The Data-Protection Declaration of BellandVision GmbH
*Note: The German language version will take precedence over translations into other languages.
BellandVision GmbH (hereinafter referred to as BellandVision) is pleased that you are showing interest in our online portal and our company. Data protection and data security are near and dear to us and therefore, both have a high priority for us. We thus obligate ourselves to manage your (personally identifiable) data securely and to protect it from loss, misuse or forgery. To protect your data, we implement numerous technical and organisational standards. Nevertheless, we need to point out that regarding this issue, any time data is transmitted on the internet, it is technically impossible to provide complete protection against unauthorized access by third parties. In this policy, BellandVision wishes to inform you about the kind, amount and purpose of processing personally identifiable information that we handle, and to educate Data Subjects about the rights that they have.
A. Name and Contact Details of the Officer in Charge
BellandVision GmbH, Bahnhofstr. 9, D-91257 Pegnitz
Management: Diana Uschkoreit
Data Protection Officer: Jana Johne, email@example.com
Phone: +49 (0) 9241-4832-0
Telefax: +49 (0) 9241-4832-437
B. Important Terms to Understand this Policy
What is Personally Identifiable Data?
The term personally identifiable data is defined in the EU General Data Protection Regulation (hereinafter referred to as GDPR). It is information about a particular or identifiable natural person. This includes for example your real name, your postal address, your telephone number and your date of birth, but also other ID numbers, location data as well as physical, faith-related, or economic details.
Who is a Data Subject?
Data Subject refers to any given natural or identifiable person that can be determined based on the data collected and processed.
What does Data Processing mean?
The General Data Protection Regulation describes data processing as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personally identifiable data.
C. The purpose of Data Processing and Data Security
As part of our business activities, particularly in the distribution, purchasing and service departments, we have access to information that is governed by data protection guidelines (such as the names of staff members, email addresses or other master data for communication or contractual purposes). BellandVision processes personally identifiable data, for example of customers, service providers or visitors to our website as long as this is necessary to provide our services and to enable us to make a serviceable website and its contents available. All data processing is carried out pursuant to the provisions in Art. 6 (1) of the GDPR, in particular, and based on consent given for the fulfilment of contracts and to protect legitimate interests of BellandVision. The optimisation or improvement of the user-friendliness of the services and content offered constitute "legitimate interest", as do prevention of misuse or criminal acts that would affect BellandVision or that would prevent it from implementing steps for direct advertisement or other acquisition activities. In addition, another basis for data processing is the need to meet legal duties or carrying out a task that is in the interest of the public.
You can visit our website without leaving any personal details as we do not store data in connection with this. What is collected is some more general data and information, e. g. the user agent; the internet page from which you came to our website; the date and time you accessed it as well as your IP address and similar details that help us defend ourselves against attacks on our IT systems. Such general, anonymously collected data and information is stored for up to seven days by our hosting service provider. The information is needed to display the content of our website correctly; to optimise the content of our website and our advertisement; to ensure the stable functionality of our IT systems and the technology of our internet page as well as to make any relevant information available to law enforcement agencies in case of criminal prosecution following a cyberattack. Such anonymously collected data and information is analysed statistically, on the one hand, and on the other hand, it is evaluated furthermore for the purpose of increasing data protection and data security in our company to ultimately achieve an optimised level of protection for the personally identifiable data that we process. The anonymous data of the server log files is stored separately from all other personally identifiable data entered by a Data Subject. To improve our offers, we only analyse statistical data, which does not allow us to infer anything about you. Wherever personally identifiable data (for example someone’s name, postal address or email address) is collected on our web pages, it is, wherever possible, optional or based on already existing contractual agreements. If it is necessary to process personally identifiable data and if there is no legal basis for doing so, we generally require the consent of the Data Subject.
a. Google Analytics
This website uses Google Analytics, an internet analysis service of Google Inc. ("Google"). Google Analytics uses so-called "Cookies", that is text files that are stored on your computer and that make an analysis of how the website is used possible. The information generated by the cookies about how you use this website (including your IP address) are transferred to a Google server in the USA and stored there. Google will then use these details to analyse how you use the website, to compile reports about website activities for the website operator and to provide further services in connection with the use of our website and your use of the internet. Google might also pass this information along to third parties if this is legally required or if such third parties further process the data on behalf of Google. Google itself has stated that it will under no circumstances connect your IP address to other data from Google. We would like to point out that on this website, Google Analytics was expanded by this code: "gat._anonymizeIp();" in order to ensure that the collection of IP addresses is anonymised.
