Data protection


Privacy policy according to Art. 13 of the General Data Protection Regulation (GDPR)

 

1.    Introduction

This website is provided by BEHR AG. In the following, we would like to inform you according to Article 13 of the GDPR about the processing of your personal data when you access and use our website.

 

2.    Controller

The name and contact information of the controller can be found in our legal notice.

 

3.    Data Protection Officer

You can contact our Data Protection Officer in writing by post, by adding “Datenschutzbeauftragter” under the address in the legal notice, or by email at datenschutz@behr-ag.com. 

 

4.    Processing of personal data

4.1.  General overview of processing activities

 

We offer a variety of services on our website, which are listed below:

•  Videos

We use the service provider YouTube to display videos about our products.

•  Range measurement and videos

We use the service Google Analytics to analyse your surfing behaviour and to optimise our website.

•  Use of social media links

 

 

4.2.  Operating the website

4.2.1.   Nature and scope of processing of personal data

The following information, which your browser automatically transmits to us, will be processed when you visit our website:

•  Browser type/version

•  Operating system used

•  Name of previously visited website

•  IP address / hostname of your computer

•  Date and time of the server request

 

4.2.2.   Purposes and legal basis for processing personal data

Your personal data is processed by the controller for the following purposes in accordance with the following legal bases:

•  Enabling the use of the website (legitimate interest: presenting the service portfolio of the controller and enabling customers and interested parties to easily contact the controller)

•  Ensuring that the website works properly (complying with legal obligations, i.e. security of processing according to point (f) of Art. 6 (1) GDPR, e.g. to safeguard against and investigate cyber-attacks)

 

 

4.2.3.   Recipients or categories of recipients

Our website is hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany. Personal data is passed on if this is required to safeguard against criminal offences and/or if we are otherwise obligated to do so.

 

4.2.4.   Duration of storage

The personal data is automatically erased 4 weeks after the end of the connection unless this conflicts with legal storage periods.

 

4.2.5.   Right to erasure, object and rectification

It is essential for the operation of the website to collect data for the provision of the website and to store data in log files. Therefore, the user has no option to have data erased or rectified or to object.

 

4.3.  Use of cookies

4.3.1.   Nature and scope of processing of personal data

Our website uses cookies in order to offer you a user-friendly and functional online service and to verify that you are authorised to use the range of services. Cookies are text files that contain information in order to identify returning visitors exclusively for the duration of the visit on the website. Cookies are stored on your computer’s hard drive and do not cause any damage.

The website’s cookies contain personal data. Cookies save you from entering data multiple times, facilitate the transmission of specific content and help us to identify the particularly popular areas of our website. This allows us to continuously improve the structure and content of our website.

The following cookies are stored on your end device:

 

 

 

 

 

 

 

 

Types

Name

Function / purpose

Storage duration

Permanent cookie

_ga

Registers a unique ID that is used to generate statistics on e.g. how you use the website.

2 years

Session cookie

_gat

Used by Google Analytics to throttle the request rate.

10 minutes

Session cookie

_gid

Registers a unique ID that is used to generate statistics on e.g. how you use the website.

1 day

Session cookie

PHBSESSID

This session cookie is used to recognise your device.

1 year

 

Cookieconsent_

This cookie is used to obtain your consent with regard to cookies and to store it on your device.

1 year

 

4.3.2.   Purposes and legal basis for processing personal data

The legal basis for processing personal data using cookies that are technically necessary is point (f) of Art. 6 (1) GDPR (legitimate interest: analysing your surfing behaviour to improve our website).

The legal basis for processing your personal data using cookies for analysis purposes is your consent according to point (a) of Art. 6 (1) GDPR.

 

4.3.3.   Duration of storage, option to object and for rectification

Cookies are stored on your computer, which then transmits them to our website. Therefore, you as the user have full control over the use of cookies. You can change your internet browser settings to disable or limit the transmission of cookies. Cookies that have already been stored can be erased at any time. This can also be done automatically. If cookies are disabled for our website, you may not be able to use all functions in their entirety.

 

4.4 Use of Cookie Consent

We have integrated the tool Cookie Consent from the provider Silktide on our website.

 

4.4.1.   Nature and scope of processing of personal data

In order to comply with legal requirements, we have decided to obtain your consent to use cookies and/or tracking technologies by means of the tool Cookie Consent. Following your decision, a cookie will be stored on your end device for one year and the cookie notice will no longer appear when you access the website. According to the producer, your IP address will be transmitted to check whether displaying the legal notice is even relevant.

