Data protection declaration

NAME AND CONTACT DETAILS OF THE RESPONSIBLE PARTY AS PER ARTICLE 4(7) GDPR

Bergmann Automotive GmbH
Gießereiweg 1
30890 Barsinghausen
Germany

Tel.: +49 (0)5105/522-0
Fax: +49 (0)5105/522-110
Email: info@bergmann-automotive.de
Web: www.bergmann-automotive.de

Data protection officer
Mr. Robin Opolka
Bergmann Automotive GmbH
Gießereiweg 1
30890 Barsinghausen
Germany
Email: r.opolka@bergmann-automotive.de

SECURITY AND PROTECTION OF YOUR PERSONAL DATA

We consider it our top priority to preserve the confidentiality of the personal data you have provided and to protect them from unauthorized access. We therefore take great care in ensuring the maximum protection for your personal data using the latest security standards.

As a company governed by private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organizational steps that ensure that provisions regarding data protection are observed both by ourselves and by our external service providers.

DEFINITIONS

Legislature stipulates that personal data may be lawfully processed in good faith and in a manner that is transparent to the person concerned (“lawful, processed in good faith, transparency”). To ensure this, we inform you of the individual legal definitions that are also used in this data protection declaration:

  1. Personal data  
    “Personal data” refers to any information relating to an identified or identifiable natural person (hereafter “person concerned”); a natural person is considered as identifiable if they can be identified, directly or indirectly, in particular by the attribution of an identifier such as a name, of an ID number, of a location, of an online ID or of one or more particular characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
  2. Processing
    “Processing” refers to any executed operation or series of operations, with or without the aid of automated processes, associated with personal data, such as the collection, recording, organization, sorting, saving, adaptation or altering, reading out, retrieving, use, publication via forwarding, dissemination or any other form of provision, comparison or linking, limitation, deletion or destruction.
  3. Limitation of processing
    “Limitation of processing” refers to the labelling of stored personal data with the aim of restricting their future processing.
  4. Profiling
    “Profiling” is any type of automated processing of personal data where these personal data are used to evaluate specific personal facets relating to a natural person, especially in order to analyze or predict facets regarding the job performance, economic situation, health, personal preferences, interests, reliability, conduct, abode or change of location of this natural person.
  5. Pseudonymization  
    “Pseudonymization” is the processing of personal data in a manner that ensures that personal data can no longer be assigned to a specific person without additional information providing that this additional information is stored separately and technical and organizational steps have been taken to ensure that the personal data cannot be assigned to an identified or identifiable natural person.
  6. File system
    A “file system” is any structured collection of personal data that are accessible in line with certain criteria regardless of whether this collection will be organized centrally, locally, or according to functional or geographical aspects.
  7. Responsible party
    The “responsible party” is a natural or legal person, authority, institution, or other place that makes decisions concerning the purposes and means of processing personal data alone or with others; if the purposes and means of processing are specified by European Union law or the law of member states, the specific criteria for its designation may be laid down for the responsible party in European Union law or the law of member states.
  8. Processors
    A “processor” is a natural or legal person, authority, institution, or other place that processes the personal data on behalf of the responsible party.
  9. Recipient
    The “recipient” is a natural or legal person, authority, institution, or other place to whom personal data are disclosed, regardless of whether this concerns a third party. Authorities that potentially receive personal data within the context of a specific investigation mandate according to European Union law or the law of member states are not considered as recipients, however; the processing of these data by these authorities takes place in accordance with the applicable data protection regulations as per the purposes of processing.
  10. Third party
    A “third party” is a natural or legal person, authority, institution, or other place, excluding the person concerned, the responsible party, the processor and those people authorized to process the personal data under the direct authority of the responsible party or the processor.
  11. Consent
    The “consent” of the person concerned is any statement of intent that is voluntary for the specific case, informed and unambiguous in the form of a declaration or another clearly affirmative action with which the person concerned intimates that they consent to the processing of the personal data concerning them.