You can prevent the installation of cookies by adjusting the relevant settings on your browser. However, we would like to point out that in case you do disable cookies, you might not be able to fully use our web services.
By using this website, you agree to the processing of data collected about you by Google as described above and for the above-mentioned purpose.
Furthermore, you can prevent the collection of data generated by the cookies and all data about how you use our website (incl. you IP address) for Google as well as the processing of such data by Google by downloading and installing the browser plugin available at the link below https://tools.google.com/dlpage/gaoptout?hl=en.
You can also prevent the collection of data by Google Analytics by clicking on the link for this purpose on our website. Thus an opt-out cookie is enabled, which will prevent the collection of your data when visiting this website in the future.
If the information technology system of the Data Subject is deleted, formatted or re-installed at a later date, the Data Subject will need to install the browser add-on again to deactivate Google Analytics once more.
Our internet pages use so-called cookies in different places, based on Art. 6 Sec. 1) f) of the GDPR. Cookies are small text files that are put on your computer and that are stored by your browser. They are only used and stored for as long as it is technically needed. Cookies enable us to recognise those who use our website again. They serve the purpose of making our offer more user-friendly, more effective, and safer. Of course, you can also view our website without cookies. If you do not wish for these cookies to be stored on your hard drive, you can prevent it by adjusting the relevant settings in your browser. Further instructions for how to do so can be found in the instructions of your browser. We would like to point out that in case you disable cookies, you might not be able to fully use our web services. Cookies are free from viruses and won’t cause any damage to your computer.
3. Web Portals / Webshop / Services
In order to use certain offers or services (e. g. our customer portal or our waste disposal contractor portal) you can register on the website by entering personally identifiable data. The registration of the Data Subject, which includes the option of entering personally identifiable data, serves the purpose of providing the Data Subject with content and services that can, due to the nature of the system, only be offered to registered users. What personally identifiable data will be transmitted can be seen in the input mask that is used at the point of registration. During registration, the date and time of the registration are also stored to prevent misuse.
Occasionally, BellandVision carries out customer surveys or makes questionnaires available as a basis for consultation services. In that case, in order to carry out the survey, it may be necessary for us to ask for certain personally identifiable data, such as name, postal address or other contact information. For the technical implementation, BellandVision will use an external service provider, the SurveyMonkey Europe UC that will store and securely manage such data. For this purpose, cookies, device and browser details as well as log files are used to collect data, in order to make the technical implementation possible. By participating in or using our offers, you give your consent for the collection and processing of your personally identifiable data. It cannot be excluded that the service provider transfers data to SurveyMonkey Inc., which is based in the USA and which is subject to the EU-US Privacy Shield.
The personally identifiable data entered by the Data Subject shall only be used and stored internally and for our own purposes; it shall only be made available to third parties (i. e. data processing contractors such as hosting partners) if that is technically necessary for administrative purposes.
Some of those purposes may include: the implementation of a contract; information and consultation; advertisement for our company and our services.
BellandVision regularly compiles important pieces of information and makes them available in the form of a newsletter, which contains details about the implementation of legal requirements, our services and their legal and contractual basic conditions as well as current market developments and environmental goals. Anyone who is interested in our newsletter can subscribe to it on our website. For this purpose, we use an email marketing software, currently it is Newsletter2Go. When you subscribe, the personally identifiable data that you see in the input mask is what is collected, in addition to your IP address and the time of registration. We send out the newsletter via email, either on the basis of the consent you have given pursuant to Art. 6 (1) a) of the GDPR or based on legitimate interest pursuant to Art. 6 (1) f) of the GDPR. The following items constitute legitimate interest: first and foremost, safeguarding of the requirements and informing the recipient about them, e. g. regarding the disposal of packaging and the promotion of transparency about more complex topics, such as existing waste legislation obligations as well as the facilitation of the management of the contract and the furtherance of the attainment of environmental goals.
