Privacy Policy

A. PRIVACY POLICY WEBSITE BBW-LASERTECHNIK.DE

In the following we inform about the collection of personal data when visiting our website. Personal data means any information relating to an identified or identifiable natural person (‘data subject’), e.g. name, address, e-mail addresses, user behaviour.

1. Controller of data processing

The controller for data processing in accordance with Article 4 (7) of the EU Data Protection Regulation (GDPR) is

BBW Lasertechnik GmbH

Gewerbering 11
83134 Prutting

Telefon: (0 80 36) 9 08 20- 0
Telefax: (0 80 36) 9 08 20- 28

E-Mail: info(at)bbw-lasertechnik.de

(in the following: "Controller")

The Controller has appointed a data protection officer, who can be contacted as follows: datenschutz(at)bbw-lasertechnik.de

2. Collection and processing of personal data

a. When visiting the website

When visiting the controller's website, the following data is transmitted from the user's browser to the controller's server and stored: The user’s operating system, the user’s IP address, date and time of access, websites from which the user’ system reaches our website, the services and functions used on our website. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest of the controller lies in the fact that this data serves to ensure the functionality of the controller's website.

b. When using the contact form

If the user sends an inquiry to the controller using the online form in the "Contact" section, the name (a pseudonym may also be given) and e-mail address are collected. The indication of the company name is voluntary. The contact request cannot be sent without providing a name and e-mail address. When sending a contact request, the user expects the controller to contact him/her via one of the contact channels given in the contact request. The legal basis is Art. 6 (1) sentence 1 lit. f GDPR. The legitimate interest of the controller is to communicate with the customer in an flexible manner with regard to the customer's specific request and thus to provide a good customer service.

c. Data processing for direct marketing purposes

Personal data is processed to inform about our innovations and services, as well as to ensure comprehensive customer support. The legal basis for this data processing is Art. 6 Abs. 1 S. 1 lit. f DS-GVO. The user has the right to object to the processing for direct marketing purposes at any time. The processing of personal data for direct marketing purposes is in the legitimate interest of the provider.

3. Use of cookies

Cookies are used on the internet pages of the controller. Cookies are small text files that are stored by the Internet browser on the user's computer system. This cookie contains a distinctive string that allows the browser to be uniquely identified when the website is visited again. They serve to make the Internet offer as a whole more user-friendly and effective.

The following types of cookies are used on the provider's website:

- Session cookies: These cookies are automatically deleted when the user closes his browser.

It is possible at any time to restrict the setting of cookies by changing the settings in the Internet browser. The user will then be informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser is different in the way it manages the cookie settings. Set cookies can be deleted by adjusting the settings in the user's browser. Please note that if cookies are deactivated, it may not be possible to use all functions of the controller´s website to their full extent.

The legal basis is Art. 6 Paragraph 1 S. 1 lit. f GDPR. The legitimate interest of the controller is to offer a user-friendly and effective website.

4. Exchange of data

The data collected via the controller's website will only be passed on to third parties if this is otherwise noted in the individual data processing steps. The controller commissions processors (web hosting, IT service providers) who may come into contact with the user's data.

5. Routine deletion and blocking of personal data

The controller processes and stores personal data of the person concerned only as long as this is necessary to achieve the purpose of storage. In addition, data may be stored for as long as this is provided for by the European or national legislator in EU provisions, laws or other regulations to which the person responsible for processing is subject.

As soon as the storage purpose ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely deleted.

6. Bing Ads

On the website, the provider uses Bing Ads (bingads.microsoft.com), a web analysis service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). "Bing Ads" also uses "cookies", text files that are stored on the user's device (PC, mobile, tablet, etc.) when the user accesses the controller´s website through a Microsoft Bing ad. If the controller's site is visited, the controller and Microsoft are informed that the user has clicked on the ad and has reached the controller's site via the ad. The controller does not receive information that personally identifies users, only information about the total number of users who clicked on a Bing ad and were then redirected to the controller's site. Microsoft collects, processes, and uses information via the cookie to create usage profiles using pseudonyms. These usage profiles are used to analyze visitor behavior and are used for advertising tailored to the user.

The user can prevent the installation of cookies by adjusting the settings of his browser software accordingly.