LAWFULNESS OF PROCESSING

The processing of personal data is only lawful if a legal basis exists for processing. Pursuant to Article 6(1)(a–f) GDPR, the following in particular may constitute a legal basis:

  1. The person concerned has provided their consent to the processing of their personal data for one or more specific purposes.
  2. Processing takes place in order to fulfil a contract, the contractual party of which is the person concerned, or is required for the execution of precontractual steps that take place on the request of the person concerned.
  3. Processing is required to fulfil a legal obligation to which the responsible party is subject.
  4. Processing is required to protect the vital interests of the person concerned or another natural person.
  5. Processing is required to perform a task in the public interest or takes place in the exercise of official authority that has been transferred to the responsible party.
  6. Processing is required to safeguard the legitimate interests of the responsible party or a third party providing that the interests or basic rights or basic freedoms of the person concerned, requiring the protection of personal data, do not prevail, especially if the person concerned is a child.

INFORMATION CONCERNING THE COLLECTION OF PERSONAL DATA

  1. Hereafter, we will inform you about the collection of personal data when using our website. Examples of personal data include name, address, email address and user behaviour. 
  2. When contacting us by email, telephone or fax, we store the data you share with us (your email address and/or your name and your telephone number) in order to respond to your query. Data received within this context are deleted by us once their storage is no longer required or their processing is restricted if legal retention obligations are in place.

COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE

When using the website purely to obtain information, i.e. if you do not register or transfer information to us in another way, we only collect the personal data transferred to our servers by your browser. If you wish to consult our website, we collect the following data, which we require for technical reasons in order to display our website to you and to ensure stability and security (the legal basis for this is art. 6(1)(1)(f) GDPR):

  •   IP address
  •   Date and time of the request
  •   Time zone difference with Greenwich Mean Time (GMT)
  •   Request content (specific page)
  •   Access statement/HTTP status code
  •   The respective data quantity transferred
  •   The website the request originated from
  •   Browser
  •   Operating system and its user interface
  •   Language and version of browser software.

USE OF COOKIES

  1. In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned on your hard drive to the browser you are using. Specific information flows through them to the place that has deployed the cookie. Cookies may not execute programs or transfer viruses to your computer. They serve to make the internet offering user-friendlier and increase effectiveness.
  2. This website uses the following cookie types, whose scope and functionality are explained hereafter:
    •   Transient cookies (see a.)
    •   Persistent cookies (see b.).
    1. Transient cookies are deleted automatically when you close your browser. In particular, these include session cookies. These store a so-called session ID, which is used to assign various browser requests to the same session. This means that your computer can be recognized if you return to our website. The session cookies are deleted when you log out or close your browser.
    2. Persistent cookies are deleted automatically after a specified duration that varies depending on the cookie. You can delete the cookies at any time in your browser’s security settings.
    3. You can configure your browser settings to suit your wishes and refuse to accept third-party cookies or all cookies. So-called “third-party cookies” are cookies that are deployed by a third party and therefore not by the actual website you are currently visiting. Please be aware that by deactivating cookies, you may be unable to use all of the functions on this website.

ADDITIONAL FUNCTIONS AND OFFERS ON OUR WEBSITE

  1. Alongside using our website purely to obtain information, we offer various services that are available for you to use if you are interested. For this, you generally have to provide additional personal data, which we use to fulfil the respective service and for which the previously mentioned principles on data processing apply.
  2. We sometimes use external service providers to process your data. These are carefully selected and commissioned by us, are bound to follow our instructions, and are inspected regularly.
  3. We may also forward your personal data to third parties if promotion participation, competitions, contract completion or similar services are offered by us alongside partners. You will receive further information relating to this upon provision of your personal data or below in the description of the offer.
  4. Should our service provider or partner’s headquarters be located in a country outside of the European Economic Area (EEA), we will inform you about the consequences of this in the description of the offer.

CHILDREN

Our offer is generally aimed at adults. People under the age of 18 should not transfer any personal data to us without the consent of their parents or legal guardians.

