Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable personal data protection legislation, in particular the EU General Data Protection Regulation (GDPR) and our country-specific implementation laws. By means of this data protection declaration, we inform you comprehensively about the processing of your personal data by BARTEC Top Holding GmbH and the rights to which you are entitled.
Personal data is any information that makes it possible to identify a natural person. This includes, in particular, name, date of birth, address, telephone number, email address and IP address.
Anonymous data exists when no personal reference to the user can be made.
- Responsible body and data protection officer
- Your rights as data subject
- Right of objection
- Purposes and legal bases of data processing
- Transfer of personal data to third parties
- Data recipients / Categories of recipients
- Data transfer to third countries / Intention to transfer data to third countries
- Data retention period
- Secure data transfer
- Obligation to provide data
- Categories, sources and origin of data
- Contact form / Contact via email (Art. 6, para. 1, lit a, b, GDPR)
- Registration form for seminars (Art. 6, para. 1, lit. a, b, GDPR)
- Applicant portal (Art. 6, para. 1, lit a, b, GDPR)
- Automated decisions in individual cases
- Cookies (Art. 6, para. 1, lit. f, GDPR / Art. 6, para. 1, lit a, GDPR with consent)
- User profiles / Web tracking procedures
- Social plugins of social networks
- Social media links
- Information on data protection in social media
1. Responsible body and data protection officer
BARTEC Top Holding GmbH
D-97980 Bad Mergentheim
Point of Contact for Data Protection
2. Your rights as data subject
First of all, we would like to inform you about your rights as data subject. These rights are standardised in Art. 15 - 22 GDPR and include the following:
- Right of access (Art. 15 GDPR),
- Right to erasure ('right to be forgotten') (Art. 17 GDPR),
- Right to rectification (Art. 16 GDPR),
- Right to data portability (Art. 20 GDPR),
- Right to restriction of data processing (Art. 18 GDPR),
- Right to object to the processing of personal data (Art. 21 GDPR).
In order to exercise these rights, please contact: datenschutz(at)bartec.com. The same applies if you have any questions regarding data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.
3. Right of objection
When we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling insofar as it is related to direct advertising.
If you object to processing for direct advertising purposes, we will no longer process your personal data for such purposes. The objection is free of charge and can be made informally, where appropriate to: datenschutz(at)bartec.com.
Should we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your particular situation. This also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend any legal claims.
4. Purposes and legal bases of data processing
When processing your personal data, we comply with the provisions of the GDPR and all other applicable provisions of data protection regulations. Legal bases for data processing arise in particular from Art. 6, GDPR.
We use your data to initiate business, to fulfil contractual and legal obligations, to implement the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.
Your consent may also constitute a permission requirement under data protection law. In such a case, we will inform you about the purposes of the data processing and your right to withdraw your consent. If the consent also refers to the processing of special categories of personal data, we will explicitly notify you in the consent process.
The processing of any special categories of personal data within the meaning of Art. 9, para. 1, GDPR shall only be carried out where necessary on the grounds of legal regulations and if there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data.
5. Transfer of personal data to third parties
We shall only transmit your data to third parties within the framework of the statutory provisions or with the corresponding consent. Otherwise, we will not disclose your data to any third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies, such as supervisory authorities or law enforcement agencies).
6. Data recipients / Categories of recipients
Within our company, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data.
In many cases, service providers support our specialist departments to fulfil their tasks. The necessary data protection contract has been concluded with all service providers.
7. Data transfer to third countries / Intention to transfer data to third countries
Data are only transmitted to third countries (outside of the European Union or the European Economic Area) if this is necessary for the performance of the contractual relationship, if it is required by law or if you have given us your consent. In such a case, the appropriate level of data protection in the respective third country is ensured by appropriate measures according to Art. 44, et seq. GDPR (e.g. by using standard contractual clauses). You will be informed of the specific measures taken within the framework of the data transfer. At the current time, no data transfer is taking place.
8. Data retention period
We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This applies in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). If there are no further storage obligations, the data is routinely deleted after the purpose has been achieved.
We may also retain data if you have given us your permission to do so, or in the event of any legal disputes and we use the evidence within the statutory limitation period, which may be up to 30 years; the regular limitation period is three years.
9. Secure data transfer
We implement the appropriate technical and organisational security measures to ensure the optimal protection of the data stored by us against any accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards.
