Data Protection

Data protection declaration

  1. Data controller

The data controller in the meaning of the General Data Protection Regulations and other data protection laws applicable in the member states of the European Union and other data protection provisions is:

BENDEL WERKZEUGE GmbH & Co. KG

Wilhelm-Schulze Str. 8-10

D-29549 Bad Bevensen

Tel.: +49 5821-9897-0

Fax: +49 5821-9897-10

email: info@bendel.de

Website: www.bendel.de

  1. Data protection officer

Frank Bendel

Wilhelm-Schulze Str. 8-10

D-29549 Bad Bevensen

Tel.: +49 5821-9897-0

Fax: +49 5821-9897-10

email: info@bendel.de

Website: www.bendel.de

 

  1. General information on data processing

The operator of this site takes the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this data protection declaration.

We collect and use the personal data of our users generally only inasmuch as this is necessary to provide a functional and capable website together with our content and services.

Normally the collection and use of the personal data of our users only takes place after user consent. An exception applies in cases where obtaining prior consent is not possible for actual reasons and processing of the data is permitted by statutory regulations.

 

 

  1. Legal basis for processing personal data

The legal basis for the processing of personal data is section 6 of the EU General Data Protection Regulations (subsequently called: GDPR).

In detail:

When processing personal data with prior consent of the affected person, section 5 letter a GDPR is the legal basis for processing.

If personal data are processed which are required to fulfil a contract or pre-contractual measures to which the affected person is a party, section 5 letter b GDPR is the legal basis.

Section 6 letter c GDPR is the legal basis if the processing of personal data is required to meet a legal obligation to which our company is subject. Section 6 letter d GDPR is the legal basis if vital interests of the affected person or another natural person necessitate the processing of personal data.

If the processing is necessary to maintain a justified interest of our company or a third party and the interests, basic rights and basic freedoms of the affected person do not outweigh the first-mentioned interest, section 6 paragraph 1 letter f GDPR is the legal basis for processing.

The personal data of the affected person are deleted or blocked as soon as the purpose of storage has lapsed. Storage may last beyond if this is provided for by the European or national legislator in regulations, laws or other regulations under Union law to which the controller subject. Data are also blocked or deleted if a storage period mandated by the standards mentioned expires unless there is a need for continued storage of the data for concluding or fulfilling a contract.

  1. Server log files

Each time our website is visited our system collects automated data and information from the computer system of the calling computer. The site provider collects and stores automatically information in so-called log files which your browser transmits automatically to us.

The following data are collected:

  • browser type and browser version
  • operating system used
  • referrer URL
  • host name of the accessing computer
  • time of server query

The data are stored in the log files of our system.

Unaffected are the IP addresses of the user or other data which enable the assignment of the data to a user. These data cannot be assigned to a specific person. These data are not merged with other data sources. Storage of these data together with other personal data of the user does not take place.

  1. Legal basis

The legal basis for the temporary storage of the data is section 6 paragraph 1 letter f GDPR.

  1. Purpose of storage

The log files are stored to ensure the functionality of the website. The company also uses the data to optimise the website and ensure the security of our information technology systems. The data are not utilised for marketing purposes in this context.

These purposes also constitute our justified interest in the data processing in accordance with section 6 paragraph 1 letter f GDPR.

  1. Deletion

The data are deleted as soon as they are no longer required for achieving the purpose of their collection. In the case of the collection of data for providing the website this is when the respective session has ended. In the case of the storage of the data in log files this takes place after seven days at the latest.

  1. Opportunity to object

For the operation of the website the collection of the data for providing the website and storing the data in log files is essential. For this reason the user does not have an opportunity to object in this case.

  1. Cookies

This website uses cookies. Cookies ar small text files placed on the computer of the user and stored in the browser of the user. Cookies do not cause any harm on the computer of the user and do not contain viruses. If a user opens a website, a cookie can be stored on the operating system of the user. This cookie contains a characteristic string which permits the unique identification of the browser when the website is opened again. These cookies thus enable the browser of the user to be recognised at the next visit.

When opening our website the user is informed about the use of cookies for analysis purposes and his consent for processing the personal data used in this context obtained. In this context a reference to this data protection declaration is also provided.

  1. Legal basis

The legal basis for the processing of personal data using cookies is section 6 I letter f GDPR. The legal basis for the processing of personal data using cookies for analysis purposes with the corresponding consent of the user is section 6 paragraph 1 letter a GDPR.

