Please find below information on how we collect personal data when you use our website. The term ‘personal data’ means information related to your person, such as your name, postal address, e-mail addresses, user behaviour etc. If we have recourse to contract service providers for individual functions of our services or wish to use your data for commercial purposes, the respective procedures are described in detail below. We also explain the criteria established for the relevant storage period.
Name and contact information of the Controller and company Data Protection Officer
Controller for data processing within the meaning of Art. 4 7. of the GDPR is
BENDER & PARTNER Management GmbH
Graduate engineer Norbert Bender
Graduate translator David Wild, MBA
Tel.: +49 (0) 681-96737-0
Fax: +49 (0) 681-96737-17
BENDER & PARTNER Management GmbH does not have a Data Protection Officer.
Contact by e-mail or via a contact form, enquiry, or application for practical training
(1) When you contact us by e-mail or via a contact form, the data that you have provided (your e-mail address, if applicable your name, telephone number or other information) are stored by us to enable us to respond to your queries. We delete the data accumulated in this connection when storage is no longer required, or restrict processing of the data if statutory obligations to preserve records apply.
(2) There is a form on our website that you can use specifically to request a quotation for our services. In the course of completing the form for a quotation, you must enter personal data (e.g. your name, postal address, e-mail address if available, telephone number etc.) You can also send us documents necessary for processing a contract via the form. These documents may, in turn, contain personal data. We store such data on our server and in our project administration programme T.O.M., and we also store your e-mails in the address book of our e-mail programme. Access to your data is restricted to the project managers and, if applicable, suppliers, who have undertaken to comply with the relevant statutory provisions regarding data protection, and to the management of BENDER & PARTNER Management GmbH.
The legal basis for processing such data lies in the precontractual relationship existing as a result of your request for a quotation, the German Civil Code (BGB), the Saarland Data Privacy Act, the German Federal Data Protection Act (BDSG) and the GDPR.
We collect and process your personal data as specified above on the basis of the contact made and in order to fulfil our precontractual obligations to you. We process such data on the legal basis provided by Art. 6 1. Sentence 1 b) of the GDPR, in particular to undertake precontractual measures. For example, we process your contact data for the purpose of communicating the quotation prepared for you. In addition, we process your personal data, insofar as this is required to safeguard our legitimate interests as Controller or the interests of a third party, except where they are overridden by your interests or fundamental rights and freedoms, which require the protection of personal data (Art. 6 1. Sentence 1 f) of the GDPR). ‘Third parties’ are to be understood as natural or legal persons, such as enterprises, public authorities, institutions or other organisations. As Controller in this connection, we are not a ‘third party’, nor are any contract processors under our direct authority deemed to be ‘third parties’ (cf. Art. 4 10. of the GDPR). Processing of your data on the grounds of a legitimate interest takes place especially in the following cases:
- Processing of your personal data may be necessary in individual cases in connection with the service and maintenance of our IT systems. In this respect, we proceed on the assumption that we have a prevailing legitimate interest because such measures serve to guarantee IT security and maintenance of IT operations and, consequently, to manage the business and risk of BENDER & PARTNER Management GmbH.
- Furthermore, we process your data insofar as this is necessary to assert legal claims and defend ourselves in legal disputes. In this respect, we also proceed on the assumption that our interests override your fundamental rights and freedoms, which require the protection of your data.
BENDER & PARTNER Management GmbH is governed by comprehensive statutory and regulatory provisions arising, for example, from the obligations to make and preserve records in trade, commercial and tax legislation. It is necessary to collect and process your personal data (Art. 6 1. Sentence 1 c) of the GDPR) to fulfil the resulting statutory requirements.
We process and store your personal data collected within the framework of your request for a quotation only for as long as we require them specifically to fulfil (pre)contractual or statutory obligations. If there is no longer any legal basis for processing your data, we will delete your data or, if this is not possible, block any personally identifiable information in our systems in accordance with data protection regulations. In this connection, we retain your data specifically as follows:
- Pursuant to the statutory provisions, the periods for which obligations to preserve records must be fulfilled under commercial and / or tax law are 6 and 10 years respectively. For this reason, we retain all quotation and contract records, for example, as well as commercial and business letters for these periods.
- We will store your personal data for advertising purposes, i.e. for sending information on offers related to our products and services, for a maximum period of six years from the last relevant contact with you. A relevant contact exists if there is verbal, telephone or reciprocal written communication between you and us.
