Data protection

This data protection declaration informs you which personal data we collect in the context of your use of https://www.bmfcert.de/and for what purpose the data is used.

Data protection is very important to us. Collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).

In general, our website can be used without providing any personal data. To the extent that personal data is collected on our pages (for example, when using our contact form), this is always done, as far as possible, on a voluntary basis. The data will not be disclosed to third parties without your explicit consent.

1. Responsible authority/Contact

The person responsible for the collection, processing and use of your personal data within the meaning of Article 4 No. 7 GDPR is:

BMFcert GmbH
Rhöndorfer Str. 85
53604 Bad Honnef

represented by

Florian Bauer (Managing Director)

Contact:

Phone: +49 (0) 2224 / 969152-0
E-Mail: info@bmfcert.de


If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either in whole or for individual aspects, you can address your objection to the person responsible.

2. Subject of data protection

The subject of data protection is personal data. According to Article 4 No. 1 of the GDPR, this is all information relating to an identified or identifiable natural person; this includes, for example, names or identification numbers.

3. Data collection and use

3.1 Automated data collection

When you access our website, your end device automatically transmits data for technical reasons. The following data is stored separately from other data that you may transmit to us:

This data is collected and stored exclusively for technical reasons, such as for statistical evaluations for the purpose of website operation, security or optimisation, and is not assigned to a specific person at any time. Some of the data may also be used to analyse your user behaviour. This data is not compiled with data from other sources.

3.2 Use of our contact form

If you have any questions, in particular about our services, you can contact us via a form provided on our website. You must provide a name and a valid e-mail address so that we know who the enquiry is from and can answer it. Further information, such as your telephone number or address, is optional. You decide whether you want to enter this data in the contact form.

If the data is processed for the purpose of putting pre-contractual measures in place in response to your enquiry, the legal basis for this data processing is Art. 6 para. 1 p. 1 b) GDPR.

We only process further personal data if you consent to this (Art. 6 para. 1 p. 1 a) GDPR) or we have a legitimate interest in processing your data (Art. 6 para. 1 p. 1 f) GDPR). A legitimate interest is, for example, to respond to your e-mail.

Any personal data collected by us when you use the contact form will be automatically deleted after completion of your request.

3.3 Data processing for fulfilment of our contractual obligations

We process personal data that we need to fulfil our contractual obligations, such as name, address and e-mail address. The collection of this data is necessary for the conclusion of the contract.

Data is deleted after the expiry of the warranty periods and legal retention periods.

The legal basis for the processing of this data is Art. 6 para. 1 p. 1 b) GDPR. This data is required so that we can fulfil our contractual obligations towards you.

4. Cookies

We store “cookies” in order to offer you a comprehensive range of functions and to make the use of our website more convenient. Cookies are small files that are stored on your computer using your internet browser. If you do not wish to use cookies, you can prevent them being placed on your computer by applying the appropriate settings in your internet browser. If you deactivate them in the Internet browser used, it may not be possible to use all the functions of our website to their full extent and the overall functionality of the website may therefore be restricted.

This website only uses session cookies, which are automatically deleted when you close the browser. These store what is known as a “session ID”, where various browser enquiries can be allocated to a joint session.

It is not possible to identify you personally in this way. The use of cookies is justified on the basis of our legitimate interest in a needs-based design and statistical evaluation of our website and the fact that your legitimate interests are not overridden pursuant to Art. 6 para 1 lit. f GDPR.

5. Google Web Fonts

We also use web fonts provided by Google for the uniform display of fonts (Google Dosis). When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The browser you use must connect to Google’s servers for this. This lets Google know that our website has been accessed via your IP address. Google Web Fonts are used to provide a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR. If your browser does not support Web Fonts, your computer will use a standard font.

6. Google Maps

We also use a Google Maps integration to display our location in Bonn. From that, you can use the “View larger map” function to get redirected to google.com/maps to use the route planner there. By using Google Maps, information about the use of our website, including your IP address and the starting address entered as part of the route planner function or your location data, may be transmitted to Google.

If you do not want Google to collect, process or use data about you via our website, you can deactivate this in your browser settings or explicitly refuse consent when you access our site.

7. Google Analytics

We also use “Google Analytics” to analyse the use of our website. The data obtained from this is, in turn, used to optimise our website and possible advertising activities, Art. 6 para. 1 (f) GDPR.

Google Analytics is a web analytics service operated and provided by Google, Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). Google processes the data usage on our site on our behalf. Google complies with the data protection provisions of the “EU-US Privacy Shield” agreement. The possibility of your data being transferred to the USA cannot be ruled out.

During your visit to the website, the following data, among others, is recorded:

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future visits to the website.

The recorded data is stored together with the randomly generated user ID, which enables pseudonymous user profiles to be evaluated. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.

The data processing is based on Art. 6 para. 1 (a) GDPR by you giving your consent. If you do not agree to the collection of data, you can disable it by a one-off installation of Browser add-on to deactivate Google Analytics. In addition, you can adjust the cookie settings on our website and change your selection there.