  1. Purpose

The purpose of using cookies is to simplify websites for the user. These purposes also constitute our justified interest in the processing of personal data in accordance with section 6 paragraph 1 letter f GDPR.

  1. Deletion and disabling

Most of the cookies used by us are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them.

You can configure your browser to be informed when cookies are being placed and to only permit cookies in individual cases, refuse the acceptance of cookies for specific cases or generally and to automatically delete the cookies when the browser is closed. If cookies are disabled, it might limit the functionality of this website.

  1. Third party cookies

This website does not use third party cookies, such as:

  1. Google Analytics
  2. Google Maps

 

  1. Contact form and email contact

Our website includes a contact form which an be used to make contact electronically. If a user makes use of this option, the data entered in the input masks are transmitted to us and stored. These data are:

  1. Title
  2. Name
  3. Company
  4. Email
  5. Address
  6. Subject

At the time of message transmission the IP address of the user and the date and time of registration are also stored.

For the processing of the data your consent is obtained during the transmission process and reference is made to this data protection declaration. The user can also contact the company via the email address provided in the imprint. In this case the personal data of the user transmitted in the email will be stored.

No data are disclosed to third parties in this context. The data are used exclusively to process the conversation.

  1. Legal basis

The legal basis for the processing of the data with the consent of the user is section 6 paragraph 1 letter a GDPR. The legal basis for processing the data transmitted during an email transmission is section 6 paragraph 1 letter f GDPR. If the email contact is aimed at the conclusion of a contract, the legal basis for processing is additionally section 6 paragraph 1 letter b GDPR.

  1. Purpose

The company uses the processing of the personal data from the contact form exclusively to process the contact request. In case of contact by email this also constitutes the necessary justified interest in processing the data.

The other personal data processed during the transmission process are used to prevent a misuse of the contact form and ensure the security of our information technology systems.

  1. Deletion

The data from the contact form are deleted as soon as they are no longer required for achieving the purpose of their collection. For the personal data from the input mask of the contact form and those transmitted by email this is the case when the respective conversation with the user has ended. The conversation has ended when it is apparent from the circumstances that the matter concerned has been conclusively clarified.

The personal data additionally collected during the transmission process are deleted after a period of seven days at the latest.

  1. Revocation

The user has the option at any time to revoke his consent to the processing of the personal data.

If the user makes contact with the company by email he can object to the storage of his personal data at any time. In such a case the conversation and any further contract initiation cannot be continued.

The user can also revoke his consent by other means. The revocation can also be oral, e.g. by phone, or in writing.

In this case all personal data stored during the contact request are deleted.

  1. Disclosure of data

Transmission of your data to third parties for purposes other than those listed below does not take place.

We only disclose your personal data to third parties if:

  • you have explicitly granted your consent in accordance with section 6 paragraph 1 clause 1 letter a GDPR,
  • disclosure is necessary in accordance with section 6 paragraph 1 clause 1 letter f GDPR to assert, exercise of defend legal claims and there is no reason to assume that you have an overriding protection interest in the non-disclosure of your data, in particular we will ask Creditreform to verify your address data and credit rating.
  • there is a statutory obligation for disclosure in accordance with section 6 paragraph 1 clause 1 letter c GDPR, and
  • this is permitted by law and required in accordance with section 6 paragraph 1 clause 1 letter b for the handling of contractual relationships with you.
  1. a) PayPal

The personal data we collect are disclosed during contract processing to the transport company commissioned for delivery if this is necessary to delivery the goods. The disclosure only covers data required for delivering the goods.

Here, the legal basis is section 6 I clause 1 letter b GDPR.

For payment using PayPal, credit card via PayPal, debit via PayPal or – if offered – “Purchase on account” via PayPal we forward your payment data during the payment processing to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (subsequently called “PayPal”). For the payment methods credit card via PayPal, debit via PayPal or – where offered – “Purchase on account” via PayPal, PayPal reserves the right to carry out a credit check.. PayPal uses the result of the credit check in relation to the statistical payment default probability to decide about providing the respective payment method. The credit check may include probability values (so-called scores). Where scores enter into the result of the credit check, these are based on a scientific recognised mathematical-statistical method. Your address data, amongst others, contribute to the calculation of the scores. For other data protection information, such as the credit rating agencies used, please refer to the data protection declaration of PaypPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

 

 

  1. b) Trusted Shops

To display our Trusted Shops quality seal and any evaluations collected and to offer the Trusted Shop products for buyers after an order, the Trusted Shop trust bade has been integrated with this website.

