Data Privacy Statement
The BÜCHL group of companies, together with its company units (hereinafter BÜCHL), would like to thank you for your interest in our online presence as well as your interest in our company. Data protection and data security are very important to us, and we consider them a high priority. As a result, we are committed to securely managing your (personal) data and protecting it from loss, misuse and falsification. We use numerous technical and organizational measures to protect your data. Nonetheless, please note that it is not technically possible to seamlessly protect every web-based data transmission from unauthorized third-party access. In this statement, BÜCHL provides you with information about the type, scope and purpose of the personal data that we process and informs data subjects about their rights in this regard.
A. Name and contact information for the controller
Reinhard Büchl jun., Iris Büchl
Phone: +49 (0) 841-9646-0
Fax: +49 (0) 841-9646-60
Data protection officer:
B. Important definitions
What is personal data?
The term “personal data” is defined in the EU General Data Protection Regulation (hereinafter GDPR) as information relating to an identified or identifiable natural person. This includes, for example, your legal name, address, phone number and date of birth as well as ID numbers, location data, physical, religious or economic factors.
Who is the data subject?
The data subject is any natural person who is identified or identifiable using the collected and processed data.
What does data processing mean?
The General Data Protection Regulation defines processing as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
C. Processing purposes and data security
Our business activities, particularly in the areas of sales, service and support, provide us with information that is subject to data protection provisions (such as names of employees/staff, email addresses and other communications-related or contractual master data). BÜCHL processes personal data, for instance from customers, service providers and website visitors, to the extent that this is necessary in order to provide or perform our work and services and to provide you with a functional website and content. In particular, processing takes place as defined by Art. 6 Sec. 1 GDPR on the basis of provided consent, in order to perform contracts or to protect the legitimate interests of BÜCHL. A legitimate interest can exist, for example, in optimizing and improving the user-friendliness of the offered services and content, in preventing misuse or criminal acts that affect BÜCHL, and in implementing direct marketing measures or other acquisition-related activities. The basis for processing can also be the fact that processing is necessary in order to fulfill a legal obligation or to perform a task carried out in the public interest.
You can visit our website without providing any information about your person. We do not store any personal data in this context. We collect a variety of general data and information, e.g. the user agent, the web page from which you accessed our website, and the date and time of your access as well as the IP address or similar data that can help prevent attacks on our IT systems. This general, anonymously collected data and information is stored with our hosting service provider for up to seven days. This information is needed in order to correctly display the content of our website, to optimize the website content and advertisements, to ensure the consistent functionality of our IT systems and the technology for our website, and to provide the necessary information to law enforcement agencies in order to prosecute potential cyberattacks. This anonymously collected data and information is analyzed statistically as well as with the goal of improving data protection and data security within our company, ultimately in order to ensure optimal protection for the personal data that we process.
In order to improve our offering, we only analyze statistical data that does not permit you to be identified. If and to the extent that personal data is collected on our pages (for instance name, address or email addresses), this is done on a voluntary basis wherever possible, e.g. through a registration, survey, contest or existing contractual agreements. If personal data must be processed and there is no legal basis for such processing, we shall as a rule obtain consent from the data subject.
a. Google Analytics
You can block cookies by adjusting your browser settings accordingly; in this case, however, please note that you may not be able to fully use all of the functions of this website.
By using this website, you agree to the processing of your data by Google in the manner described above and for the abovementioned purpose.
Furthermore, you can prevent data generated by the cookie regarding your use of the website (including your IP address) from being tracked by Google, as well as preventing the processing of this data by Google, by downloading and installing the browser plugin found under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can also prevent Google Analytics from tracking you by clicking on the following link. This will place an opt-out cookie that will prevent future tracking of your data when you visit this website:
If the data subject’s IT system is deleted, formatted or reinstalled at a later time, the data subject must reinstall the browser plugin in order to disable Google Analytics.
b. Google Webfonts
This page uses so-called web fonts to represent the font. These are provided by Google (http://www.google.com/webfonts/). When you visit our page, your browser loads the required web font into your browser cache. This is necessary so that your browser can display a visually improved presentation of our texts. If your browser does not support this feature, a default font will be used by your computer for viewing.
