Pricacy Policy

Pursuant to Art. 4(7) GDPR, the controller responsible for data processing is the natural or legal person who determines the purposes and means of the processing of personal data.

The controller responsible for this offering is:

Bleispitz GmbH
Grünwalder Weg 32d
D-82041 Oberhaching Germany

Phone: +49 (0) 89 3575738-0

Fax: +49 (0) 89 3575738-10

Email: info@bleispitz.de

Information about Bleispitz GmbH

VAT Identification No.
DE813408584 

Commercial Register Entry:
Local Court (Amtsgericht) Munich
HRB 141509

Managing Director authorized to represent the company:
Enno Miedl

Data Protection Officer:
Our Data Protection Officer can be contacted at:

• Bleispitz GmbH
  Data Protection Officer
  Grünwalder Weg 32d
  D-82041 Oberhaching
  
  Phone: +49 (0) 89 4508168-90
  Email: datenschutz@bleispitz.de

and is available via the above contact details.

The security of your data is of great importance to us. We treat your personal data confidentially and in accordance with the applicable statutory data protection provisions.

We implement appropriate and proportionate technical and organizational security measures in order to protect data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties.

We regularly review the suitability and adequacy of our security measures and will adapt them in line with general technological developments.

Please note that data transmission over the Internet may be subject to security vulnerabilities. Complete protection of data against unauthorized access is not possible. In particular, when communicating by email, we cannot guarantee full data security. Data that you transmit to us via standard, unencrypted email may be accessed by unauthorized third parties during transmission. We therefore recommend that, when sending information requiring a heightened level of protection, you use postal mail or apply appropriate encryption methods to your email content.

For the secure operation of our IT and communication solutions, we have engaged specialized service providers. These engagements include:

• Infrastructure services
• Computing capacity
• Storage space
• Database services
• Email communication
• Security services
• Technical maintenance services

In the course of performing the commissioned activities, these service providers necessarily obtain access to personal data processed by us and/or are directly involved in such processing.

In particular, the following processors are engaged:

• Microsoft Ireland Operations Limited
  One Microsoft Place, South County Business Park, Leopardstown Dublin 18, Ireland
• STRATO AG
  Otto-Ostrowski-Straße 7, 10249 Berlin, Germany
• PC Personal Coach Stefan Landstorfer
  Westerhamer Weg 16, 82024 Taufkirchen, Germany

If you use this website or our other communication channels, one or more of the above-mentioned processors may act as recipients of your personal data within the meaning of Art. 4 GDPR in the context of the services described above. Data processing agreements pursuant to Art. 28 GDPR have been concluded with these processors.

Connection Security / Transport Encryption

The data you submit via the forms on this website are transmitted from your device to the server used by us using SSL or TLS encryption in order to protect the transmission. You can recognize this encrypted connection by the address line of your browser, which will display “https://” instead of “http://”. In most cases, the encrypted connection is also indicated by a padlock symbol next to the address.

Further details regarding the security measures implemented by us can be found in the security information within your account.

Cookies and Similar Technologies

Our website uses cookies and similar technologies. These are small text files that are stored on your device and managed by your browser.

Technically Necessary Cookies

We use technically necessary cookies that are required for the operation and basic functions of our website. These cookies enable, in particular:

• the maintenance of user sessions
• login to password-protected areas
• the implementation of access authorizations (user accounts)
• the storage of functional settings (e.g., permanently hiding certain content)

These cookies do not serve purposes of analysis, tracking, or the creation of user behavior profiles.

The processing of the information stored in this context is carried out on the basis of Section 25 (2) No. 2 TDDDG as well as Art. 6 (1)(f) GDPR (legitimate interest in the secure, stable, and user-friendly provision of our website).

Session cookies are generally deleted automatically at the latest when you end your visit (by closing your browser).

Cookies and Third-Party Content

If services provided by third parties (e.g., map or appointment booking services) are integrated into our website, these providers may use their own cookies or comparable technologies. We have no influence over the nature and scope of such data processing.

Such content is only loaded after you have given your consent. Processing is then carried out on the basis of Art. 6 (1)(a) GDPR in conjunction with Section 25 (1) TDDDG.

Further information regarding the third-party providers used can be found in the respective sections of this privacy policy.

Data Retention for Error Analysis and IT Security: Database Logs

In the course of operating this offering, we store log entries in our database for the purposes of error analysis and security relating to certain incidents. These may include:

• IP address
• requested document
• referrer document
• access timestamp

The storage and evaluation of these data are based on our legitimate interest (Art. 6 (1)(f) GDPR) in ensuring the most disruption-free and error-free provision of our services, as well as on Art. 6 (1)(c) GDPR, insofar as this enables us to fulfill our statutory obligations regarding technical and organizational security measures (traceability of access).

Case-specific log data are generally effectively anonymized after no later than seven days (hash/salt function with changing salt).

Should data from log entries be retained beyond this period, this will occur exclusively for the purpose of preserving evidence in preparation for criminal or civil legal proceedings in a specific case.

