Privacy Policy

Privacy Policy pursuant to Article 13 GDPR

With the following information, we inform you about the processing of personal data when using this website, about your rights under the General Data Protection Regulation (GDPR), and about the use of cookies and similar technologies pursuant to Section 25 TDDDG.

We process personal data when you visit this website or communicate with us, for example by email. In addition, depending on your selection in the privacy settings, external content such as web fonts or embedded media may be loaded.

Typical categories of data:

Access data, for example IP address, date/time, page accessed, referrer URL, browser/device information

Communication data, for example name, email address, message content

Consent/settings data, for example consent status, time/version of your selection

We use technologies that may store information on your device or access information on your device, for example cookies or comparable technologies.

Technically necessary technologies are used on the basis of Section 25 (2) TDDDG, insofar as they are necessary to provide a digital service expressly requested by you. The related processing of personal data is generally carried out on the basis of Article 6 (1) lit. f GDPR.

Technologies requiring consent, for example the subsequent loading of external content, are used — where applicable — only after you have given your consent, pursuant to Section 25 (1) TDDDG and Article 6 (1) lit. a GDPR.

You can change your selection on the website at any time and withdraw any consent you have given with effect for the future.

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is:

phG: LINDEMANN GmbH & Co. KG
Büromöbelfabrik
Managing Directors: Ralph Lindemann, Marc Lindemann
Heusingerstrasse 12-16
12107 Berlin
Germany

Phone: +49 30 74 00 0678
Email: [email protected]

You can contact our Data Protection Officer at:

Barth Regelwerk GmbH
Achim Barth
Brunnengasse 3
73650 Winterbach
Germany

Email: [email protected]

The servers of our website are operated by the provider CloudFlare, Canada. We have concluded a data processing agreement with the provider pursuant to Article 28 GDPR. The legal basis for the use of external hosting is the performance of a contract with our potential and existing customers pursuant to Article 6 (1) lit. b GDPR, as well as our legitimate interest in the secure and high-performance provision of our website pursuant to Article 6 (1) lit. f GDPR.

Each time our website is accessed, the web server of our system records information from the device used. The following data is collected by us:

Information about the browser type

Operating system of the user’s device

Date and time of access

The previous website from which the user accessed our websites, referrer

We collect IP addresses only in anonymised form; therefore, we do not store any personal data within the meaning of the GDPR in our log files.

You have the option of contacting us by email, telephone, contact form or letter. This may involve the processing of personal data. We process your data in order to handle and respond to your enquiry. We will not pass on your data to third parties without your consent.

The legal basis for the processing is our legitimate interest in effectively handling your enquiry pursuant to Article 6 (1) lit. f GDPR.

When contacting us by email, we store your email address and the information contained in the email. In the case of the contact form, your IP address is also recorded in pseudonymised form in addition to the information provided in the contact form. If you contact us by letter, your sender address and the content of the letter are stored. If you contact us by telephone, we collect personal data depending on the individual case.

We store your data until you request that we delete it or until the purpose of processing, namely handling your enquiry, has been fulfilled.

As a data subject, you have the following rights under the EU General Data Protection Regulation (GDPR):

Right of access, Article 15 GDPR

You have the right to request information about which personal data concerning you is stored, the purpose for which it is processed, from which recipients it was received or to whom it is disclosed, and how long it is stored.

Right to rectification, Article 16 GDPR

You may request the immediate rectification of inaccurate personal data or the completion of incomplete personal data.

Right to erasure, “right to be forgotten”, Article 17 GDPR

Under certain conditions, you may request the erasure of your personal data, for example if it is no longer necessary for the purposes for which it was collected or if you have withdrawn your consent.

Right to restriction of processing, Article 18 GDPR

You have the right to request the restriction of the processing of your personal data, for example if you contest the accuracy of the data or if the processing is unlawful but you request restriction of processing instead of erasure.

Right to data portability, Article 20 GDPR

You may request that the personal data concerning you which you have provided to us be transmitted to you in a structured, commonly used and machine-readable format — or that we transfer this data directly to another controller.