For more information about Google Webfonts, visit https://developers.google.com/fonts/faq?hl=de-DE&csw=1
For general information about privacy at Google please visit http://www.google.com/intl/de-DE/policies/privacy/
Several sections of these web pages implement cookies on the basis of Art. 6 Sec. 1 f) GDPR. Cookies are small text files that are placed on your computer and saved by your browser. They are only used and saved for as long as this is technically necessary. Cookies allow us to recognize visitors to our website. They help make our offering more user-friendly, effective and secure. Naturally, it is also possible to use our website without cookies. If you do not want cookies to be stored on your hard drive, you can block them by adjusting the corresponding settings in your browser. More information about this can be found in your browser’s operating instructions. Please note that in this case, you may not be able to fully use all of the web services. Cookies are free from viruses and will not damage your computer.
In order to use certain offerings and services (e.g. our online application or customer portal), you have the option of registering on our website, which involves providing personal data. When a data subject registers and voluntarily provides personal data, we can offer the data subject content and services that can only be offered to registered users due to their nature. The personal data transmitted is determined by the input screen used for registration in each case. Each registration also records the date and time of registration in order to prevent misuse.
Personal data entered by the data subject will exclusively be collected and stored for internal use and for our own purposes, and will only be made accessible to third parties (contract data processors, such as hosting partners) where this is necessary for technical administration. Data will only be collected where necessary in order to complete business transactions (for instance making contact by email, for customer inquiries, and for subscribing to our newsletter).
We hereby explicitly note that data transmission on the internet (e.g. when communicating by email) may be subject to security gaps and cannot be seamlessly protected from third-party access.
In particular, our own purposes may include: contract data processing, information and advice, advertisements for our company and our services.
4. Using our contact form
The personal data that you provide to us in the context of this contact inquiry will be used in order to respond to your inquiry and/or to contact you, and for the associated technical administration. If your inquiry leads to a contract conclusion at a later point, the data will be stored for as long as this is necessary to perform pre-contractual measures or to fulfill the contract. It will not be shared with third parties. You have the right at any time to withdraw the consent you provided upon registration, with effect for the future. In this case, your personal data will be erased immediately unless we are legally obligated to continue storing it.
5. Data protection for applications and application processes
BÜCHL collects and processes personal data from applicants for the purpose of carrying out the application process. Processing may also take place electronically. This is particularly the case if an applicant provides us with the corresponding application materials electronically, for instance by email or through a corresponding applicant portal. If an employment contract is then concluded with an applicant, the transmitted data will be processed in order to carry out the employment relationship with consideration for the statutory provisions. If no employment contract is concluded with the applicant, the application materials will automatically be erased six months after the refusal is announced, unless this is opposed by the controller’s legitimate interests or the applicant has consented to the use of the data in order to be considered for other or later open positions. Another legitimate interest in this sense, for example, is the burden of proof for proceedings as per the General Equal Treatment Act (AGG).
6. Recipients and categories of recipients with whom data can be shared
Because we take data protection very seriously, we observe the statutory provisions and regulations of the General Data Protection Regulation (GDPR) as well as the Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG). Your data will be kept confidential and protected from outside access by unauthorized third parties. This is also the reason that we fundamentally do not share your data with third parties – unless this is necessary in order to provide services, execute orders or guarantee technical availability and data security, or where we are legally obligated to do so. Third parties in this context can include, for example: auditors, experts, IT service providers and affiliated companies. If BÜCHL’s contractual partners have access to your personal data for the purpose of providing services, they are obligated to treat this information confidentially. The contractual partner is only permitted to use the information in order to fulfill its contractual obligations. Contractual partners shall be correspondingly obligated by BÜCHL to observe the statutory data protection requirements. The customer agrees to permit information to be disclosed to BÜCHL’s contractual partners, and data to be shared with these partners, for the purpose of the contract.
7. Standard periods for erasing data
The law establishes a wide range of storage obligations and storage periods. Data will routinely be erased after the end of these periods. If data is not affected by this erasure, it will be deleted when it no longer needs to be known in order to fulfill the storage purposes named in C.
