Privacy Policy

I. Name and address of the body responsible for processing

Responsible body in the sense of the data protection laws is:

BBF Sterilisationsservice GmbH
Willy-Rüsch-Str. 10/1
71394 Kernen-Rommelshausen

Phone: 07151 94570 -0

E-mail: bbf@sterixpert.de

Thank you very much for your interest in our company. The management of BBF Sterilisationsservice GmbH attaches particular importance to data protection.

The processing of personal data, such as the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to BBF Sterilisationsservice GmbH. By means of this privacy policy, our company wishes to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.

II. Use of the websites

A. Visiting the website

Nature and purpose of the processing:

When accessing our website, i.e. if you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like.

  • They are especially processed for the following purposes:
  • Ensuring a flawless connection to the website,
  • ensuring a smooth use of our website,
  • evaluation of the system security and stability as well as
  • further administrative purposes.

We do not use your data to draw conclusions about you as a person. Information of this kind is evaluated statistically by us if necessary, in order to optimise our website and the technology behind it.

Legal basis:

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

Recipients:

Recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website.

Duration of storage:

The data are deleted as soon as these are no longer required for the original collection purpose. That is generally the case for those data that are needed to provide the website whenever the respective session is ended.

Provision required or necessary:

The provision of the aforementioned personal data is neither required by law nor by contract. Without the IP address, however, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or restricted. For this reason, an objection is excluded.

B. Cookies

Nature and purpose of the processing:

Like many other websites, we also use so-called "cookies". Cookies are small text files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website.

These provide us with certain data such as IP address, browser used and operating system.

Cookies cannot be used to start programmes or transfer viruses to a computer. The information contained in cookies allows us to make navigation easier for you and to display our web pages correctly.

Under no circumstances will the data collected by us be passed on to third parties or linked to personal data without your consent.

Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via your browser’s settings. Please use the help function of your Internet browser to find out how to change these settings. Please note that individual functions of our website may not work, once you have deactivated the use of cookies.

Duration of storage and cookies used:

If you permit us to use cookies through your browser settings or consent, the following cookies may be used on our websites:

sterixpert[MW1], session-cookie

Insofar as these cookies may (also) concern personal data, we will inform you of this in the following sections.

You can delete individual cookies or the entire cookie stock via your browser settings. Furthermore, you will also receive information and instructions on how to delete these cookies or block their storage beforehand. Depending on the provider of your browser, you will find the necessary information under the following links:

C. Registering on our website

When registering for the use of our personalised services, some personal data is collected, such as name, address, contact and communication data such as telephone number and e-mail address. If you have registered with us, you can access content and services that we only offer to registered users. Logged-in users also have the option of changing or deleting the data provided during registration at any time. Of course, we will also provide you with information about the personal data we have stored about you at any time. We will also be glad to correct or delete them at your request, provided there are no legal obligations to retain them. To contact us regarding this, please use the contact details provided at the end of this privacy policy.

D. SSL encryption

In order to protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.

E. Newsletter

Nature and purpose of the processing:

Your data will only be used to send you the subscribed newsletter by e-mail. Your name is provided in order to address you personally in the newsletter and, if necessary, to identify you if you wish to exercise your rights as a data subject.

Your e-mail address is sufficient for receiving the newsletter. When you register to receive our newsletter, the data you provide will be used solely for this purpose. Subscribers may also be notified by e-mail of circumstances relevant to the service or the registration (e.g. newsletter changes or technical matters).

We need a valid e-mail address for an effective registration. In order to verify that a registration is actually carried out by the owner of an e-mail address, we use the "double opt-in" procedure. For this purpose, we log the newsletter order, the dispatch of a confirmation e-mail and the receipt of the reply requested. Further data are not collected. The data will be used exclusively for the newsletter transmission and will not be shared with third parties.

Legal basis:

Based on your expressly provided consent (Art. 6 para. 1 lit. a GDPR), we will regularly send you our newsletter or comparable information by e-mail to your specified e-mail address.

You can revoke your consent to the storage of your personal data and its use for newsletter transmission at any time with effect for the future. A corresponding link is included in each newsletter. Moreover, you can also unsubscribe directly on this website at any time or inform us of your revocation via the contact option given at the end of this data protection notice.

Recipients:

The recipients of the data may be order processors.

Duration of storage:

The data will only be processed in this context as long as the corresponding consent is available. They are deleted after that.

Provision required or necessary:

The provision of your personal data is voluntary, solely on the basis of your consent. Unfortunately, we cannot send you our newsletter without your consent.

F. Contact form

Nature and purpose of the processing:

The data you enter will be stored for the purpose of individual communication with you. For this purpose, it is necessary to provide a valid e-mail address and your name. This is used to assign the query and then answer it. The specification of further data is optional.

Legal basis:

The processing of the data entered in the contact form is carried out on the basis of a legitimate interest (Art. 6 para 1 lit f GDPR).

By providing the contact form, we would like to make it easy for you to contact us. The information you provide will be stored for the purpose of processing your enquiry and for possible follow-up questions.

