Privacy policy according to Art. 13 of the General Data Protection Regulation (GDPR)
1. Introduction
This website is provided by BEHR AG. In the following, we would like to inform you according to Article 13 of the GDPR about the processing of your personal data when you access and use our website.
2. Controller
The name and contact information of the controller can be found in our legal notice.
3. Data Protection Officer
You can contact our Data Protection Officer in writing by post, by adding “Datenschutzbeauftragter” under the address in the legal notice, or by email at datenschutz@behr-ag.com.
4. Processing of personal data
4.1. General overview of processing activities
We offer a variety of services on our website, which are listed below:
• Videos
We use the service provider YouTube to display videos about our products.
• Range measurement and videos
We use the service Google Analytics to analyse your surfing behaviour and to optimise our website.
• Use of social media links
4.2. Operating the website
4.2.1. Nature and scope of processing of personal data
The following information, which your browser automatically transmits to us, will be processed when you visit our website:
• Browser type/version
• Operating system used
• Name of previously visited website
• IP address / hostname of your computer
• Date and time of the server request
4.2.2. Purposes and legal basis for processing personal data
Your personal data is processed by the controller for the following purposes in accordance with the following legal bases:
• Enabling the use of the website (legitimate interest: presenting the service portfolio of the controller and enabling customers and interested parties to easily contact the controller)
• Ensuring that the website works properly (complying with legal obligations, i.e. security of processing according to point (f) of Art. 6 (1) GDPR, e.g. to safeguard against and investigate cyber-attacks)
4.2.3. Recipients or categories of recipients
Our website is hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany. Personal data is passed on if this is required to safeguard against criminal offences and/or if we are otherwise obligated to do so.
4.2.4. Duration of storage
The personal data is automatically erased 4 weeks after the end of the connection unless this conflicts with legal storage periods.
4.2.5. Right to erasure, object and rectification
It is essential for the operation of the website to collect data for the provision of the website and to store data in log files. Therefore, the user has no option to have data erased or rectified or to object.
4.3.1. Nature and scope of processing of personal data
Our website uses cookies in order to offer you a user-friendly and functional online service and to verify that you are authorised to use the range of services. Cookies are text files that contain information in order to identify returning visitors exclusively for the duration of the visit on the website. Cookies are stored on your computer’s hard drive and do not cause any damage.
The website’s cookies contain personal data. Cookies save you from entering data multiple times, facilitate the transmission of specific content and help us to identify the particularly popular areas of our website. This allows us to continuously improve the structure and content of our website.
The following cookies are stored on your end device:
Types | Name | Function / purpose | Storage duration |
Permanent cookie | _ga | Registers a unique ID that is used to generate statistics on e.g. how you use the website. | 2 years |
Session cookie | _gat | Used by Google Analytics to throttle the request rate. | 10 minutes |
Session cookie | _gid | Registers a unique ID that is used to generate statistics on e.g. how you use the website. | 1 day |
Session cookie | PHBSESSID | This session cookie is used to recognise your device. | 1 year |
| Cookieconsent_ | This cookie is used to obtain your consent with regard to cookies and to store it on your device. | 1 year |
4.3.2. Purposes and legal basis for processing personal data
The legal basis for processing personal data using cookies that are technically necessary is point (f) of Art. 6 (1) GDPR (legitimate interest: analysing your surfing behaviour to improve our website).
The legal basis for processing your personal data using cookies for analysis purposes is your consent according to point (a) of Art. 6 (1) GDPR.
4.3.3. Duration of storage, option to object and for rectification
Cookies are stored on your computer, which then transmits them to our website. Therefore, you as the user have full control over the use of cookies. You can change your internet browser settings to disable or limit the transmission of cookies. Cookies that have already been stored can be erased at any time. This can also be done automatically. If cookies are disabled for our website, you may not be able to use all functions in their entirety.
4.4 Use of Cookie Consent
We have integrated the tool Cookie Consent from the provider Silktide on our website.
4.4.1. Nature and scope of processing of personal data
In order to comply with legal requirements, we have decided to obtain your consent to use cookies and/or tracking technologies by means of the tool Cookie Consent. Following your decision, a cookie will be stored on your end device for one year and the cookie notice will no longer appear when you access the website. According to the producer, your IP address will be transmitted to check whether displaying the legal notice is even relevant.
4.4.2. Purposes and legal basis for processing
When accessing the website, the cookie stores your decision on whether or not you have agreed to range measurement and the use of cookies. The cookie is then stored on your computer so that you do not have to repeat the queries every time you access the website. The legal basis is point (f) of Art. 6 (1) GDPR. Our legitimate interest is implementing legal requirements and designing an attractive website.