Data Retention for Error Analysis and IT Security: Server Logs

In the course of hosting this offering, we or the service provider engaged by us generate access and error logs (so-called log files) for the purposes of error analysis. These may include:

• IP address in anonymized form
• requested document
• referrer document
• browser type/version used
• operating system used
• device type used
• access timestamp

These access and error logs are generally anonymized within 24 hours and subsequently deleted within approximately six weeks.

In parallel, our server generates anonymized access statistics on the basis of the aforementioned access logs and uses the non-anonymized log data as described above for this purpose.

The storage and evaluation are based on our legitimate interest (Art. 6 (1)(f) GDPR) in ensuring the most disruption-free and error-free provision of our services and in being able to roughly estimate data access volumes per user and overall.

Contact Form

You may contact us within this online offering via an inquiry form. In addition to the message text, your name and email address (for responding to your inquiry) are required.

If you wish, you may also provide additional – potentially personal – data to further specify and expedite the processing of your inquiry (e.g., your telephone number if you request a callback).

By submitting the form, a legal basis for processing your data arises within the meaning of Art. 6 (1)(b) GDPR for handling your inquiry: the data processing takes place in the context of pre-contractual measures or for the performance of an existing contract. Alternatively, we rely on Art. 6 (1)(f) GDPR for processing your inquiry – we have a legitimate interest in processing the data you transmit via our contact form for the purpose of handling your request.

The data processed via the contact or inquiry form are used exclusively for the purpose of handling your specific request. In the context of processing for the aforementioned purpose, and apart from the disclosures to our technical service providers described in this privacy policy, we do not intend to transfer your data to additional recipients or to third countries.

Your data will be deleted no later than seven days after the purpose of processing ceases to apply, unless statutory retention obligations prevent deletion.

Video Content from YouTube

We have integrated content from the video platform “YouTube” into our website. The operating company of YouTube is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066 (USA). YouTube LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 (Ireland).

If you are logged into your YouTube user profile while using our website, YouTube will recognize which specific subpage of our website you visit and at what time when you access pages containing YouTube videos. This information may be collected by YouTube and Google and assigned to your YouTube account. Information about your visit to our website will be transmitted to YouTube if you are logged in there, regardless of whether you actually watch a YouTube video.

YouTube and Google are U.S.-based providers, meaning that your data may also be processed outside the European Economic Area, on servers in the United States.

The U.S. company used by us is certified under the Data Privacy Framework (DPF). The legal basis is therefore the EU-U.S. Data Privacy Framework. For data collected for analysis purposes, your consent is additionally required.

The purpose of processing is our marketing interest – the technically optimized, device-independent presentation of media content on our website.

Processing takes place on the basis of Art. 6 (1)(a) GDPR – the legal basis is your consent to data processing.

Your consent is voluntary and naturally has no impact on the outcome of, for example, our application procedures or other decision-making processes relating to you. You may withdraw your consent at any time with effect for the future by adjusting your previously configured settings regarding permitted data processing on our website (for example via the link “Consent Settings” at the bottom of our website).

Further information on data processing by YouTube / Google can be found on the company’s websites:

• https://policies.google.com/privacy?hl=de&gl=de

Interactive Map Material (Google Maps)

We integrate the Google Maps map service on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, in order to visually display our location and enable convenient route planning.

To protect your personal data, we use a two-click solution:
Google Maps is initially displayed in a deactivated state. The map is only loaded and a connection to Google’s servers established once you expressly consent by clicking.

Only after activation may, in particular, the following personal data be processed:

Google may also use cookies or similar technologies in this context. If you are logged into Google, the data may be associated with your Google user account. You can prevent this by logging out of your Google account before using the map.

Personal data may also be processed by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data transfers to the USA cannot be excluded. For data transfers to third countries, Google relies on the EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

Google Maps is integrated exclusively on the basis of your consent:

• Art. 6 (1)(a) GDPR (consent)
• Section 25 (1) TDDDG (storage of and access to information on the user’s device)

You may withdraw your consent at any time with effect for the future by adjusting the relevant settings in our cookie or consent banner.

Further information on data processing by Google can be found in Google’s privacy policy:
https://policies.google.com/privacy

Consent Management

For the technical implementation of your consent decisions regarding data processing activities on our website (= purpose of processing), we have integrated a privacy-friendly solution based on the open-source consent management solution klaro.js into our website.

The legal basis for processing is Art. 6 (1)(c) GDPR in conjunction with Art. 7 GDPR.

For reasons of data minimization and to protect your privacy, we store data relating to your consent settings exclusively in a small text file (cookie) on your device.

The cookie named “klaro” has a configured lifespan of 180 days. After this period, your browser should automatically delete the cookie; you may also delete it manually at any time via your browser settings. Previously granted consents may then need to be provided again.

You may withdraw any consent you have given at any time with effect for the future by adjusting your previously configured settings regarding permitted data processing on our website (for example via the link “Consent Settings” at the bottom of our website).

Statutory Retention Obligations

Processing activities are carried out on the basis of Art. 6(1)(c) GDPR in conjunction with other statutory provisions, thereby enabling us to comply with our legal obligations.

