Translation from the German Language
The following Privacy Statement shall apply to the use of our homepages (https://www.Bertling.com, https://www.bertlingenviro.com/, https://www.Besitec.com) as well as all customers having entrusted us with the procurement of services. Finally, it also addresses all our subcontractors receiving orders from us as well as all other contracted service providers and other business partners.
We place great importance on data protection.
The collection and processing of your personal data, to the extent that it is after all necessary for our business purposes, will take place with due regard to the applicable data protection regulations, particularly the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
If you have any further questions in this respect, our data protection officer
Mr Michael Dubberatz
will be at your disposal at any time.
We will continuously check whether your or your employees’ personal data which became known to us in the course of our business relationship have any relevance for the provision of our services. If not, personal data will not be collected or stored at all.
This data protection information applies to the processing of data by the following companies. The persons responsible for the collection, processing and use of your personal data within the meaning of Art. 4 (7) GDPR will be all companies of the Bertling Group, as represented by:
F.H. Bertling Holding GmbH
F.H. Bertling Logistics Holding GmbH
both of them:
In the event that you want to raise objections against a collection, processing or use of your data by us according to these data protection regulations either totally or with respect to individual measures, you may address your objection to the data controller as well as to the aforementioned data protection officer.
This Privacy Statement may be stored or printed by you at any time.
General Processing Purposes
Personal data are exclusively used by us for purposes absolutely necessary for the provision of our services.
Data used by us and why:
Use of data for services rendered by us as service provider
In our capacity as service provider, we use and store the following personal data:
- First name and surname of the respective contact persons with our customers, subcontractors and other business partners
- Invoice and delivery address with our business partners
- E-mail addresses
- Invoice and payment data
Our legitimate interest in such data is based on Art. 6 (1) b) GDPR
Use of data with respect to the operation of our website
With respect to our websites, we collect information about you when you visit this website. We automatically collect information on your user behaviour and your interaction with us and register data concerning your computer or mobile device. We collect, store and use data about each access to our website (so-called server log files). Access data include the name and URL of the accessed file
- date and time of the access
- transmitted data volume
- report on the successful access (HTTP response code)
- browser type and browser version
- operating system
- referrer URL (i.e. the site visited before)
- websites accessed by the system of the user via our website
- internet service provider of the user
- IP address and requesting provider
We use these log data – without allocating them to your person and without creating any profile – for statistical analyses for the purpose of the operation, security and optimisation of our website, but also for an anonymous recording of the number of visitors of our website (traffic) and an identification of the scope and kind of use of our websites and services.
This is our legitimate interest pursuant to Art 6 (1) f) GDPR.
We reserve the right to check log data subsequently if there are specific indications giving rise to a justified suspicion of an illegal use. IP addresses will be stored by us in the log files for a limited period of time if this is necessary for security purposes or required for the provision or billing of services, e.g. if you make use of one of our offers. IP addresses will also be stored by us if and when we have a specific reason to suspect that a criminal offence has been committed in connection with the use of our website. As a part of your account, we will furthermore store the date of your most recent visit (e.g. at the time of registration, login, clicking of links etc.).
When accessing our website, the internet browser used by you will transmit information to the server of our website. In this context, so-called log files will be temporarily stored. Until their (automatic) deletion, the following information will be stored:
Date and time of the access, name of the accessed site (so-called origin URL), IP address of the requesting device, transmitted data volume, loading time and finally product and version information concerning the browser used in each case and name of your access provider.
With respect to the aforementioned activities, we rely on the following fundamentals within the meaning of Art. 6 (1) f) GDPR:
- provision of a smooth establishment of a connection
- comfortable handling and user friendliness of our website
- maintenance of system security and stability without delivering any direct conclusions or information on the identity of the respective user
- after achievement of the aforementioned purposes, the data will be deleted.
Upon activation of the cookie, it will be provided with an identification number, but your personal data will not be assigned to such identification number. Your name, your IP address or similar data which would establish a relationship between the cookie and your person possible will not be stored in the cookie.
You may set up your browser in a way that you will be given advance notice of a placement of cookies and may decide on a case-by-case basis whether to exclude the acceptance of cookies in certain cases or quite generally or whether to completely prevent any placement of cookies. Such limitation may, however, restrict the functions of the website.
Finally, you may also request us to erase the data created by means of cookies and relating to your use of the website as to cease to process your data.
In order to make the aforementioned goals possible, we also use a web analysis service of Google Incorporated. This, too, takes place on the basis of Art. 6 (1) f) GDPR. In this context, too, cookies – as described above – are used. The usage profiles created in this connection are also anonymised. The following information about you or your usage behaviour is revealed:
- browser –type/ version
- used operating system
- referrer URL ( home page visited before)
- time of server request
Data serving to fulfil our contractual duties
We will process personal data when we need them for fulfilling our contractual duties and rendering all our services, such as name, address, e-mail address, goods to be transported, invoice and payment data. The collection of such data is necessary for contract conclusion.
Such data will be deleted upon expiry of the warranty periods and the statutory limitation periods as well as according to the generally accepted provisions on the destruction of documents.
The legal basis for the processing of such data is Art. 6 (1) sentence 1 b) GDPR, because these data are required in order to enable us to come up to the contractual duties owed by us towards you.
In case of new registrations, we will collect master data (e.g. name, address), communication data (e.g. e-mail address) and payment data (bank details) as well as access data (user name and password).