The data exchange to and from our website is always encrypted. We provide HTTPS as a transfer protocol for our website and always use the current encryption protocols in each individual case. In addition, we offer our users content encryption for contact forms, seminar registrations and applications. This data can only be decrypted by us. There is also the option of using alternative communication channels (e.g. postal service).
10. Obligation to provide data
A range of personal data is required in order to establish, implement and terminate the obligation and the fulfilment of the relevant contractual and legal obligations. The same applies to the use of our website and the various functions it provides.
We have summarised the relevant details in the above section. In some cases, legal regulations require data to be collected or made available. Please note that it will not be possible to process your request or execute the underlying contractual obligation without this information.
11. Categories, sources and origin of data
The data we process is defined by the relevant context: It depends on whether, for example, you place an order online, enter a request on our contact form or if you want to send us an application or submit a complaint.
Please note that we may also provide information separately in a suitable place for specific processing situations, e.g. when uploading application documents or submitting a contact enquiry.
We collect and process the following data when you visit our website:
- Name of the internet service provider
- Information on the website from which you visit us
- Web browser and operating system used
- The IP address by your allocated Internet service provider
- Files requested, volume of data transferred, downloads/file exports
- Information on websites accessed on our site, including date and time
For reasons of technical security (in particular to defend against any attempted attacks on our web server), this data is stored in accordance with Art. 6 (1) lit. F, GDPR. After 7 days at the latest, anonymisation takes place by shortening the IP address so that no reference is made to the user.
In the context of a contact request, we collect and process the following data:
As mandatory data
- Street, house number, zip code, city
- Telephone number
- Security query
As voluntary information
- Area of interest
- Additional information
When registering for a seminar by using the online form, the following data may be processed:
As mandatory data
- Street, house number, zip code, city
- Telephone number
- Security query
As voluntary information
- Number of participants, seminar number, name of the participant
- Name, first name, position and email address of other participants
- Fax number
- Area of interest
- Additional information
The following data is collected and processed when submitting online applications:
As mandatory data
- Title, first name, last name
- Email address
- Telephone number
- Curriculum vitae
- Password and password confirmation
As voluntary information
- Academic title
- Cover letter
- Additional information which you may provide as part of your application (e.g. references, certificates)
- We also use data that we have legitimately gained from publicly accessible directories (e.g. professional networks).
12. Contact form / Contact via email (Art. 6, para. 1, lit a, b, GDPR)
A contact form is available on our website which can be used to contact us electronically. If you write to us by using the contact form, we will process the data you submitted in the contact form in order to respond to your queries and requests.
Here, the principle of data economy and data avoidance is observed in that you only have to provide the data that we absolutely require from you in order to contact you. These are your name, your company, business data: postal address, email address, telephone number and the message field itself. In addition, your IP address is processed due to technical necessity and for legal protection. All other data are voluntary fields and can be provided optionally (e.g. in order to provide a more detailed response to any of your questions).
In order to protect the security and confidentiality of your data as best as possible, we implement appropriate security measures. Your enquiry is transmitted to us in encrypted form via https protocol.
If you contact us by email, we will process the personal data provided in the email solely for the purpose of processing your enquiry. If you do not use the available forms to contact us, no further data collection will take place.
13. Registration form for seminars (Art. 6, para. 1, lit. a, b, GDPR)
Our website contains a form that you can use to register for seminars. If you register via the form, we will process the data you provide in the form in order to get you registered for our seminars and to contact you, if necessary.
Here, the principle of data minimisation is observed. Thus, you only have to provide the data which we absolutely require for the registration, which are your name, your company, business data: postal address, email address, telephone number and a security query. In addition, your IP address is processed due to technical necessity and for legal protection. All other data are voluntary fields and can be provided optionally (e.g. in order to process your registration in a more individual manner).
14. Applicant portal (Art. 6, para. 1, lit a, b, GDPR)
Thank you for your interest in being employed with BARTEC GmbH. We are aware of the importance of your data and process the personal data you provide as part of the application form only for the purpose of effective and correct processing of the application procedure and in order to contact you as part of the application process. No data will be passed on to any third parties without your consent.
You will be asked to provide personal data as part of the application form. In doing so, we observe the principle of data economy and data avoidance by only requiring you to provide us with the data that we require in order to fully review your application documents, such as your CV, or which we are legally obliged to collect. The mandatory fields are marked with an *(asterisk). Your IP address will also be processed for technical reasons and for legal protection.