This is used to maintain our overriding justified interests within the balancing of interests for the optimum marketing of our offer. The trust badge and the services acquired through it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, Cologne.

When opening the trust badge the web server automatically stores a so-called server log file which includes e.g. your IP address, data and time of the call, transmitted data volume and the querying provider (access data) and documents the call. These access data are not analysed and are automatically overwritten seven days after the end of your site visit at the latest.

Other personal data are only transmitted to Trusted Shops if you after completing an order decide on the use of Trusted Shop products or have already registered for their use. In this case the contractual agreement entered into between you and Trusted Shop applies.

The following data are collected:

  • browser type and browser version
  • operating system used
  • referrer URL
  • host name of the accessing computer
  • time of server query
  1. Legal basis

The legal basis for the temporary storage of the data is section 6 paragraph 1 letter f GDPR.

  1. Purpose of storage

The log files are stored to ensure the functionality of the website. The company also uses the data to optimise the website and ensure the security of our information technology systems. The data are not utilised for marketing purposes in this context.

These purposes also constitute our justified interest in the data processing in accordance with section 6 paragraph 1 letter f GDPR.

  1. Deletion

The data are deleted as soon as they are no longer required for achieving the purpose of their collection. In the case of the collection of data for providing the website this is when the respective session has ended. In the case of the storage of the data in log files this takes place after seven days at the latest.

  1. Opportunity to object

For the operation of the website the collection of the data for providing the website and storing the data in log files is essential. For this reason the user does not have an opportunity to object in this case.

  1. Rights of the affected person

The operator of this site takes the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this data protection declaration.

If your personal data are being processed you are the affected person in the meaning of GDPR and you have the following rights against the data controller:

  1. Right to information

You can request from the data controller a confirmation of whether personal data concerning you are processed by us.

If such processing exists, you may request the following information from the data controller:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data which are processed;
  3. the recipients or categories of recipients to which the personal data concerning you were disclosed or are still being disclosed;
  4. the planned duration of storage of the personal data concerning you or, if not concrete information is available on this, the criteria for defining the storage duration;
  5. the existence of a right to correction or deletion of the personal data concerning you, a right to limit the processing by the data controller or a right to object against this processing;
  6. the existence of a right to complain to a supervisory authority;
  7. all available information about the origin of the data if the personal data are not collected from the affected person;
  8. the existence of automated decision-making, including profiling, in accordance with section 22 paragraph 1 and 4 GDPR and –at least in those cases –meaningful information about the logic involved and the scope and desired results of such processing for the affected person.

You have the right to request information as to whether the personal data concerning you are transmitted to a third country or an international organisation. In this context  you may demand to be informed about the suitable guarantees in accordance with section 46 GDPR in connection with the transmission.

  1. Right to correction

You have a right to correction and/or completion against the data controller if the processed personal data concerning you are incorrect or incomplete. The controller must make the corrections without delay.

  1. Right to limit processing

Under the following conditions you can demand the limitation of the processing of the personal data concerning you:

  1. if you dispute the correctness of the personal data concerning you for a duration which enables the controller to check the correctness of the personal data;
  2. if the processing is illegal and you object to the deletion of the personal data and instead demand a limitation of the use of the personal data;
  3. if the controller no longer needs the personal data for the purpose of processing but you need them to assert, exercise or defend legal claims; or
  4. if you have objected to the processing in accordance with section 21, paragraph 1 GDPR and it has not yet been determined whether the justified reasons of the controller outweigh your reasons.

If the processing of the personal data concerning you has been limited, these data –except for their storage – may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the Union or a member state.

If the processing is limited in accordance with the above-mentioned conditions you will be informed by the controller before the limitation is lifted.

  1. Right to deletion
  2. a) Deletion obligation

You may demand from the controller that the personal data concerning you are deleted without delay, and the controller must delete these data without delay, if one of the following reasons applies:

  1. The personal data concerning you are no longer needed for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent on which the processing was based in accordance with section 6 paragraph 1 letter a or section 9 paragraph 2 letter a GDPR and there is no other legal basis for the processing.
  3. You object against the processing in accordance with section 21 paragraph 1 GDPR and there are no priority justified reasons for processing, or you object to processing in accordance with section 21 paragraph 2 GDPR.
  4. The personal data concerning you were processed illegally.
  5. The deletion of the personal data concerning you is necessary to meet a legal obligation under Union law or the law of the member states to which the controller is subject.
  6. The personal data concerning you were collected in relation to services offered by the information society in accordance with section 8 paragraph 1 GDPR.

