Berentzen Group Data Protection Policy

Data Protection Policy

Data Protection Statement in accordance with the EU General Data Protection Regulation (GDPR)

 

(Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC in the Official Journal of the European Union, OJEU L 119/1; effective date: 25 May 2018).

 

on the website www.berentzen-gruppe.de

 

At Berentzen-Gruppe AG in Haselünne we are very serious about protecting your personal data. We treat your personal data confidentially in conformity with statutory data protection regulations under German and European laws (in particular, the General Data Protection Regulation/GDPR and the German Telemedia Act/TMG)and the following Statement.

 

This Data Protection Statement relates to our website alone. If you are forwarded to other websites via links on our website, please seek information from those other websites about how they handle and process your data.

 

The legal basis for data processing, including on websites, is essentially the following provisions and legal regulations:

  • Your consent (Art. 6 para. 1 lit. a GDPR)
  • Fulfilment of agreements or other legal relationships (Art. 6 para. 1 lit. b GDPR)
  • Protection of legitimate interests / balancing of interests (Art. 6 para. 1 lit. f GDPR)

 

Based on the principles of data avoidance and data economy, we process personal data only as long as this is necessary within the meaning of the Statement below or prescribed by legislators (statutory storage period). If the purpose or right to process the collected personal data no longer exists or if the permitted storage period expires, we will lock or erase the data; that is, unless their further processing — with a time limit — is required, particularly for the following purposes:

  • Fulfilment of retention periods under commercial and tax laws, in particular pursuant to the German Commercial Code (HGB) and the German Tax Code (AO). The periods prescribed therein for retention or documentation run from two to at most ten years.
  • Preservation of evidence in the context of statutes of limitations. According to Secs. 195 et seq. of the German Civil Code (BGB), these limitation periods can run as long as 30 years, although the regular limitation period is three years.
  • Warranty or guarantee claims made by you.


To allow for a data lock at any time, it is necessary to keep the data in a lock file for control purposes. If there is no statutory duty to archive, you can also demand the erasure of such data. If a statutory duty to archive exists, we will lock these data if you wish. If providing personal data is mandated by law or contract, or is necessary for conclusion of a contract, we refer to the adverse consequences for not providing them.


In particular, the following terms used in this agreement are defined according to Art. 4 GDPR as follows:

  • Personal data: any information relating to an identified or identifiable natural person (hereinafter referred to as a "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Data subject: any identified or identifiable natural person whose personal data are processed by the controller responsible for the processing.
  • Processing: any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

For further definitions, please refer to Art. 4 GDPR (https://dejure.org/gesetze/DSGVO).

 

1. Name and contact data of the controller responsible for the processing and of the internal Data Protection Officer

 

This Data Protection Statement is valid for data processing by the responsible operator of this website: Berentzen-Gruppe Aktiengesellschaft, Ritterstraße 7, 49740 Haselünne, Germany (hereinafter: Berentzen), e-mail: berentzen@berentzen.de, phone: +49 (0)5961-502-0, fax: +49 (0)5961/502-268.

 

Berentzen's internal Data Protection Officer can be reached as follows:

 

Sebastian Feldmann, Prico GmbH
Unterer Markt 1, 49477 Ibbenbüren
Phone: +49 (0) 5451 562 213 1
Mail: datenschutz@berentzen.de

 

2. Collection and storage of personal data, nature and purpose of use 

 

a. Call-up of the website (server log files) 
When this website www.berentzen-gruppe.de is called up, information is automatically sent by the browser used on your terminal device to the server of this website. This information is stored temporarily in a log file. The following information is recorded without your doing anything and is stored until it is automatically deleted:

  • IP address of the querying computer (hostname)
  • access date and time
  • name and URL of the file called up
  • website from which the access originates (referrer URL)
  • browser used and operating system of your computer, if applicable
  • name of your access provider


It is not possible to deduce your identity from this automatically generated information. The aforementioned data are processed for the following purposes:

  • Ensuring a smooth establishment of connection with the website
  • Ensuring a comfortable use of our website
  • Analysis of system security and stability
  • Other administrative purposes.