Unfortunately, we are not able to review your application documents without this data due to the fact that our application system will not allow you to upload your application documents in this case. You also have the option of providing voluntary information in the application form.
Of course, failure to provide any voluntary information will not result in less favourable treatment in the application process.
In order to protect the security and confidentiality of your data in the best possible way, we implement appropriate security measures. Your application documents are transmitted to us in encrypted form by our application system.
We store your data for the above purpose until the application process has been completed and the relevant deadlines have expired, which will be no later than six months after receipt of a decision. However, you may allow us to store your application documents for a longer period of time to review them for other vacancies which may also match your profile.
In order to do this, we need your consent, which you can give us by clicking the checkbox before uploading your application documents. In this case, we will store your data for a period of 12 months. Of course, you may revoke your consent at any time without giving any reasons with effect for the future by sending an email to datenschutz(at)bartec.com by mail to BARTEC GmbH, Max-Eyth-Str. 16, 97980 Bad Mergentheim.
Within the scope of the applicant portal, we are supported by the service provider softgarden e-recruiting GmbH (softgarden). The contract required by data protection law has been concluded with softgarden. The data protection information of softgarden can be found under the following link: softgarden.com/en/privacy-website/.
15. Automated decisions in individual cases
We do not use any purely automated processing in order to make any decisions.
16. Cookies (Art. 6, para. 1, lit. f, GDPR / Art. 6, para. 1, lit a, GDPR with consent)
Provided that you have given your consent, additional cookies shall be used, by means of which we or third parties are enabled, for example, to evaluate how our services are used. The cookies shall also enable us to measure the effectiveness of a particular advertisement and to have it placed, for example, depending on the thematic interests of the user. The decisive legal basis for this is your express consent (Art. 6, para. 1, pg.1, lit. a, GDPR, § 25, para. 1, TTDSG [German Telecommunications and Telemedia Data Protection Act].
Your consent may be revoked at any time via our Consent banner with effect for the future, or the cookie settings may be changed. In this context, changes must be made separately for each end device.
17. User profiles / Web tracking procedures
Our website uses the Open Source web analysis service Matomo Analytics in order to regularly analyse and improve the use of our website. The statistics obtained enable us to improve our product range and develop it in a more interesting way for you as the user. The legal basis for the use of Matomo is our legitimate interest, Art. 6, para 1, pg. 1, lit. f), GDPR.
The basis for measurements and analysis by Matomo Analytics are provided by the connection data (IP address, referrer, etc.), which arise in any case whenever a webpage is accessed. In this respect, an evaluation takes place at the level of server log files. These data are processed exclusively by the responsible party itself and are not made available or otherwise accessible to any third parties, including Matomo.
The data is stored for a period of 420 days.
We store the information that is collected in this way exclusively on our own servers in Germany.
This website uses Matomo with the extension “AnonymizeIP”. In this way, IP addresses are processed in abbreviated form, and therefore, no direct reference to any individual persons is possible. The IP address transmitted by your browser via Matomo is not merged with any other data that is collected by us.
In addition, the Analytics tracking cookie is deactivated, so that no cookies are used.
Furthermore, visitor logging and profiling are deactivated. Insofar as geolocation takes place within the framework of the use of Matomo, this is carried out exclusively on the basis of traffic and connection data which arise in any case. No localisation or delimitation beyond the server log data occurs.
Insofar as you exercise your right to object, a cookie, i.e. a small text file, is placed on your end device. The legal basis for setting the cookie that is absolutely required for the objection is our legitimate interest in an effective configuration of the objection option, Art. 6, para 1, pg. 1, lit. f), GDPR and § 25, para. 2, no. 1, TTDSG [German Telecommunications and Telemedia Data Protection Act]. The objection cookie is stored for a period of 400 days. Please note, that the objection must be exercised separately for each end device.
Our website uses the pixel-counting technology of WiredMinds GmbH (www.wiredminds.de) in order to analyse the visitor behaviour. WiredMinds is the company WiredMinds GmbH, Lindenspürstraße 32, 70176 Stuttgart, Germany. The legal basis for the collection and processing of data is our legitimate interest in analysing visits by companies to our website, Art. 6, para. 1 lit. f) GDPR.
For this purpose, the collected data is passed on to WiredMinds, with whom we have concluded the necessary contract under the data protection law.
