Privacy policy

Privacy

We are delighted that you have visited our website. The protection of your personal data is important to us and we want you to feel secure when visiting our website. We protect your privacy and your personal data. We process your personal data in accordance with the content of this privacy policy and in compliance with the applicable data protection provisions of the General Data Protection Regulation (GDPR) and the other relevant provisions on data protection.

Privacy settings

You can change or completely revoke your consent at any time. Our cookie tool is available for this purpose, which you can access via the "Cookies" entry in the footer of each page.

Contents

1. Name and contact details of the controller
2. Contact the data protection officer
3. What is personal data?
4. Purposes of data processing
5. Legal basis for data processing
6. Right to object
7. Use of our website for information purposes
8. Use of our website for other services
9. Hosting
10. Contact us
11. Newsletter
12. Security
13. Cookies and similar technologies
14. Web analysis
15. Social Media
16. Additional features and content
17. Links to Other Websites
18. Recipients and Data transfer
19. Data transfer to third countries
20. Deletion of your data
21. Your rights
22. Changes to our privacy policy
23. Data protection information in accordance with Art. 13, 14 and 21 GDPR
    23.1 Business partners (customers, suppliers, etc.)

1. Name and contact details of the controller

BBS Automation GmbH, Parkring 22, 85748 Garching bei München, as the operator of the website https://www.bbsautomation.com/de, is the controller within the meaning of the GDPR.

2. Contact to the data protection officer

You can contact our data protection officer at any time with all data protection concerns:

• BBS Automation GmbH
  Parkring 22, 85748 Garching:
  dataprotection@bbsautomation.com
• BBS Automation Blaichach GmbH
  Hans-Böckler-Str. 7, 87527 Sonthofen
  datenschutz.blaichach@bbsautomation.com
• BBS Automation Hallbergmoos GmbH
  Dornierstr. 14, 85399 Hallbergmoos
  datenschutz.hallbergmoos@bbsautomation.com
• BBS Automation Stuttgart GmbH
  Planckstr. 40, 71694 Freiberg
  dataprotection.stuttgart@bbsautomation.com

3. What is personal data?

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4. Purposes of data processing

The scope and type of collection, processing and use of your data differs depending on whether you visit our website merely to retrieve generally available information or to make use of additional services. In principle, we process your personal data as part of our business activities for pre-contractual or contractual purposes. In addition, the exercise of our legitimate interest, your consent or compliance with legal requirements may also be the purpose of data processing by us. We will inform you about the specific purposes of data processing in the following sections.

5. Legal basis for data processing

We process your personal data in accordance with the following legal bases:

• to fulfill pre-contractual or contractual obligations (Art. 6 para. 1 b) GDPR)
• on the basis of your consent (Art. 6 para. 1 a) GDPR)
• in the context of a balancing of interests (Art. 6 para. 1 f) GDPR)
• on the basis of legal requirements (Art. 6 para. 1 c) GDPR)

We will inform you about the specific legal basis for data processing in our respective processing operations.

6. right to object

If we process your personal data on the basis of our overriding legitimate interest (legal basis for data processing is Art. 6 para. 1 f) GDPR), you have the right to object to this processing at any time on grounds relating to your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing (with the exception of direct advertising; in this case, we will comply with your objection immediately) if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims. Further rights of data subjects remain unaffected by this.

7. Use of our website for information purposes

It is generally not necessary for you to provide personal data for purely informational use of our website. Rather, when you visit our website, we only collect the data that your internet browser automatically transmits to us, such as:

• the IP address of your computer
• the date and time the page was accessed
• your browser type, the browser version and your browser settings
• the operating system used (Windows, iOS, Linux, etc.).)
• the amount of data transferred and the status of transmissions
• the website from which our site was accessed
• other similar data and information that serve to prevent threats in the event of attacks on our information technology systems.

This is usually done through the use of log files. The purpose of the processing is to ensure the functionality and compatibility of our website for technically unproblematic use, including troubleshooting and protection against technical attacks and misuse. The legal basis for this processing is our legitimate interest pursuant to Art. 6 para. 1 f) GDPR. Our legitimate interest lies in the proper operation of our website. The log file data is deleted when it is no longer required for the purpose of processing.