Right to object, Article 21 GDPR

You have the right to object at any time to the processing of your personal data where the processing is based on the legitimate interests of our company or on the performance of a task carried out in the public interest. If the objection is justified, we will cease processing unless there are compelling legitimate grounds for the processing.

Withdrawal of consent, Article 7 GDPR

If you have given us your consent, you may withdraw it at any time with effect for the future without stating reasons.

Right to lodge a complaint with a supervisory authority, Article 77 GDPR

Without prejudice to any other administrative or judicial remedies, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

Right to object on grounds relating to your particular situation

You have the right, on grounds relating to your particular situation, to object at any time to the processing of data concerning you which is carried out on the basis of Article 6 (1) lit. f GDPR, data processing based on a balancing of interests.

Right to object to the processing of data for advertising purposes

You have the right to object at any time to the processing of data concerning you for the purpose of direct marketing. This also applies to profiling insofar as it is related to such direct marketing. The objection may be made informally.

Type and scope of processing

If you register on our website to receive our newsletter, we collect your email address as well as your surname, first name and form of address, and store this information together with the date of registration and your IP address. You will then receive an email in which you must confirm your registration for the newsletter, double opt-in. If you do not confirm your registration, it will automatically expire and the data will not be processed for newsletter dispatch.

We use a service provider to send the newsletter, which processes your personal data on our behalf pursuant to Article 28 GDPR. Your data will not be disclosed to third parties.

Purpose and legal basis

We process your data for the purpose of sending the newsletter on the basis of your consent pursuant to Article 6 (1) lit. a GDPR. By unsubscribing from the newsletter, you may withdraw your consent at any time with effect for the future pursuant to Article 7 (3) GDPR. There is no statutory or contractual obligation to provide your data; however, the newsletter cannot be sent without the provision of your data.

Information about your right to object pursuant to Article 21 GDPR

Right to object on grounds relating to your particular situation

You have the right, on grounds relating to your particular situation, to object at any time to the processing of data concerning you which is carried out on the basis of Article 6 (1) lit. f GDPR, data processing based on a balancing of interests.

Right to object to the processing of data for advertising purposes

You have the right to object at any time to the processing of data concerning you for the purpose of direct marketing. This also applies to profiling insofar as it is related to such direct marketing. The objection may be made informally.

We use the service “Cloudflare” on our website to improve security, performance and reliability. The provider is Cloudflare, Inc. “Cloudflare”, 101 Townsend St., San Francisco, CA 94107, USA.

The legal basis for the use of Cloudflare is our legitimate interest pursuant to Article 6 (1) lit. f GDPR in improving website performance, increasing security and protecting our website against malicious attacks.

The data processed by Cloudflare includes your IP address, browser and device information, time and location of your visit, information about your interaction with the website, and Cloudflare may set cookies.

The purpose of the data processing is to improve website security, optimise performance and protect against malicious traffic.

Cloudflare states that logs are stored by default for up to 12 months. You can find this information in Cloudflare’s privacy policy in the “Data retention” section at:
https://www.cloudflare.com/privacypolicy/

It cannot be ruled out that personal data may be transferred to unsafe third countries, USA, where the level of data protection may be lower than in the EU. Cloudflare is certified under the EU-US Data Privacy Framework, which governs the secure processing of EU citizens’ data in the USA. We have concluded a data processing agreement with Cloudflare, which ensures that personal data is processed only in accordance with our instructions and in compliance with the GDPR.

Further information on Cloudflare’s privacy policy is available at:
https://www.cloudflare.com/privacypolicy/

Information on the cookies set is available at:
https://www.cloudflare.com/cookie-policy/

Type and scope of processing

We use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via a single interface and enables us to control the precise integration of services on our website.

This allows us to flexibly integrate additional services in order to evaluate users’ access to our website.

Purpose and legal basis

The use of Google Tag Manager is based on your consent pursuant to Article 6 (1) lit. a GDPR and Section 25 (1) TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular to the USA. Data transfer to the USA takes place pursuant to Article 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework, EU-U.S. DPF.