(3) You can also contact us via our website if you are interested in doing practical training in our company. We will store and process the personal data transmitted to us in the course of your application for a traineeship, (e.g. name, address, telephone number, e-mail address, references etc.)
The personal data transferred within the framework of the application are processed and stored exclusively for the specific purpose of filling a place for practical training at BENDER & PARTNER Management GmbH. Access to your data is restricted to the management and employees empowered to make personnel decisions at BENDER & PARTNER Management GmbH.
There is no further use or transmission of your personal data to third parties.
As a general rule, the personal data transmitted within the framework of your application are deleted automatically six months after completion of the application process. This does not apply if statutory provisions contradict deletion, if further storage is necessary for providing proof, or if you have expressly agreed to longer storage.
3. Collection and storage of personal data and nature and purpose of use
When you visit our website, your personal data are collected and stored.
The browser on your terminal automatically sends notifications to the server of our website when you access our website http://www.bender-partner.com/. We store the following information about your person temporarily and automatically in a so-called log file without its being necessary to obtain separate permission from you:
- IP address of the requesting computer
- date and time of request
- time zone difference to Greenwich Mean Time (GMT)
- content of requests (specific page)
- access status / http status code
- respective volume of data transferred
- website from which the request comes
- operating system and its interface
- language and version of browser software.
The information is stored for 52 weeks, after which it is automatically deleted by Logrotate.
The information is processed for the following purposes:
- to secure a trouble-free system to connect to the website
- to secure easy use of our website
- to evaluate the system security and stability and
- for additional administrative purposes.
The information is processed in accordance with Art. 6 1. Sentence 1 f) of the GDPR. For the purposes listed above, we have a legitimate interest in collecting and processing data. On no account are data collected and processed to draw any conclusions about your person.
4. Transfer of data
We only transmit your personal data to third parties in the following cases:
- You have expressly agreed to this.
- The transfer is necessary to assert claims, exercise our rights or defend ourselves against you and if, in the process, it is reasonable to assume that there is no prevailing interest worthy of protection in not transferring the data.
- We are bound by law to transfer the data.
- The transfer is necessary to execute the contract concluded with you.
5. Your rights as the data subject within the meaning of the GDPR
You have the right
- to information on the personal data processed by us, including the right to information on the purposes of the processing, categories of the personal data, categories of the recipients of your data, planned storage period, existence of a right to correction, deletion, or restriction of the processing or objection, existence of a right to complain, the source of your data, insofar as they were not collected by us, and also on the existence of an automated decision-making procedure, including profiling and, if applicable, meaningful information on details thereof;
- to immediate correction of inaccuracies or completion of the personal data stored by us;
- to deletion of the personal data stored by us, unless processing of the data is necessary to exercise the right of freedom of expression and information to fulfil a legal obligation, for reasons of public interest or to assert legal claims or exercise or defend legal rights;
- to restriction of the processing of your personal data, insofar as you dispute the accuracy of the data, the processing is illegal but you oppose their deletion and we no longer require the data but you need them to assert legitimate claims, exercise or defend legal rights, or you have lodged an objection against the processing in accordance with Art. 21 of the GDPR, insofar as it is not as yet certain whether the legitimate reasons of the Controller override your claims;
- to receipt of the personal data that you have provided, in a structured, common and machine-readable format or to transfer to another Controller;
- to withdrawal at any time of your consent granted in the past with the result that we may no longer continue the data processing based on that consent in the future and
- to the lodging of a complaint with a data protection regulatory authority of your choice. As a rule, you can contact the regulatory authority of your usual place of residence or our company in this connection.
6. Right of objection
In accordance with Art. 21 of the GDPR you are entitled to lodge an objection at any time to the processing of your personal data based on Art. 6 1. e) or f) of the GDPR, insofar as your reasons for the objection relate to your particular situation. You have the general right to object to direct marketing, in which case we will refrain from direct marketing without your having to specify a particular situation.
An e-mail sent to firstname.lastname@example.org to give notice of the withdrawal of your consent or your objection will suffice.
7. Data security
(1) We use the well established SSL / TLS (Secure Socket Layer / Transport Layer Security) process in conjunction with the respective highest encryption level supported by your browser for our website. As a rule, this means 256-bit encryption. If your browser does not support 256-bit encryption, we have recourse to 128-bit v3 technology instead. You can see whether the data have been transferred in encrypted form in the https:// address bar of your browser or by the key or lock symbol respectively displayed as closed in the lower status bar of your browser.
