Privacy notice
I. Name and address of the controller
The controller, as defined in the General Data Protection Regulation (GDPR) and in other national data protection laws of the EU member states and in other data protection regulations is:
BIMAT Fabrikation von Krannormteilen GmbH
Heideblümchenweg 35
33689 Bielefeld
Germany
Tel.: +49-5205-9998-0
E-mail: info@bimat.com
Website: www.bimat.com
II. General information on data processing
1. Scope of the processed personal data
As a general rule, we do not collect and use our users’ personal data except to the extent necessary to provide a functional website, our contents and services. The collection and use of our users' personal data shall be subject to the individual user's consent, except for cases in which such consent cannot be obtained for factual reasons and the processing of such data is allowed based on statutory provisions.
2. Legal basis for the processing of personal data
The legal basis for the processing of personal data upon the data subject’s consent shall be Article 6, para. 1, lit. a of the General Data Protection Regulation (GDPR).
The legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party shall be Article 6, para. 1, lit. b of the GDPR. The same shall apply to processing activities required prior to entering into a contract.
The legal basis for the processing of personal data is required for compliance with a legal obligation our company is subject to shall be Article 6, para. 1, lit. c of the GDPR.
The legal basis for the processing of personal data required to protect an interest which is essential for the life of the data subject or that of another natural person shall be Article 6, para. 1, lit. d of the GDPR.
The legal basis for the processing for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, shall be Article 6, para. 1, lit. f of the GDPR.
3. Erasure and storage of data
The personal data of the data subjects will be erased and access to such data will be restricted as soon as they are no longer required for the purpose for which they were collected. In addition, such data may be stored if required by the European or national legislator based on EU Regulations, laws or other rules the controller is subject to. The data shall be erased and access to such data shall be restricted if the storage period provided by the stipulated laws and regulations expires, unless the data must be kept in order to conclude or perform a contract.
III. Provision of the website and preparation of log files
1. Description and scope of the data processing activities
Each time our website is accessed, our system automatically records data and information sent by the accessing computer system.
We will collect the following data:
(1) information on the browser type and version;
(2) the user’s operating system;
(3) the user's internet service provider;
(4) the user’s IP address;
(5) date and time of access;
(6) other websites from which the user was referred to our website;
(7) websites the user’s system accesses using a link on our website.
The data will also be stored in our system log files. These data will not be stored together with the user’s other personal data.
2. Legal basis for data processing
The legal basis for the preliminary storage of data and of the log files is Article 6, para. 1, lit. f of the GDPR.
3. Purpose of data processing
The preliminary storage of the IP address is required in order to enable us to provide our website to the user's computer. For this purpose, the user’s IP address must be stored for the duration of the session.
The storage in log files shall ensure the functionality of the website. In addition, the data help us to optimise the website and to protect the security of our information systems. We do not evaluate these data for marketing purposes.
These purposes are our legitimate interest in the processing of personal data as stipulated in Article 6, para. 1, lit. f of the GDPR.
4. Periods for which your data will be stored
The data will be erased as soon as they are no longer required for the purpose for which they were collected. To the extent the data are collected to enable us to provide our website to the data subject, this is the case at the end of the relevant session.
In case the data are stored in log files, this is the case after seven days at the latest. The data may be stored for a longer period of time. In this case, the users’ IP addresses will be erased or obliterated so that a connection to the client cannot be established.
IV. Cookies
1. Description and scope of the data processing activities
Our website uses cookies. Cookies are text files stored on the user’s computer on/by the internet browser. If and when a user accesses a website, a cookie may be stored in such user’s operating system. This cookie contains a characteristic character string which enables our system to clearly identify the user's browser the next time they access our website.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified after accessing another website.
The following data are stored in and transmitted by the cookies:
(1) language settings;
(2) log-in information;
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Article 6, para. 1, lit. f. of the GDPR.
3. Purpose of data processing
The purpose of using cookies that are required for technical purposes is to make it easier for the user to use our website. We would not be able to provide some functions of our website without cookies. For these functions, it is essential that the browser can be identified after the user accessed another website.
We need cookies for the following purposes:
(1) keeping language settings
(2) log-in purposes
The user data collected by cookies for purposes that are required for technical reasons will not be used to compile user profiles.
We store the cookie fe_typo_user on our website. This cookie combines all browser requests within one session and it enables the logged-in user to remain logged-in and to use all pages the use of which requires the user to be logged-in.
These purposes are our legitimate interest in the processing of personal data as stipulated in Article 6, para. 1, lit. f of the GDPR.