Furthermore, the user can prevent the collection of data generated by the cookie and related to the use of the website as well as the processing of this data by Microsoft by declaring his objection under the following link http://choice.microsoft.com/de-DE/opt-out .

Further information on data protection and the cookies used by Microsoft and Bing Ads can be found at privacy.microsoft.com/de-de/privacystatement.

The legal basis for the use of Bing Adss the consent of the user, Art. 6 para. 1 a) DSGVO.

7. Google Analytics

On this website the controller uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", text files that are stored on the user's end device (PC, mobile, tablet, etc.). These cookies enable an analysis of the user's website usage. The information generated by the cookies about the use of the website by the user is transferred to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

By means of an IP anonymization tool on the controller's website, the IP address of the user is shortened before transmission to the USA within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

On behalf of the controller, Google will use this information for the purpose of evaluating the user's use of the website and compiling reports on website activity.

The user may refuse the use of cookies by selecting the appropriate settings on his browser, however please note that if you do this you may not be able to use the full functionality of this website.

It is possible to object to the use of the data by Google Analytics with effect for the future. This can be done using a special program that can be installed for the user's web browser. Further information: tools.google.com/dlpage/gaoptout.

The user can also [ here ] contradict the use of Google Analytics.

The legal basis for the use of "Google Analytics" is Art. 6 para. 1 sentence 1 lit f) DSGVO (legitimate interest). The legitimate interest of the controller lies in the statistical evaluation of visitors and the monitoring od their behaviour on the controller's website.

8. Meta Pixels

We use "Meta Pixel" (hereinafter referred to as "Pixel") on our website. The provider is Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Meta").
The Meta Pixel uses so-called "cookies", text files that are stored on your computer and that analyze usage data if you visit the site via an advertisement placed on social media. This allows the effectiveness of social media advertising to be evaluated for statistical and market research purposes in order to optimize future advertising measures. 
The data collected is anonymous to us as the operator of this website and we cannot link it to the identity of the user. However, since the data is stored and processed by Meta, we as the operator of the website cannot guarantee that the data will not be assigned to user profiles. This may occur within the framework of the Facebook data usage guidelines for advertising purposes. This allows Meta to place advertisements on Meta pages and outside Meta.

The pixel is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. The data is stored for 2 years in order to be able to compare and evaluate advertising measures and their success.
You can find further information on protecting your privacy in Facebook's privacy policy: de-de.facebook.com/about/privacy/.
You can also deactivate the remarketing function "Custom Audiences" in the settings for advertisements at www.facebook.com/ads/preferences/. To do this, you must be logged in to Facebook.
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

9. Google Remarketing, Google Conversion Tracking and Google Adwords

On this website the controller uses Google Ads, a web analysis service of Google Inc. ("Google"), and in the context of Google Ads the service "Google Conversion Tracking" and "Google Remarketing".

By Google Ads, a cookie for conversion tracking is stored on the user's end device (PC, mobile, tablet, etc.) (so-called "conversion cookie") when the user clicks on an ad placed by Google. These cookies exist for a period of 30 days. If the controller's site is visited, the information that the user clicked on the advertisement and reached the controller's site via this advertisement is transmitted to the controller and Google. The controller does not receive any information with which users can be personally identified.

The information obtained by means of conversion cookies is used to create statistics for the controller on how many users have clicked on the advertisement and visited the controller's site.

Google Remarketing places a conversion tracking cookie on the user's device (PC, mobile, tablet, etc.), which enables advertising that matches the user's interests by means of a pseudonymous cookie ID. The pages visited by the user are also evaluated for this purpose. If the user has a Google account and has agreed with Google that his or her browsing history will be linked by Google to his or her Google account and information from his or her Google account may be used for advertising tailored to his or her interests, Google will use the user's data together with Google Analytics data and Google Ads data to create target group lists for remarketing across devices. For this purpose, Google links the user's personal data with data from Google Analytics and Google Ads.

The user can permanently deactivate the setting of cookies for advertisements by installing the browser plug-in available under the following link: www.google.com/settings/ads/onweb/

Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

The legal basis for the use of Google Ads, Google Conversion Tracking and Google Remarketing is the consent of the user, Art. 6 para. 1 a) DSGVO.