8. Use of our website for other services

If you use other services of our company via our website, it may be necessary for you to provide personal data for this purpose. Which personal data is required for the provision of services can be seen from the respective input mask or application. You can provide further information voluntarily. You can recognize which information is required and which is voluntary by the fact that the mandatory information is marked with an asterisk (*) or with the note "mandatory field". Your data is processed exclusively for the purpose of providing the service you have requested. The legal basis for the processing of your personal data and the information about when your personal data will be deleted can be found in the description of the specific services.

9. Hosting

We use an external service provider to host our website. The personal data collected on this website is stored on the hoster's servers. The use of the hoster is in the interest of secure, fast and efficient provision of our website (Art. 6 (I) (f) GDPR). Our hoster will only process your data to the extent necessary to fulfill its performance obligations under the contractual obligations and instructions from us. We use gridscale GmbH, Oskar-Jäger-Str. 173/K6, 50825 Cologne as our hoster. We have concluded an order processing contract with the hoster in accordance with Art. 28 GDPR.

10. Contact us

Contact form

You can contact us via a contact form on our website. We will only process the personal data you provide via this form for the purpose of processing and responding to your request. It will only be passed on to third parties if this is necessary for the purpose of processing your contact. The legal basis for this is Art. 6 para. 1 b) GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. The legal basis in all other cases is our legitimate interest in the effective processing of the inquiries addressed to us in accordance with Art. 6 (1) f) GDPR.

We, BBS Automation GmbH, as the controller, also maintain the BBS Group website on this website. The data you enter in our forms will initially only be processed by us. However, if your inquiry relates to the product portfolio of another business unit, we will forward your data to this responsible business unit. The legal basis is Art. 6 (1f) GDPR. Our legitimate interest lies in the efficient processing of your request. If your request relates to the product portfolio of a business unit whose sales territory is outside the EU/EEA and for which there is no adequacy decision, your data will be transferred to an insecure third country. In these cases, the legal basis for the data transfer is Art. 46 ff GDPR.

In order to process your request, the business unit will contact you directly. The following business units belong to us:

• BBS Automation GmbH, Garching
• BBS Automation Blaichach GmbH, Sonthofen
• BBS Automation Hallbergmoos GmbH, Hallbergmoos
• BBS Automation Stuttgart GmbH, Freiberg (Neckar)
• BBS Automation GmbH, Garching
• BBS Automation Blaichach GmbH, Sonthofen
• BBS Automation Hallbergmoos GmbH, Hallbergmoos
• BBS Automation Stuttgart GmbH, Freiberg (Neckar)

Your personal data will be deleted if it is no longer required to fulfill the purpose for which you contacted us. We would like to point out that your messages may have to be stored within the framework of statutory retention obligations. In this case, the legal basis is Art. 6 Para. 1 c) GDPR.

Contact by email

On our website, we offer you the option of contacting us by email. Please note that unencrypted communication by email is not secure. It cannot be ruled out that data transmitted in this way may be read, copied, changed or deleted by unauthorized persons. We will only process the personal data you provide via this form for the purpose of processing and responding to your request. It will only be passed on to third parties if this is necessary for the purpose of processing your contact. The legal basis for this is Art. 6 para. 1 b) GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. The legal basis in all other cases is our legitimate interest in the effective processing of the inquiries addressed to us in accordance with Art. 6 (1) f) GDPR.

We, BBS Automation GmbH, as the controller, also maintain the BBS Group website on this website. The data you enter in our forms will initially only be processed by us. However, if your inquiry relates to the product portfolio of another business unit, we will forward your data to this responsible business unit. The legal basis is Art. 6 (1f) GDPR. Our legitimate interest lies in the efficient processing of your request. If your request relates to the product portfolio of a business unit whose sales territory is outside the EU/EEA and for which there is no adequacy decision, your data will be transferred to an insecure third country. In these cases, the legal basis for the data transfer is Art. 46 ff GDPR.

In order to process your request, the business unit will contact you directly. The following business units belong to us:

Your personal data will be deleted if it is no longer required to fulfill the purpose for which you contacted us. We would like to point out that your messages may have to be stored within the framework of statutory retention obligations. In this case, the legal basis is Art. 6 Para. 1 c) GDPR.