RIGHTS OF THE PERSON CONCERNED

(1) Revocation of consent
If processing of personal data is based on issued consent, you have the right to revoke your consent at any time. By revoking consent, the lawfulness of processing that has occurred based on the consent prior to the revocation is unaffected.

You may contact us at any time to exercise your right to revoke. 

(2) Right of confirmation
You have the right to request confirmation of whether we are processing your personal data from the responsible party. You may request the confirmation at any time using the contact details specified above.

(3) Right to information
If personal data are being processed, you may request information about these personal data at any time and about the following information: 

  1. The purposes of processing; 
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, especially recipients in third countries or international organizations;
  4. if possible, the planned duration of storage of the personal data or, if this is not possible, the criteria for specifying the duration;
  5. the existence of a right to rectification or deletion of your personal data or to limitation of their processing by the responsible party or a right to oppose their processing;
  6. the existence of a right to appeal to a regulatory authority;
  7. if the personal data are not collected from the person concerned, all available information concerning the origin of the data;
  8. the existence of automated decision-making, including profiling as per Article 22(1) and (4) GDPR and – at least in these cases – significant information concerning the logistics involved, as well as the scope and desired effects of this type of processing vis-à-vis the person concerned.

If personal data are transferred to a third country or an international organization, you have the right to be informed of the appropriate guarantees set out in Article 46 GDPR relating to the transfer. A copy of the personal data subject to processing is provided to you. For any additional copies you request, we may require an appropriate payment based on the administrative costs. If the request is made electronically, the information will be provided in a conventional electronic format unless specified otherwise. The right to receive a copy in accordance with paragraph 3 may not prejudice the rights and freedoms of others.

(4) Right to rectification
You have the right to request that we immediately rectify errors in your personal data. Taking the purposes of processing into consideration, you have the right to request the completion of incomplete personal data – including by means of an explanatory statement.

(5) Right to deletion (“right to be forgotten”)
You have the right to make a request to the responsible party for the immediate deletion of your personal data and we are required to delete personal data immediately if one of the following reasons applies:

  1. The personal data are no longer required for the purposes for which they were collected or otherwise processed.
  2. The person concerned revokes the consent required for processing pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and no further legal basis exists for processing.
  3. The person concerned files an objection to processing as per Article 21(1) GDPR and no overriding legal basis exists for processing, or the person concerned files an objection to processing as per Article 21(2) GDPR.
  4. The personal data were not lawfully processed.
  5. The deletion of personal data is required for the fulfilment of a legal obligation in line with European Union law or the law of member states to which the responsible party is subject.
  6. The personal data were collected with regard to services proposed by the information society as per Article 8(1) GDPR.

If the responsible party has made the personal data public and is required to delete them in line with paragraph 1, it will take appropriate steps, including technical ones, to inform those responsible for processing the personal data that a person has requested that they delete all links to this personal data or copies or replications of this personal data. The available technologies and implementation costs should be taken into account here.

There is no right to deletion (“right to be forgotten”) if processing is required:

  •   For the exercising of the right to freedom of expression and information;
  •   for the fulfilment of a legal obligation that requires the processing according to the law of the European Union or member states to which the responsible party is subject, or for the execution of a task in the public interest or that takes place in the exercise of official authority that has been transferred to the responsible party,
  •   for reasons of public interest in the field of public health as per Article 9(2)(h) and (i), as well as Article 9(3) GDPR;
  •   for the purposes of public-interest archiving, scientific or historical research, or statistics as per Article 89(1) GDPR, unless the right stipulated in paragraph 1 is likely to make the implementation of the aims of processing impossible or will seriously disadvantage these or
  •   for the establishment, exercise or defence of legal claims

(6) Right to limitation of processing
You have the right to ask us to limit the processing of your personal data if one of the following conditions applies:

  1. The accuracy of the personal data of the person concerned is disputed for a duration that allows the responsible party to verify the accuracy of the personal data.
  2. Processing is unlawful and the person concerned rejects deletion of the personal data and instead requests the limitation of use for these personal data.
  3. The responsible party no longer requires the personal data for the purposes of the processing but the person concerned still requires them for the establishment, exercise or defence of legal claims.
  4. Or the person concerned has filed an objection to processing in line with Article 21(1) GDPR providing it has not yet been established whether the responsible party’s legitimate grounds vis-à-vis those of the person concerned prevail.