4.4.3. Transmission of your data to a recipient
When you visit the website, you access the services of the company Silktide Ltd, Brunel Parkway, Pride park, Derby, DE24 8HR, UK.
4.4.4. Right to erasure, object and rectification
You can disable Cookie Consent by using tools such as Ghostery, or preventing cookies from being placed on your browser. However, this may result in you no longer being able to access all services on the website.
4.4.5. Other information
More information on Cookie Consent can be found at https://cookieconsent.insites.com.
4.5. Range measurement with Google Analytics
4.5.1. Nature and scope of processing of personal data
We use the component Google Analytics on this website (with the anonymization function). Google Analytics is a web analytics service. Web analytics is the collection and evaluation of data about the behaviour of visitors on websites. The tasks of a web analytics service include collecting data about the website that you came from, the subpages of the website you access or how often and the time that you view a subpage.
We use the “_gat._anonymizeIp” function for web analysis by Google Analytics. This function means that Google will shorten and anonymise the IP address of your device if our website is accessed from a member state of the European Union or from another party to the Agreement of the European Economic Area.
4.5.2. Purposes and legal basis for processing
Processing your personal data allows us to analyse your surfing behaviour. By analysing the data, we can compile information about the use of the individual components of our website. This helps us to make continuous improvements to our website and its user-friendliness. Before activating Google Analytics, we will obtain your consent according to point (a) of Art. 6 (1) GDPR
in conjunction with Art. 7 GDPR. Anonymising the IP address is enough to protect personal data.
4.5.3. Recipients or categories of recipients
The operating company of the Google Analytics components is Google Ireland Limited (register number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland.
4.5.4. Storage duration and criteria to determine the storage duration
Data is erased once it is no longer required for our recording purposes. To ascertain how effective the improvements made to our website are, the data is stored for 14 months and then automatically erased.
4.5.5. Transmission of data to a third country and the existence of adequacy decisions
Your personal data may be transmitted to a third country within Google to the parent organisation Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA on the basis of your consent pursuant to Article 49 (1) a) GDPR. Due to legal requirements to which Google LLC is subject, it cannot be excluded that state authorities may access your personal data.
4.5.6. Rights of the data subject and other information
You may object to data processing with Google Analytics at any time with future effect by deleting your previous settings. In order to do so, click on the following link/button:
More information can be found in the privacy policies and terms of use of Google.
4.6. Displaying YouTube videos
We have integrated YouTube videos on our website.
4.6.1. Nature and scope of processing of personal data
When videos are accessed, the data specified in 4.2.1 is passed on to YouTube in order for the video to be displayed. Videos are embedded using the “privacy-enhanced mode”. This form of embedding ensures that no cookies are placed when the videos are accessed.
4.6.2. Purposes and legal basis for processing
Your personal data is required to play the video. The legal basis for transmitting the data is our legitimate interest in designing an attractive website according to point (f) of Art. 6 (1) GDPR.
4.6.3. Transmission of your data to a recipient in a third country
When the website is displayed, the video is loaded by the YouTube platform and your personal data will be transmitted to Google Ireland Limited (register number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland.
This informs Google which of our websites you have visited. If you are logged in as a member of YouTube or Google, this information will be assigned to your personal account. If you use the service, such as clicking on the start button of a video, this information is also assigned to your personal account. The European Commission decided in its adequacy decision (EU) 2016/1250 of 12 July 2016 (EU-US Privacy Shield) that the USA offers an adequate level of data protection. You can view the Google certificate here.
4.6.4. Rights of the data subject and other information
You can prevent information from being assigned to your account by logging out of your YouTube or Google user account before using our website and erasing the cookies of these companies. You can also prevent the videos from playing if you disable the JavaScript function in your browser. You may prevent the transfer of your personal data with future effect at any time by clicking on the video.
4.6.5. Consequences of disabling JavaScript
We would like to point out that you will not be able to see the videos if you disable JavaScript in this case.
4.6.6. Other information
Further information on data processing and Google’s privacy policy can be found at www.google.de/intl/de/policies/privacy/ .
4.7.1 We use social media links from various providers on our website. When you visit our website, no personal data will initially be passed on to the providers. This only happens once you click on the provider’s link. The provider then receives the information that you have visited our website with your IP address. Please note that we as the provider of the website do not receive any information about the contents of transmitted data as well as their use by Facebook. More information can be found in the provider’s privacy policy:
Facebook: https://de-de.facebook.com/policy.php
Pinterest: https://policy.pinterest.com/de/privacy-policy
Instergram: https://help.instagram.com/519522125107875
4.8 Facebook an Instergram fanpage
We offer you additional information about our services on our Facebook and Instergram fanpage. We, together with Facebook, are responsible for data processing for the information service offered. The full Facebook privacy policy gives you an overview of data processing by Facebook.