In cases where no adequacy decision by the European Commission exists, including US companies that are not certified under the EU-U.S. DPF, we have agreed other appropriate safeguards with the recipients of the data within the meaning of Articles 44 et seq. GDPR. Unless otherwise stated, these are the standard contractual clauses of the European Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at:
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE

In addition, before such a transfer to a third country, we obtain your consent pursuant to Article 49 (1) sentence 1 lit. a GDPR, which you provide via the consent manager or other forms, registrations, etc. We inform you that third-country transfers may involve risks that are not known in detail, for example data processing by security authorities of the third country, the exact scope and consequences of which we do not know, over which we have no influence and of which you may not become aware.

Storage period

We have no influence over the specific storage period of the processed data; this is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager:
https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

Type and scope of processing

We use Plausible Analytics by Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia, as an analytics service for the statistical evaluation of our online offering. This includes, for example, the number of views of our online offering, visited subpages and the time visitors spend on the website. This information is used, among other things, to compile reports on website activity.

Plausible Analytics does not use cookies, does not store information in the browser and does not collect personal data from visitors.

Purpose and legal basis

The use of Plausible Analytics is based on your consent pursuant to Article 6 (1) lit. a GDPR and Section 25 (1) TDDDG.

Storage period

We have no influence over the specific storage period of the processed data; this is determined by Plausible Insights OÜ. Further information can be found in the privacy policy for Plausible Analytics:
https://plausible.io/data-policy

We use the service “Sentry” on our website to monitor and track errors and performance issues. The provider is Functional Software, Inc. “Sentry”, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.

The legal basis for the use of Sentry is our legitimate interest pursuant to Article 6 (1) lit. f GDPR in monitoring and improving the stability, security and performance of our website by identifying and resolving technical errors.

The data processed by Sentry includes your IP address, error and performance data, device and browser information, as well as details of your interaction with the website; Sentry may also set cookies to support its functionality.

The purpose of the data processing is to monitor, detect and resolve application errors and performance issues.

It cannot be ruled out that personal data may be transferred to unsafe third countries, USA, where the level of data protection may be lower than in the EU. Sentry is certified under the EU-US Data Privacy Framework, which governs the secure processing of EU citizens’ data in the USA. We have concluded a data processing agreement with Sentry, which ensures that personal data is processed only in accordance with our instructions and in compliance with the GDPR.

Further information on Sentry’s privacy policy is available at:
https://sentry.io/privacy/

We maintain so-called fan pages, accounts or channels on the networks listed below in order to provide you with information and offers within social networks and to offer you further ways of contacting us and finding out about our services. Below we inform you which data we or the respective social network process from you in connection with accessing and using our fan pages/accounts.

If you wish to contact us via messenger or direct message through the respective social network, we generally process the username through which you contact us and store any further data you provide, insofar as this is necessary to process/respond to your enquiry.

The legal basis is Article 6 (1) sentence 1 lit. f GDPR, processing is necessary to protect the legitimate interests of the controller.

We receive automatically provided statistics about our accounts via insights functions. The statistics include, among other things, the total number of page views, likes, information on page activities and post interactions, reach, video views, and information on the proportion of men/women among our fans/followers.

The statistics contain only aggregated data and cannot be attributed to individual persons. You cannot be identified by us through this data.

In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network, and no user account for the respective social network is required in this respect.

However, please note that when the respective social network is accessed, the social networks also collect and store data from website visitors without a user account, for example technical data in order to display the website to you, and use cookies and similar technologies over which we have no influence. Details can be found in the privacy policies of the respective social network.

If you wish to interact with the content on our fan pages/accounts, for example by commenting on, sharing or liking our posts/contributions and/or contacting us via messenger functions, prior registration with the respective social network and the provision of personal data are required.