 

The legal basis for this data processing is provided by Art. 6 para. 1 sentence 1 lit. f of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as: GDPR). Our legitimate interest follows from the data collection purposes listed above. In no case will we use the collected data for the purpose of drawing conclusions as to your identity.

 

In addition, we use cookies as well as analysis services when you visit our website. More detailed explanations about this are provided to you under sections 4 and 5 of this Data Protection Statement. 

 

b. Age verification 
There is no age verification on this website, and consequently in this respect no specific personal data are processed by us and no cookies, etc., are placed. 

 

c. Contacting us by mail or by e-mail as well as via contact form.
You can contact us by mail as well as by e-mail via info@berentzen.de and ir@berentzen.de (see contact details imprint). In this case, we will process the data that you provide to us when contacting us; in addition to the purely technical data (see 2.a. above), this may include in particular plain names (first name/last name), user names, addresses (street, house number, postal code, city), telephone numbers or e-mail addresses.
We also offer you the opportunity to contact us via a form on this website (including message field). In doing so, the following data will be collected from you and processed by us: Salutation, first name, last name, e-mail address. Additional information may be provided voluntarily, in particular within the message written by you via the message field.
We process your personal data received via the aforementioned contact for the purpose of proper feedback to you and further correspondence with you, if any.
The aforementioned data processing is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO on the basis of your voluntarily given consent. This consent can be revoked by you at any time (e.g. by e-mail to info@berentzen.de ), unless we have a legitimate interest in further processing pursuant to Art. 6 (1) p. 1 lit. f DSGVO or there is a legal obligation to do so (e.g. for storage, documentation, contractual obligations).

 

d. Registration for Investor Relations e-mail distribution list
You have the option of registering on our website to receive news (financial and investor relations news) via our investor relations e-mail distribution list by providing personal data. The relevant personal data transmitted to us via the input mask are: Salutation, title if applicable, language, capital market affiliation (buy-side, sell-side, etc.), e-mail address.
The purpose of this registration with your personal data is to send you our latest financial and investor relations news directly and personally as soon as it is published.
The aforementioned data processing is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO on the basis of your voluntarily given consent. This consent can be revoked by you at any time, unless we have a legitimate interest in further processing pursuant to Art. 6 (1) sentence 1 lit. f DSGVO.

 

e. Online applicants
On our website, we make it possible for you to submit an application to us by e-mail; you can do so under jobs@berentzen.de, or for training under ausbildung@berentzen.de

 

We also offer you the possibility to contact us for application purposes using a separate contact form. The following data are to be provided in this case:

  • Sex
  • Last name, first name
  • Street address, postal code, city
  • Phone number
  • E-mail address

so that we can know who is making the inquiry and what position it is regarding, and so that we can answer you. We also ask for your first and last name and your telephone number. Additional data can be provided voluntarily, especially in the messages that you write via the contact forms. 

 

We process the data that you send us in connection with your application (incl. the e-mail address you used to send it), in order to examine your suitability for the position (or perhaps other open positions at our company) and to carry out the application procedure. 

 

The legal basis for processing your personal data in this application procedure is mainly Section 26 of the German Federal Data Protection Act (BDSG) as amended as of 25 May 2018. According to it, it is permissible to process data required in connection with the decision on establishing an employment relationship. 

 

If it is the case that, after the conclusion of the application procedure, the data are required in the prosecution of a claim, data processing can occur on the basis of the requirements of Art. 6 GDPR, particularly to protect legitimate interests under Art. 6 para. 1 lit. f) GDPR. Our interest in that case consists in the assertion or defense of claims. 

 

If an application is denied, the applicant's data will be erased after a reasonable time. 

 

In the event that you have consented to continued storage of your personal data, we will place your data into our applicant pool. The data therein will be erased after expiration of a reasonable time, unless a legitimate interest in the data continues to exist (e.g., in the event the applicant was hired). 