11. newsletter

Newsletters are not currently offered.

12. security

We have taken technical and organizational measures to protect our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorized persons. In particular, the personal data you provide in the contact form is transmitted in encrypted form. We use the TLS 1.3 (Transport Layer Security) coding system.

13. Cookies and similar technologies

We use cookies or similar technologies for various purposes, e.g. to ensure the functionality, security and convenience of online offers and to create analyses of visitor flows.

Cookies are small text files that are stored on your computer when you visit our website. Comparable technologies are so-called web storage technologies (also called "local data" and "local storage"); data is stored locally in the memory of your browser ("cache"). In the following, we summarize cookies and comparable technologies under the term "cookie" for reasons of better readability.

We use cookies in accordance with the legal regulations. We therefore obtain prior consent from users, unless this is not required by law.

If users consent, the legal basis for the processing of their data is the declared consent in accordance with Art. 6 Para. 1 a) GDPR. The revocable consent is clearly communicated to the users and contains the information on the respective cookie use. You can change or revoke your consent at any time in the cookie tool. You will also find information on the individual cookies and their purpose. You can access the cookie tool via the "Cookies" entry in the footer of each page.

Consent is not required in particular if the storage and reading of information, including cookies, is absolutely necessary in order to provide users with a digital service they have expressly requested (i.e. our online offering). In these cases, the legal basis for processing your data is the fulfillment of our contractual obligations in accordance with Art. 6 para. 1 b) GDPR, compliance with legal obligations in accordance with Art. 6 para. 1 c) GDPR or our legitimate interest (e.g. in the economic and secure use of our online offer and improvement of its usability) in accordance with Art. 6 para. 1 f) GDPR. Further information on the individual cookies and their purpose can be found in our cookie tool via the "Cookies" entry in the footer of each page.

If you wish, you can delete the cookies at any time. However, this may mean that individual functions are no longer available to you. To delete cookies, please refer to the help function of your browser or change your settings in the cookie tool, which you can access via the "Cookies" entry in the footer of each page.

CCM19

This website uses the cookie consent tool "CCM19" from the provider Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany. The purpose of the processing is to obtain and document consent to the storage of certain cookies on your end device or to the use of certain technologies and to technically enable the revocation of consent given. This service is hosted by MOSAIQ GmbH, Urbanstr. 1, 70182 Stuttgart, Germany. In this context, your browser may transmit personal data to these service providers. Furthermore, Papoo stores cookies in your browser in order to be able to assign the consents you have given or revoke them.

The legal basis for the processing of the data is Section 25 (2) No. 2 TDDDG and Art. 6 (1c) and (f) GDPR to fulfill our legal obligation to obtain consent to the processing of personal data in accordance with the provisions of the applicable data protection laws and to document this consent.

The data collected in this way will be stored until you ask us to delete it, delete the CCM19 cookies yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected. Further information can be found in Papoo's privacy policy at https://www.ccm19.de/datenschutzerklaerung.html.

Notes on recipients of consent

Central platform services of "gatekeepers" within the meaning of the Digital Markets Act ("DMA") are integrated on our website. Gatekeepers are obliged under Art. 5 para. 2 b) DMA to obtain consent for these central platform services. Our Consent Tool forwards your consent to the respective service provider so that the consent you give in our Consent Tool can also apply to these services. We will inform you specifically about this in our privacy policy for the respective services.

14. web analysis

Google Ads Conversions Tracking

Our website uses Google Ads Conversions Tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Conversion tracking involves cookies being set on your end device if you have reached our website via a Google ad. This cookie enables us to recognize whether you have carried out a specific action (e.g. order, registration, contact) after clicking on the ad. The information collected in this way is processed by Google and can be linked to your Google account if you are logged in there. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification.

The following personal data is processed by Google as part of Google Ads Conversions Tracking: Ads clicked, IP address, web request, usage data, cookie ID, date and time of visit, cookie information, error URL, browser language, browser type.

The information generated by the cookies is transmitted by Google to a server in the USA for evaluation and stored there. Google has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/

The legal basis for the use of Google Ads Conversions Tracking is your consent in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by accessing our cookie tool under the "Cookies" entry in the footer of each page and withdrawing your consent there. You can also prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of our website. You can also delete cookies that have already been set at any time via your Internet browser.

If you have given your consent, Google may link data from this service with other Google services such as Google Analytics or Google Ad Manager in order to carry out cross-device evaluations, remarketing or conversion measurement. This is done on the basis of your consent in accordance with Art. 6 para. 1 a) GDPR.

Notes on recipients of consent

This service is a central platform service under the Digital Markets Act. This means that Google is obliged to obtain your consent for this in accordance with Art. 5 Para. 2 b) DMA. This consent is obtained technically via our Consent Tool in simple consent mode. This means that with your consent to Google Analytics, in addition to the above-mentioned data, information about your consent is also transmitted to Google.

Further information and the applicable data protection provisions of Google can be found at https://policies.google.com/privacy.

Google Ad Manager (formerly DoubleClick)

Our website uses Google Ad Manager (formerly DoubleClick). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The Google Ad Manager is part of the Google Marketing Platform and is used to enable the placement and analysis of personalized advertising throughout the Google network (e.g. on YouTube, Google Search, Google Display Network).

The Google Ad Manager uses cookies and similar technologies to

• recognize visitors to our website,
• create interest profiles,
• play personalized advertisements
• and analyze the performance of advertising campaigns (e.g. clicks, conversions). 

The following data in particular can be processed for this purpose:

• IP address (shortened if technically possible)
• Device and browser information
• Cookie information
• Pages visited, time spent, click behavior
• If applicable. Google ID (if logged into Google account)
• demographic data,
• date and time of visit,
• location information

The data may be linked to further information from other Google services if you are logged in there and have allowed personalized advertising.

The information generated by the cookies is transferred by Google to a server in the USA for analysis and stored there. Google has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/

The legal basis for the use of Google Ad Manager is your consent in accordance with Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by removing the check mark by calling up our cookie tool under the "Cookies" entry in the footer of each page and withdrawing your consent there. You can also prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of our website. You can also delete cookies that have already been set at any time via your Internet browser.

If you have given your consent, Google may link data from this service with other Google services such as Google Analytics or Google Ads in order to carry out cross-device evaluations, remarketing or conversion measurement. This is done on the basis of your consent in accordance with Art. 6 (1) a) GDPR.

Further information and the applicable data protection provisions of Google Ad Manager can be found at https://policies.google.com/privacy /.

Notes on recipients of consent

This service is a central platform service under the Digital Markets Act. This means that Google is obliged to obtain your consent for this in accordance with Art. 5 Para. 2 b) DMA. This consent is obtained technically via our Consent Tool in simple consent mode. This means that with your consent to Google Analytics, in addition to the above-mentioned data, information about your consent is also transmitted to Google.

Google AdSense

We use the Google Adsense service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This enables us to place personalized ads within our online offering. Google Adsense analyzes user behavior and uses this data to display targeted advertising that is tailored to the interests of our visitors. We receive financial compensation for each ad placement or other use of these ads.

The following personal data is processed by Google as part of Google AdSense: Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, persons involved).

In doing so, your browser also passes on personal data to Google LLC. in the USA. Google has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/.

The legal basis for data processing is your consent in accordance with Art. 6 (1) a) GDPR. You can revoke your consent at any time with effect for the future by removing the check mark by calling up our cookie tool under the "Cookies" entry in the footer of each page and revoking your consent there.

You can find more information about data processing by Google here: https://policies.google.com/privacy

Notes on recipients of consent

This service is a central platform service under the Digital Markets Act. This means that Google is obliged to obtain your consent for this in accordance with Art. 5 Para. 2 b) DMA. This consent is obtained technically via our Consent Tool in simple consent mode. This means that with your consent to Google Analytics, in addition to the above-mentioned data, the information about your consent is also transmitted to Google.

LinkedIn Analytics, LinkedIn Ads and LinkedIn Insight Tag

We use the LinkedIn Analytics, LinkedIn Ads and LinkedIn Insight Tag services of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland on our website.

The LinkedIn Insight Tag is a JavaScript code that makes it possible to track the behavior of visitors to our website who have reached our website via a LinkedIn ad. This allows us to evaluate the effectiveness of our LinkedIn ads ("conversion tracking") and carry out targeted remarketing measures within LinkedIn. In addition, we receive aggregated reports on the target group and performance of our ads.

The Insight Tag establishes a connection to the LinkedIn servers when you visit our website. Among other things, usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved) are processed. LinkedIn assigns this data to your LinkedIn user account if you are logged in to LinkedIn. With the help of these technologies, visitors to this website can be shown personalized advertisements on LinkedIn.

It cannot be ruled out that your personal data will also be transferred to the LinkedIn Corporation based in the USA. LinkedIn has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/.

It also cannot be ruled out that other services may be loaded independently by LinkedIn without us having any influence over this. For example, LinkedIn uses the provider Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA, for its own protection and security measures for some of its services. This may result in the __cf_bm cookie from Cloudflare being placed in your browser. In these cases, personal data such as your IP address or behavioral data such as mouse movements are also transmitted to Cloudflare. Cloudflare has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/.

The legal basis for data processing is your consent in accordance with Art. 6 Para. 1 a) GDPR. You can revoke your consent at any time with effect for the future by removing the check mark by calling up our cookie tool under the "Cookies" entry in the footer of each page and withdrawing your consent there.

In LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy you will find further information on data collection and use as well as the options and rights to protect your privacy. If you are logged in to LinkedIn, you can deactivate data collection at any time using the following link: https://www.linkedin.com/psettings/enhanced-advertising

Microsoft Advertising

Our website uses Microsoft Advertising (formerly Bing Ads). The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

A so-called "UET tag" (Universal Event Tracking) is used, which enables us to analyze the behavior of users after they have clicked on a Microsoft ad. If you access our website via a Microsoft Advertising ad, a cookie is set on your device. This allows us to track which ad brought visitors to our website, how long they stay there and which areas were accessed. The data collected is anonymous to us and cannot be viewed. We can therefore only see overall figures/statistics at an aggregated level, such as the number of conversions, average time spent on the site, etc.

This allows us to analyze the effectiveness of our advertising measures and display interest-based advertising. For example, the UET tag enables us to show visitors to our website targeted ads at a later point in time - for example for products or services that they have previously viewed on our website.

The following (personal) data may be processed by Bing Ads: Employment metrics, Number of visits, Bounce rates, Microsoft Click ID, Digital signature, UET ID tag, URLs, Referrer URL, Page title, Conversions, Screen height, Screen width, Browser language setting, Visit duration, Screen color depth, Page response times, Ads clicked.

Microsoft Advertising also uses the collected data for its own analysis purposes as well as for its own advertisements. Microsoft can also use this information to recognize users across devices. If you are logged in via a Microsoft account, Microsoft can link the data to your user profile.

Your browser also forwards personal data to Microsoft in the USA. Microsoft has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/.

The legal basis for the use of Microsoft Advertising is your consent in accordance with Art. 6 (1) a) GDPR. You can revoke your consent at any time with effect for the future by removing the check mark by calling up our cookie tool under the "Cookies" entry in the footer of each page and withdrawing your consent there.

For more information on data protection at Microsoft Advertising, please visit: https://privacy.microsoft.com/de-de/privacystatement

For more information on Microsoft Advertising itself, please visit: https://help.ads.microsoft.com/#apex/3/de/53056/2

You can use the following link to set whether Microsoft can use this information for personalized advertising: http://choice.microsoft.com/en/opt-out

Piwik PRO Analytics

For the statistical and analytical evaluation of certain data, we use the analytics tool Piwik PRO Analytics Suite, a cloud-based web analytics service provided by Piwik PRO GmbH, Knesebeckstr. 62/63, 10719 Berlin, Germany.

Piwik PRO calculates metrics such as bounce rate, page views, sessions and similar for us so that we can understand how our website is used. We can also create visitor profiles based on browsing history to analyze visitor behavior, display personalized content and run online campaigns. Piwik PRO does not share data about website visitors with other sub-processors or third parties and does not use it for its own purposes.

The data collected includes, for example, the truncated IP address, operating system, browser ID, browsing activity and other information. In order to exclude the personal reference in the IP address, we have made the settings so that Piwik Pro only uses IP addresses after they have been shortened by two bytes. Piwik PRO also uses cookies. Further information on the data collected by Piwik PRO can be found at https://help.piwik.pro/support/privacy/what-data-does-piwik-pro-collect/.

The legal basis for data processing is your consent in accordance with Art. 6 Para. 1 a) GDPR. You can revoke your consent at any time with effect for the future by removing the check mark by calling up our cookie tool under the "Cookies" entry in the footer of each page and revoking your consent there. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can find more information about data processing by Piwik here: https://piwikpro.de/datenschutz

15. Social Media

We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.

Social networks such as Facebook etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations.

In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
The data collected in this way allows the operators of the social media portals to create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or were logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis
Our social media presences are intended to ensure an informative presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 f) GDPR. In necessary cases, the legal basis is also Art. 6 para. 1 a) GDPR. The analysis processes initiated by the social networks themselves may be based on other legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 a) GDPR).

Controller and assertion of rights
If you visit one of our social media sites, we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal.
Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the company policy of the respective provider.

Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it or revoke your consent to storage. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

Facebook

We have a profile on Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. We link to this profile on our website. If you follow a corresponding link by clicking on it, this provider stores and uses your data (IP address and other personal data) for the provision of the service and for its own business purposes. It cannot be ruled out that your personal data will also be transferred to Meta Platforms Inc. based in the USA. Meta has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/. Further information on data protection by Facebook can be found at: https://www.facebook.com/about/privacy/

Instagram

We have a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. We link to this profile on our website. If you follow a corresponding link by clicking on it, this provider stores and uses your data (IP address and other personal data) for the provision of the service and for its own business purposes. It cannot be ruled out that your personal data will also be transferred to Meta Platforms Inc. based in the USA. Meta has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/. Further information on data protection by Instagram can be found at: http://instagram.com/about/legal/privacy

LinkedIn

We use LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We link to this profile on our website. If you follow a corresponding link by clicking on it, this provider stores and uses your data (IP address and other personal data) for the provision of the service and for its own business purposes. It cannot be ruled out that your personal data will also be transferred to the LinkedIn Corporation based in the USA. LInkedIn has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/ Further information on data protection by LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy

YouTube

We use the YouTube.com platform to make our own videos publicly accessible for advertising purposes. On our website we link to our channel on YouTube. The provider of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you follow a corresponding link by clicking on it, YouTube stores and uses your data (IP address and other personal data) for the provision of the service and for its own business purposes. It cannot be ruled out that your personal data will also be transferred to Google LLC, based in the USA. Google has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/. Further information on data protection by YouTube (Google) can be found at: https://policies.google.com/privacy

16. Further functions and content

If we wish to offer further functions and content (e.g. map or font services) on our website, please contact us at If we use further functions and content (e.g. map or font services) on our website by means of which we or the provider of the services process personal data from you, we will inform you about this here.

Google Tag Manager

We use the Google Tag Manager service of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland on our website. Google Tag Manager is a tool for managing website tags. The tool triggers other tags, which in turn may collect data. Google Tag Manager itself therefore does not create user profiles or store cookies, for example. Google only learns the IP address of the user. It cannot be ruled out that your personal data will also be transferred to Google LLC based in the USA. Google has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/.

The legal basis for the use of Google Tag Manager is your consent in accordance with Art. 6 (1) a) GDPR. You can revoke your consent at any time with effect for the future by removing the check mark by calling up our cookie tool under the "Cookies" entry in the footer of each page and withdrawing your consent there.

You can find more information about data processing by Google here https://policies.google.com/privacy

Careers section

In our careers section, you can either send us an unsolicited application or apply for a specific vacancy. The vacancies come from us as well as from other companies in the BBS Group. Your application will always be forwarded directly to the respective company within the BBS Group that is offering the advertised position. The company that has advertised the position in question is responsible for the processing of your personal data under data protection law. The contact details and data protection information of this company can be found in the respective job advertisement.

The purpose of processing your personal data is to carry out the application process for the respective position. The data you enter in the application form will be securely encrypted according to the state of the art during transmission.

The legal basis for the processing of your personal data is Art. 6 para. 1b GDPR in conjunction with Section 26 para. 1 BDSG in the context of a pre-contractual or contractual relationship. We will delete your data in accordance with the relevant statutory provisions after completion of the respective recruitment process. The general statutory retention and deletion periods apply.

We use software from Umantis for this purpose. The service provider is Abacus Umantis AG, Unterstr. 11, CH 9001 St. Gallen, Switzerland. Your browser passes on personal data to this service provider; technically necessary cookies are also placed on your computer. The legal basis is Art. 6 para. 1 f) GDPR. Our legitimate interest lies in the organization of a smooth application process. We have concluded an order processing contract with the service provider in accordance with Art. 28 GDPR. Your personal data will only be processed within the EU/EEA. You can also find more information about data processing by Abacus Umantis at https://www.umantis.com/datenschutz/.

Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent encrypted on the Internet. As a rule, e-mails are encrypted in transit, but not on the servers from which they are sent and received. We can therefore accept no responsibility for the transmission path of the application between the sender and receipt on our server.

Inclusion in our talent pool

If you apply to us, you also have the option of agreeing to be included in our talent pool. In this case, we will store your application documents and personal data beyond the specific application process in order to be able to consider you for future suitable vacancies.

Inclusion in the talent pool is based exclusively on your express consent in accordance with Art. 6 Para. 1 a) GDPR. This consent is voluntary and has no effect on the ongoing application process. You can withdraw your consent at any time with effect for the future. All you need to do is send an informal message to the contact address stated in this privacy policy.

Forwarding within the group of companies

If you have given us your consent to do so as part of your application, we may also forward your application documents to other companies within our group of companies if your qualifications could also be of interest to them. This is done exclusively on the basis of your prior express consent in accordance with Art. 6 para. 1 a) GDPR. You can revoke this consent at any time with effect for the future. The revocation does not affect the legality of the processing carried out up to that point.

17 Links to other websites

If we provide links to websites of other organizations, this privacy policy does not apply to the processing of personal data by that organization. We therefore recommend that you read the data protection notices on the other websites you visit.

18. Recipients and data transfer

We have bundled certain data processing operations within our company. These can be carried out centrally by our individual divisions, e.g. for processing inquiries. External contractors and service providers (e.g. logistics companies or IT service providers) may also be used to ensure our tasks and fulfill contracts. In addition, data may be passed on to recipients to whom we are obliged or authorized to pass on data on the basis of contractual or legal obligations or on the basis of your consent.

19. Data transfer to third countries

Data transfer to third countries

Data transfer to third countries (countries outside the EU and the European Economic Area EEA) only takes place insofar as this is necessary for the execution of a contract/order/business relationship including the initiation or is permitted by our legitimate interest or on the basis of your consent and only insofar as this is necessary for the execution of a contract/order/business relationship including the initiation. is permitted on the basis of your consent and only in compliance with the data protection requirements prescribed for this purpose.

Note on data transfer to the USA

In the context of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as secure within the framework of the adequacy decision of 10.07.2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you in this privacy policy for the respective service which of the service providers we use are certified under the DPF.

20. Deletion of your data

We only process your personal data for as long as this is necessary to fulfill the respective purpose or until a legal basis for the processing (e.g. revocation of consent to data processing) no longer exists. We observe the existing statutory retention and storage periods.

21. Your rights

You have the right:

• to receive information free of charge about the personal data we have stored about you (right of access)
• to request confirmation as to whether we are processing personal data concerning you (right to confirmation)
• to request that we erase the personal data concerning you without undue delay, if their processing is no longer necessary and the other requirements of the GDPR for erasure are also met (right to erasure)
• to request the immediate rectification and completion of inaccurate personal data concerning you (right to rectification)
• to request the restriction of the processing of your personal data (right to restriction of processing)
• to receive the personal data concerning you in a structured, commonly used and machine-readable format, structured, commonly used and machine-readable format (right to data portability)
• to object to the processing of your personal data (right to object)
• You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (right to individual decision-making).
• to withdraw your consent to the processing of your personal data at any time with effect for the future.
• to lodge a complaint with the supervisory authority responsible for data protection if you consider that the processing of personal data relating to you infringes the GDPR (right to lodge a complaint).

For further information on your rights, please contact our data protection officer.

22. Changes to our privacy policy

In order to ensure that our privacy policy always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy has to be adapted due to new or revised services, for example new services.

23. Data protection information in accordance with Art. 13, 14 and 21 GDPR

23.1 Business partners (customers, suppliers, etc.)