The legal basis for processing these data is your consent according to Art. 6 (1) sentence 1 a) GDPR that is also deemed to have been implicitly granted in case of a conclusive behaviour on your part.
When you get into contact with us (e.g. via contact form or e-mail), we will process and store your information for processing your inquiry and for the case that you have any further questions.
If data processing takes place in order to implement pre-contractual measures taken due to your inquiry or, if you are already our customer, in order to implement the contract, Art. 6 (1) sentence 1 b) GDPR forms the legal basis for such data processing.
Any additional personal data will only be processed by us if you give us your consent (Art. 6 (1) sentence 1 a) GDPR) or it we have a legitimate interest in the processing of your data (Art. 6 (1) sentence 1 f) GDPR). A legitimate interest may, for instance, be our interest in answering your e-mail.
Unless specifically provided for, we will store personal data only as long as this is necessary for achieving the pursued goals.
In some cases, legislation provides for the retention of personal data, for instance in tax and commercial law. In such cases, data will be stored by us in order to comply with such statutory provisions only, but they will not be processed in any other way and will be deleted upon expiry of the statutory retention period.
Your Rights as Data Subject
According to applicable laws, you have several rights with respect to your personal data. If you want to exercise such rights, please address your inquiry by e-mail or mail to the address mentioned in clause 1 by clearly identifying yourself.
Hereinafter, you will find a summary of your rights.
Right of confirmation and access
You are entitled to receive clear information on the processing of your personal data.
You are at any time entitled to obtain from us confirmation as to whether or not personal data concerning your person are processed. Where this is the case, you have the right to request us to provide you – free of charge – with information on your personal data stored by us together with a copy of such data. In addition, you are entitled to:
- obtain information on the purposes of the processing;
- obtain information on the categories of processed personal data;
- obtain information on the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- obtain where possible, information on the envisaged period for which the personal data will be stored or, if this is not possible, the criteria used to determine this period;
- request rectification or deletion of your personal data or a restriction of the processing by the data controller or to raise objection against such processing;
- lodge a complaint with a supervisory authority;
- obtain all available information concerning the origin of the data if the personal data were not collected from you;
Where personal data are transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
Right to rectification
You have the right to request us to rectify and, if necessary, complete your personal data.
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning your person. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erase (“right to be forgotten”)
In some cases we are obliged to erase your personal data.
According to Art. 17 (1) GDPR, you have the right to obtain from us the erasure of personal data concerning your person without undue delay and we are obliged to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing is based according to Art. 6 (1) sentence 1 a) GDPR or Art. 9 (2) a) GDPR and there is no other legal ground for the processing.
- You raise an objection against the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing according to Art. 21 (2) GDPR.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law applicable to us.
- The personal data have been collected in relation to the offer of information society services according to Art. 8 (1) GDPR.
Where we have made the personal data public and are, according to Art. 17 (1) GDPR, obliged to erase them, we will, with due regard to the available technology and the costs of implementation, take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you have requested the erasure by such controllers of any links to, or copies or replications of, such personal data.
Right to restriction of processing
In some cases, you have the right to request us to restrict the processing of your personal data.
You have the right to obtain from us restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful and you opposed the erasure of the personal data and requested the restriction of their use instead;
- we no longer need the personal data for the purposes of processing, but they are required by you for the assertion, exercise or defence of legal claims; or
- you raised objection against the processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of our company override those claimed by you.
Right to data portability
You have the right to receive and to transmit personal data concerning your person in a machine-readable format or to have them transmitted by us.
You have the right to receive the personal data made available to us in a structured, commonly used and machine-readable format and you have the right to transmit such data to another controller without any hindrance from us, where
- the processing is based on a consent pursuant to Art. 6 (1) sentence 1 a) GDPR or Art. 9 (2) a) GDPR or a contract pursuant to Art. 6 (1) sentence 1 b) GDPR, and
- the processing is carried out by automated means.
In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
Right to object
You also have the right to raise objections against our lawful processing of your personal data if this is based on your specific situation and our interests in processing such data do no not override your interests.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Art. 6 (1) sentence 1 e) or f) GDPR, including profiling based on those provisions.
After your objection, we will no longer process the personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves to assert, exercise or defend our legal rights, if any.
Automated decision making, including profiling
You have the right not to be subject to a decision solely based on automated processing and producing legal effects concerning your person or having a similar significant impact on you.
An automated decision making on the basis of collected personal data does not take place.
Right to withdraw a consent to data processing
You have the right to withdraw your consent to a processing of personal data at any time.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, particularly in the member State of your habitual residence, place of work or the place of the alleged infringement if you consider that the processing to your personal data is contrary to law.
We feel to a maximum degree committed to the security of your data within the framework of applicable data protection laws and technical possibilities.
In order to safeguard your data, we maintain technical and organisational security measures complying with Art. 32 GDPR and continuously adjust them to the current state of the art.
Apart from that, we do not guarantee that our offers are available at certain times; malfunctions, interruptions or failures cannot be ruled out. The servers used by us are regularly and carefully secured.
Transfer of data to third parties, no data transfer to non-EU member states
As a rule, we will use your personal data exclusively within our company.
If and when we involve third parties within the framework of the fulfilment of contracts (such as our subcontractors), such parties will receive such personal data only to the extent they must be transmitted to them in order to enable them to fulfil the respective tasks.
In the event that certain parts of data processing operations are sourced out by us („processing by third parties“), we will contractually oblige such third party processors to use personal data exclusively in compliance with the requirements of data protection laws and to guarantee the protection of the rights of the data subject.