Data Protection Statement
This Data Protection Statement informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the associated web pages, functions and content as well as our external online presence, e.g. our social media profile (hereinafter jointly referred to as “online offer”). With respect to the terms used, e.g. “processing” or “data controller,” we refer to the definitions in Section 4 of the General Data Protection Regulation (GDPR).
Data controller
Börger GmbH
Benningsweg 24
46325 Borken-Weseke
Germany
info(at)boerger.de
Managing Directors: Alois Börger, Anne Börger-Olthoff
Link to legal notice: www.boerger.com/de_DE/impressum.html
Contact external data protection officer:
You can contact our external data protection officer (Deutsche Telekom MMS GmbH) at datenschutz(at)boerger.de or by post at the above address with the addition: “Personal/confidential for the data protection officer.”
Types of data processed:
- Inventory data (e.g. names, addresses).
- Contact data (e.g. email address, phone numbers).
- Content data (e.g. text entries, photographs, videos).
- Usage data (e.g. websites visited, interest in content, access times).
- Meta/communication data (e.g. device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (hereinafter we also refer to the data subjects jointly as “users”).
Purpose of the processing
- Making the online offer, its functions and contents available.
- Answering contact requests and communication with users.
- Security measures.
- Reach measurement/marketing.
Terms used
“Personal data” is all information that relates to an identified or identifiable natural person (hereinafter referred to as “data subject”); a natural person is considered to be identifiable if the person can be identified, directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. cookie) or to one or more specific characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
“Processing” is any operation or set of operations that is carried out with or without the aid of automated procedures and that involves personal data. The term has a wide reach and covers practically any handling of data.
“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without bringing in additional information if this additional information is kept separately and is subject to technical and organizational measures, which ensure that the personal data cannot be assigned to an identified or identifiable natural person.
“Profiling” means any automated processing of personal data that uses this personal data to evaluate certain personal aspects relating to a natural person, especially to analyze or predict aspects of work performance, economic situation, health, personal preferences, interests, reliability, conduct, place of residence or change of location of this natural person.
The “data controller” is the natural or legal person, public authority, institution or other body that establishes the purpose and method of the processing of personal data, alone or together with other actors.
“Processor” is the natural or legal person, public authority or other body that processes data on behalf of the controller.
Authoritative legal bases
Pursuant to Section 13 of the GDPR, we inform you of the legal bases of our data processing. If the legal basis is not specified in the Data Protection Statement, the following applies: Section 6(1)(a) and Section 7 of the GDPR constitute the legal basis for obtaining consent; Section 6(1)(b) GDPR is the legal basis of the processing for the fulfillment of our services and implementation of contractual measures as well as answering inquiries; Section 6(1)(c) GDPR is the legal basis for the processing to meet our legal obligations; Section 6(1)(f) GDPR is the legal basis for processing to protect our legitimate interests. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Section 6(1)(d) GDPR serves as the legal basis.
Security measures
In accordance with Section 32 GDPR, we take suitable technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of the processing as well as the severity of the risk to the rights and freedoms of natural persons.
These measure include, in particular, ensuring the confidentiality, integrity and availability of data by monitoring physical accessibility of the data as well as data access, entry, transfer, securing availability and data separation. Furthermore, we have set up procedures that ensure the exercise of the rights of data subjects, deletion of data and response to data being compromised. Furthermore, we take the protection of personal data into account as early as in the development or selection of hardware, software and procedures, according to the principle of data protection by means of technology design and data protection-friendly default settings (Section 25 GDPR).
Collaboration with processors and third parties
To the extent that we, within the scope of our processing, disclose data to other persons and companies (data processors or third parties) or transmit data to them or grant them access to the data in any other way, it is only done on the basis of legal permission (e.g. when the transfer of the data to third parties, e.g. to payment service providers, is required for the fulfillment of the contract according to Section 6(1)(b) GDPR), only if you have consented, if a legal obligation provides it or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “order processing agreement”, it is done on the basis of Section 28 GDPR.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or as part of the disclosure or transfer of data to third parties, it is only done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process data or have data processed in a third country if the special requirements of Section 44 et seq. GDPR are given. This means that the data is processed on the basis of special guarantees, such as the officially acknowledged determination of a data protection level in accordance with the EU (e.g. for the United States, the “Privacy Shield”) or compliance with officially acknowledged special contractual obligations (so-called “standard contract clauses”).