If you contact us in order to request an offer, the data entered in the contact form will be processed for the purpose of implementing pre-contractual measures (Art. 6 para 1 lit b GDPR).

Recipients:

The recipients of the data may be order processors.

Duration of storage:

Data will be deleted at the latest 6 months after processing the enquiry.

If a contract results, we are subject to the legal retention periods according to HGB and delete your data after the expiration of these periods.

Provision required or necessary:

The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, e-mail address and the reason for the enquiry.

G. Deletion/ blocking data

We adhere to the principles of data avoidance and data economy. Hence we only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data will be routinely blocked or deleted in accordance with the statutory provisions.

H. Use of Google Analytics

Legal basis:

The data is processed on the basis of the user's consent (Art. 6 para 1 lit a GDPR).

IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address will be truncated by Google within member states of the European Union or other signatory states to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On behalf of this website’s operator, Google will use this information to evaluate your website use, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the website’ full functionality. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=en.

Objection to data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set to prevent your information from being collected on future visits to this website:
Deactivating Google Analytics.

For more information on how Google Analytics uses user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Order processing

We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Transmission to third countries:

Google processes your data in the USA and has submitted to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

Provision required or necessary:

The provision of your personal data is voluntary, solely on the basis of your consent. If you block this access, this may result in functional restrictions on the website.

Demographics at Google Analytics

This website uses the function "demographics" of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of the site visitors. This data comes from interest-related advertising by Google and from visitor data from third parties. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as described under "Objection to data collection".

Profiling:

With the help of the tracking tool Google Analytics the behaviour of the website visitors can be evaluated and the interests analysed. We create a pseudonymous user profile for this purpose.

I. Google AdWords

Nature and purpose of the processing:

Our website uses Google Conversion Tracking. The operating company of Google AdWords services is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you have reached our website via an advertisement placed by Google, Google Adwords places a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google.

If the user visits certain pages on our site and the cookie has not expired, we and Google can recognise that the user clicked on the ad and was directed to that page. Every Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that personally identifies users.

Legal basis:

The legal basis for the integration of Google AdWords and the associated data transfer to Google is your consent (Art. 6 para 1 lit a GDPR).

Recipients:

Every time you visit our website, personal data, including your IP address, is transferred to Google in the USA. These personal data are stored by Google. Google may share this personal information collected through the technical process with third parties.

Our company does not contain any information from Google that could be used to identify the individual concerned.

Duration of storage:

These cookies lose their validity after 30 days and are not used for personal identification.

Transmission to third countries:

Google processes your data in the USA and has submitted to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

Revocation of consent:

If you do not wish to participate in tracking, you can reject the setting of a cookie required for this - for example via browser settings that generally deactivate the automatic setting of cookies or set your browser so that cookies are blocked by the domain "googleleadservices.com".

Please note that you may not delete the opt-out cookies as long as you do not wish measurement data to be recorded. If you have deleted all your cookies in your browser, you must set the respective opt-out cookie again.

Provision required or necessary:

The provision of your personal data is voluntary, solely on the basis of your consent. If you block this access, this may result in functional restrictions on the website.

J. Google Maps

Nature and purpose of the processing:

We use the offer of Google Maps on this website. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.

For more information about data processing by Google, please refer to Google’s Privacy Policy. There you can also change your privacy settings in the data protection centre.

Detailed instructions on how to manage your own data related to Google products can be found here.

Legal basis:

The legal basis for the integration of Google Maps and the associated data transfer to Google is your consent (Art. 6 para 1 lit a GDPR).

Recipients:

When visiting our website, Google receives information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your information will be directly associated with your account.

If you don't want the assignment in your Google profile, you must log out of Google before activating the button. Google stores your data as user profiles and uses them for advertising, market research and / or needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

Duration of storage:

We do not collect any personal data through the integration of Google Maps.

Transmission to third countries:

Google processes your data in the USA and has submitted to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

Revocation of consent:

If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you will not be able to use our website, or only to a limited extent.

Provision required or necessary:

The provision of your personal data is voluntary, solely on the basis of your consent. If you block this access, this may result in functional restrictions on the website.

III. Enquiries by e-mail, phone or fax

If you contact us by e-mail, telephone or fax, your request including all personal data (name, request) will be stored and processed by us for the purpose of processing your enquiry. We do not share this data without your consent.

The data is processed on the basis of Art. 6 para 1 lit b GDPR, if your request is related to the execution of a contract or is necessary for the implementation of pre-contractual measures. In all other cases the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and / or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of enquiries addressed to us.

The data sent to us by you via contact requests will remain with us until you request the deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - shall remain unaffected.

IV. Data protection for customers

We process personal data such as address and contact data, information on conversations held, your requirements, offers and other information that we receive from you for the purposes of the pre-contractual offer phase or for order fulfilment or service provision. In the case of corporate customers, we also process information, in particular contact data, about our contact persons. For the purpose of processing payments, we may store and process data relating to your bank account or credit card information. If external partners are involved in the provision of services or fulfilment of orders, the information necessary for the provision of their services may be shared with them. For the processing of the information, auxiliary systems (IT environment, CRM/ERP systems, financial accounting) can be used to which service providers have access during maintenance. In these cases, we will agree on the necessary contracts for order processing.