If the controller has made the personal data concerning you public and is obliged to delete them in accordance with section 17 paragraph 1 GDPR, he will take reasonable measures, taking into account the available technology and implementation costs, including of technical kind, to inform the data controllers processing the personal data that you as the affected persion have demanded the deletion of all links to these personal data or of copies or replications of these personal data.

The right to deletion does not exist inasmuch as processing is necessary

  1. to exercise the right to freedom of speech and information;
  2. to meet a legal obligation requiring the processing in accordance with the law of the Union or the member states to which the controller is subject or to discharge a duty in the public interest or exercise public authority delegated to the controller;
  3. for reasons of public interest in the area of public health in accordance with section 9 paragraph 2 letter h and i and section 9 paragraph 3 GDPR;
  4. for archiving purposes in the public interest, scientific or historic research purposes or for statistical purposes in accordance with section 89 paragraph 1 GDPR to the extent that the right specified in paragraph a) would likely make the realisation of the purposes of this processing impossible or impede it seriously; or
  5. to assert, exercise or defend legal claims.
  1. Right to information

If you have asserted the right to correction, deletion or limitation of processing against the controller he must communicate this correction or deletion of the data or limitation of processing to all recipients to whom the personal data concerning you were disclosed unless this proves to be impossible or related to a disproportionate expense.

You have the right against the controller to be informed about these recipients.

  1. Right to data transmission

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, common and machine-readable format. You also have the right to transmit these data to another data controller without hindrance by the controller, to which the personal data were provided, if

  1. the processing is based on a consent in accordance with section 6 paragraph 1 letter a GDPR or section 9 paragraph 2 letter a GDPR or a contract in accordance with section 6 paragraph 1 letter b GDPR, and
  2. processing takes place using automated procedures.

    When exercising this right you further have the right to ensure that the personal data concerning you are transmitted directly from one controller to another controller as far as this is technically possible. This must not impair freedoms and rights of third persons.

The right to data transmission does not apply to the processing of personal data required for discharging a duty in the public interest or exercising public authority transferred to the controller.

  1. Right to objection

You have the right for reasons resulting from your specific situation to object at any time against the processing of the personal data concerning you which takes place in accordance with section 6 paragraph 1 letter e or f GDPR; this also applies to profiling based on these provisions.

The controller no longer processes the personal data concerning you unless he can prove compelling protected rights for the processing which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims.

If the personal data concerning you are processed to carry out direct marketing you have the right to object at any time against the processing of the personal data concerning you for the purposes of such marketing; this also applies to profiling inasmuch as this is connected to such direct marketing.

If you object to the processing for purposes of direct marketing, the personal data concerning you will no longer be processed for these purpose.

You have the opportunity in connection with the use of services of the information society – irrespective of Directive 2002/58/EC – to exercise your right to objection using automated procedures in which technical specifications are used.

  1. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation does not affect the legality of processing having taken place on the basis of the consent up to the revocation.

  1. Automated decision in individual cases including profiling

You have the right not to be subjected to a decision based exclusively on automated processing – including profiling – which takes legal effect against you or significantly affects you in a similar manner. This does not apply if the decision

  1. is necessary for concluding or fulfilling a contract between you and the controller,
  2. is permitted on the basis of legal regulations of the Union or the member states to which the controller is subject and these legal regulations includes appropriate measures for preserving your rights and freedoms and justified interests, or
  3. is taken with your explicit consent.

However, these decisions may not be based on special categories of personal data in accordance with section 9 paragraph 1 GDPR unless section 9 paragraph 2 letter a or g GDPR applies and appropriate measures were taken to protect the rights and freedoms and your justified interests.

With regard to the cases mentioned in (1) and (3) the controller takes appropriate measures to preserve the rights and freedoms and your justified interests, which includes as a minimum the right to affect the intervention of a person on behalf of the controller to explain his own position and appeal the decision.

  1. Right to complain to a supervisory authority

Notwithstanding any other administrative or judicial remedies you have the right to complain to a supervisory authority, in particular in the member state of your place of residence, your workplace or the location of the alleged violation, if you are of the opinion that the processing of the personal data concerning you violates the GDPR.

The supervisory authority to which the complaint has been submitted informs the complainant about the status and results of the complaint, including the option of judicial remedies in accordance with section 78 GDPR.