This data protection policy shall inform you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) on our website as well as the websites, functions and contents it links to, including external websites, such as our social media profiles (hereinafter jointly referred to as “website content”). The definitions of the terminology used, such as “processing” or “controller”, can be found in Art. 4 of the General Data Protection Regulation (GDPR).
Data protection information BEUCKE & SÖHNE GmbH & Co. KG
Data protection information BEUCKE Tiefdruck GmbH
Data protection information BEUCKE Flexodruck GmbH
Data protection information BEUCKE Rahning GmbH & Co. KG
Beucke & Söhne GmbH & CO. KG
In der Garte 11-13
Beucke Beteiligungsgesellschaft mbH,
based in Dissen, register court of Osnabrück HRB 110030.
Telephone: +49 (0) 5421 / 301 - 0
Fax: +49 (0) 5421 / 301 - 120
Entry in commercial register
Register court: Osnabrück
Register number: HRA 110048
VAT identification number acc. to Art. 27 a of the German Sales Tax Act:
External data protection officer:
You can contact our data protection officer
at our postal address and at the following contact details:
Telephone: +49 (0) 541 / 94169 - 16
Fax: +49 (0) 541 / 94169 - 96
Types of data processed:
Categories of persons concerned
Visitors and users of the website content (we shall hereinafter also refer to the data subjects collectively as “users”).
Purpose of processing
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations that affects personal data, whether or not by automatic means. This term is broad and encompasses practically every type of handling of data.
“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without using additional information, provided that such additional information is kept separate and is subject to technical and organisational measures to ensure that the personal data cannot be assigned to an identified or identifiable natural person.
“Profiling” describes any automated processing of personal data which consists in using said personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The “processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Relevant legal basis
We shall inform you about the legal basis of our data processing in accordance with Art. 13 GDPR. Insofar as the legal basis is not stated in the data protection policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing for the fulfilment of our services and implementation of contractual measures as well as answering enquiries is Art. 6(1)(b) GDPR, the legal basis for processing for the fulfilment of our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing for the protection of our legitimate interests is Art. 6(1)(f) GDPR. Art. 6 (1)( d) GDPR shall serve as the legal basis in the event that vital interests of the data subject or another natural person make it necessary to process personal data.
We shall take all technical and organisational measures required to ensure a level of protection appropriate to the risk in accordance with Art. 32 GDPR, taking into account the current state of technology advances, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data and response to any data compromise. We also take into account the protection of personal data during the development and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).
Cooperation with processors and third parties
In the event that, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit the data to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1)(b) GDPR); if you have consented to this transmission; if a legal obligation provides for this; on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
Any commissioning of third parties with the processing of data on the basis of a “processing agreement” shall be done on the basis of Art. 28 GDPR.
Transfers to third countries
Should data be processed in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this shall only be done in order to fulfil our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process data in a third country or have the data processed in a third country in accordance with the special requirements of Art. 44 ff. GDPR. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (“standard contractual clauses”).
Rights of the data subjects
You have the right to request confirmation as to whether your data is being processed and to information about the data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDRP, you have the right to request that your personal data be completed or that any incorrect personal data be corrected.
In accordance with Article 17 GDPR, you have the right to demand that your data be erased without delay or, alternatively, to demand restriction of the processing of the data in accordance with Article 18 GDPR.
You have the right to request access to your personal data that you have provided to us in accordance with Article 20 GDPR and to request that it be transferred to other data controllers.
You also have the right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 GDRP.
Right of withdrawal
You have the right to withdraw consent granted in accordance with Art. 7 (3) GDRP with effect for the future.
Right to object
You may object at any time to the future processing of personal data in accordance with Art. 21 GDRP. An objection can be made in particular against processing for the purpose of direct advertising.
Cookies and right to object to direct advertising
“Cookies” are small files that are stored on the computers of users. Different information can be stored within the cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after their access to our website content. Temporary cookies, “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves a website content and closes their browser. Such a cookie is used, for example, to store the contents of a shopping basket in an online shop or a login status. “Permanent” or “persistent” cookies are cookies that remain stored even after the browser is closed. They can store the login status and retrieve it after several days upon the user’s next visit, for example. Likewise, such a cookie can be used to store the interests of users for reach measurement or marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the controller who operates the website content (cookies placed by the controller are referred to as “first-party cookies”).
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional restrictions of this website content.
The data processed by us will be erased or restricted in its processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be erased as soon as they are no longer required for their intended purpose and the erasure does not conflict with any statutory retention obligations. Should the data not be erased because they are required for other legally permissible purposes, their processing shall be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
In accordance with legal requirements in Germany, data shall be stored for 10 years in accordance with Art. 147 para. 1 of the German Tax Code (AO), Art. 257 para. 1 nos. 1 and 4, para. 4 of the German Commercial Code (HGB) (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with Art. 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).
According to legal requirements in Austria, data shall be stored for 7 years in accordance with Art. 132 para. 1 of the Austrian Federal Fiscal Code (BAO) (accounting records, vouchers/invoices, accounts, receipts, business papers, statement of income and expenditure, etc.), for 22 years in connection with real property and for 10 years for records in connection with electronically provided services, telecommunications, radio and television services provided to non-business customers in EU member states and for which the Mini-One-Stop-Shop (MOSS) apply.