 

4.4.2.   Purposes and legal basis for processing

When accessing the website, the cookie stores your decision on whether or not you have agreed to range measurement and the use of cookies. The cookie is then stored on your computer so that you do not have to repeat the queries every time you access the website. The legal basis is point (f) of Art. 6 (1) GDPR. Our legitimate interest is implementing legal requirements and designing an attractive website.

 

4.4.3.   Transmission of your data to a recipient

When you visit the website, you access the services of the company Silktide Ltd, Brunel Parkway, Pride park, Derby, DE24 8HR, UK.

 

4.4.4.   Right to erasure, object and rectification

You can disable Cookie Consent by using tools such as Ghostery, or preventing cookies from being placed on your browser. However, this may result in you no longer being able to access all services on the website.

 

4.4.5.   Other information

More information on Cookie Consent can be found at https://cookieconsent.insites.com.

 

4.5.  Range measurement with Google Analytics

4.5.1.   Nature and scope of processing of personal data

We use the component Google Analytics on this website (with the anonymization function). Google Analytics is a web analytics service. Web analytics is the collection and evaluation of data about the behaviour of visitors on websites. The tasks of a web analytics service include collecting data about the website that you came from, the subpages of the website you access or how often and the time that you view a subpage.

We use the “_gat._anonymizeIp” function for web analysis by Google Analytics. This function means that Google will shorten and anonymise the IP address of your device if our website is accessed from a member state of the European Union or from another party to the Agreement of the European Economic Area.

 

4.5.2.   Purposes and legal basis for processing

Processing your personal data allows us to analyse your surfing behaviour. By analysing the data, we can compile information about the use of the individual components of our website. This helps us to make continuous improvements to our website and its user-friendliness. Before activating Google Analytics, we will obtain your consent according to point (a) of Art. 6 (1) GDPR. Anonymising the IP address is enough to protect personal data.

 

4.5.3.   Recipients or categories of recipients

The operating company of the Google Analytics components is Google Ireland Limited (register number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland.

 

4.5.4.   Storage duration and criteria to determine the storage duration

Data is erased once it is no longer required for our recording purposes. To ascertain how effective the improvements made to our website are, the data is stored for 14 months and then automatically erased.

 

4.5.5.   Transmission of data to a third country and the existence of adequacy decisions

The transmission of your personal data to third countries cannot be excluded. The European Commission decided in its adequacy decision (EU) 2016/1250 of 12 July 2016 (EU-US Privacy Shield) that the USA offers an adequate level of data protection. You can view the Google certificate here.

 

4.5.6.   Right to erasure, object and rectification

You can prevent our website from placing cookies at any time by adjusting the settings of the internet browser used and therefore permanently object to the placement of cookies. Adjusting the internet browser settings in this way would also prevent Google from placing a cookie on your device. Furthermore, a cookie that has already been placed by Google Analytics can be erased at any time via the internet browser or other software programs.

You are also able to object to the collection of data generated by Google Analytics that refers to the use of this website as well as the processing of this data by Google and to prevent such processing.

 

To do so, you must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on uses JavaScript to inform Google Analytics that no data or information about your visits to website may be transmitted to Google Analytics. Google considers the installation of the browser add-on as an objection. If your device is erased, formatted or reinstalled at a later date, you must reinstall the browser add-on in order to disable Google Analytics. If the browser add-on is uninstalled or disabled, you must reinstall it.

More information can be found in the privacy policies and terms of use.

 

4.6.  Displaying YouTube videos

We have integrated YouTube videos on our website.

 

4.6.1.   Nature and scope of processing of personal data

When videos are accessed, the data specified in 4.2.1 is passed on to YouTube in order for the video to be displayed. Videos are embedded using the “privacy-enhanced mode”. This form of embedding ensures that no cookies are placed when the videos are accessed.

 

4.6.2.   Purposes and legal basis for processing

Your personal data is required to play the video. The legal basis for transmitting the data is our legitimate interest in designing an attractive website according to point (f) of Art. 6 (1) GDPR.

 

 

4.6.3.   Transmission of your data to a recipient in a third country

When the website is displayed, the video is loaded by the YouTube platform and your personal data will be transmitted to Google Ireland Limited (register number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland.

 

This informs Google which of our websites you have visited. If you are logged in as a member of YouTube or Google, this information will be assigned to your personal account. If you use the service, such as clicking on the start button of a video, this information is also assigned to your personal account. The European Commission decided in its adequacy decision (EU) 2016/1250 of 12 July 2016 (EU-US Privacy Shield) that the USA offers an adequate level of data protection. You can view the Google certificate here.