Rights of the data subjects
You have the right to request confirmation of whether the data concerning you is allowed to be processed, to obtain information about this data and to obtain further information as well as a copy of the data pursuant to Section 15 GDPR.
In accordance with Section 16 GDPR, you have the right to request the completion of the data concerning you or the correction of inaccurate data concerning you.
Pursuant to Section 17 GDPR, you have the right to demand immediate deletion of the data concerning you; as an alternative, pursuant to Section 18 GDPR to demand a restriction on the processing of the data.
In accordance with Section 20 GDPR, you have the right to demand that you receive the data concerning you, which you have provided to us, and request its transfer to other data controllers.
Pursuant to Section 77 GDPR, you also have the right to lodge a complaint with the responsible supervisory authority.
Right of withdrawal
You have the right to withdraw consent given with effect for the future in accordance with Section 7(3) GDPR.
Right to object
You can object to the future processing of data concerning you at any time in accordance with Section 21 GDPR. The objection may be made in particular against processing for direct marketing purposes.
Cookies and right to object to direct marketing
“Cookies” are small files that are stored on the users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offer. Temporary cookies, or “session cookies” or “transient cookies” are cookies that are deleted after users leave an online offer and close their browser. The content of a shopping cart in an online shop or a login status, for instance, can be stored in such a cookie. “Permanent” or “persistent” cookies are cookies that remain stored even after the browser has been closed. For example, the login status can be saved if users visit it after several days. The interests of users can also be stored in such a cookie and used for reach measurement or marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the controller who operates the online service (otherwise, if there are only the controller’s cookies, they are referred to as “first-party cookies”).
We may use temporary and permanent cookies and provide information about in our Data Protection Statement.
If users don’t want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies can lead to functional restrictions of this online offer.
A general objection to the use of cookies used for purposes of online marketing can be declared for a large number of service providers, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Preventing the storage of cookies can also be disabled in the settings of the browser. Please note that in this case you may not be able to use all the functions of this online offer.
Erasure of data
The data processed by us will be erased or their processing will be restricted in accordance with Sections 17 and 18 GDPR. Unless expressly stated in this Data Protection Statement, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is needed for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained under commercial or tax law.
According to legal requirements in Germany, retention, especially retention for 10 years, is based on Section 147(1) of the Tax Code, Section 257(1)(1 and 4), (4) of the German Commercial Code (books, records, management reports, posting documents, account books, documents relevant to taxation, etc.); and for 6 years according to Section 257(1)(2 and 3), (4) of the German Commercial Code (commercial letters).
Business-related processing
In addition, we process
- contract data (e.g. subject matter of the contract, contract duration, customer category)
- payment data (e.g. bank details, payment history)
of our customers, interested parties and business partners for the provision of contractual services, customer service and customer relationship management, marketing, advertising and market research.
Contractual services
We process the data of our contractual partners and interested parties as well as other clients, customers, principals or other contractual partners (uniformly referred to as “contractual partners”) in accordance with Section 6(1)(b) GDPR in order to provide our contractual or pre-contractual services to them. The data processed in this context, the nature, scope, purpose and necessity of its processing are determined by the underlying contractual relationship.
The processed data include the master data of our contractual partners (e.g. names and addresses), contact data (e.g. email addresses and phone numbers) as well as contract data (e.g. the services used, contract content, contract-based communication, names of contact persons) and payment data (e.g. bank details, payment history).
In principle, we do not process special categories of personal data unless they are integral parts of commissioned or contractual processing.
We process data that is necessary for the establishment and fulfillment of the contractual services and point out the necessity of its disclosure, unless this is evident to the contractual partners. Disclosure to external persons or companies is only made if required as part of a contract. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements.
As part of the use of our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as the interests of the users in protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary for the pursuit of our claims pursuant to Section 6(1)(f) GDPR or there is a legal obligation to do so pursuant to Section 6(1)(c) GDPR.
The data will be deleted when the data is no longer needed for the fulfillment of contractual or legal duties of care or for the handling of possible warranty and comparable obligations; in this context, retention obligations will be reviewed every three years; otherwise, the statutory retention obligations apply.
Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as the organization of our operations, financial accounting and compliance with legal obligations, e.g. archiving. The data we process here is the same as the data that we process as part of our contractual services. The processing is based on Section 6(1)(c) GDPR, Section 6(1)(f) GDPR. The processing concerns customers, interested parties business partners and website visitors. The purpose of the processing and our interest in it are related to the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our duties and provision of our services. The erasure of the data with regard to contractual services and contractual communication corresponds to the specifications regarding these processing activities.
We disclose or transfer data to the financial administration, consultants, e.g. tax advisors or auditors, as well as other fee centers or payment service providers.
Furthermore, on the basis of our business interests, we store information on suppliers, organizers and other business partners, e.g. for the purpose of contacting them later. We always store this data, most of which is company-related, permanently.
Video surveillance on the company building
In the case you visit our company on site, we would like to inform you about the video surveillance of our company premises. The data controller for video surveillance is Börger GmbH (see “data controller”). The entire building envelope (fences, all entrance/driveway/exit gates as well as the company parking lot) and all accesses and driveways to the production halls are monitored. In addition, the server rooms inside the building are monitored.
Further information is available on request from our IT department.
The monitoring has the following purposes:
- to exercise property rights,
- protection of property,
- burglary and theft prevention
The legal basis for this is Section 6(1)(f) GDPR. Legitimate interests are: protection of the property of Börger GmbH. The retention period for the recordings is max. 30 days. For the investigation and prosecution of crimes, the recordings can be retained until the conclusion of official investigation proceedings. For the rights of data subjects, see above (“Rights of the data subjects”).
Contact details of our data protection officer can be found above (Contact external data protection officer).
Business analysis and market research
We analyze the data we have on business transactions, contracts, inquiries, etc., in order to operate our business profitably and to identify market trends and the wishes of contractual partners and users. This means we process inventory data, communication data, contract data, payment data, usage data, meta data on the basis of Section 6(1)(f) GDPR; the data subjects include contractual partners, interested parties, customers and users of our online offer.
The analyses are conducted for the purpose of business evaluations, marketing and market research. In so doing, we may take into account the profiles of registered users with information, e.g. on the services they have used. With these analyses we improve user friendliness, optimize our offers and increase business efficiency. The analyses are for our own use and are not disclosed externally, unless they are anonymous analyses with aggregated figures.
To the extent that these analyses or profiles are personal, they will be erased or anonymized upon termination of the user; otherwise after two years from conclusion of the contract. Apart from that, the overall business analyses and general trend identifications are made anonymously where possible.
Data protection in the application process
We process applicant data only for the purpose and within the scope of the application process in compliance with the legal requirements. The processing of applicant data is done in order to fulfill our (pre-)contractual obligations as part of the application process as per Section 6(1)(b) GDPR, Section 6(1)(f) GDPR if the data processing becomes necessary, e.g. within the scope of legal procedures (in Germany, Section 26 of the Federal Data Protection Act (BDSG) also applies).
The application process requires applicants to provide us with the applicant data. The necessary applicant data is indicated if we offer an online form; otherwise, the data arises from the job descriptions; it always includes information about the person, postal and contact addresses and the documents belonging to the application such as the cover letter, résumé and certificates. Applicants can also voluntarily provide us with additional information.
By submitting the application to us, applicants consent to the processing of their data for purposes of the application process in accordance with the nature and scope specified in this Data Protection Statement.
Insofar as special categories of personal data within the meaning of Section 9(1) GDPR are provided voluntarily in the application process, such data is always processed in compliance with Section 9(2)(b) GDPR (e.g. health data such as disability status or ethnic origin). Insofar as applicants are asked for special categories of personal data within the meaning of Section 9(1) GDPR, such data is always processed in compliance with Section 9(2)(b) GDPR (e.g. health data if it is required for the exercise of a profession).
Applicants can send us their application via email. Please note that emails are generally not sent in an encrypted form and applicants need to take care of the encryption themselves. We can therefore accept no responsibility for the transmission path of the application between the sender and receipt on our server. Instead of sending the application by email, applicants still have the option of sending their applications by normal mail.
In the event of a successful application, the data provided by applicants may be processed by us for the purposes of the employment relationship. If the application for a job offer is not successful, the data of the applicants will be erased. The data of the applicants is also erased when an application is withdrawn, which the applicants are entitled to do at any point in time.
