Privacy Policy

Data Protection

The following privacy policy applies to the use of the website [www.basi.eu] (hereinafter referred to as the “Website”). We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to provide you with the aforementioned portal. This policy describes how and for what purpose your data is collected and used, and what choices you have regarding your personal data. By using this website, you consent to the collection, use and transfer of your data in accordance with this privacy policy.

Data Controller

The data controller responsible for the collection, processing and use of your personal data within the meaning of the GDPR is [BASI GmbH, Konstantinstr. 387, 41238 Mönchengladbach] If you wish to object to the collection, processing or use of your data by us in accordance with this privacy policy, either in full or in relation to specific measures, you may direct your objection to the data controller named above. You may save and print this privacy policy at any time.

General use of the website

Access data

We collect information about you when you use this website. We automatically collect information about your usage behaviour and your interaction with us, and record data relating to your computer or mobile device. We collect, store and use data relating to every visit to our website (so-called server log files). Access data includes the name and URL of the file accessed, the date and time of access, the amount of data transferred, a notification of successful access (HTTP response code), browser type and version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider. We use this log data without linking it to your person or creating any other profiles for statistical analysis for the purposes of operating, securing and optimising our online service, but also to anonymously record the number of visitors to our website (traffic), as well as the extent and nature of the use of our website and services, and for billing purposes to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalised and location-based content, analyse data traffic, identify and rectify errors, and improve our services. We reserve the right to review log data retrospectively if there are specific grounds for a reasonable suspicion of unlawful use. We store IP addresses in log files for a limited period where this is necessary for security purposes or for the provision or billing of a service, e.g. when you use one of our services. Once the ordering process has been cancelled or payment has been received, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have specific grounds to suspect a criminal offence in connection with the use of our website. Furthermore, as part of your account, we store the date of your last visit (e.g. upon registration, login, clicking on links, etc.).

Email contact

If you contact us (e.g. via the contact form or by email), we will store your details so that we can process your enquiry and in case any follow-up questions arise. We will only store and use further personal data if you give your consent or if this is permitted by law without specific consent.

Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website is usually transmitted to and stored on a Google server in the USA. However, if IP anonymisation is activated on this website, your IP address will be truncated by Google beforehand within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. IP anonymisation is active on this website. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data held by Google. You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we would like to point out that, in this case, you may not be able to make full use of all the features of this website. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Legal basis and retention period

The legal basis for data processing as described in the preceding sections is Article 6(1)(f) of the GDPR. Our interests in data processing include, in particular, ensuring the operation and security of the website, analysing how visitors use the website, and simplifying the use of the website. Unless otherwise specified, we store personal data only for as long as is necessary to fulfil the purposes pursued and to maintain the business relationship.

Facebook

Our website uses features provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When you visit our pages containing Facebook plug-ins, a connection is established between your browser and Facebook’s servers. In doing so, data is already transferred to Facebook. If you have a Facebook account, this data may be linked to it. If you do not wish this data to be linked to your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or clicking a ‘Like’ or ‘Share’ button, are also passed on to Facebook. You can find out more at https://de-de.facebook.com/about/privacy.

Your rights as a data subject

Under applicable law, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by email or post, clearly identifying yourself, to the address given in section 1. Below is an overview of your rights.

Right to confirmation and access

You have the right at any time to receive confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to obtain from us, free of charge, information about the personal data stored about you, together with a copy of this data. Furthermore, you have the right to the following information:

  1. the purposes of the processing;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular where recipients are in third countries or are international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if that is not possible, the criteria used to determine that period;
  5. the existence of a right to rectification or erasure of personal data concerning you, or to restriction of processing by the controller, or a right to object to such processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from you, any available information as to their origin;
  8. the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards in accordance with Article 46 of the GDPR in relation to the transfer.

Right to rectification

You have the right to request that we rectify any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed – including by means of a supplementary statement.

Right to erasure (‘right to be forgotten’)

You have the right to request that we erase personal data concerning you without undue delay, and we are obliged to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
  4. The personal data has been processed unlawfully.
  5. The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which we are subject.
  6. The personal data was collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.

Where we have made the personal data public and are obliged to erase it under Article 17 of the GDPR, we shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers who are processing the personal data that you have requested them to delete all links to that personal data or copies or replicas of that personal data.

Right to restriction of processing

You have the right to request that we restrict processing if any of the following conditions apply:

  1. you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
  2. the processing is unlawful and you have objected to the erasure of the personal data and instead requested the restriction of the use of the personal data;
  3. we no longer need the personal data for the purposes of the processing, but you require the data to establish, exercise or defend legal claims; or
  4. you have objected to the processing pursuant to Article 21(1) of the GDPR, pending verification of whether our legitimate grounds override yours.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us, provided that

  1. the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and
  2. the processing is carried out by automated means.

When exercising your right to data portability in accordance with paragraph 1, you have the right to have the personal data transmitted directly by us to another controller, insofar as this is technically feasible.

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims. Where we process personal data for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing. You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

Automated decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.

Right to withdraw consent to data processing

You have the right to withdraw your consent to the processing of personal data at any time.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you is unlawful.

Data Security

We make every effort to ensure the security of your data in accordance with applicable data protection laws and within the limits of technical feasibility. Your personal data is transmitted in encrypted form. This applies to your orders as well as to the customer login. We use the SSL (Secure Socket Layer) encryption system; however, we would like to point out that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. It is not possible to provide complete protection of data against access by third parties. To safeguard your data, we maintain technical and organisational security measures, which we continually update to reflect the latest technological standards. Furthermore, we do not guarantee that our service will be available at specific times; disruptions, interruptions or outages cannot be ruled out. The servers we use are regularly and carefully backed up.

Automated decision-making

No automated decision-making based on the personal data collected takes place.

Disclosure of data to third parties; no transfer of data to non-EU countries

As a general rule, we only use your personal data within our organisation. Where we engage third parties in connection with the performance of contracts (such as logistics service providers), they will only receive personal data to the extent necessary for the provision of the relevant service. In the event that we outsource certain parts of data processing (‘data processing on behalf of the controller’), we contractually oblige data processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the data subject’s rights. No data transfer to entities or individuals outside the EU takes place, nor is any such transfer planned, except in the cases mentioned in section 2.3 of this statement.

Data Protection Officer

If you have any further questions or concerns regarding data protection, please contact our Data Protection Officer: Jeannette Lescher 
j.lescher@basi.eu