D. Rights of the data subject
1. Right to information / confirmation
Each data subject can request confirmation as to whether or not personal data concerning him or her is being processed. If this is the case, each data subject can request information free of charge at any time about the following:
- personal data concerning him or her that has been stored, including a copy of this information
- purposes of the processing
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations, including a suitable guarantee in conjunction with the transmission and measures to establish an appropriate level of data protection
- where possible, the envisaged period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that period
- the existence of a right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the right to lodge a complaint with a supervisory authority if the data subject believes his or her data is being processed unlawfully. In this case, a complaint can be submitted at any time under https://www.lda.bayern.de/de/beschwerde.html or https://www.lda.bayern.de/en/complaint.html
- where the personal data was not collected from the data subject: all available information about the data source
BÜCHL is entitled to provide a corresponding form for this if necessary.
2. Right to rectification
If data is found to be inaccurate or incomplete, each data subject has the right to request the immediate rectification of inaccurate personal data, or to have incomplete personal data completed where this is necessary for processing.
3. Right to erasure (right to be forgotten)
Each data subject has the right to request the immediate erasure of personal data concerning him or her where one of the following grounds applies:
- The original purpose for which the data was collected and/or processed no longer applies.
- The legal basis for processing the data no longer applies or has lapsed, for instance if the data subject withdraws consent or objects to the processing as per § 21 GDPR.
- The personal data must be erased in order to comply with a legal/statutory obligation under Union or Member State law to which BÜCHL is subject.
4. Right to restriction of processing
Each data subject can request restriction of processing of his or her data where one of the following applies:
- the data subject contests the accuracy of the data
- the processing is unlawful and the data subject nonetheless opposes erasure
- BÜCHL no longer needs the personal data for the purposes of the processing, but it is required by the data subject in order to establish, exercise or defend legal claims
- the data subject has objected to processing as per Art. 21 Sec. 1 GDPR pending verification of whether the legitimate grounds of BÜCHL override those of the data subject.
5. Right to data portability
Each data subject has the right to receive the personal data concerning him or her, which he or she has provided to us, in a structured, commonly used and machine-readable format as soon as this is available, and to transmit this data to another controller without hindrance from the controller to which the personal data was provided, where the processing is not necessary in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller.
The data subject has the right to share data with third parties in this format if processing takes place on the basis of consent or on the basis of a contract and using automatic processes, or to have it transmitted directly by BÜCHL where technically feasible.
6. Right to object
Each data subject has the right to object to the processing of personal data concerning him or her where:
- processing is necessary for the performance of a task carried out in the public interest or
- processing is necessary to protect the legitimate interests of BÜCHL or a third party
In the event of an objection, personal data will no longer be processed unless there are compelling grounds for further processing that override the interests, rights and freedoms of the data subject or unless the processing serves to establish, exercise or defend legal claims.
7. Right to withdraw consent under data protection law
Each data subject has the right at any time to withdraw his or her consent for the processing of personal data.
In order to assert the above rights, the data subject can contact our data protection officer or the contact partner at our company at any time.
E. Responsibility of the user
The user is solely responsible for the correct recording of any data that the user or the user’s employees enter into the portals provided on the website. The user is solely responsible for any incorrect or incomplete information provided by company employees. This also applies to guaranteeing compliance with statutory data protection provisions while entering data.
Liability for data loss is excluded as long as the data loss was not caused by intentional or grossly negligent behavior. Liability for damage due to the loss of life, bodily injury or damage to health remains unaffected hereby. A liability exclusion also applies to damage caused by improper use of the respective portal or service by the user. The obligation to guarantee data security as per Art. 32 GDPR remains unaffected hereby.
There is no obligation to determine whether third-party rights are infringed during the entry of data.
G. Planned data transmission to third countries
Unless explicitly mentioned in this statement, e.g. the transmission of some data to the United States through the use of Google Analytics (see C.2.a.), no transmission of data to third countries is planned.
H. Validity and updating of the Data Privacy Statement
It may become necessary to change this Data Privacy Statement. BÜCHL therefore reserves the right to modify the Data Privacy Statement with consideration for the applicable data protection regulations, with effect for the future. We therefore ask that you review the Data Privacy Statement periodically.