In this process, data is collected, processed and stored, from which usage profiles are created under a pseudonym. Where possible and reasonable, these usage profiles are completely anonymised. If you do not agree to this, you can object at any time at [please specify your email address].
YouTube / Vimeo (Embeds)
Among other things, we use so-called embeddings or embeds of content in online offers on our website. These embeds may be from video platforms, such as YouTube or Vimeo. A classic embed is, for example, a video on the YouTube platform. Thereby, a data transfer to the server of the corresponding platform always takes place. These processing operations are carried out on the basis of your consent, which you may revoke at any time under Section 16 “Cookies”. The embedding on YouTube is done by using the technical procedure known as framing. Framing involves the simple insertion of an HTML link provided by YouTube into the code of a website in order to create a playback frame on the third-party site, thus enabling the video stored on YouTube servers to be played. We use the framing codes which are generated by YouTube in the so-called “extended data protection mode”. According to the information provided by the YouTube platform, the cookie activity and the resulting data collection are only linked to the use of the playback function of the video itself. The collection of data through the mere use of the website with framed content is prevented against this background. In order to protect your data, we use a so-called two-click solution. All YouTube content is deactivated by default and is only loaded and displayed by the YouTube servers after you click on the “Activate content” button. With this click, you provide your consent that your IP address is transmitted to YouTube and that the provider is permitted to set cookies in your browser. For your convenience, we remember your consent for 30 days via a so-called local storage object which we save in your browser.
18. Social plugins of social networks
No social plugins are used on our website.
19. Social media links
On our website you will find links to the social media services of YouTube and LinkedIn. The links to the individual websites of the social media services may be recognised by the respective company logo. If you follow these links, you will reach BARTEC's corporate presence on the respective social media service. When you click on a link to a social media service, a connection to the servers of the social media service will be established. This shall communicate to the servers of the social media service that you have visited our website. In addition, further data will be transmitted to the provider of the social media service. These are for example the following:
- Address of the website where the activated link is located
- Date and time when the website was accessed or when the link was activated
- Information about the browser and the operating system used
- IP address
If you are already logged in to the corresponding social media service at the time the link is activated, the provider of the social media service may be able to determine your user name and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media service. You may exclude this possibility of allocation to your personal user account if you log out of your user account beforehand.
The servers of the social media services are located in the U.S.A. and other countries outside of the European Union. The data may therefore also be processed by the provider of the social media service in countries outside of the European Union. Please note that companies in these countries are subject to data protection laws which generally do not protect personal data to the same extent as they do in the Member States of the European Union.
20. Information on data protection in social media
BARTEC Top Holding GmbH maintains appearances in the “social media”. Insofar as we have control over the processing of your data, we ensure that the applicable data protection regulations are complied with.
In the following, you will find the most important information on data protection law with regard to our appearances.
Name and address of the person responsible for the business operations
In addition to BARTEC Top Holding GmbH, the following persons are responsible for the company appearances within the meaning of the EU General Data Protection Regulation (GDPR) and other data protection regulations
(Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland)
(LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
However, you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing and rating).
We would also like to point out that your data may be processed outside of the European Union.
Purpose and legal basis
We maintain the fan pages ourselves in order to communicate with the visitors of these pages and thereby inform them about our offers.
In addition, we also collect data for statistical purposes in order to be able to further develop and optimise the content and to make our offer more attractive. The data required for this purpose (e.g. total number of page views, page activities and data provided by visitors, interactions) are processed and made available by the social networks. We have no influence on the generation and presentation.
Your personal data is also processed by the social media providers for market research and advertising purposes. In this way it is possible, for example, that usage profiles are created based on your usage behaviour and the resulting interests. Among other things, this allows that advertisements may be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected from your end devices may also be stored in your usage profiles. The storage and analysis also takes place across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.
We also do not collect or process any other personal data.
The processing of your personal data by BARTEC Top Holding GmbH is based on our legitimate interests in effective information and communication pursuant to Art. 6, para. 1 sentence 1, lit. f. GDPR.
If you are asked for consent to data processing, i.e. if you declare your consent by confirming a button or similar (opt-in), the legal basis of the processing is Art. 6, para. 1, sentence 1 lit. a., Art. 7, GDPR.
Your rights / opt-out option
If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you must do the following:
- Log out of the respective network before visiting our fan page,
- delete the cookies on your device and
- close and restart your browser.
However, after logging in again, you will be recognisable to the network again as a specific user.