The controller has set up Enhanced Conversions on the website. Enhanced Conversions is a function that can be used to improve the accuracy of conversion tracking by protecting the privacy of users by supplementing existing conversion tags with the hashed first-party conversion data from the website. Hashing the first-party data before sending it to Google Ads ensures privacy by converting personal information such as (here: email address) into a hashed / pseudonymized (SHA256) string.

10. Rights of the user

Under certain conditions, the user has the following rights against the controller with regard to the personal data concerning him/her:

• Right to information,
• Right of correction or deletion,
• Right to restrict processing,
• Right to object to the processing,
• Right to data portability.

The user also has the right to complain to a data protection authority about the processing of his personal data by the controller.

11. Revocability of declarations of consent under data protection law

If the user has given his consent to the processing of his data by the controller, he can revoke this consent at any time.

B. PRIVACY POLICY FOR APPLICANTS

In the following we inform about the processing of personal data when sending an application to us.

1. Controller of data processing

The controller for data processing in accordance with Article 4 (7) of the EU Data Protection Regulation (GDPR) is

BBW Lasertechnik GmbH

Gewerbering 11
83134 Prutting

Telefon: (0 80 36) 9 08 20- 0
Telefax: (0 80 36) 9 08 20- 28

e-mail: info(at)bbw-lasertechnik.de

(in the following: "Controller")

The Controller has appointed a data protection officer, who can be contacted as follows: datenschutz(at)bbw-lasertechnik.de

2. Collection and processing of personal data

a. Generally

The personal data of an applicant is processed in order to process the application as a speculative application or in response to a specific job advertisement. Processing is used to check whether the applicant is suitable for a vacant position and, if necessary, to create an employment contract. The applicant has to provide the data required to process the application, otherwise the application cannot be processed.

The legal basis for data processing is § 26 Paragraph 1 German Federal Data Protection Act (FDPA).

b. When using the online form

If the applicant submits his or her application to the controller using the online form in the "Career" section, first name, last name, address, telephone number and e-mail address are collected. The application cannot be sent without providing these data.

The legal basis for data processing is § 26 para. 1 FDPA.

The applicant can also upload documents containing other data relevant to the application. Item 2.a of this data protection notice applies to these data.

3. Exchange of data

The applicant data will be passed on to third parties exclusively,

• If legally required to do so
• On the basis of the legitimate interest of the controller (e.g. to authorities, lawyers, courts, committees, supervisory bodies)
• If the applicant has given his consent

In addition, the controller's contract processors may come into contact with the applicant's data.

4. Routine deletion and blocking of personal data

The controller processes and stores personal data of the person concerned only as long as this is necessary to achieve the purpose of storage. In addition, data may be stored for as long as this is provided for by the European or national legislator in EU ordinances, laws or other regulations to which the controller is subject.

As soon as the storage purpose ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely deleted.

Candidate data are either deleted (electronic data) or returned to the applicant in their original form (paper documents) six months after the decision is taken, unless the applicant is recruited.

5. Rights of the applicant

Under certain conditions, the applicant has the following rights against the controller with regard to the personal data concerning him/her:

• Right to information,
• Right of correction or deletion,
• Right to restrict processing,
• Right to object to the processing,
• Right to data portability.

The applicant also has has the right to complain to a data protection authority about the processing of his personal data by the controller.

6. Revocability of declarations of consent under data protection law

If the applicant has given his consent to the processing of his data by the controller, he/she can revoke this consent at any time.

C. PRIVACY POLICY FOR CUSTOMERS

In the following we inform about the processing of personal data of Customers.

1. Controller of data processing

The Controller for data processing pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is:

BBW Lasertechnik GmbH

Gewerbering 11
83134 Prutting

Telefon: (0 80 36) 9 08 20- 0
Telefax: (0 80 36) 9 08 20- 28

e-mail: info(at)bbw-lasertechnik.de

(in the following: "Controller")

TThe Controller has appointed a data protection officer, who can be contacted as follows: datenschutz(at)bbw-lasertechnik.de

2. General information on data processing

a.    Scope of the processing of personal data

The processing of a Customer's personal data is generally only carried out insofar as this is necessary for the performance of services by the Controller. The processing of personal data regularly takes place only on the basis of the fulfillment of a contract or for the implementation of a pre-contractual measure.

b.    Legal basis for the processing of personal data

Insofar as the Controller obtains the consent of the data subject for processing operations of personal data, Art. 6 para. 1 sentence 1 lit. a. GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract between the Customer and the Controller, Art. 6 para. 1 sentence 1 lit. b. GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for the fulfillment of a legal obligation to which the Controller is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the Customer or another natural person make processing of personal data necessary, Art. 6 para. 1 sentence 1 lit. d. GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of the Controller or a third party and the interests of the Customer, fundamental rights and freedoms do not outweigh the former interest, Art. 6 para. 1 sentence 1 lit. f. GDPR serves as the legal basis for the processing.

c.    Data deletion and storage period

Personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the Controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.

3. Contact by e-mail

a.    Legal basis for data processing

The legal basis for the processing of personal data transmitted in the course of sending an e-mail is Art. 6 para. 1 sentence 1 lit. f EU-GDPR. If the e-mail contact aims at the conclusion of a contract, Art. 6 para. 1 sentence 1 lit. b EU-GDPR is the additional legal basis for the processing of personal data.

b.    Purpose of the data processing

The processing of personal data in the case of contact by e-mail serves us to process the contact.

c.    Data processing for direct marketing purposes

Personal data are processed in order to inform about innovations and services of the Controller, as well as to ensure comprehensive Customer support. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f EU-GDPR. The Customer has the right to object to the processing for direct marketing purposes at any time. The processing of personal data for direct marketing purposes is in the legitimate interest of the Controller.

d.    Possibility of objection and removal

Customers have the option at any time to object for the future to the processing of their personal data in the context of contacting them by e-mail. In such a case, the conversation between the Customer and the Controller cannot be continued. All personal data stored in the course of contacting the Controller will be deleted in this case.

4. Legal defense and enforcement of rights

a.    Legal basis for data processing

The legal basis for the processing of personal data in the context of legal defense and enforcement is Art. 6 para. 1 sentence 1 lit. f EU-GDPR.

b.    Purpose of data processing

The purpose of processing personal data in the context of legal defense and enforcement is the defense against unjustified claims and the legal enforcement of claims and rights. In this purpose, Controller has a legitimate interest in the data processing according to Art. 6 para. 1 sentence 1 lit. f EU-GDPR.

c.    Duration of storage

Personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

d.    Possibility of objection and removal

The processing of personal data in the context of legal defense and enforcement is mandatory for legal defense and enforcement. Consequently, there is no possibility for the Customer to object.

5. Categories of recipients

Within the Controller's company, those offices and departments receive personal data that need it to fulfill the aforementioned purposes. In addition, the Controller sometimes uses different service providers and transmits personal data to other trusted recipients. These may be, for example:

• Banks
• Scanning service
• Printing companies
• IT service providers
• Customer relationship service providers
• Lawyers and courts

6. Rights of the data subject

If personal data is processed by the Controller, the Customer is a data subject within the meaning of the EU-GDPR and is entitled to the following rights vis-à-vis the Controller:

a.    Right to information

The Customer may request confirmation from the Controller as to whether personal data concerning him are being processed by the Controller.

If such processing exists, the Customer may request information from the Controller about the following:

(1) The purposes for which the personal data are processed;

(2) The categories of personal data which are processed;

(3) The recipients or categories of recipients to whom the personal data concerning the Customer have been or will be disclosed;

(4) The planned duration of the storage of the personal data relating to the Customer or, if specific information on this is not possible, criteria for determining the storage period;

(5) The existence of a right to rectification or erasure of the personal data concerning the Customer, a right to restriction of processing by the Controller or a right to object to such processing;

(6) The existence of a right of appeal to a supervisory authority;

(7) Any available information on the origin of the data, if the personal data are not collected from the Customer;

(8) The existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) EU-GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the Customer.