The data is processed on the basis of Art. 6 para 1 lit b GDPR, if your request is related to the execution of a contract or is necessary for the implementation of pre-contractual measures.

V. Data protection for applications and in the application process

The data controller collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing may also be done electronically. This is especially the case where an applicant submits the relevant application documents to the controller by electronic means, for example by e-mail or via a web form on the website. If the data controller concludes an employment contract with an applicant, the transferred data shall be stored for the purpose of processing the employment relationship in accordance with the statutory provisions. If the controller does not conclude an employment contract with the candidate, the application file shall be automatically deleted six months after notification of the rejection, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interests in this context include, for example, the duty to provide evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG). The data is processed on the basis of Art. 6 para 1 lit b GDPR in conjunction with §26 BDSG-2018

VI. Data protection for suppliers

When selecting suppliers or service providers, we will store and process information about you. As part of the supplier review/evaluation, we can obtain and store further information on this from credit agencies, for example. For order processing purposes, we will process order-specific information in addition to your master data. In the case of company contacts, we also process information, in particular contact data, about our contact persons. For the processing of the information, auxiliary systems (IT environment, CRM/ERP systems, financial accounting) can be used to which service providers have access during maintenance. In these cases, we will agree on the necessary contracts for order processing. The data is processed on the basis of Art. 6 para 1 lit b GDPR, if your request is related to the execution of a contract or is necessary for the implementation of pre-contractual measures.

VII. General information

A. Legal basis for the processing

Art. 6 I lit. a GDPR serves as the legal basis for our company’s processing operations in which we obtain consent for a specific processing purpose. Where the processing of personal data is required for the fulfilment of a contract to which the data subject is a party, such as in the case of processing operations necessary for the supply of goods or for the rendering of any other service or consideration, the processing is based on Art. 6 I lit b GDPR. This also applies to such processing operations that are necessary for the implementation of pre-contractual measures, such as in connection with enquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit c GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our business was injured and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 I lit d GDPR. Finally, processing procedures could also be based on Art. 6 I lit f GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not outweigh these. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, it took the position that a legitimate interest could be assumed if the person concerned is a customer of the party responsible (recital 47 sentence 2 GDPR).

B. Legitimate interests in the processing pursued by the responsible party/controller or by a third party

If the processing of personal data is based on Article 6 I lit f GDPR, our legitimate interest is the conduct of our business for the benefit of all our employees and shareholders.

C. Purposes of data processing by the data controller and third parties

We process your personal data only for the purposes stated in this Privacy Policy. Your personal data are not transmitted to third parties for purposes other than those mentioned. We will only share your personal data with third parties if:

  • you have explicitly provided your consent for this,
  • the processing is necessary to complete a contract with you,
  • the processing is necessary to fulfil a legal obligation,
  • the processing is necessary to safeguard legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.

D. Transmission of data to third countries

In individual cases, such as the use of the web service in connection with Google services or newsletter services, personal data may be transferred to third countries. At the same time, we always ensure that appropriate guarantees are in place to protect your data. In individual cases, you can obtain relevant proof from our data protection officer.

E. Deletion/ blocking data

We adhere to the principles of data avoidance and data economy. Hence we only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data will be routinely blocked or deleted in accordance with statutory provisions.

F. Legal or contractual provisions governing the provision of personal data; necessity for the conclusion of the contract; obligations of the data subject to provide the personal data; possible consequences of not providing data

We would like to inform you that the provision of personal data is, in part, required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner). At times, it may become necessary in the context of contract conclusion for a person concerned to provide personal data which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide personal data would mean that the contract could not be concluded with the data subject. Before the data subject provides personal data, the data subject must contact one of our employees. Our employee informs the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what consequences the non-provision of the personal data would have.

G. Existence of an automated decision-making process

As a responsible company, we refrain from automatic decision-making or profiling.

H. Your rights as a data subject

You can exercise the following rights at any time using the contact details provided by our data protection officer:

  • Information about your data stored with us and their processing (Art. 15 GDPR),
  • correction of incorrect personal data (Art. 16 GDPR),
  • deletion of your data stored with us (Art. 17 GDPR),
  • restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
  • objection against the processing of your data by us (Art. 21 GDPR) and
  • data transferability, if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).

Should you have provided your consent to us, you can revoke it at any time with effect for the future.

You may at any time file a complaint with the supervisory authority responsible for you. Your responsible supervisory authority depends on the federal state of your residence, your work or the presumed violation. A list of supervisory authorities (for the non-public area) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

I. Changes to our Privacy Policy

We reserve the right to amend this Privacy Policy occasionally in order to reflect current legal requirements or in order to implement changes to our services in the Privacy Policy, such as when introducing new services. A new Privacy Policy will then apply to your next visit.

J. Questions to the data protection officer

If you have any questions about data protection, please send us an e-mail or contact our data protection officer directly:

Michael Weinmann, www.dsb-office.de, e-mail: michael.weinmann[at]dsb-office.de, phone: +49 173-763 29 62,