If the registration was done via the above-mentioned provider of email marketing software, personally identifiable data is collected and stored directly by them. Beyond that, no data is passed on to third parties. We would like to point out that you can, at any time, object to receiving this information in the future, for example by replying to such a newsletter or by simply clicking on the unsubscribe link in any such email campaign.
5. Using our Contact Form
Any personally identifiable data that you make available when you contact us will be used to answer your query or contact request as well as for related technical administrative purposes. If your query should lead to concluding a contract at a later date, your data will be stored for as long as it’s necessary to processes pre-contractual steps or to fulfil the contract. There is no data transfer to third parties. You have the right to withdraw your consent, which you gave by submitting the form, at any time in the future. In that case, your personally identifiable data will be deleted immediately.
6. Data Protection for Applications and during the Application Process
BellandVision collects and processes personally identifiable data from applicants for the purpose of handling the application procedure. It can also be carried out electronically. This is particularly the case if an applicant has submitted their application documents electronically, for example via email or through a respective application portal. If the application leads to an employment contract with the applicant, the data transmitted is processed for the handling of the employment relationship in compliance with statutory provisions. If the application does not lead to an employment contract, all application documents will be deleted automatically six months after communicating the rejection of the application to the applicant, unless the HR staff member in charge of processing applications has legitimate interest in not deleting the data or if the applicant has given their consent that their data can be kept on file to be reconsidered, either for another position or at a later date. Furthermore, legitimate interest in this sense also exists in case there is a burden of proof in a court case pursuant to the General Equal Treatment Act.
7. Recipients or Categories of Recipients to whom the Data can be Transmitted
As we take data protection very seriously, we adhere to the legal stipulations and directives of the General Data Protection Regulation (GDPR) as well as of the German Data Protection Act and the German Broadcast Media Act. Your data will be treated confidentially and protected from access by unauthorized third parties. That is also the reason why we generally reject the transfer of your data to third parties, unless it is necessary to provide services, to fulfill orders or to guarantee the technical availability and data security, or if we are legally obligated to do so. In this context, third parties may be financial auditor, experts, IT service providers, or affiliated companies. Whenever contractual partners of BellandVision do have access to your personally identifiable information for the purpose of providing a service, they are obligated by us to treat such information confidentially. Contractual partners are only allowed to use the data to fulfil their contractual obligations. Therefore, BellandVision asks all of its contractual partners to adhere to the respective data protection guidelines. By disclosing their information, customers give BellandVision permission to transfer their data to its contractual partners for contractual purposes.
8. Mandatory Period for Deleting the Data
Legislation has made numerous provisions for record retention obligations and periods. Once those periods have expired, the data is routinely deleted. If those provisions do not apply to any given data, it will be deleted if their storage is no longer needed to fulfil the purposes stated in section C.
D. Rights of the Data Subject
1. The Right of Information / Confirmation
Each Data Subject may request a confirmation if BellandVision processes personally identifiable information about them. If so, the Data Subject may, at no charge and at any time, request information regarding:
- personally identifiable information about them, including a copy of such information
- the purpose of processing their data
- the categories of personally identifiable data that is being processed
- the recipients or categories of recipients to whom such personally identifiable information has been or shall be disclosed, particularly if the recipients are in third countries or are international organizations; this also includes a suitable guaranty in connection with the data transfer, and steps for the creation of an adequate data protection level
- if possible, the period of time for which personally identifiable data will be stored or, if that is not possible, the criteria for determining such a period of time
- the existence of the right of correction and deletion of personally identifiable data, or the right to restrict the amount of data that the respective officer can process, or a right of objecting to such data processing at all
- the existence of the right to complain to a supervisory body if the Data Subject is of the opinion that their data is not being processed lawfully. In that case, a complaint can be filed at https://www.lda.bayern.de/en/complaint.html or https://www.lda.bayern.de/en/complaint.html at any time.