If processing is limited as per the conditions listed above, these personal data – apart from their storage – will only be processed with the consent of the person concerned or for the establishment, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or for reasons of substantial public interest on the part of the European Union or a member state.

In order to assert the right to limitation of processing, the person concerned can contact us at any time using the contact details provided above. 

(7) Right to data portability
You have the right to receive the personal data that you have provided to us in a structured, conventional and machine-readable format. You also have the right to transfer these data to another responsible party without hindrance from the responsible party to whom the personal data has been provided if:

  1. Processing is based on consent as per Article 6(1)(a) or Article 9(2)(a) or based on a contract as per Article 6(1)(b) GDPR and
  2. Processing takes place with the aid of automated procedures.

When exercising the right to data portability as per paragraph 1, you are entitled to have the personal data transferred directly from one responsible party to another responsible party providing that this is technically feasible. Exercising the right to data portability does not affect the right to deletion (“right to be forgotten”). This right does not apply to processing that is required to perform a task in the public interest or that takes place in the exercise of official authority that has been transferred to the responsible party. 

(8) Right to object
You have the right at any time, for reasons arising from your particular situation, to file an objection to the processing of your personal data carried out due to Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. The responsible party no longer processes the personal data unless it is able to prove compelling legitimate grounds for processing that prevail over the interests, rights and freedoms of the person concerned, or the processing serves the establishment, exercise or defence of legal claims.

If the personal data are being processed for the purposes of direct advertising, you have the right to file an objection at any time to the processing of your personal data for the purposes of this kind of advertising; this also applies to profiling providing it is in conjunction with this direct advertising. If you object to processing for the purposes of direct advertising, the personal data will no longer be processed for these purposes.

In conjunction with the use of the information society’s services and irrespective of Directive 2002/58/EC, you can exercise your right to object using automated processes in which technical specifications are used.

You have the right, for reasons arising from your particular situation, to file an objection to the processing of your personal data conducted for the purposes of scientific or historical research or statistics as per Article 89(1) unless processing is required for the fulfilment of a task in the public interest.

You may exercise your right to object at any time by contacting the responsible party concerned.

(9) Automated decision-making in individual cases including profiling
You have the right not to be subject to decision-making based exclusively on automated processing – including profiling – that has legal implications for you or has a similarly disadvantageous effect. This does not apply if the decision:

  1. Is required to complete or fulfil a contract between the person concerned and the responsible party,
  2. is permitted because of legal provisions of the European Union or the member states to which the responsible party is subject and these legal provisions contain appropriate steps to safeguard the rights, freedoms and legitimate interests of the person concerned, or
  3. takes place with the express consent of the person concerned.

The responsible party takes appropriate steps to safeguard the rights, freedoms and legitimate interests of the person concerned; as a minimum, this includes a person’s right to effect an intervention on the part of the responsible party, to present their own position and to challenge the decision.

The person concerned may exercise this right at any time by contacting the responsible party in question.

(10) Right to appeal to a regulatory authority
You also have the right, irrespective of any other administrative or judicial remedy, to appeal to a regulatory authority, particularly in the member state of your residence, your workplace or the place of the suspected infringement if the person concerned is of the opinion that processing of their personal data breaches this regulation. 

(11) Right to effective judicial remedy
Irrespective of any available legislative or out-of-court judicial remedy, including the right to appeal to a regulatory authority as per Article 77 GDPR, you have the right to an effective judicial remedy if it is of the opinion that your rights granted within the scope of this regulation have been injured as a result of processing of your personal data that is not in line with this regulation.