4. Storage period, objection and deletion
Cookies will be stored on the user’s computer and transmitted to our website. This means, the user has complete control of the use of cookies. By changing the settings in their internet browser, users can deactivate or restrict the transmission of cookies. Cookies stored on the user’s computer may be erased at any time, including by automated means. If users deactivate cookies for our website, they may not be able to fully use all functions thereof.
V. Order form and e-mail contact
1. Description and scope of the data processing activities
On our website, we provide a form which can be used to electronically order a catalogue. The data entered into the mask by any user ordering a catalogue using this form will be transmitted to and stored by us. These data are:
• name of company
• name
• e-mail
In addition, the following data will be stored when the message is sent:
(1) the user’s IP address;
(2) date and time of contact.
During the sending procedure, we will obtain your consent to the processing of these data and you will be informed of this privacy notice.
Alternatively, you may contact us using the e-mail address indicated on our website. In such case, the user’s personal data transmitted with such e-mail will be stored.
These data will not be disclosed to any third party. The data will only be used for the processing of the conversation.
2. Legal basis for data processing
The legal basis for the processing of data based on the user’s consent is Article 6, para. 1, lit. a of the GDPR.
The legal basis for the processing of data transmitted via e-mail is Article 6, para. 1, lit. f of the GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing of these data is Article 6, para. 1, lit. b of the GDPR.
3. Purpose of data processing
We process the personal data entered into the entry mask solely in order to manage the contact with the data subject. In case the data subject contacts us via e-mail, this is our required legitimate interest in the processing of the data.
The processing of any other personal data during transmission is to prevent misuse of our contact form and to ensure the security of our information systems.
4. Periods for which your data will be stored
The data will be erased as soon as they are no longer required for the purpose for which they were collected. For personal data entered into the mask of the contact form and for those sent via e-mail, this is the case after the conversation with the user is completed. A conversation shall be deemed completed if the circumstances suggest that the issue at hand was clarified to the parties’ satisfaction.
The additional personal data collected during transmission will be erased after seven days at the latest.
5. Objection and deletion
The user shall be entitled to withdraw their consent to the processing of their personal data. If the user contacts us via e-mail, they may be object to the processing of their personal data at any time. In such case, we will not be able to continue the conversation.
Consent can be withdrawn and storage of personal data can be objected to by sending a notification to the following e-mail address:
In such case, all personal data stored in connection with the contact will be erased.
VI. SSL encryption
For security reasons and for the protection of the transfer of confidential contents, such as orders or requests you send to us in our capacity as the operators of this website, this website uses SSL encryption. You will know that a connection is encrypted when the address bar of your browser changes from „http://” to „https://” and when the lock symbol appears in your browser. If SSL encryption is activated, the data you send cannot be read by any third party.
VII. Google web fonts
For the uniform presentation of fonts, this website uses so-called web fonts provided by Google. When you access a website, your browser will store the required fonts in your browser cache in order to be able to correctly present texts and fonts. If your browser does not support web fonts, your computer will use a standard font.
For more information on Google web fonts, please go to developers.google.com/fonts/faq and to Google’s privacy notice: https://www.google.com/policies/privacy/
VIII. Google Maps
This site uses Google Maps via an API, offered by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. For the use of the functions of Google Maps, the user's IP address must be stored. These data are usually transmitted to and stored on one of Google’s servers in the USA. We, as the operators of this website, cannot influence the transmission of these data. For more information on the handling of user data, please go to Google’s data privacy notice at: https://www.google.de/intl/de/policies/privacy/
IX. Font Awesome
For the uniform presentation of fonts, this website uses so-called web fonts provided by Fonticons, Inc. When you access a website, your browser will store the required web fonts in your browser cache in order to be able to correctly present texts and fonts.
For such purpose, your browser must connect with the servers of Fonticons, Inc. informing Fonticons, Inc. of the fact that our website was accessed from your IP address. The use of web fonts is to enable us to present our online contents in a uniform and attractive manner, which is our legitimate interest as described in Article 6, para. 1, lit. f of the GDPR. If your browser does not support web fonts, your computer will use a standard font. For more information on Font Awesome, please go to https://fontawesome.com/help or to the privacy notice of Fonticons, Inc.: https://fontawesome.com/privacy
X. jQuery
This website uses functions provided by jQuery Foundation for the stability of the jQuery-technologies. For such purpose, the programme libraries of jQuery servers will be accessed. The Content Delivery Network (CDN) by jQuery will be used. Should jQuery have been downloaded from another page of the jQuery CDN, the browser will access the copy stored in the cache. Otherwise, it must be downloaded and during such download, data will be sent from the user’s browser to the jQuery Foundation (“jQuery.org”). The data will be transmitted to the USA. For more information, please go to https://code.jquery.com/ or to the codes of conduct of jQuery Foundation.
