Data Privacy

Protecting your personal data during the collection, processing, and use of personal data during your visit to our website is of significant concern to us. Your data will be protected within the framework of legal regulations. Below, we would like to inform you about the type and extent of the processing of personal data via this website in accordance with Article 13 of the General Data Protection Regulation (GDPR).

I. Information about the Responsible Party

Breffka & Hehnke GmbH & Co. KG
Mörsenbroicher Weg 151
40470 Düsseldorf
Phone: +49 (0)211 / 6 10 71 - 0
Email: bh@breffka-hehnke.de

II. Information about the Data Protection Officer

For questions about data protection, our external data protection officer is at your disposal:

Mr. Arndt Halbach von der GINDAT GmbH
Wetterauer Str. 6, 42897 Remscheid
Email: datenschutz@gindat.de
Phone: +49 (0)2191 / 909 430

III. Data Processing via the Website

Your visit to our websites is logged. Primarily, the following data transmitted by your browser to us are recorded:

• the IP address currently used by your PC or your router
  
• date and time
  
• browser type and version
• the operating system of your PC
• the pages you viewed
• name and size of the requested file(s) and possibly the URL of the referring website.

This data is collected solely for data security purposes, to improve our web offer, and for error analysis based on Art 6 Para.1 f GDPR. The IP address of your computer is evaluated only in an anonymized form (shortened by the last three digits).

Furthermore, you can visit our website without providing any personal information.

Personal data (e.g., your name, address data, or contact details) that you voluntarily provide to us, for example, as part of an inquiry by email to the contacts listed on our homepage, will be stored with us and processed only for correspondence with you and only for the purpose for which you provided us with the data. The processing of this data is based on Art 6 Para.1 a; 6 Para. 1 f. GDPR.

Contact Form

Personal data (e.g., your name, address data, or contact details) that you voluntarily provide to us, for example, as part of an inquiry or in any other way, will be stored with us and processed only for correspondence with you and only for the purpose for which you provided us with the data. The processing of this data is based on Art 6 Para.1 a; 6 Para. 1 f. GDPR.

Secure Data Transmission

To protect the security of your data during transmission, we use state-of-the-art encryption processes (SSL) over HTTPS.

IV. Recipients of Personal Data

For the execution and processing of processing operations, we may use service providers as part of contract data processing.

Specifically, we have engaged service providers for sending newsletters and for hosting our website.

Contractual relationships with our service providers are regulated according to the provisions of Art 28 GDPR, which contain the legally required points concerning data protection and data security.

V. Data Collection by Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The basis for data processing is Art. 6 Para. 1 f) GDPR.

In the case of the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We would like to point out that Google Analytics has been extended on this website by the code "anonymizelp" to ensure an anonymized collection of IP addresses.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plugin available under the following link:

tools.google.com/dlpage/gaoptout.

The basis for data processing is Art 6 Para.1 f GDPR.

VI. Use of Social Media

Our website uses features of the network LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you access one of our pages that contains LinkedIn features, a connection to LinkedIn's servers is established. LinkedIn is informed that you have visited our internet pages with your IP address. If you click on the "Recommend-Button" of LinkedIn and are logged in to your account at LinkedIn, LinkedIn is able to assign your visit to our internet site to you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or their use by LinkedIn. Further information can be found in LinkedIn's privacy policy at:

www.linkedin.com/legal/privacy-policy.

VII. Your Rights

According to §§ 15-21 GDPR, you can assert the following rights regarding the personal data processed by us if the described requirements are met.

Right to Access

You have the right to access information about the personal data concerning you that we process.

Right to Rectification

You can request the correction of incomplete or incorrectly processed personal data.

Right to Erasure

You have the right to erase personal data concerning you, especially if one of the following reasons applies:

• Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
• You revoke your consent, on which the processing of your data was based.
• You have objected to the processing.
• Your data has been unlawfully processed.

However, the right to erasure does not exist insofar as the legitimate interests of the controller oppose it. This may be the case if:

• personal data is necessary for the establishment, exercise, or defense of legal claims.
• deletion is not possible due to retention obligations. However, if data cannot be deleted, a right to restriction of processing (as described below) may be available.

Right to Restriction of Processing

You have the right to demand a restriction of the processing of your personal data from us if:

• you contest the accuracy of the data and we therefore need to verify the accuracy,
• the processing is unlawful and you reject deletion and instead request restriction of use,
• we no longer need the data, but you require them for the establishment, exercise, or defense of legal claims,
• you have objected to the processing of your data, and it is not yet
  determined whether our legitimate reasons outweigh your reasons.

Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided the processing is based on consent or a contract and the processing is carried out by us using automated procedures.

Right to Withdraw Consent

The data subject has the right, for reasons arising from their particular situation, to object at any time to the processing of
personal data concerning them, which is based on Article 6, Paragraph 1, Letters e or f of the GDPR; this also applies to profiling based on these provisions. As far as the processing of your personal data is based on consent, you have the right to withdraw this consent at any time.

VIII. Standard Periods for the Deletion of Data

Unless there is a statutory retention requirement, data will be deleted or destroyed if they are no longer necessary for the purpose of data processing. Different retention periods apply to the storage of personal data, so data with tax relevance is usually stored for 10 years, and other data according to commercial law provisions is usually stored for 6 years. Finally, the storage duration can also be based on the statutory limitation periods, which according to §§ 195 ff. of the Civil Code (BGB) are usually three years but can be up to thirty years in certain cases.

IX. Right to Lodge a Complaint with a Supervisory Authority

Every data subject has the right, according to Art 77 GDPR, to lodge a complaint with a supervisory authority if they believe that the processing of personal data relating to them violates the GDPR. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based, in our case the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.