- if the personally identifiable data is not collected from the Data Subject: all available information about the origin of the data.
BellandVision is entitled to provide a suitable form for this purpose if it deems that to be necessary.
2. Your Right to Correcting your Information
If any data is incorrect or incomplete, each Data Subject can demand the immediate correction of their personally identifiable data or for it to be completed if that is needed for the purpose of processing their data.
3. Your Right to Deleting your Information (The Right to be Forgotten)
Every Data Subject may request that their personally identifiable information be deleted immediately if one of the following reasons applies:
- The original reason for collecting or processing their data no longer exists.
- There is no or no longer a legal basis for processing their data, for example if the Data Subject has withdrawn their previously given consent or if they have filed an objection against the processing their data pursuant to Art. 21 of the GDPR.
- The deletion of their personally identifiable information is required for the fulfilment of legal or lawful obligations within a directive that BellandVision is subject to.
4. Your Right to Restricting the Data Processing
Every Data Subject can request that the processing of their data be restricted if one of the following prerequisites is met:
- The Data Subject disputes the accuracy of the data.
- The processing of the data is unlawful but the Data Subject does not wish for their data to be deleted.
- BellandVision no longer needs personally identifiable data for the purpose of data processing, but the Data Subject still needs it to assert, exercise or defend legal claims.
- The Data Subject has filed an objection against the processing of their data pursuant to Art. 21 (1) of the GDPR, and it has not yet been determined whether or not the legitimate reasons indicated by BellandVision outweigh those of the Data Subject.
5. The Right for Portability of Data
Every Data Subject can request to receive a document with all of their personally identifiable data in a structured, regular and machine-readable format as soon as it becomes available.
They also have the right to transmit that data to another officer without being hindered by the officer to whom their personally identifiable data was first made available, unless the processing of such data is needed to carry out a given task that is in the interest of the public, or is carried out in the exercise of official authority, which was handed over to the first officer.
The Data Subject is entitled to (1) pass their data on to third parties in this format if the processing of the data is the result of a consent given or a signed contract, and if it’s handled in an automated fashion, or (2) to have BellandVision transfer the data if that is technically possible.
6. Right of Objection
Each Data Subject can object to the processing of their personally identifiable data at any time if:
- the basis for the processing of the data is carrying out a task that serves public interest or
- the basis for the processing of the data is carrying out a task that serves a legitimate interest of BellandVision or of a third party.
In case of an objection, the processing of personally identifiable data shall be stopped, unless there are compelling reasons (requiring protection) for further processing data that outweigh the interests, rights or freedom of the Data Subject, or if the processing of their data serves the assertion, execution or defence of legal claims.
7. The Right to Withdrawal of Consent for Reasons of Data Protection
Each Data Subject can, at any time, withdraw their previously granted consent to the processing of their personally identifiable data.
To exercise the above-mentioned rights, the Data Subject can, at any time, contact our data protection officer or their contact person in our company.
E. Responsibilities of the User
The user is solely responsible for correctly inputting all details that he or his staff members have to enter into the portals that are made available on our website. The user himself shall be responsible for any false or incomplete data that has been entered by his employees. This also applies to adhering to the applicable privacy protection guidelines when entering data.
Liability for the loss of data is excluded, unless the data loss is the result of deliberate or gross negligence. Liability for damage due to injury of life, body or health will remain unaffected. Non-liability also applies to damage resulting from erroneous use of a given portal or service by the user. The obligation to ensure data protection pursuant to Art. 32 of the GDPR will remain unaffected hereby.
There is no obligation to check whether the rights of third parties are infringed when inputting data.
G. A Planned Data Transfer into Third Countries