Subject to a justified withdrawal on the part of the applicants, the erasure is effected after six months have expired so that we can answer possible follow-up questions regarding the application and comply with our obligations to provide documentation under the Equal Treatment Act. Invoices on any reimbursement for travel expenses will be archived in accordance with the regulations under tax law.
If you have consented to inclusion in our applicant pool, your application documents will be stored by us for another 2 years. The consent can be withdrawn at any time with effect for the future at jobs@boerger.de.
Contact
When you contact us (e.g. via the contact form, email, phone or social media), the user’s data will be processed for the handling of the contact request according to Section 6(1)(b) GDPR. User data may be stored in a customer relationship management system (“CRM system”) or comparable inquiry management system.
We delete the inquiries if they are no longer necessary. We review necessity every two years; in addition, the statutory archiving obligations apply.
Use of Friendly Captcha (bot/spam protection)
The Börger GmbH website uses the “Friendly Captcha” service (http://www.friendlycaptcha.com/). This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.
Friendly Captcha is an innovative, privacy-friendly protection solution designed to make it more difficult for automated programs and scripts (so-called “bots”) to use our website.
A program code from Friendly Captcha is integrated on our website for contact forms so that the visitor's device can establish a connection to Friendly Captcha’s servers in order to receive a calculation task (puzzle) from Friendly Captcha. The visitor's device automatically solves the calculation task in the background using certain system resources and sends the calculation result to our web server. This contacts the Friendly Captcha server via an interface and receives a response as to whether the puzzle has been solved correctly by the end device. Depending on the result, we can apply security rules to requests via our website and, for example, process or reject them.
- The data is used exclusively to protect against spam and bots as described above.
- Friendly Captcha does not set or read any cookies on the visitor's end device.
- The visitor's browser transfers technical connection data, environment data, interaction data and functional data to Friendly Captcha (date, time, requested page, browser information).
- IP addresses are anonymized using one-way hashing, i.e. stored in one-way encrypted form and do not allow either Börger GmbH or Friendly Captcha to draw any conclusions about the identity of an individual person.
- If personal data is stored, this data is deleted within 30 days.
The legal basis for the processing is Section 6(1)(f) GDPR, in this case the legitimate interest in protecting our website from abusive access by bots, i.e. spam protection and protection against attacks, such as mass requests.
Further information on data protection when using Friendly Captcha
Newsletter
With the following notes, we inform you about the contents of our newsletter and about the registration, mailing and statistical evaluation procedures as well as your right to object. By subscribing to our newsletter, you agree to its receipt and the procedures described above.
Content of the newsletter: We only send newsletters, emails and other electronic notifications with advertising information (hereinafter “newsletters”) with the consent of the recipients or with legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user’s consent. As for the rest, our newsletters contain information about our services and about us.
Double opt-in and logging: The registration for our newsletter is effected in a so-called double opt-in procedure. This means that you will receive an email after registration in which your confirmation of your registration is requested. This confirmation is necessary so that no one can register with other people’s email addresses. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as of the IP address. Changes to the data stored by your mailing service provider are likewise logged.
Registration data: To subscribe to the newsletter, all you need to do is enter your email address. Optionally, we request you to provide a name to address you personally in the newsletter.
The newsletter and the associated performance measurement are sent on the basis of the recipient’s consent according to Section 6(1)(a), Section 7 GDPR in conjunction with Section 7(2, 3) of the Act Against Unfair Competition (UWG) or on the basis of the legal permission as per Section 7(3) UWG.
The logging of the registration procedure is based on our legitimate interests as defined in Section 6(1)(f) GDPR. Our interest is aligned to the use of a user-friendly and secure newsletter system that serves our business interests, at the same time meets the users’ expectations and allows us to prove consent.
Cancellation/withdrawal. You can cancel the receipt of our newsletter at any time, i.e. you can withdraw your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.
Newsletter – MailChimp
The newsletter is sent using the mailing service provider “MailChimp,“ a newsletter mailing platform of the U.S. provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, United States. The data protection regulations of the mailing service provider can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The mailing service provider is used on the basis of our legitimate interests in accordance with Section 6(1)(f) GDPR and an order processing contract in accordance with Section 28(3) page 1 GDPR.
The mailing service provider may use the recipients’ data in pseudonymous form, i.e. without assigning it to a user, to optimize or improve its own services, e.g. for the technical optimization of the mailing and the presentation of the newsletter or for statistical purposes. However, the mailing service provider does no use the data of our newsletter recipients to write to them itself or to pass on the data to third parties.
Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, memory capacity and database services, security services as well as technical maintenance services that we use for operating the online offer.
We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in the efficient and secure provision of this online offer according to Section 6(1)(f) GDPR in conjunction with Section 28 GDPR (conclusion of an order processing contract).
Collection of access data and log files
We, or our hosting provider, collect data about every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Section 6(1)(f) GDPR. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the site previously visited), IP address and the requesting provider.
For security reasons (e.g. to investigate acts of abuse or fraud), log file information is stored for a maximum of 7 days and is then erased. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
The Cloudfare content delivery network
We use a so-called “Content Delivery Network” (CDN) offered by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, United States. Cloudflare is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active).
A CDN is a service with the help of which the content of our online offer, in particular large media files such as graphics or scripts, are delivered faster with the help of regionally distributed servers connected via the Internet. Users’ data is solely processed for the aforementioned purposes and to maintain the security and functionality of the CDN.
For more information, please refer to the data protection statement of Cloudfare: https://www.cloudflare.com/security-policy.
Google AdWords and conversion measurement
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and profitable operation of our online offer within the meaning of Section 6(1)(f) GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, (“Google”).
Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active).
We use the online marketing process Google “AdWords” in order to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.), so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads for and within our online offer in a more targeted manner in order to present users only with ads that potentially match their interests. For example, if a user is shown ads for products for which he has shown an interest in other online offers, this is referred to as “remarketing.” For these purposes, when our and other websites on which the Google advertising network is active are accessed, a code from Google is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). This file records which websites the user has visited, which content he or she is interested in and which offers the user has clicked on, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer.
Furthermore, we receive an individual “conversion cookie.” The information collected with the help of the cookie is used by Google to create conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not receive any information that would allow the personal identification of users.
User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process the name or email address of users; instead it processes the relevant cookie-related data within pseudonymous user profiles. In other words, from Google’s point of view, the ads are not managed or displayed for a specifically identified person but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google’s servers in the United States.
Further information on the use of data by Google, setting and objection options, can be found in Google’s data protection statement (https://policies.google.com/technologies/ads); and in the settings for showing pop-ups by Google (https://adssettings.google.com/authenticated).
Reach measurement with Matomo
As part of Matomo’s reach analysis, data is collected on the basis of our legitimate interests (i.e. interest in the analysis, optimization and profitable operation of our online offer within the meaning of Section 6(1)(f) GDPR), the following data is processed: the browser type and browser version used by you; the operating system you use; your country of origin, the date and time of the server request, number of visits, the time you spend on the website; as well as the external links you click on. The IP address of users is anonymized before it is stored.
Matomo uses cookies, which are stored on the user’s computer and which enable an analysis of the use of our online offer by the users. Pseudonymous user profiles can be created from the processed data. The cookies have a storage period of one week. The information generated by the cookie about your use of this website is only stored on our server and is not passed on to third parties.
Users can object to the anonymized collection of data by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called “opt-out cookie” is stored in your browser, which means that Matomo no longer collects any session data. However, if users delete their cookies, this means that the opt-out cookie is also deleted and must therefore be reactivated by the users.
The logs with the user data are erased after 6 months at the latest.
As a visitor to our website, we give you the opportunity below to opt out of having your visit recorded by web analytics.
Online presence in social media
Fan pages on Xing and LinkedIn
Börger GmbH operates fan pages on Xing and LinkedIn. The operation of these pages is based on our legitimate interests in a contemporary and supportive information and interaction opportunity for and with our users and visitors in accordance with Section 6(1)(f) GDPR.
Each time the Börger GmbH pages are accessed on social networks, various data is collected, such as the amount of data transferred, the IP address used or the time of access. The respective network operators use cookies to store and further process this information, i.e. small text files that are stored on the user’s various end devices. If the user has a corresponding profile on the network and is logged in to it, the data is also stored and analyzed across devices.
Technical access and the further use of this data, which is generated when accessing the fan page, is generally the responsibility of the operator of the social network. Börger GmbH has neither access to the collected use data nor can we determine how this data is used by the network operator.
Furthermore, we would like to point out to you that the data may be processed by social networks outside the European Union or the European Economic Area. For more details on the handling of data collected by social networks, please contact the respective operator of the social network.