USE OF GOOGLE ANALYTICS

  1. This website uses Google Analytics, a web analysis service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called cookies, text files that are stored on your computer and facilitate an analysis of your website usage. Information generated by the cookie regarding your use of this website is generally transmitted to a Google server in the USA and stored there. Should IP anonymization be activated on this website, your IP address will be shortened by Google within member states of the European Union or in another state that is party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your website usage in order to compile reports on website activity and to provide additional services associated with website and internet usage for the website operator.
  2. The IP address transmitted from your browser within the context of Google Analytics will not be merged with other Google data.
  3. You can prevent these cookies being stored on your computer with the appropriate setting in your browser software; please be aware, however, that this may result in your being unable to use all of the functions of this website in full. In addition, you can also prevent the collection and transmission to Google of data generated by the cookie relating to your use of the website (incl. your IP address), as well as the processing of these data by Google, by downloading and installing the browser plug-in available under the following  link: http://tools.google.com/dlpage/gaoptout?hl=de.
  4. This website uses Google Analytics with the extension “_anonymizeIp()”. This results in IP addresses being shortened for processing, meaning that association with a person is excluded. If the data collected about you can be linked to a person, this will be excluded immediately and the personal data will be deleted swiftly.
  5. We use Google Analytics so as to be able to analyze usage of our website and improve it regularly. With the statistics acquired, we can improve our offer and design it in a way that is more interesting for you as a user. In the exceptional cases where personal data are transmitted to the USA, Google has signed up to the EU–US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is art. 6(1)(1)(f) GDPR.
  6. IInformation on third-party providers: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353-1-436-1001.
    User conditions: www.google.com/analytics/terms/de.html, as well as the data protection declaration: https://policies.google.com/privacy?hl=de&gl=de 

  7. This website also uses Google Analytics for the cross-device analysis of user flows conducted via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “personal data”.

INTEGRATION OF GOOGLE MAPS

  1. This website uses services offered by Google Maps. This allows us to display interactive maps on the website itself and means that you can use the map function conveniently. The provider for this is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Opt-out: https://adssettings.google.com/authenticated 
  2. By visiting the website, Google is informed that you have called up the corresponding subpage on our website. The data collected during your visit to our website will also be transmitted. This takes place irrespective of whether Google has provided a user account with which you are logged in or whether no such user account exists. If you are logged into Google, your data will be assigned directly to your account. If you do not wish this assignment to your account to take place, you must log out prior to activating the button. Google stores your data as a usage profile and uses them for the purposes of advertising, market research and/or needs-based design of its website. In particular, this type of evaluation takes place (even for users who are not logged in) for the provision of needs-based advertising and in order to inform other social network users about your activities on our website. You are entitled to object to the establishment of this user profile and should exercise this right by contacting Google.
  3. Further information on the purpose and scope of data collection and their processing by the plug-in provider can be found in the provider’s data protection declaration. This includes additional information on your associated rights and setting options to protect your privacy:  policies.google.com/privacy. Google also processes your personal data in the USA and has signed up to the EU–US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

GOOGLE WEB FONTS

For the consistent presentation of fonts, this site uses so-called Web Fonts, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). When a site is called up, your browser loads the required Web Fonts in your browser cache in order to display text and fonts correctly.

To do this, the browser that you are using must connect to the Google servers. Google then becomes aware that our website has been called up by your IP address. The use of Google Web Fonts occurs in the interests of a consistent and appealing presentation of our online offers. This represents a legitimate interest within the context of art. 6(1)(f) GDPR. If your browser does not support Web Fonts, a default font will be employed by your computer.

For those cases where personal data are transmitted to Google LLC in the USA, Google is certified with the US–European “Privacy Shield” data protection agreement, which ensures adherence to the level of data protection applicable in the EU.

You can find additional information on Google Web Fonts at developers.google.com/fonts/faq and in Google’s data protection declaration: https://policies.google.com/privacy?hl=de 

Opt-out: https://adssettings.google.com/authenticated 

Existence of automated decision-making

We do not use automated decision-making or profiling.

PROCESSORS

We use external service providers (processors) e.g. for website hosting and maintenance. Separate contract data processing has been concluded with the service provider to guarantee the protection of your personal data.

We work with the following service providers: