Data protection


 

Privacy policy according to Art. 13 GDPR

 

1.     Introduction

This website is provided by BEHR AG. In the following, we would like to inform you according to Article 13 of the EU General Data Protection Regulation (GDPR) about the processing of your personal data when you access and use our website.

 

2.     Controller

The name and contact information of the controller can be found in our legal notice.

 

3.     Data Protection Officer

You can contact our Data Protection Officer in writing by post by adding “Data Protection Officer “ under the address in the legal notice or by email at datenschutz@behr-ag.com. 

 

4.     Processing of personal data

4.1.  General overview of processing activities

 

We offer a variety of services on our website, which are listed below:

•        Videos

We use the service provider YouTube to display videos about our products.

•        Range measurement and videos

We use the service Google Analytics to analyse your surfing behaviour and to optimise our website.

•        Use of social media plugins

 

 

4.2.      Operating the website

4.2.1.   Nature and scope of processing of personal data

The following information, which your browser automatically transmits to us, will be processed when you visit our website:

•        Browser type/version

•        Operating system used

•        Name of previously visited website

•        IP address / hostname of your computer

•        Date and time of the server request

 

4.2.2.   Purposes and legal basis for processing personal data

Your personal data is processed by the controller for the following purposes in accordance with the following legal bases:

•  Enabling the use of the website (legitimate interest: presenting the service portfolio of the controller and enabling members and interested parties to easily contact the controller)

•  Ensuring that the website works properly (complying with legal obligations, i.e. security of processing according to point (a) of Art. 6 (1) GDPR, e.g. to safeguard against and investigate cyber attacks)

 

 

4.2.3.   Recipients or categories of recipients

Our website is hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany. Personal data is passed on if this is required to safeguard against criminal offences and/or if we are otherwise obligated to do so.

 

4.2.4.   Duration of storage

The personal data is automatically erased 4 weeks after the end of the connection unless this conflicts with legal storage periods.

 

4.2.5.   Right to erasure, object and rectification

It is essential for the operation of the website to collect data for the provision of the website and to store data in log files. Therefore, the user has no option to have data erased or rectified or to object.

 

4.3.      Use of cookies

4.3.1.   Nature and scope of processing of personal data

Our website uses cookies in order to offer you a user-friendly and functional online service and to verify that you are authorised to use the range of services. Cookies are text files that contain information in order to identify returning visitors exclusively for the duration of the visit on the website. Cookies are stored on your computer’s hard drive and do not cause any damage.

The website’s cookies contain personal data. Cookies save you from entering data multiple times, facilitate the transmission of specific content and help us to identify the particularly popular areas of our website. This allows us to continuously improve the structure and content of our website.

The following cookies are stored on your end device:

 

 

Types

Name

Function / purpose

Storage duration

Permanent cookie

_ga

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

2 years

Session cookie

_gat

Used by Google Analytics to throttle request rate.

10 minutes

Session cookie

_gid

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

1 day

Session cookie

PHBSESSID

This session cookie is used to recognise the user.

1 year

 

Cookieconsent_

This cookie is used to obtain the consent of the user with regard to cookies.

1 year

 

4.3.2.   Purposes and legal basis for processing personal data

The legal basis for processing personal data using cookies that are technically necessary is point (f) of Art. 6 (1) GDPR (legitimate interest: analysing your surfing behaviour to improve our website).

The legal basis for processing personal data using cookies for analysis purposes is point (a) of Art. 6 (1) GDPR provided the user has given consent. In this case, we ask you to give your consent on the website before cookies are placed.

 

4.3.3.   Duration of storage, option to object and for rectification

Cookies are stored on the user’s computer, which then transmits it to our website. Therefore, you as the user have full control over the use of cookies. You can change your internet browser settings to disable or limit the transmission of cookies. Cookies that have already been stored can be erased at any time. This can also be done automatically. If cookies are disabled for our website, it is possible that not all functions can still be used in their entirety.

 

4.4 Use of Cookie Consent

 

We have integrated the tool Cookie Consent from the provider Silktide on our website.

 

4.4.1.   Nature and scope of processing of personal data

 

In order to comply with legal requirements, we have decided to obtain your consent to use cookies and/or tracking technologies by means of the tool Cookie Consent. Following your decision, a cookie will be stored on your end device for one year and the cookie notice will no longer appear when you access the website. According to the producer, your IP address will be transmitted to check whether displaying the legal notice is even relevant.

 

4.4.2.   Purposes and legal basis for processing

 

When accessing the website, the cookie stores your decision on whether or not you have agreed to range measurement and the use of cookies. The cookie is then stored on your computer so that you do not have to repeat the queries every time you access the website. The legal basis is point (f) of Art. 6 sentence 1 GDPR. Our legitimate interest is implementing legal requirements and designing an attractive website.

 

4.4.3.   Transmission of your data to a recipient

 

When you visit the website, you access the services of the company Silktide Ltd, Brunel Parkway, Pride park, Derby, DE24 8HR, UK.

 

4.4.4.   Right to erasure, object and rectification

 

You can disable Cookie Consent by using tools such as Ghostery, or prevent cookies from being placed on your browser. However, this may result in you no longer being able to access all services on the website.

 

4.4.5.   Other information

 

More information on Cookie Consent can be found at https://cookieconsent.insites.com.

 

 

4.5.      Range measurement with Google Analytics

4.5.1.   Nature and scope of processing of personal data

We use the component Google Analytics on this website (with the anonymisation function). Google Analytics is a web analytics service. Web analytics is the collection and evaluation of data about the behaviour of visitors on websites. The tasks of a web analytics service include collecting data about the website that a data subject came from (so-called referrer), the subpages of the website the data subject accesses or how often and the time that a subpage is viewed.

The controller uses the “_gat._anonymizeIp” function for web analysis by Google Analytics. This function means that Google will shorten and anonymise the IP address of the data subject’s internet connection if our website is accessed from a member state of the European Union or from another party to the Agreement of the European Economic Area.

 

4.5.2.   Purposes and legal basis for processing

Processing users’ personal data allows us to analyse their surfing behaviour. By analysing the data, we can compile information about the use of the individual components of our website. This helps us to make continuous improvements to our website and its user-friendliness. For these purposes, it is our legitimate interest to process the data according to point (f) of Art. 6 (1) GDPR. Anonymising the IP address is enough to satisfy the user’s interest in protecting their personal data.

 

4.5.3.   Recipients or categories of recipients

The operating company of the Google Analytics component is Google, LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

 

4.5.4.   Storage duration and criteria to determine the storage duration

Data is erased once it is no longer required for our recording purposes. In our case, this is after 14 months.

 

4.5.5.   Transmission of data to a third country and the existence of adequacy decisions

The personal data is transmitted to a third country. The European Commission decided in its adequacy decision (EU) 2016/1250 of 12 July 2016 (EU-US Privacy Shield) that the USA offers an adequate level of data protection. You can submit a written request for further information to our Data Protection Officer.

 

4.5.6.   Right to erasure, object and rectification

The data subject can prevent our website from placing cookies at any time by adjusting the settings of the internet browser used and therefore permanently object to the placement of cookies. Adjusting the internet browser settings in this way would also prevent Google from placing a cookie on the data subject’s information system. Furthermore, a cookie that has already been placed by Google Analytics can be erased at any time via the internet browser or other software programs.

The data subject is also able to object to the collection of data generated by Google Analytics that refers to the use of this website as well as the processing of this data by Google and to prevent such processing.

 

To do so, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on uses JavaScript to inform Google Analytics that no data or information about the website visitors may be transmitted to Google Analytics. Google considers the installation of the browser add-on as an objection. If the data subject’s information system is erased, formatted or reinstalled at a later date, the data subject must reinstall the browser add-on in order to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or another person within their sphere of control, the browser add-on may be reinstalled or reactivated.

More information and the applicable data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/ and at

http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.

 

4.6.      Displaying YouTube videos

We have integrated videos of the provider YouTube LLC on our website.

 

4.6.1.   Nature and scope of processing of personal data

When videos are accessed, the data specified in 4.2.1 is passed on to YouTube in order for the video to be displayed. Videos are embedded using the “privacy-enhanced mode”. This form of embedding ensures that no cookies are placed when the videos are accessed.

 

4.6.2.   Purposes and legal basis for processing

The data is used to play the video. No data is passed on to third parties in this regard. The legal basis for playing the video is the consent of the user

point (f) of Art. 6 sentence 1 GDPR (legitimate interest: advertising). Here, you must click directly on the image of each video.