The corresponding data protection statements can be found at:
Xing: https://privacy.xing.com/de/datenschutzerklaerung
LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
Integration of third-party services and content
On the basis of our legitimate interests, we use within our online offer (i.e. interest in the analysis, optimization and profitable operation of our online offer within the meaning of Section 6(1)(f) GDPR) the content or service offers from third-party providers in order to integrate their content and services, e.g. videos or fonts (hereinafter uniformly referred to as “content”).
This always presupposes that the third-party providers of this content are aware of the IP address of the user, since they would not be able to send the content to their browser without the IP address. This means that the IP address is necessary for the display of the content. We endeavor to use only content whose respective providers use the IP address only to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users’ devices and contain, among other things, information on the browser and operating system, referring websites, visit time as well as other information on the use of our online offer; furthermore, it can be linked to such information from other sources.
Youtube
We have integrated YouTube videos in our online offer, which are stored at www.YouTube.com and can be played directly from our website. The legal basis for this data processing is Section 6(1)(a) GDPR, Section 6(1)(b) GDPR (also pursuant to Section 26 GDPR) as well as Section 6(1)(f) GDPR on the basis of our aforementioned legitimate interest. At the same time, this consent also sets an optional cookie. The legal basis for this storage of information or access to existing information on your end device is Section 25(1) of the Telecommunications Digital Services Data Protection Act (TDDDG).
By visiting the website, YouTube receives the information that you have accessed the respective page of our website. In addition, the log files mentioned in this statement (see Item “Collection of access data and log files”) are transmitted. YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be associated directly with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for the purposes of advertising, market research and/or needs-based design of its website. Such an analysis is performed in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users in the social network about your activities on our website. You have the right to object to the generation of these user profiles; to exercise this right you have to contact YouTube.
For more information on the purpose and scope of the data collection and processing by YouTube, please refer to the data protection statement. There you will also find more information on your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
Data protection statement for our Facebook fan page
We operate an official page of our company, a “fan page,“ on the social network Facebook at the address https://www.facebook.com/boergergmbh/.
The protection of your personal data is of particular concern to us. This means that we process your data solely on the basis of the provisions of the law and in compliance with all relevant data protection regulations.
In this Data Protection Statement, we inform you about the data processing on our company website and on the social network Facebook. We also explain the rights that users of this fan page have with regard to the storage and use of their personal data.
1. Joint data controllers for the operation of this Facebook page are:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”),
and
Börger GmbH, Benningsweg 24, 46325 Borken-Weseke, Germany
You can view the agreement on joint responsibility at this link: https://www.facebook.com/legal/terms/page_controller_addendum.
Under this agreement, Facebook Ireland assumes primary responsibility for the processing of Insights data and undertakes to comply with all obligations under the General Data Protection Regulation with regard to the processing of Insights data.
2. Data protection officer
The data protection officer of Facebook Ireland Ltd. can be contacted at the following link:
https://www.facebook.com/help/contact/540977946302970
You can contact our data protection officer by normal mail at our postal address with the addition “personally/confidentially to the data protection officer” or by email at:
3. Purposes of processing
We use the data available in summarized form on Facebook to make posts and activities on our Facebook page more attractive to users. For example, we use the distribution by age and gender for a customized approach and the preferred visiting times of the users for a time-optimized planning of our posts. Information about the type of end devices used by visitors helps us to adapt the visual design of our posts accordingly. In accordance with Facebook’s terms of use, which every user has agreed to when creating a Facebook profile, we can identify the subscribers and fans of the page and view their profiles and other shared information.
According to Facebook, the information is used to provide and support the Facebook products and associated services described in the Facebook Terms of Use and theInstagram Terms of Use. For more information, please visit https://www.facebook.com/privacy/explanation.
4. Processing of data
4.1 Cookies
The moment you access our fan page, your browser establishes a connection with Facebook and transmits information. The following data is transmitted:
For visitors who are not logged in/registered with Facebook:
IP address: Facebook automatically identifies the user’s IP address when the fan page is accessed.
Cookies, i.e. small text files, which are stored on the user’s various end devices: When you visit our fan page, cookies will be set automatically. According to Facebook, a cookie is used to identify the web browser that establishes the connection to the Facebook page and for purposes of advertising, analysis, creation of individualized advertising, the creation of user profiles and for market research.