We have no influence over the data processing carried out by the social networks when you use them. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, and also for the analysis of usage behaviour, using cookies, pixels/web beacons and similar technologies, on the basis of which advertising tailored to your interests is displayed both within and outside the respective social network. It cannot be ruled out that your data may also be stored by the social networks outside the EU/EEA and disclosed to third parties.

Information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion, and guidelines on the use of cookies and similar technologies in connection with registration and use of the social networks can be found in the privacy policies/cookie policies of the social networks. There you will also find information on your rights and options to object.

Instagram page

When you visit our Instagram page, Instagram collects, among other things, your IP address and other information stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Further information on this is provided by Instagram at the following link:
https://facebook.com/help/pages/insights

The statistical information transmitted to us does not allow us to draw conclusions about individual users. We use it only to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We collect your data via our fan page only in order to enable communication and interaction with us. This collection generally includes your name, message content, comment content and the profile information you have made “publicly” available.

The processing of your personal data for the above-mentioned purposes is carried out on the basis of our legitimate business and communication interest in offering an information and communication channel pursuant to Article 6 (1) lit. f GDPR. If you, as a user, have given consent to the respective provider of the social network for data processing, the legal basis for the processing also extends to Article 6 (1) lit. a and Article 7 GDPR.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorised to have full access to your data. For this reason, only the provider can directly take and implement appropriate measures to fulfil your user rights, such as requests for access, deletion requests, objection, etc. The most effective way to assert corresponding rights is therefore directly against the respective provider.

We are jointly responsible with Instagram for the personal content of the fan page. Data subject rights may be asserted against Facebook Ireland as well as against us.

The primary responsibility for the processing of Insights data under the GDPR lies with Instagram, and Instagram fulfils all obligations under the GDPR with regard to the processing of Insights data. Facebook Ireland provides the essential content of the Page Insights Addendum to data subjects.

We do not make any decisions regarding the processing of Insights data or any other information arising from Article 13 GDPR, including the legal basis, identity of the controller and storage period of cookies on user devices.

Further information is available directly from Instagram, addendum with Facebook:
https://www.facebook.com/legal/terms/page_controller_addendum

LinkedIn page

LinkedIn is a social network operated by LinkedIn Inc., based in Sunnyvale, California, USA, which enables the creation of private and professional profiles for natural persons and company profiles. Within the social network, users can maintain existing contacts and establish new ones. Companies and other organisations can create profiles on which photos and other company information can be uploaded in order to present themselves as employers and recruit employees. Other LinkedIn users have access to this information and can write their own articles and share this content with others. The focus of the network is professional exchange on specialist topics with people who share the same professional interests.

When using or visiting the network, LinkedIn automatically collects data from users or visitors during use or visit, for example username, job title and IP address. This is done using various tracking technologies. Based on the data collected in this way, LinkedIn provides users with information, offers and recommendations, among other things.

We collect your data via our company profile only in order to enable communication and interaction with us. This collection generally includes your name, message content, comment content and the profile information you have made “publicly” available.

The processing of your personal data for the above-mentioned purposes is carried out on the basis of our legitimate business and communication interest in offering an information and communication channel pursuant to Article 6 (1) lit. f GDPR. If you, as a user, have given consent to the respective provider of the social network for data processing, the legal basis for the processing also extends to Article 6 (1) lit. a and Article 7 GDPR.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorised to have full access to your data. For this reason, only the provider can directly take and implement appropriate measures to fulfil your user rights, such as requests for access, deletion requests, objection, etc. The most effective way to assert corresponding rights is therefore directly against the respective provider.

We are jointly responsible with LinkedIn for the personal content of our company profile. Data subject rights may be asserted against LinkedIn Inc. as well as against us.

We do not make any decisions regarding the data collected on the LinkedIn page using tracking technologies.

Further information about LinkedIn is available at:
https://about.linkedin.com

Further information on data protection at LinkedIn is available at:
https://www.linkedin.com/legal/privacy-policy

Further information on the storage period/deletion and guidelines on the use of cookies and similar technologies in connection with registration and use of LinkedIn is available at:
https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy

This privacy policy is provided and maintained by Barth Regelwerk GmbH .