 

If, in the application procedure, you were accepted for a position, the data will be transferred from the applicant data system into our personnel information system. 

 

Your applicant data will be screened by the human resources department after your application is received. Suitable applications will then be forwarded internally to the persons responsible for the open position in the department. Then the further steps will be agreed upon. Within the company, generally only those persons who need your data for the regular process of our application procedure will have access to them. 

 

f. Google Search Console

The SEO tool Google Search Console is used for this website for optimization purposes. Personal data is not collected, stored or processed in any other way. Cookies are not set, tracking does not take place. You can find more information about the Google Search Console here: https://search.google.com/search-console/about?hl=de 
 

 

3. Sharing of data 

 

Any transfer of your data to third parties will take place only for the purposes listed below. 

 

We share your personal data with third parties only

  • if you have given your explicit consent to this under Art. 6 para. 1 sentence 1 lit. a GDPR
  • if the sharing is required under Art. 6 para. 1 sentence 1 lit. f GDPR for the assertion, exercise or defense of legal rights and there is no reason to assume that you have an overriding interest worthy of protection in your data not being shared
  • if a legal obligation to share the data exists under Art. 6 para. 1 sentence 1 lit. c GDPR
  • if this is legally permitted and is required under Art. 6 para. 1 sentence 1 lit. b GDPR for the performance of a contractual relationship with you
  • on the basis of a processing agreement entered into by us with a processor according to Art. 28 GDPR


If we should form the intention to use the personal data for a purpose other than those mentioned above, prior to this further processing we will make available to you information about this other purpose and all other relevant information according to Art. 13 para. 2 GDPR.

4. Cookies

 

5. Tracking tools


The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO.

With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our website offering for you.
These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

 

a) Matomo
Description and purpose

This website uses Matomo (formerly Piwik), an open source software for statistical analysis of visitor access. The provider of Matomo is InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand.
Matomo uses cookies that are stored on your computer, which allow an anonymous analysis of your website usage. As a rule, it is not possible to draw conclusions about a specific person, as your IP address is anonymized immediately after processing and before storage.
We use Matomo to improve the quality of our website and its content. By learning how our website is used, we can continuously optimize our website offering.
The following data is stored when individual pages of our website are called up:

 

  1. two bytes of the IP address of the user's calling system
  2. the web page called up
  3. the website from which the user accessed the website (referrer url)
  4. subpages that are called from the called web page
  5. dwell time on the web page
  6. frequency of calling the web page.

 

The software runs exclusively on the servers of our website or our website support, a storage of the personal data of the users takes place exclusively there. The user's IP address is not stored in full, but is shortened by masking only 2 bytes of the IP address. An assignment of the IP address shortened in this way to the end device of the user is then not possible.
The processing of the user's personal data enables the analysis of usage behavior on our website.


Legal basis
The legal basis of this processing of your personal data is Art. 6 para. 1 lit. f) DSGVO.


Data recipient, data transfer and data transmission to third countries
The recipient of your anonymized data is the website operator and website support. A data transfer to a third country does not take place. There is also no other transfer of data to third parties. 


Duration and scope of data storage
The data will be deleted as soon as the data is no longer required to achieve the purpose for which it was collected and processed. Likewise, the data will be deleted if you assert your right to data deletion pursuant to Art. 17 (1) DSGVO.
For further data subject rights, see below in this privacy policy.
There is no contractual or legal obligation for the provision of the data.

Further information on the processing of your personal data by Matomo can be found here: https://matomo.org/privacy-policy/ 

 

6. Social media plug-ins

 

Plug-ins, by which you might be directly linked to our website, or conversely this website might be directly linked to a social media account of yours, and by which a certain usage behaviour of yours might become detectable, are not used on this website.

 

7. Rights of data subjects

 

You have the right, free of charge,

  • under Art. 15 GDPR, to demand information about your personal data that we process. In particular, you can demand information about the purposes of processing, the category of personal data, the categories of recipients to whom your personal data were or are disclosed, the planned duration of storage, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to complain, the source of your data if not collected by us, and about the existence of automated decision-making including profiling and meaningful information about its details, if any;
  • under Art. 16 GDPR, to demand the rectification of inaccurate data or the completion of your personal data stored with us without undue delay;
  • under Art. 17 GDPR, to demand the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to a free expression of opinion and to information, to fulfil a legal obligation, for reasons of the public interest, or to assert, exercise or defend against legal claims; the same applies in the event of a restriction of processing;
  • under Art. 18 GDPR, to demand restriction of the processing of your personal data, if the correctness of the data is disputed by you, processing is unlawful but you refuse to have them erased, and we no longer need the data, but you need them to assert, exercise or defend against legal claims, or you have lodged a protest against processing under Art. 21 GDPR;
  • under Art. 20 GDPR, to demand to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, or to have those data transmitted to another controller;
  • under Art. 7 para. 3 GDPR, to withdraw your previously given consent from us at any time. This will have the consequence that we will no longer be permitted in future to continue the data processing that was based on this consent;
  • not to be subjected to a decision based solely on automated processing — including profiling — that has legal effect in relation to you or significantly harms you in a similar manner, insofar as the decision (1) is not required for the conclusion or performance of a contract between the data subject and the controller, or (2) is not permissible based on legal regulations of the European Union or of the Member States to which the controller is subject and these legal regulations contain appropriate measures to protect the rights and freedoms and the legitimate interests of the data subject or (3) is not made with the express consent of the data subject. If the decision (1) is required for the conclusion or performance of a contract between the data subject and the controller or (2) if it occurs with the express consent of the data subject, the Berentzen-Gruppe Aktiengesellschaft will take reasonable measures to protect the rights and freedoms and legitimate interests of the data subject, which shall include at a minimum the right to force a person to act on behalf of the controller, the right to explain one's own standpoint, and the right to challenge the decision. If the data subject would like to assert rights with respect to automated decisions, he/she can at any time contact an employee of the controller responsible for the processing and
  • object to a supervisory authority in accordance with Art. 77 GDPR. For this purpose, you can usually turn to the supervisory authority of your customary place of residence or employment or of the registered office of our firm. The contact details of the data protection supervisory authority for Berentzen-Gruppe Aktiengesellschaft are:

 

Die Landesbeauftragte für den Datenschutz Niedersachsen

Prinzenstraße 5

30159 Hannover 

Telefon: +49 (0) 511 / 120 4500 

Telefax: +49 (0) 511 / 120 4599

E-Mail-Adresse: poststelle@lfd.niedersachsen.de


To assert the rights of a data subject, please send an e-mail to datenschutz@berentzen.de

 

8. Right of Objection/Withdrawal 

 

Insofar as your personal data are processed on the basis of legitimate interests under Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right under Art. 21 GDPR to lodge an objection to the processing of your personal data or to withdraw any consent to the processing, to the extent that there are reasons for it resulting from your particular situation or that the objection/withdrawal is directed against direct advertising. In the latter case, you have a general right of objection/withdrawal that will be put into effect by us without your indicating any particular situation.

 

If you would like to make use of your right of objection/withdrawal, an e-mail sent to datenschutz@berentzen.de will suffice.

 

9. Data protection

 

Within the website visit, we use the prevalent SSL method (Secure Sockets Layer) in combination with the highest encryption level that your browser supports. Generally, this is 256-bit encryption. You can tell whether a specific page on our website is transmitted in encrypted form by the locked image of the key or lock symbol in the lower status bar of your browser.

 

In addition, we use suitable technical and organisational security measures to protect your data against random or deliberate manipulation, partial or total loss, destruction or unauthorised access by third parties. Our security measures are continually enhanced in step with technological developments.

 

10. Up-to-dateness and amendment of this Data Protection Statement

 

This Data Protection Statement is currently valid and is updated as of 25 May 2018 (effective date of the GDPR).

 

On account of the further development of our website and offerings made via the website, or due to changes to legal or regulatory requirements, it may become necessary to amend this Data Protection Statement.