 

4.6.4.   Right to erasure, object and rectification

You can prevent information from being assigned to your account by logging out of your YouTube or Google user account before using our website and erasing the cookies of these companies. You can also prevent the videos from playing if you disable the JavaScript function in your browser.

 

4.6.5.   Consequences of disabling JavaScript

We would like to point out that you will not be able to see the videos if you disable JavaScript in this case.

 

4.6.6.   Other information

Further information on data processing and Google’s privacy policy can be found at www.google.de/intl/de/policies/privacy/ .

 

4.7 Use of social media links

 

4.7.1 We use social media links from various providers on our website. When you visit our website, no personal data will initially be passed on to the providers.  This only happens once you click on the provider’s link. The provider then receives the information that you have visited our website with your IP address. Please note that we as the provider of the website do not receive any information about the contents of transmitted data as well as their use by Facebook. More information can be found in the provider’s privacy policy:

Facebook: https://de-de.facebook.com/policy.php

Pinterest: policy.pinterest.com/de/privacy-policy

 

4.8 Facebook fanpage

We offer you additional information about our services on our Facebook fanpage. We, together with Facebook, are responsible for data processing for the information service offered. The full Facebook privacy policy gives you an overview of data processing by Facebook.

 

4.8.1 Nature and scope of processing of personal data

We use your personal data that you transfer when using the Facebook fanpage in order to analyse the use of our fanpage and tailor our offer to the target group. To do so, we use statistical reports, such as the total number of page views, “Likes”, end devices used, page activities, post interactions and range, user activities (comments, shared contents, replies), origin (country and city), language, views and clicks in the shop, age group, gender, level of education, occupation, relationship status, clicks on telephone numbers or Facebook groups linked to our page. We also use the preferred visiting times of the users in order to ideally plan the time and content of our posts.

We as the provider of the information services do not process any other data from the use of our fanpages.  According to the Facebook terms of use, to which you agreed when you set up your Facebook profile, we can still identify the subscribers and users of our fanpage and view your profile as well as other shared information and contact you.

 

4.8.2 Purposes and legal basis for processing

We, together with Facebook, take joint responsibility according to Art. 26 GDPR for the information services offered. The legal basis for processing personal data is point (f) of Art. 6 sentence 1 GDPR. Our legitimate interest is drawing attention to our services and contacting you.

 

4.8.3 Recipients or categories of recipients, transfer of data to third countries and guarantees

Data is processed by Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. The transmission of your data to Facebook Inc. in a third country, (1 Hacker Way, Menlo Park, CA 94025, USA) cannot be excluded.

 

Facebook Inc., the US parent company of Facebook Ireland Ltd., is certified according to the US-EU “Privacy Shield“ and agrees to comply with European data protection guidelines. We as the site operator cannot exclude the transfer and further processing of personal data of users in third countries, e.g. the USA, and any associated risks for the users.

 

 

4.8.5 Right of access, to rectification, object and erasure

Since only Facebook has full access to user data, we recommend that you contact Facebook directly if you wish to assert your data subject rights. You can find more information on this in the links on data processing with page insights and data protection. We will inform Facebook of any attempts to exercise your rights regarding the insights function that are sent to us.

 

 

5.    Rights of the data subject

You have the following rights with regard to your personal data:

·        Right of access (Art. 15 GDPR),

·        Right to rectification or erasure (Art. 16 and 17 GDPR),

·        Right to restriction of processing (Art. 18 GDPR),

·        Right to object (Art. 21 GDPR),

·        Right to data portability (Art. 20 GDPR).

 

If you have any questions about asserting your rights, please contact our Data Protection Officer in writing. Please use the postal address in the legal notice (key word “Datenschutzbeauftragter “) or send an e-mail to datenschutz@behr-ag.com.

 

 

6.    Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates valid data protection laws. The supervisory authority responsible for us is: The State Representative for Data Protection in Lower Saxony, Prinzenstraße 5, 30159 Hannover

 

 

7.    Links to other websites

Our website contains links to other websites. We have no influence over whether its operators adhere to data protection regulations. Despite carefully checking the contents beforehand, we cannot assume any responsibility for external links to third-party websites.

 

8.    Validity and updates of the privacy policy

It may be necessary to modify this privacy policy with future effect when we further develop our website or implement new technologies.

 

Seevetal, dated 2019-04-18

Contact

BEHR AG

Parkstraße 2

21220 Seevetal-Ohlendorf

 

Tel.:     +49 (4185) 79 33 - 0

E-Mail: datenschutz(@)behr-ag.com