In particular, this includes retention obligations under tax law in the prescribed scope as well as retention requirements for business correspondence within the meaning of the German Commercial Code (HGB).

Direct Marketing

Where you have granted your consent, we also process your personal data for purposes of direct marketing (e.g., the distribution of newsletters, event invitations, informational brochures, or other information regarding current projects or events). The legal basis for the use of your data for these purposes is your consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time with effect for the future; such withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

Withdrawal may be effected by sending an informal notification in text form (e.g., by email).

Other Marketing Purposes

Any further use of your personal data for marketing purposes may be carried out within the scope permitted by law on the basis of our legitimate interest in maintaining customer relationships and acquiring new customers (Art. 6(1)(f) GDPR).

Wir geben Ihre personenbezogenen Daten grundsätzlich nur dann an Dritte weiter, wenn dies zur Vertragsdurchführung erforderlich ist oder wir gesetzlich dazu verpflichtet sind.

Im Rahmen unserer Leistungserbringung beauftragen wir, wie oben genannt, zudem sogenannte Auftragsverarbeiter, welche in unserem Auftrag weisungsgebunden Tätigkeiten durchführen, die den Zugriff auf Ihre personenbezogene Daten ermöglichen oder erfordern.

Über die Zusammenarbeit mit unseren Auftragsverarbeitern sowie über die zuvor beschriebenen spezifischen Datenverarbeitungsverfahren hinaus beabsichtigen wir derzeit nicht, Ihre Daten im Zusammenhang mit der Nutzung dieser Internetseite und den verknüpften Kommunikationslösungen an Staaten außerhalb des Europäischen Wirtschaftsraums zu übermitteln.

As a matter of principle, we only disclose your personal data to third parties where this is necessary for the performance of a contract or where we are legally obliged to do so.

In the course of providing our services, we also engage so-called processors, as described above, who perform activities on our behalf and in accordance with our instructions that may enable or require access to your personal data.

Beyond the cooperation with our processors and the specific data processing activities described above, we currently do not intend to transfer your data to countries outside the European Economic Area in connection with the use of this website and the associated communication solutions.

In the event that data processing is based on your consent (Art. 6 (1)(a) GDPR), you may withdraw any consent you have already given at any time. An informal notification in text form (e.g., by email) is sufficient. The lawfulness of the data processing carried out prior to your withdrawal remains unaffected.

Objection to Direct Marketing and Data Processing in Particular Cases

You may object, on grounds relating to your particular situation, to the aforementioned data processing carried out on the basis of Art. 6 (1)(f) GDPR. This right of objection also applies to processing based on Art. 6 (1)(e) GDPR as well as to profiling based on these legal grounds. In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims (objection pursuant to Art. 21 (1) GDPR).

You may object at any time to the processing of your data for direct marketing purposes, including any profiling related to such direct marketing. If you object pursuant to Art. 21 (2) GDPR, we will subsequently no longer use your data for direct marketing purposes.

Complaint with a Competent Supervisory Authority

You have the right to lodge a complaint with a competent supervisory authority. This right exists without prejudice to any other administrative or judicial remedies.

Current contact details of the competent supervisory authority can be found, for example, in the address list of the Federal Commissioner for Data Protection and Freedom of Information at:

• ( Note: external link)
  https://www.bfdi.bund.de

Alternatively, you may contact us directly; we will of course assist you in identifying the appropriate authority.

Data Portability

The GDPR grants you the right to receive personal data concerning you, which are processed by automated means on the basis of your consent or in performance of a contract, in a commonly used and machine-readable format. You have the right to request that such machine-readable data be transmitted to a third party.

Access, Restriction, Erasure

Pursuant to Art. 15 (1) GDPR, you have the right at any time to obtain, free of charge, information regarding the processing of your personal data as well as further information (origin, purpose of processing, recipients) in the event that such processing actually takes place. You may also have rights relating to rectification, restriction, and erasure of the processed data.

Restriction of Processing

Restriction of the processing of your data means that, apart from storage, such data may only be processed without your consent

• with your consent, or
• for the establishment, exercise, or defense of legal claims, or
• for the protection of the rights of another natural or legal person, or
• for reasons of important public interest of the European Union or of a Member State.

You have the right to request restriction of processing

• if we require time to verify and/or rectify the data as requested by you, or
• if a balancing of interests is carried out following your objection pursuant to Art. 21 (1) GDPR, or
• if the processing was/is unlawful and you request restriction of processing instead of erasure, or
• if we no longer require your personal data but you require them for the establishment, exercise, or defense of legal claims and request restriction of processing instead of erasure.

We would like to inform you that the provision of personal data within the applicable scope is not always required by law or contract. Where the collection of personal data is mandated by statutory or contractual provisions, we will inform you individually and on a case-by-case basis at the time of collection. We will also inform you if failure to provide such data would result in specific consequences.

As a rule, failure to provide data required by law or contract will result in a contract not being concluded or your inquiry not being processed. You will be informed individually at the time of collection of any further consequences.

Should you have any questions regarding statutory or contractual requirements for the provision of your personal data to us, please contact the controller at the address provided above for clarification.