(2) We also take appropriate technical and organisational security measures to protect your data against manipulation, unauthorised access, loss or destruction.
When you use our website, in addition to the data specified in Section 3, cookies are stored on your computer. Cookies are small text files, which are sent to your browser and stored on your hard drive, and through which certain information flows to the website – in this case ours – that sets the cookie. Cookies cannot run a programme or transfer viruses to your computer. They merely serve to make the website as a whole more user-friendly and more effective.
This website used the following types of cookie, the scope and functionality of which is explained below:
(1) Transient cookies
Transient cookies are automatically deleted when you close your browser. In particular, these include session cookies. They store a so-called session ID, with which various requests made by your browser can be assigned to the same session. This allows the computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
(2) Persistent cookies
Persistent cookies are automatically deleted after a predetermined period, which may differ depending on the cookie. You can delete these cookies at any time by adjusting the security settings of your browser.
(3) Browser settings
You can configure your browser settings to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that this may result in your not being able to use all the functions of this website.
(4) Flash cookies
The flash cookies used are not controlled by the browser but by your flash plug-in. We also use HTML5 storage objects, which are stored on your terminal device. These objects store necessary data independently from the browser used and have no automatic expiry date. If you do not wish flash cookies to process your data, you must install a suitable add-on, e.g. Better Privacy for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Cookie Killer for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. Furthermore, we recommend that you regularly delete your cookies and browser history manually.
(1) This website uses OpenStreetMap (https://www.openstreetmap.de/) to display interactive maps and generate directions.
10. Google Analytics
(1) We use the analysis tool Google Analytics on our website. This analysis tool is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
(2) Google Analytics uses so-called cookies. Cookies are small text files that are stored on your computer to analyse how you use the website. As a rule, the analytical data are transmitted to and stored by a Google server in the USA.
(3) The legal basis for processing such data is Art. 6 1. f) of the GDPR, which allows us to process data in the case of legitimate interests. In this case, our legitimate interest is in analysing user behaviour in order to optimise our range of services and our advertising.
(4) Please note that Google Analytics has been extended on this website by the code ‘anonymizeIp();’ in order to guarantee anonymised collection of IP addresses (so-called IP masking). Activation of IP anonymisation causes your IP address to be truncated by Google prior to transmission to the USA within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google Server in the USA and truncated there. Google uses this information on our instructions for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services related to website activity and Internet usage.
(5) The IP address transmitted by your browser under Google Analytics is not amalgamated with other data held by Google.
(6) You can block cookie storage by adjusting your web browser to the appropriate setting. However, we wish to draw your attention to the fact that, in that case, you may not be able to use all the functions of the website to their full extent.
(7) You can prevent data collection by Google Analytics by clicking on the following link and downloading the tool provided there: https://tools.google.com/dlpage/gaoptout?hl=de.
(8) Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User agreement: http://www.google.com/intl/de/analytics/learn/privacy.html.
11. Google Fonts
(1) We use Google Fonts to make a visual improvement to the display of our website. Google Fonts is provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Fonts is used without authentication and there are no cookies sent to the Google Fonts API. Google only logs the use of CSS and the fonts used, and stores the data. You can set your browser so that the fonts are not downloaded by the Google servers. In order to block them you can install various add-ons, such as NoScript (https://noscript.net/) or Ghostery (https://addons.mozilla.org/de/firefox/addon/ghostery/) for Firefox. If your browser does not support Google Fonts or you prevent access to the Google servers, the text will be displayed in the standard font of the system. The legal basis for processing such data is Art. 6 1. f) of the GDPR, which allows us to process data in the case of legitimate interests. In this case, our legitimate interest is in optimising the visual display of our website.
(2) Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
(1) We use Google reCAPTCHA in certain cases for security when transmitting forms. Google reCAPTCHA is provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
(2) The legal basis for use in accordance with Art. 6 1. f) of the GDPR is our legitimate interest. That legitimate interest lies in protecting our website from bots and spam.
(3) reCAPTCHA is a free service that protects websites from spam and abuse. It uses advanced risk analysis techniques to distinguish between humans and bots. With the new API, a significant number of valid human users will pass the reCAPTCHA challenge without having to solve a CAPTCHA. We use reCAPTCHA for the security of forms.
(4) When reCAPTCHA is used, data are transmitted to Google. Google uses the data to determine whether the visitor is a human or (spam) bot. You can check which data are logged by Google and what the data are used for on https://policies.google.com/privacy?hl=de-AT.