Data policy

We take the protection of your personal data, which is collected, processed and used when you visit our website, very seriously, and would like you to know what data we collect when, and how we use it. We have taken the appropriate technical and organisational measures to ensure that the regulations on data protection are observed both by us and by our service providers.

This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our website and the websites, functions and contents connected with it as well as any external online presence, such as our social media profiles (hereinafter referred to as “online presence”).


Controller

The controller responsible for the collection, processing and use of your personal data within the meaning of Art. 4 para. 7 GDPR is:

Berichtsmanufaktur GmbH
Schleusenbrücke 1
20354 Hamburg

Phone: +49 (0)40 430 990-80
Email: welcome@berichtsmanufaktur.de


Name and address of the data protection officer

The data protection officer of the controller is:

Michael H. Heng
c/o PJM + Partner
Rathausstr. 13
20095 Hamburg

All data subjects may contact our data protection officer directly at any time with any questions or suggestions relating to data protection.


Types of data processed

  • Personal data (e.g. your name, address)
  • Contact information (e.g. your email address, telephone number)
  • Content data (e.g. any text you enter on our site, photographs, videos you upload)
  • Usage data (e.g. any subpages you visit, access times)
  • Meta/communication data (e.g. device information, IP addresses)


Categories of data subjects

Visitors and users of our online presence (hereinafter referred to as “users”), customers, interested parties, business partners.


Purpose of the processing of personal data

  • Provision of information for the company’s online presence, its functions and content
  • Replying to contact requests and communication with users
  • Security measures
  • Measuring reach/marketing


Definitions

  • Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4 para. 1 GDPR).
  • Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4 para. 2 GDPR).
  • Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements (Art. 4 para. 4 GDPR).
  • Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person (Art. 4 para. 5 GDPR).
  • Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Art. 4 para. 7 GDPR).
  • Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Art. 4 para. 8 GDPR).


Relevant legal basis

Art. 13 GDPR stipulates that we should inform you about the legal basis of our data processing. If the legal basis is not explicitly mentioned in the data protection declaration below, the following applies:

  • The legal basis for obtaining consent is Art. 6 para. 1 (a) and Art. 7 GDPR.
  • The legal basis for processing data for the purpose of fulfilling our services and implementing contractual measures as well as answering enquiries is Art. 6 para. 1 (b) GDPR.
  • The legal basis for processing data for the purpose of fulfilling our legal requirements is Art. 6 para. 1 (c) GDPR.
  • The legal basis for processing data for the purpose of protecting our legitimate interests is Art. 6 para. 1 (f) GDPR.
  • The legal basis for cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person is Art. 6 para. 1 (d) GDPR.


Security measures

To secure your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we frequently adapt to reflect the state of the art.

In particular, these measures include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data.

We have established procedures to ensure that the rights of data subjects are exercised, that data are deleted and that we respond to any threat to the data.

Furthermore, we take into account the protection of personal data through technology design (privacy by design) and through data protection-friendly default settings (privacy by default), Art. 25 GDPR.

Your personal data will be encrypted when transmitted. This applies to all communication that occurs via our website. We use SSL (Secure Sockets Layer) technology. However, we would like to remind you that data transmitted via the internet, e.g. email communication, can be subject to security gaps.


Cooperation with processors and third parties

If, in the course of our processing, we disclose data to processors or third parties, transfer it to them or otherwise grant them access to the data, this is done exclusively on the basis of legal authorisation, e.g. if you have given your consent (Art. 6 para. 1 (a) GDPR), if transfer to third parties is necessary to fulfil the contract (Art. 6 para. 1 (b) GDPR), if a legal obligation provides for this (Art. 6 para. 1 (c) GDPR), or on the basis of our legitimate interests (Art. 6 para. 1 (f) GDPR).

When cooperating with processors, the transfer shall be made on the basis of the processing agreement concluded with the processor in accordance with Art. 28 GDPR.


Data transfer to third countries

The transfer of data to third countries, e.g. when using the services of third parties, only occurs if it is necessary to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests, according to the aforementioned legal bases. Subject to other legal or contractual permissions, we process the data or have it processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met (e.g. on the basis of special guarantees, such as the officially recognised determination of a level of data protection equivalent to that in the EU, e.g. the Privacy Shield Framework for the USA, or subject to compliance with officially recognised special contractual obligations known as “standard contractual clauses”).


