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 DS-GVO or on the basis of appropriate safeguards in accordance with Art. 46 DS-GVO.

LinkedIn
LinkedIn Ireland Unlimited Company (Ireland/EU - "LinkedIn") is the sole controller for the processing of personal data when visiting our LinkedIn page. For more information about the processing of personal data by LinkedIn, please visit https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. As a result, we learn how visitors act on our page ("page insights"). In particular, LinkedIn processes data that you have provided in your profile, such as data on function, country, industry, seniority, company size and employment status. LinkedIn will also process information about how you interact with our LinkedIn company page (e.g., whether you are a "follower" of our LinkedIn company page). Through Page Insights, LinkedIn does not provide us with any personally identifiable information about you. We can only access the aggregated page insights. It is not possible to draw conclusions about individual members.
The processing of personal data in the context of the Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves the following legitimate interest: We evaluate which actions are performed on our LinkedIn company page and improve our company page based on the insights gained. The legal basis for this processing is Article 6 (1) (f) DS-GVO. We have entered into a joint controller agreement with LinkedIn, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:

  • LinkedIn is responsible for ensuring that you can exercise the rights you are entitled to under the GDPR. You can contact LinkedIn to do so online via the following link(https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the Privacy Policy. You can reach the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at our provided contact details about exercising your rights in connection with the processing of personal data in the context of Page Insights. In such a case, we will forward your request to LinkedIn.
  • The Irish Data Protection Commission monitors the processing of Page Insights as the lead supervisory authority. You have the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie)or with any other supervisory authority.

Please note that according to the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the US or other third countries. LinkedIn transfers personal data only to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 DS-GVO or on the basis of appropriate safeguards in accordance with Art. 46 DS-GVO.

Pinterest
Plugins of the social network Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA ("Pinterest") are integrated on this website. You can recognize the Pinterest plugin by the "Pin it button" on our site.
If you click the Pinterest "Pin it button" while you are logged into your Pinterest account, you can link the content of our pages on your Pinterest profile. This allows Pinterest to associate the visit to our pages with your user account. We would like to point out that we have no knowledge of the content of the transmitted data or its use by Pinterest. For more information, please refer to the Pinterest privacy policy: https: //about.pinterest.com/de/privacy

YouTube
1) We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. These are all embedded in "extended data protection mode", which means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transmission.

(2) By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned in paragraph 12 of this declaration are transmitted. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

(3) For more information on the purpose and scope of data collection and its processing by YouTube, please refer to the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://policies.google.com/privacy?hl=de&gl=de. Google also processes your personal data in the USA.

XING
New Work SE (Germany/EU) is the sole responsible party for processing personal data when you visit our XING profile. For further information about the processing of personal data by New Work SE, please visit https://privacy.xing.com/de/datenschutzerklaerung.

 

13.3 Further data processing

Applications
If you apply to our company, we process your application data exclusively for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be viewed and processed by the relevant contacts at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have provided for up to three months after any rejection for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage. The legal basis for data processing is 26 para. 1 p. 1 BDSG. If we store your applicant data for longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Article 7 (3) DS-GVO. Such revocation shall not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.

 

14 Does cooperation with processors and third parties take place?

If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes. In doing so, we will also state the defined criteria for the storage period.
We will only transfer your data to third parties or commissioned service providers if we have

  • a legal permission,
  • your consent,
  • the fulfillment of a legal obligation or
  • our legitimate interests

can fall back on. We select our external service providers carefully. They are bound by our instructions and are regularly monitored.

If we conclude a "contract processing agreement" with third parties and your data is processed within this framework, we observe the provisions of Article 28 DS-GVO.

 

15 What security measures do we use to protect your data?

We have taken appropriate technical and organizational measures to ensure the protection of your data.

SSL or TLS encryption.
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and the lock symbol is displayed in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

We ensure the "adequate level of protection" required by Article 32 DS-GVO and have taken the following factors into account:

  • State of the art
  • Implementation costs
  • Type of processing
  • Scope of the processing
  • Circumstances of the processing
  • Purposes of the processing
  • Probabilities of occurrence
  • Severity of the risk for
    • Destruction of data
    • Loss of data
    • alteration of data
    • unauthorized disclosure of personal data
    • unauthorized access to personal data

In doing so, we have ensured the confidentiality, integrity, availability and resilience of our systems and services.

 

16. changes to this privacy statement

We ensure that this privacy policy is always up to date. Therefore, we reserve the right to adapt it if necessary and to include changes in the processing of your data in it.

 

17 Explanation of some terms used in data protection law

Anonymization
Anonymization occurs when the personal reference of data is removed in such a way that it cannot be restored or can only be restored with disproportionate effort in terms of time, costs and manpower.
Absolute anonymization, which means that no one can restore the personal reference, is often not possible and is generally not required by data protection law. It is then sufficient that re-identification is practically unfeasible because it would involve an extraordinarily high level of effort.

Order processing
The term is defined in Art. 4 No. 8 DS-GVO:
""Processor" [is] a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller."
The controller must ensure that the contractor takes the necessary and appropriate technical and organizational to protect the processed data. The data processing must be carried out in accordance with the provisions of data protection law. In other words, the contractor must treat the data with the same sensitivity as the client.

Data protection by technology design ("data protection by design").
The technology must follow the applicable law. Data protection must therefore be taken into account as early as the design of programs or the programming itself. Suitable technical and organizational measures by technology design are, for example:
- the pseudonymization or encryption of data (purpose: not easy to evaluate in case of misuse or loss, Art. 32 para. 1 a DS-GVO)
- the anonymization of data without a reference to a person (Art. 32 DS-GVO only gives examples)
- the technical integration of data protection notices (purpose: transparency, Art. 5(1)(a) DS-GVO)
- authentication procedures to ensure exclusive access by authorized users (for data minimization, Art. 5(1)(f) DS-GVO)
- special markings of data sets (electronic labeling, so-called tag; helpful for compliance with the purpose limitation principle, Art. 5(1)(b) DS-GVO)

Data protection through data protection-friendly default settings ("data protection by default").
This provision in Art. 25(2) GDPR is new and is likely to apply in particular to Internet services and social networks. In principle, this is intended to implement the principle of data minimization already through technical default settings, among other things. According to this, the technical systems are to be aligned with the principles of data protection with regard to:
- the limitation to the respective processing purpose
- the amount of personal data collected
- the scope of their processing
-the storage periods
- their accessibility
Preferences are the variables that the controller sets for the users of its data processing system. The user must therefore enter them or select them by "clicking" on them.

Privacy policy (website)
The privacy statement on a website is intended to inform consumers as users about the extent to which data is processed, what is done in the process to protect their privacy and what rights they have.
Among other things, the declaration describes how personal data is collected, used or passed on to third parties by the operator. The GDPR requires clear and understandable language in this regard (no "technical jargon").

Data integrity
Concept: stored personal data must be protected from being damaged by system malfunctions.
Protection: backup concept (backup copies), secure storage of data.
Control: authorization to back up data, awareness, patch management (security vulnerabilities, updates).

Personal data
The term is defined in Art. 4 No. 1 DS-GVO:
" [...] any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."
Examples: Name, address, date of birth, personal number, IP addresses, cookies, location data, biometric data.

Pseudonymization (Art. 4 No. 5, 25 (1), 32 (1) a DS-GVO).
Term: the reference to a person is partially removed (restricted) and cannot be restored without additional information (e.g. identification data).
Requirements:
- no allocation of data without identification data
- separate storage of identification data by the controller
- technical and organizational measures to protect identification data (access)
Example:
Medical data and personal data are separated and can only be allocated through the identification data.
Protection:
Appropriate measures to ensure data security, especially for higher protection needs (Art. 24, 25, 32 DS-GVO).

State of the art (Art. 25, 32 DS-GVO).
The state of the art includes the technological tools available to ensure, for example, adequate encryption or reliable pseudonymization.
The security of processing must be "in accordance with the state of the art" and through "appropriate technical and organizational measures" (TOMs) (Art. 24, 32 DS-GVO).
Further, the GDPR mentions data protection through "technology design" and "data protection-friendly default settings". Confidentiality, integrity, availability and resilience of the data processing systems must be ensured.
The best available technologies do not necessarily have to be used. It is sufficient to use proven and efficient technology.
Concretization:
- IT-Grundschutzkompendium of the BSI, BSI standard 200-2
- Standard Data Protection Model (SDM)
- ISO 27000 series of standards
- other recommendations of government agencies

Technical and organizational measures (TOMs)
The so-called "TOMs" represent measures to ensure an adequate level of protection for personal data (Art. 32 DS-GVO). Examples: Pseudonymization and encryption, security locks, firewall, virus scanner, authorization concept, fire alarm system and extinguishing system, air conditioning, security rooms, alarm systems, etc.

 

 

18. video surveillance

Our company premises are video-monitored on the basis of § 4 BDSG. Notices on the premises indicate the fact of surveillance. Only video data is recorded as part of the video surveillance. Audio data is not recorded. This data protection information informs you about the type, scope and purpose of the personal data collected, used and processed by us and about the rights to which you are entitled. Name and address of the controller The controller within the meaning of the General Data Protection Regulation and other data protection laws applicable in the Member States of the European Union is:

BRUMBERG Leuchten GmbH & Co KG
Hellefelder Straße 63
59846 Sundern

Categories of personal data
Only video data is recorded as part of video surveillance. Audio data is not recorded.

Purposes of data processing

  • the preservation of the house right;
  • the protection of our customers, employees and suppliers against dangerous situations and robberies;
  • the protection of property, namely the buildings including furnishings and fittings and the stocks, cash and machinery as well as vehicles;
  • the prevention and investigation of criminal offences, and
  • the collection and seizure of evidence.


Legal basis for data processing
We process certain personal data to protect our legitimate interests or the interests of third parties in accordance with Art. 6 I lit. f) DS-GVO. However, data processing only takes place if the interests of the data subjects do not take precedence over our interests in the individual case.
Legitimate interests pursued: The prevention of criminal acts, the preservation of evidence, protection against vandalism and the protection of the legal interests of life, liberty, physical integrity and property, as well as the enforcement of our legal claims.

Recipients or categories of recipients of personal data
We generally ensure that your personal data is accessible only to a limited number of authorized persons who need to know it in order to fulfill the processing purposes mentioned above. Recipients of the data may therefore include:

 

  • Police authorities
  • Public prosecutor's office
  • Courts
  • Authorities

 

Duration of data storage

Video recordings are usually stored for a maximum of 72 hours, after which they are automatically deleted, unless there are incidents in terms of our legitimate interests.

 

Automated decision making

Automated decision-making pursuant to Art. 22 DSGVO does not take place in connection with video surveillance data.

 

Data security

We have taken technical and organizational measures that are suitable,

  • The unauthorized or unlawful disclosure of your personal data,
  • unauthorized or unlawful access to your personal data, or
  • the loss, destruction, alteration or damage of your personal data, whether accidental or unlawful;


These measures ensure a level of security appropriate to the risks presented by the processing and the nature of the personal data to be protected. Our security measures are continuously improved in line with technological developments.

 

Data subject rights

If you have any questions about the processing of your personal data, you can contact our data protection officer, who will be happy to assist you with his team. Our company data protection officer can be reached as follows:

E-mail: dsb@ora-gmbh.com

Ss a data subject, you have legal rights with regard to the personal data we collect and process about you.
You have the following rights:

  • the right to information about data concerning you (right of access);
  • the right to rectify incorrect data or, taking into account the purposes of processing, the right to complete incomplete data (right of rectification).


If certain grounds apply and the legal requirements are met, you also have

  • the right to have your personal data deleted (right to erasure),
  • the right to restrict the processing of your personal data (right to restriction of processing),
  • the right to receive and transfer the personal data you have provided to us to another controller (right to data portability); and
  • the right to object to the processing of your personal data (right to object).

Furthermore, you have the right to lodge a complaint with the competent supervisory authority for data protection at any time. © This privacy policy was created by ORA GmbH(www.ora-gmbh.com).


Status: July 2022

Cookies