XI. Rights of data subjects
If your personal data are processed, you are a data subject as defined in the GDPR and you have the following rights vis-à-vis the controller:
1. Right of access
You may request a confirmation from the controller as to whether or not we process any personal data relating to you.
If we do, you may request the following information from the controller:
(1) the purposes for which your personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients and/or categories of recipients that received or will receive your personal data;
(4) the planned period for which your personal data will be stored or, if this information cannot be provided correctly, criteria based on which the storage period will be determined;
(5) the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing or to object to processing;
(6) the existence of the right to lodge a complaint with a supervisory authority;
(7) any available information on the origin of the data if such personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You are entitled to request information on the question of whether your personal data are transmitted to a third country or to an international organisation. In relation to such transmission of your data, you are entitled to request information on the safeguards in accordance with Article 46 of the GDPR.
2. Right to rectification
You are entitled to request that the controller rectify and/or complete your data to the extent your personal data are inaccurate or incomplete. The controller shall be obliged to make such rectification without delay.
3. Right to restriction of processing
Subject to the following requirements, you may exercise your right to demand restriction of processing of your personal data:
(1) if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
(4) if you object to the processing in accordance with Article 21. para. 1 of the GDPR and it is yet to be determined whether the controller’s legitimate reasons override your reasons.
Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a member state.
Where the restriction of processing was restricted in accordance with the above provisions, the controller will inform you before such restrictions are set aside.
4. Right to erasure
a) Erasure obligation
You shall have the right to request from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase these personal data without undue delay where one of the following grounds applies:
(1) your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing is based according to Article 6, para. 1, lit. a or Article 9, para. 2, lit. a of the GDPR, and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Article 21, para. 1 of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21, para. 2 of the GDPR;
(4) your personal data have been unlawfully processed;
(5) your personal data have to be erased for compliance with a legal obligation in Union or member state law to which the controller is subject;
(6) your personal data have been collected in relation to the offer of information society services referred to in Article 8, para. 1 of the GDPR.
b) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Article 17, para. 1 of the GDPR to erase the personal data, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure shall not apply if and to the extent processing of the data is required for the following purposes:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9, para. 2, lit. h and i as well as Article 9, para. 3 of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89, para. 1 of the GDPR in so far as the right referred to in paragraph a is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to information
Once you asserted your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients of your personal data of such rectification, erasure or restriction of processing unless this proves to be impossible or would involve a disproportionate effort.
You have the right to demand that the controller informs you of such recipients.
6. Right to portability
You are entitled to receive your personal data you disclosed to the controller, in a structured, commonly-used and machine-readable format. In addition, you are entitled to transmit these data to another controller and the controller to whom the personal data were provided must not prevent such transmission, to the extent:
(1) the processing is based on consent in accordance with Article 6, para. 1, lit. a of the GDPR or Article 9, para. 2, lit. a of the GDPR or on a contract in accordance with Article 6, para. 1, lit. b of the GDPR; and
(2) the processing is carried out by automated means.
In exercising this right, you shall have the right to have your personal data transmitted directly from one controller to another, where technically feasible. Such request must not negatively affect other persons’ rights and freedoms.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You shall have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data, which is based on Article 6, para. 1, lit. e or f of the GDPR, including profiling based on those provisions.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing, which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to the processing of your personal data concerning such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to the processing of your personal data for direct marketing purposes, your personal data shall not be used for such purpose anymore.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw your declaration of consent to the processing of your personal data
You are entitled to withdraw your consent to the processing of your personal data at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated decision-making in the individual case, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if such decision:
(1) is necessary for entering into, or performance of, a contract between you and the controller;
(2) is authorised by Union or member state law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or;
(3) is based on your explicit consent.
However, such decisions must not be based on special categories of personal data as described in Article 9, para. 1 of the GDPR unless Article 9, para. 2, lit. a or lit. g of the GDPR applies and suitable measures were taken to protect your rights and freedoms and your legitimate interests.
In the cases referred to in (1) and (3) above, the controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this regulation. The supervisory authority with which such complaint was filed informs the complainant of the status and the results of such complaint, including without limitation the legal remedies in accordance with Article 78 of the GDPR.