Data protection information concerning the application procedure
We shall only process applicant data for the purpose of and within the scope of the application process in accordance with the legal requirements. Applicant data is processed to fulfil our (pre)contractual obligations within the scope of the application procedure in accordance with Art. 6 (1)(b) and (f) GDPR, insofar as we are required to process said data, e.g. within the scope of legal procedures (in Germany, Art. 26 of the German Federal Data Protection Act (BDSG) also applies).
The application procedure requires applicants to provide us with their application data. The necessary application data are marked on online forms; otherwise, they are indicated within the job description and basically include personal details, postal and contact addresses and the documents included in the application, such as cover letter, CV and certificates. Applicants can also voluntarily provide us with additional information.
Should special categories of personal data within the meaning of Art. 9 (1) GDRP be voluntarily disclosed during the application procedure, their processing shall additionally be carried out in accordance with Art. 9 (2)(b) GDRP (e.g. health data, such as severe disability or ethnic origin). Should special categories of personal data within the meaning of Art. 9 (1) GDRP be requested from applicants as part of the application process, their processing shall additionally be carried out in accordance with Art. 9 (2)(a) GDRP (e.g. health data if required for the exercise of the profession).
Where provided, applicants may submit their applications using an online form on our website. The data is transmitted to us encrypted using state-of-the art technologies.
Applicants can also send us their applications via e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must encrypt them themselves. We shall therefore not assume any responsibility for the transmission channel between sender and reception on our server, and therefore recommend using our online form or postal shipping. Applicants have the option of sending us their application by post instead if using the online form or an email.
In the event of a successful application, we may further process the data provided by applicants for the purposes of the employment relationship. Otherwise, if the application for a job offer is unsuccessful, the applicant’s data will be erased. Applicants’ data will also be erased if an application is withdrawn, which applicants are entitled to do at any time.
Subject to a justified revocation by the applicant, data is erased after six months so that we can answer any follow-up questions about the application and satisfy our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.
As part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of two years, provided that they give us their consent, within the meaning of Art. 6 (1)(b) and Art. 7 GDRP.
The application documents in the talent pool shall be processed solely within the framework of future vacancy notices and recruitment and shall be destroyed at the latest after the deadline. Applicants are informed that their consent to be included in the talent pool is solely voluntary, has no influence on the current application process and that they can withdraw this consent at any time for the future and object to processing within the meaning of Art. 21 GDRP.
When contacting us (e.g. via contact form, email, telephone or social media), the user’s details are processed for the purpose of handling and processing the contact request pursuant to Art. 6 (1)(b) GDRP. The user’s details may be stored in a customer relationship management system (“CRM system”) or a comparable enquiry organisation.
We shall erase requests if they are no longer necessary. We shall review whether they are necessary every two years. Legal archiving obligations apply.
Hosting and email dispatch
We use the hosting services to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services and technical maintenance services that we use for the purpose of operating this website content.
To do so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this website content on the basis of our legitimate interests in offering an efficient and secure website content pursuant to Art. 6 (1)(f) GDRP in conjunction with Art. 28 GDRP (conclusion of a processing agreement).
Collecting access data and log files
We, or our hosting provider, shall collect data on every access to the server on which this service is located (“server log files”) on the basis of our legitimate interests within the meaning of Art. 6 (1)(f) GDRP. Access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and requesting provider.
Log file information shall be stored for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum of 7 days before being erased. Data which must be retained longer for evidence purposes are exempt from erasure until the respective incident has been finally clarified.
Google Tag Manager
Google Tag Manager is a solution that allows us to manage “website tags” via an interface. This is used, for example, to integrate Google Analytics and other Google marketing services into our website content. The Tag Manager itself (which implements the tags) does not process any personal data of the users. For more information on the processing of users’ personal data, please refer to the following information on Google services. Terms of Service: https://www.google.com/intl/de/tagmanager/use-policy.html.
Google is certified under the Privacy Shield agreement and thus guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google uses this information on our behalf to evaluate your use of our website content, compile reports on website activity for website operators and provide other services relating to website activity and internet usage. The processed data can be used to create pseudonymous user profiles.
We only use Google Analytics with IP anonymisation activated. This means that within member states of the European Union or other states party to the European Economic Area Agreement, your IP address will be abbreviated. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
The IP address transmitted by your browser will not be associated with any other data held by Google. Users can prevent the storage of cookies by changing settings in their browser software accordingly; users can also prevent Google from gathering the data generated by the cookie concerning their use of the website content as well as from processing these data by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
The users’ personal data shall be erased or anonymised after 14 months.
Integration of third-party services and content
Our website content contains service offers or content from third-party providers in order to fulfil our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website content within the meaning of Art. 6 (1)(f) GDRP). This can be videos or fonts (hereinafter referred to as “contents”).
This always assumes that the third-party providers of these contents are aware of the IP address of the user, as they need the IP address to send the contents to the users’ browser. The IP address is thus required to display this content. We strive to only use content whose respective providers only use the IP address to deliver their contents. Third-party providers may also use “pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our website content. This information can also be linked to such information gathered from other sources.
As far as we are aware, OpenStreetMap only processes user data for the purposes of displaying map functions and temporarily storing the selected settings. This data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually within the framework of the settings of their mobile devices).
Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke