Privacy policy

I. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Bayerische Medien Technik GmbH
Rosenheimer Strasse 145e
DE-81671 Munich
Tel.: +49 89 451151-11

info@bmt-online.de
www.bmt-online.de

Managing Director:
Dipl.-Volkswirt Frank Strässle

Local court of Munich | HRB 107318


II. Name and address of data protection officer

Bayerische Medien Technik GmbH
Data protection officer
Rosenheimer Strasse 145e
DE-81671 Munich
datenschutz@bmt-online.de


III. General information about data processing

1. Scope of processing of personal data

We process personal data of our users only to the extent required to ensure the functioning of our website and of our contents and services. The personal data of our users is regularly processed only with the consent of the user. An exception applies in cases where obtaining prior consent is not possible for actual reasons and the processing of the data is legally permitted.

2.  Legal basis of data processing

To the extent that permission of the affected individual is obtained for the processing of personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

If processing of personal data is necessary for the performance of a contract to which the data subject is party, Article 6 (1) lit. b of the GDPR serves as the legal basis. This also applies to processing required to implement pre-contractual measures.

If processing of personal data is required for fulfilling a legal obligation of our company, Article 6 (1) lit. c of the GDPR serves as the basis for such processing.

If processing personal is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6 (1) lit. d of the GDPR serves as the basis for such processing.

If processing is necessary for safeguarding the legitimate interest pursued by our company or a third party, and the interests, basic rights and basic freedoms of the data subject do not outweigh the interest of our company, Article 6 (1) lit. f of the GDPR serves as the basis for such processing.

3. Data deletion and storage period

The data subject’s personal data shall be erased or blocked as soon as the purpose of the storage ceases to apply. The data can also be stored if this is provided for by European or national legislators in EU regulations, acts or other provisions to which the data controller is subject. The data is also blocked or deleted when the storage period prescribed by one of the aforementioned regulations expires, unless the further storage of data is necessary for the conclusion or fulfilment of a contract.


IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time you visit our website, our system automatically collects data and information from the computer system of the computer visiting the website.

The following data is collected:

  1. Browser type and version
  2. Operating system of the user
  3. Internet service provider of the user
  4. IP address of the user
  5. Date and time of access to the website
  6. Websites from which the user’s system has accessed our website

For tracking access, the access data is stored in the log file after being pseudonymised, and analysed without the possibility of being traced. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 (1) lit. f of the GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our IT systems. An analysis of the data for marketing purposes does not take place here.

The legal basis here too is our legitimate interest in the processing of data as per Art. 6 (1) lit. f of the GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required for achieving the purpose for which it was collected. If data is collected for the provision of the website, it is deleted when the respective session has ended. 

If data is stored in log files, it is deleted after seven days at the latest. In this case, the data is deleted or anonymised and therefore cannot be traced back to the user who visited the website.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Thus, there is no possibility of objection on the part of the user.


V. Use of cookies

a) Description and scope of data processing

We use cookies on our website. Cookies are small text files stored in the browser or on the user’s computer by the browser. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be identified when the website is revisited.

The user data collected in this way is pseudonymised by technical means. Therefore, it is no longer possible to use the data to track the user. The data is not stored together with other personal data of the users.

b) Legal basis for data processing

The legal basis for processing personal data using cookies is Art. 6 (1) lit. f of the GDPR.

c) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website are not available without the use of cookies. For these, it is necessary for the browser to be recognised even after a page change.

The user data collected through technically necessary cookies are not used to create user profiles.

e) Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted from it to our website. Therefore, you, as a user, also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all the functions of the website.


VI. E-mail contact

1. Description and scope of data processing

Information that you send to us unencrypted by e-mail could be read by third parties during transmission. We are generally unable to verify your identity and do not know who is hiding behind an e-mail address. Legally secure communication by simple e-mail is therefore not guaranteed. Like many e-mail providers, we use filters against unwanted advertising (SPAM filters), which in rare cases automatically classify even normal e-mails as unwanted advertising by mistake and delete them. E-mails containing harmful programs (viruses) are always automatically deleted by us. Sensitive personal data should be sent to us by post. If you contact us using the e-mail address provided by us, the data transmitted will be stored.

2. Legal bases for data processing

The legal basis for the processing of data transmitted when sending an e-mail is Art. 6 (1) lit. f of the GDPR. If an e-mail is sent to us for the conclusion of a contract or regarding a request within the scope of an existing contract with us, the additional legal basis for the processing is Art. 6 (1) lit. b of the GDPR.

3. Purpose of data processing

In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. Regarding a contract initiation or an existing contractual relationship with us, we process your data to satisfy your request.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5. Possibility of objection and removal

If the user contacts us by e-mail, they can object to the storage of his personal data at any time (at the e-mail address mentioned under I.). In this case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.


VII. Promotional communication via mail, e-mail or telephone

1. Description and scope of data processing

We process personal data, i.e. inventory data (e.g. names, addresses) and contact data (e.g. e-mail addresses, telephone numbers) for marketing purposes, which can take place via various channels, such as e-mail, telephone, post. For example, we send business customers, existing customers and interested parties invitations by post or e-mail to company events, to our trade fair stand or even information about new products. We also send our business customers Christmas greetings by e-mail.

2. Legal bases for data processing
The legal basis for sending promotional communication is either consent given in advance, as per Art. 6 (1) page 1 lit. a of the GDPR, or our legitimate interest to inform and retain our customers, Art. 6 (1) page 1 lit. f of the GDPR). In doing so, we have carefully weighed any conflicting interests of the data subjects.

3. Purpose of data processing
Direct marketing (e.g. by e-mail or post).

4. Possibility of objection and removal

The recipients have the right to revoke consent given at any time or to object to promotional communication at any time. All personal data stored in the course of contacting us will be deleted in this case.


VIII. Service providers

As part of the processing of the website and the maintenance of the technical infrastructure, we commission carefully selected service providers. These service providers are obligated to comply with data protection regulations to the same extent as we are and are not considered outside third parties in the sense of data protection law.


IX. Social media presence

We maintain online presence in social networks in order to communicate with users active there or to offer information about us. We would like to point out that user data may be processed outside the European Union. By accepting the respective purposes and providers, you consent at the same time pursuant to Art. 49 (1) page 1 lit. a of the GDPR that your data may be processed in the USA. The USA is deemed by the European Court of Justice to be a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities, for monitoring and surveillance purposes, possibly also without any legal remedy. Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can thus be created based on the user behaviour and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, where the usage behaviour and interests of the users are stored. Furthermore, data may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them) irrespective of the devices used by the users. For a detailed description of the respective forms of processing and the options to object (opt-out), please refer to the privacy statements and information provided by the operators of the respective networks. In the case of requests for information and the assertion of rights of the data subject, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;
Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Privacy Shield (for ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opt Out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Twitter: Social network; Service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA;
Privacy policy: https://twitter.com/de/privacy, (settings) https://twitter.com/personalization; Privacy Shield (for ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.


X. Plugins, embedded functions, and contents

We use plugins from the Google-operated website YouTube and from Vimeo on our website. A connection to Google’s servers and to Vimeo is only established when you enable the video.

If you are logged into your account on the respective platform, you allow your surfing behaviour to be directly assigned to your personal profile. You can prevent this by logging out of your personal account. For more information on the handling of user data, please refer to Google’s privacy policy at https://www.google.de/intl/de/policies/privacy. For Vimeo, you can find the information on data privacy at https://vimeo.zendesk.com/hc/de/sections/203915088-Datenschutz.


XI. Rights of the data subjects:

If your personal data is processed, you have the right to obtain information about the data stored about you (Art. 15 of the GDPR).

If incorrect personal data is processed, you have a right to rectification (Art. 16 of the GDPR).

If the legal requirements are met, you may request the erasure or restriction of processing, as well as object to processing (Art. 17, 18 and 21 of the GDPR).

If you have consented to the processing or if there is a contract for data processing and the data processing is carried out with the help of automated procedures, you may have a right to data portability (Art. 20 of the GDPR).

If you have consented to the processing and the processing is based on this consent, you can revoke consent at any time for the future. The lawfulness of the data processing based on the consent until the revocation is not affected by this.


XII. Right to lodge a complaint with a supervisory authority:

You have the right to lodge a complaint with the relevant supervisory authority regarding the processing of your personal data by Bayerische Medien Technik GmbH.

The media data officer is the relevant supervisory authority within the meaning of Art. 51 of the GDPR.