The Customer has the right to request information as to whether personal data concerning him are transferred to a third country or to an international organization. In this context, the Customer may request to be informed about the appropriate safeguards pursuant to Art. 46 EU-GDPR in connection with the transfer.

b.    Right to rectification

The Customer has a right to rectification and/or completion vis-à-vis the Controller, insofar as the processed personal data concerning him are incorrect or incomplete. The Controller shall carry out the correction without delay.

c.    Right to restriction of processing

Under the following conditions, the Customer may request the restriction of the processing of personal data concerning him:

(1) If he disputes the accuracy, of the personal data concerning him for a period enabling the Controller to verify the accuracy of the personal data;

(2) The processing is unlawful and he/she refuses the erasure of the personal data and instead requests the restriction of the use of the personal data;

(3) The Controller no longer needs the personal data for the purposes of the processing, but the Customer requires them for the assertion, exercise or defense of legal claims; or

(4) If he has objected to the processing pursuant to Article 21 (1) EU-GDPR and it has not yet been determined whether legitimate reasons of the Controller prevail over the reasons of the Customer.

If the processing of personal data relating to him/her has been restricted, this data may - apart from being stored - only be processed with his/her consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, the Customer will be informed by the Controller before the restriction is lifted.

d.    Right to deletion

i.    Obligation to delete

The Customer may request from the Controller that the personal data concerning him be deleted without undue delay, and the Controller shall be obliged to delete such personal data without undue delay, if one of the following reasons applies:

(1) The personal data concerning the Customer are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) The Customer revokes his consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a EU-GDPR and there is no other legal basis for the processing.

(3) The Customer objects to the processing pursuant to Art. 21 (1) EU-GDPR and there are no overriding legitimate grounds for the processing, or objects to the processing pursuant to Art. 21 (2) EU-GDPR.

(4) The personal data concerning the Customer have been processed unlawfully.

(5) The erasure of the personal data concerning the Customer is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the Controller is subject.

(6) The personal data concerning the Customer has been collected in relation to information society services offered in accordance with Article 8(1) EU-GDPR.

ii.    Information to third parties

If the Controller has made personal data concerning the Customer public and is obliged to erase such data pursuant to Article 17(1) EU-GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data Controllers which process the personal data that the Customer, as a data subject, has requested that they erase all links to, or copies or replications of, such personal data.

iii.    Exceptions

The right to erasure does not exist to the extent that the processing is necessary to.

(1) For the exercise of the right to freedom of expression and information;

(2) For compliance with a legal obligation which requires processing under Union or Member State law to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

(3) For reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) EU-GDPR;

(4) For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) EU-GDPR, to the extent that the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

(5) For the assertion, exercise or defense of legal claims.

e.    Right to information

If the Customer has asserted the right to rectification, erasure or restriction of processing vis-à-vis the Controller, the Controller is obliged to inform all recipients to whom the personal data concerning the Customer have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

He/she shall have the right vis-à-vis the Controller to be informed about these recipients.

f.    Right to data portability

The Customer has the right to receive the personal data concerning him, which he has provided to the Controller, in a structured, common and machine-readable format. In addition, he has the right to transfer this personal data, which has been provided to the Controller, to another responsible party without hindrance by the Controller, provided that:

(1) The processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a EU-GDPR or Art. 9 para. 2 lit. a EU-GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b EU-GDPR and

(2) The processing is carried out with the aid of automated procedures.

In exercising this right, the Customer also has the right to obtain that the personal data concerning him or her be transferred directly from the Controller to another Controller, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected by this.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

g.    Right of objection

The Customer has the right to object at any time, on grounds arising from their particular situation, to the processing of personal data relating to them which is carried out on the basis of Article 6 (1) (e) or (f) EU-GDPR; this also applies to profiling based on these provisions.

The Controller shall no longer process the personal data relating to the Customer unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Customer, or the processing serves to assert, exercise or defend legal claims.

The Customer has the possibility, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise his right to object by means of automated procedures using technical specifications.

h.    Right to revoke the declaration of consent under data protection law

The Customer has the right to revoke his declaration of consent under data protection law at any time. The revocation of the consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

i.    Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, the Customer shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his place of residence, place of work or place of the alleged infringement, if he is of the opinion that the processing of personal data relating to him violates the EU-GDPR.

Competent supervisory authority for the Controller is:

Bavarian State Office for Data Protection Supervision (BayLDA).

Promenade 27

91522 Ansbach

The supervisory authority to which the Customer has submitted a complaint shall inform the Customer of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 EU-GDPR.

If the Customer has any queries, the data protection officer appointed by the Controller will be happy to answer them at any time.