For visitors who are registered and logged in with Facebook:
IP address: Facebook also determines the IP address of the user for logged-in visitors (see above)
Cookies: Again, a cookie is set (see above). If you are a member of Facebook and are logged in with your Facebook profile when visiting our “fan page,” an additional cookie will be activated. Facebook links the visit on the “fan page” to your personal user account. This enables Facebook to track your user behavior by storing and analyzing it across devices. You’ll find more information in the Cookie Policy of Facebook.
4.2 Facebook Insights
The so-called “Insights” of the Facebook page make statistical data of different categories accessible to the operators of the “fan page.“ These statistics are generated and provided by Facebook. This function cannot be switched off or the generation, and processing of data cannot be prevented. For more information, see the following link:
https://www.facebook.com/business/help/144825579583746?helpref=search&sr=15&query=insights
For a selectable period of time and for each of the categories of fans, subscribers, people reached and people interacting, the following data is provided by Facebook:
Total number of page views, “likes”, page activity, post interactions, reach, video views, post reach, comments, shared content, replies, proportion of men and women, origin based on country and city, language, views and clicks in the shop, clicks on route planner, clicks on telephone numbers. Data on the Facebook groups linked to our Facebook page is also provided in this way.
Owing to the constant development of Facebook, the availability and processing of the data is changing so that we refer to the data protection statement of Facebook for further information: https://www.facebook.com/about/privacy/.
5. Legal basis
These pages are operated on the basis of Section 6(1)(a), Section 6(1)(b) GDPR (also pursuant to Section 26 GDPR) and on the basis of our legitimate interests in a contemporary and supportive information and interaction option for and with our users and visitors in accordance with Section 6(1)(f) GDPR. If you have given us your consent for optional cookies, the legal basis for storing information or accessing existing information on your device is as follows: Section 25(1) of the Telecommunications and Digital Services Data Protection Act (TDDDG). If the use of cookies is absolutely necessary, the storage of information or access to existing information in your terminal equipment takes place on the legal basis of Section 25(2) TDDDG.
6. Transmission of data abroad
According to Facebook, it shares the information it receives both internally between Facebook companies and with external partners. The information provided will be transferred by Facebook Ireland to the United States and other third countries.
For transfer to the United States, Facebook Inc. is certified according to the EU-US Privacy Shield. You’ll find more information at https://de-de.facebook.com/about/privacyshield as well as at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active and the data protection statement of Facebook at https://www.facebook.com/about/privacy/
According to Facebook’s own information, transfers to so-called third countries are made on the basis of the standard contractual clauses approved by the European Commission and, if applicable, the adequacy decisions issued by the European Commission.
7. Rights of the data subjects or users
You have the right to:
a) to request information on the categories of data processed, the purposes of processing, any recipients of the data, the planned storage period (Section 15 GDPR);
b) to request the correction or completion of incorrect or incomplete data (Section 16 DS-GVO);
c) to withdraw a given consent at any time with effect for the future (Section 7(3) GDPR);
d) to object, on grounds relating to your particular situation, to data processing that is based on a legitimate interest (Section 21(1) GDPR);
e) to request the erasure of data in certain cases within the scope of Section 17 GDPR – in particular if the data is no longer required for the intended purpose or is processed unlawfully; or if you have withdrawn your consent in accordance with (c) above or declared an objection in accordance with (d) above;
f) to request, under certain conditions, the restriction of data, insofar as erasure is not possible or an obligation to erase the data is disputed (Section 18 GDPR);
g) to data portability, i.e. you can receive your data that you have provided to us in a common machine-readable format such as CSV and, if necessary, transfer it to others (Section 20 GDPR).
If you have given your consent to the use of data, you can withdraw it at any time with effect for the future.
As a Facebook user, you can exercise your rights at the following addresses, among others:
https://www.facebook.com/settings (for users who are logged in)
https://www.facebook.com/help/contact/1994830130782319
https://www.facebook.com/help/contact/540977946302970
http://www.youronlinechoices.com/de/praferenzmanagement/
8. Contact options
Since only Facebook has full access to user data, we recommend that you contact Facebook directly if you wish to make requests for information or have other questions about your rights.
Adapted by the website owner.
Created with Datenschutz-Generator.de by Dr. Thomas Schwenke, Attorney.