 

4.6.3.   Transmission of your data to a recipient in a third country

By clicking on the YouTube button “View now on YouTube”, the YouTube platform loads the video, and at the same time, your personal data will be transmitted to YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

 

This informs YouTube which of our websites you have visited.

If you are logged in as a member of YouTube, YouTube will assign this information to your personal account. If you use the service, such as clicking on the start button of a video, this information is also assigned to your personal account. The European Commission decided in its adequacy decision (EU) 2016/1250 of 12 July 2016 (EU-US Privacy Shield) that the USA offers an adequate level of data protection. You can submit a written request for further information to our Data Protection Officer.

 

4.6.4.   Right to erasure, object and rectification

You can prevent information from being assigned to your account by logging out of your YouTube account as well as other user accounts of YouTube LLC und Google LLC. before using our website and erasing the cookies of these companies. You can also prevent the videos from playing if you disable the JavaScript function in your browser.

 

4.6.5.   Consequences of disabling JavaScript

We would like to point out that you will not be able to see the videos if you disable JavaScript in this case.

 

4.6.6.   Other information

Further information on data processing and YouTube’s privacy policy can be found at www.google.de/intl/de/policies/privacy/.

 

4.7.      Use of social media links

 

4.7.1 We currently use the following social media links: [Facebook, Pinterest]. When you visit our website, no personal data will initially be passed on to the providers of the plug-ins.  We give you the option of using the button to communicate directly with the provider. You will be directed to the website of our online offering that you have accessed only if you click on the highlighted field, and thereby activate it.

 

4.7.2 We have no influence over the data collected or the data processing operations, nor are we aware of the full extent of data collection, the purposes of processing or the duration of storage. We also have no information about the erasure of the collected data by the provider.

 

4.7.3 The provider stores the data collected about you as a usage profile and uses it for the purposes of advertising, market research and/or the user-oriented design of its website. This data is evaluated particularly (as well as for users who are not logged in) to display suitable advertisements and to inform other users of the social network about your activities on our website. You have the right to object to this user profile being generated, however you must contact the respective provider in order to exercise this right. We provide the link to enable you to interact with the social networks and other users so that we can improve our offering and make it more interesting for you as a user. The legal basis for using the link is point (f) of Art. 6 (1) sentence 1 GDPR, effective information and support to our customers and prospects) Processing will be based on the Joint Responsibility Statement.

 

4.7.4 The data is passed on regardless of whether you have an account with the provider or are logged in. If you are logged in with the provider, your data that we have collected will be assigned to the account you have with the provider. If you click on the activated button and, e.g. link the page, the provider also stores this information in your user account and shares it publically with your contacts. We recommend that you regularly log out of a social network after you have used it, particularly before activating the button, as this prevents your use of the website from being assigned to your profile at the provider.

 

4.7.5 More information about the purpose and scope of data collection and its processing by the provider can be found below in the privacy policies of these providers. These also give you more information about your rights and options to protect your privacy.

 

4.7.6 Addresses of each provider and URL with their privacy policies:

 

a. Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; more information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

 

b. Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland http://de.about.pinterest.com/privacy/.You can change the settings for saving your data here https://help.pinterest.com/entries/25010303-How-does-Pinterest-use-data-about-other-websites-I-visit-, even without having a Pinterest account.

 

5.     Rights of the data subject

You have various rights relating to the handling of your personal data, such as the right to information about the data we have stored about you or the right to rectification, restriction of processing, data portability, the right to object or erasure of your data. If you have any questions about asserting your rights, please contact our Data Protection Officer in writing.

 

6.     Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with the following supervisory authority if you believe that our processing of your personal data violates valid data protection laws:

The State Representative for Data Protection in Lower Saxony, Prinzenstraße 5, 30159 Hannover

 

7.     Links to other websites

Our website contains links to other websites. We have no influence over whether its operators adhere to data protection regulations. Despite carefully checking the contents beforehand, we cannot assume any responsibility for external links to third-party websites.

 

8.     Validity and updates of the privacy policy

It may be necessary to modify this privacy policy with future effect when we further develop our website or implement new technologies.

 

Seevetal, 2018-10-26

Contact

BEHR AG

Parkstraße 2

21220 Seevetal-Ohlendorf

 

Tel.:     +49 (4185) 79 33 - 0

E-Mail: datenschutz(@)behr-ag.com