4.8.1 Nature and scope of processing of personal data
We use your personal data that you transfer when using the Facebook fanpage in order to analyse the use of our fanpage and tailor our offer to the target group. To do so, we use statistical reports, such as the total number of page views, “Likes”, end devices used, page activities, post interactions and range, user activities (comments, shared contents, replies), origin (country and city), language, views and clicks in the shop, age group, gender, level of education, occupation, relationship status, clicks on telephone numbers or Facebook groups linked to our page. We also use the preferred visiting times of the users in order to ideally plan the time and content of our posts.
We as the provider of the information services do not process any other data from the use of our fanpages. According to the Facebook terms of use, to which you agreed when you set up your Facebook profile, we can still identify the subscribers and users of our fanpage and view your profile as well as other shared information and contact you.
4.8.2 Purposes and legal basis for processing
We, together with Facebook, take joint responsibility according to Art. 26 GDPR for the information services offered. The legal basis for processing personal data is point (f) of Art. 6 sentence 1 GDPR. Our legitimate interest is drawing attention to our services and contacting you.
4.8.3 Recipients or categories of recipients, transfer of data to third countries and guarantees
Data is processed by Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. The transmission of your data to Facebook Inc. in a third country, (1 Hacker Way, Menlo Park, CA 94025, USA) cannot be excluded.
Facebook Inc., the US parent company of Facebook Ireland Ltd., states that it ensures an appropriate level of data protection on the basis of EU standard contractual clauses pursuant to Article 46 (2) c) GDPR. Due to legal requirements to which Facebook is subject, it cannot be excluded that state authorities may access your personal data.
4.8.5 Right of access, to rectification, object and erasure
Since only Facebook has full access to user data, we recommend that you contact Facebook directly if you wish to assert your data subject rights. You can find more information on this in the links on data processing with page insights and data protection. We will inform Facebook of any attempts to exercise your rights regarding the insights function that are sent to us.
5. Rights of the data subject
You have the following rights with regard to your personal data:
Article 15 GDPR: Right of access by the data subject
You have the right to receive information from us with regard to which personal data we process concerning you.
Article 16 GDPR: Right to rectification
Should the data concerning you be incorrect or incomplete, you may request the rectification of incorrect details or the completion of incomplete details.
Article 17 GDPR: Right to erasure
Under the terms of Article 17 GDPR, you may request the erasure of your personal data. Your right to erasure depends, for example, on whether the data concerning you is still required by us for the performance of our contractual and/or legal obligations and neither we nor any third parties have any legitimate interests, e.g. to defend or assert legal claims.
Article 18 GDPR: Right to restriction of processing
Under the terms of Article 18 GDPR, you may request the restriction of the processing of the personal data concerning you.
Article 20 GDPR (right to data portability)
You have the right to receive the data provided by you in a structured, commonly used and machine-readable format and to pass this data on to another controller.
Article 21 GDPR: Right to object
For reasons arising from your individual situation, you may object to the processing of the data concerning you at any time. If you raise an objection, we will no longer process your personal data unless we are able to provide proof of compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of the establishment, exercise or defence of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for this kind of marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object, your personal data will then no longer be used for the purpose of direct marketing.
Article 7 (3) GDPR: Right to withdraw consent
You have the right to withdraw your consent which has been granted for the processing of your personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.
Article 77 GDPR: Right to lodge a complaint with a supervisory authority
If you believe that the processing of the personal data concerning you is unlawful, you may lodge a complaint with a supervisory authority for data protection that is responsible for your habitual residence, place of work or place of the alleged infringement. The supervisory authority responsible for us is: The State Representative for Data Protection in Lower Saxony, Prinzenstraße 5, 30159 Hannover.
If you have any questions about asserting your rights, please contact our Data Protection Officer in writing. Please use the postal address in the legal notice (key word “Datenschutzbeauftragter” [data protection officer]) or send an e-mail to datenschutz@behr-ag.com.
6. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates valid data protection laws. The supervisory authority responsible for us is: The State Representative for Data Protection in Lower Saxony, Prinzenstraße 5, 30159 Hannover
7. Links to other websites
Our website contains links to other websites. We have no influence over whether its operators adhere to data protection regulations. Despite carefully checking the contents beforehand, we cannot assume any responsibility for external links to third-party websites.
8. Validity and updates of the privacy policy
It may be necessary to modify this privacy policy with future effect when we further develop our website or implement new technologies.
Seevetal, dated 2020-08-20
BEHR AG
Parkstraße 2
21220 Seevetal-Ohlendorf
Tel.: +49 (4185) 79 33 - 0
E-Mail: datenschutz(@)behr-ag.com