8. Change of purpose

Your personal data will only be processed for purposes other than those described if a legal provision permits this or you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes prior to further processing and provide you with all other relevant information.

9. Passing on data

In principle, your personal data will only be passed on without your express prior consent in the following situations:

If it is necessary to clarify an illegal use of our services or for legal prosecution, personal data will be forwarded to the prosecuting authorities and, if necessary, to injured third parties. However, this only happens if there are clear indications of unlawful or abusive behaviour. Disclosure may also take place if it serves to enforce terms of use or other agreements. We are also required by law to provide information to certain public bodies upon request. These are prosecuting authorities, authorities that prosecute administrative offences subject to fines and the tax authorities.

Disclosure of this data is based on our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting and enforcing claims and that your rights and interests in the protection of your personal data are not overridden, Art. 6 para. 1 (f) GDPR.

We rely on contracted third-party companies and external service providers (“order processors”) to provide our services. In such cases, personal data will be disclosed to these processors to enable them to process services. We carefully select and regularly review these processors to ensure that your privacy is protected. The processors may only use the data for the purposes specified by us and are also contractually obliged by us to treat your data exclusively in accordance with this data protection declaration and German data protection laws.

We use the following processors:

Web hosting (1and1)

Transfer of data to processors takes place on the basis of Art. 28 para 1 GDPR, alternatively on the basis of our legitimate interest in the economic and technical benefits associated with the use of specialised processors, and the fact that your rights and interests in the protection of your personal data are not overridden, Art. 6 para. 1 (f) GDPR.

10. Data security

We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities.

Your personal data is transmitted encrypted with us. We use the SSL coding system (Secure Socket Layer – certificate: DigiCert SSL) but hereby give notice that data transmitted via the internet (e.g. via e-mail communication) may be subject to security breaches. Complete protection of data against access by third parties cannot be guaranteed.

We maintain technical and organisational security measures to secure your data in accordance with Art. 32 GDPR, which we continually adapt to the state of the art.

We also do not guarantee that our offer will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.

11. Storage period / deletion of your data

Unless specifically stated, we only store personal data for as long as is necessary to fulfil the corresponding purposes.

In some cases, the legislator requires the retention of personal data, for example for legal, taxation or commercial matters. In these cases, we will only continue to store the data for these legal purposes, but will not process it in any other way and will delete it after the legal retention period has expired.

We will delete or anonymise your personal data as soon as it is no longer necessary for the purposes for which we collected or used it in accordance with the above paragraphs.

If data has to be retained for legal reasons, it will be blocked. This means the data is no longer available for further use.

12. Rights of persons affected:

You have various rights under applicable laws regarding your personal data. If you wish to exercise these rights, please send your request by e-mail or by post to our data protection officer or to the contact address given:

You will find an overview of your rights below.

12.1 Right to information

You have the right to receive information from us at any time upon request about the personal data processed by us that concerns you within the scope of Art. 15 GDPR.

Furthermore, there is a right to the following information:

  1. the purposes of processing;
  2. the categories of personal data that are processed;

if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;

12.2 Right to rectify inaccurate data

You have the right to demand that we correct personal data relating to you without delay if it is inaccurate.

12.3 The right to deletion

You have the right, under the conditions described in Art. 17 GDPR, to demand that we delete the personal data concerning you without delay. These conditions provide in particular for the right to deletion if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, if you withdraw your previously given consent, and in other cases of unlawful processing, the existence of an objection or the existence of an obligation to erase under Union law or the law of the Member State to which we are subject. Please also see section 10 of this data protection declaration for the period of data storage.

12.4 Right to restrict processing

You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires, as well as in the event that the user requests limited processing instead of deletion in the case of an existing right to deletion; furthermore, in the event that the data is no longer required for the purposes pursued by us, but the user requires it for the assertion, exercise or defence of legal claims, as well as if the successful exercise of an objection pursuant to Article 21 (2) of the GDPR is still disputed between us and the user.

12.5 Right to data portability

You have the right to obtain from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR.

Furthermore, you have the right to transfer this data to another responsible party without hindrance from us, provided that

  1. 1. the processing is based on consent pursuant to Art. 6 para. 1 p. 1 a) GDPR or Art. 9 para. 2 a) GDPR or on a contract pursuant to Art. 6 para 1 sentence 1 b) GDPR, and
  2. processing is carried out with the aid of automated procedures.

When exercising your right to data portability in accordance with paragraph 1, you have the right to obtain that the personal data be transferred directly from us to another responsible party, where this is technically feasible.

12.6 Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out, inter alia, on the basis of Article 6 para. 1 (e) or (f) GDPR, in accordance with Article 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

12.7 Right of appeal

You also have the right to contact a supervisory authority in case of complaints. The supervisory authority responsible for the state of North Rhine-Westphalia is:

Landesbeauftragte für Datenschutz und Informationsfreiheit (State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia)
Postfach 20 04 44
40102 Düsseldorf

poststelle@ldi.nrw.de

13. Changes to this data protection declaration

The current version of this data protection declaration is always available at https://www.bmfcert.de/.