Rights of the data subject

  • Right to confirmation and access: In accordance with Art. 15 GDPR, you have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed. Where that is the case, you have the right to request information from us free of charge about the personal data concerning you saved in addition to a copy of this data.
  • Right to rectification: In accordance with Art. 16 GDPR, you have the right to request the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed.
  • Right to erasure: In accordance with Art. 17 GDPR, you have the right to obtain the erasure of personal data concerning you without undue delay.
  • Right to restriction of processing: Under the provisions of Art. 18 GDPR, you have the right to obtain the restriction of processing of your personal data.
  • Right to data portability: In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you which you have provided us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller as far as this is technically possible.
  • Right to withdraw consent: In accordance with Art. 7 para. 3 GDPR, you have the right to withdraw your consent to the processing of your personal data at any time with future effect.
  • Right to object: Under the provisions of Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on Art. 6 para. 1 (e) or (f) GDPR.

You can assert the above-mentioned rights at any time against the above-mentioned controller or the above-mentioned data protection officer.

  • Right to lodge a complaint with a supervisory authority: In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a relevant supervisory authority.


Erasure of data

Unless otherwise expressly stated, the data stored by us will be deleted in accordance with Art. 17 GDPR as soon as they are no longer required for their intended purpose and the erasure does not conflict with any statutory storage obligations.

If the data are not deleted because they are required for other, legally permissible purposes, their processing is restricted in accordance with Art. 18 GDPR, i.e. the data are restricted and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax law reasons. According to legal requirements in Germany, storage takes place in particular for ten years according to Section 147 para. 1 No. 1, 4 and 4a, para. 3 of the Fiscal Code (AO) and Section 257 para. 1 No. 1 and 4, para. 4 of the German Commercial Code (HGB) (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and six years according to Section 147 para. 1 No. 2, 3 and 5, para. 3 AO and Section 257 para. 1 No. 2 and 3, para. 4 HGB (commercial letters).


Operation of the website and access to the website

The hosting services provided to us by our hosting provider serve to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating the website.

For this purpose, we and/or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this website on the basis of our legitimate interest in the efficient and secure provision of our online presence in accordance with Art. 6 para. 1 sentence 1 (f) GDPR in conjunction with Art. 28 GDPR.

We and/or our hosting provider also process access data. This includes:

  • Name and URL of retrieved file
  • Date and time of retrieval
  • Data volume transferred
  • Message confirming successful retrieval (HTTP response code)
  • Browser type and version
  • Operating system
  • Referrer URL (i.e. previously visited site)
  • Websites accessed by the user’s system via our website
  • User’s internet service provider
  • IP address and the requesting provider

We use this log data without allocating it to your person or other profiling for statistical evaluations for the purpose of the operation, security and optimisation of our online presence, but also for the anonymous recording of the number of visitors to our website and the extent and type of use of our website and services, as well as for billing purposes to measure the number of “clicks” received from partners. We can use this information to make personalised and location-specific content available and to analyse data traffic, find and fix errors, and improve our service.

This also represents our legitimate interest pursuant to Art. 6 para. 1 (f) GDPR.

We reserve the right to check the log data retrospectively if, based on concrete evidence, there is a justified suspicion of unlawful use. We store IP addresses in the log files for a limited period if this is necessary for security purposes, for the provision of services, or for invoicing e.g. if you utilise one of our services. We delete the IP address if an order is aborted and after receipt of payment if it is no longer required for security purposes. We also store IP addresses if we have specific grounds for suspecting a criminal offence in connection with the use of our website.


Cookies

We use session cookies on our website in order to optimise our online presence. A session cookie is a small text file that is sent by the respective servers when you visit a website and is temporarily stored on your hard drive. This file contains a session ID with which various requests from your browser can be assigned to the shared session. This enables your computer to be recognised when you return to our website. These cookies are deleted when you close your browser. They serve, for example, to enable you to use the shopping basket function over several pages.

To a small extent, we also use persistent cookies (also small text files that are stored on your end device), which remain on your end device and enable us to recognise your browser on your next visit. These cookies are stored on your hard drive and delete themselves after a set time. Their lifetime ranges from one month to ten years. This enables us to present our service to you in a more user-friendly, effective and secure manner and, for example, to display information on the site that is specially tailored to your interests.

Our legitimate interest in the use of cookies in accordance with Art. 6 para. 1 sentence 1 (f) GDPR lies in making our website more user-friendly, effective and secure and making it easier for you to use.

The following data and information are saved in the cookies:

  • Login information
  • Language settings
  • Search terms entered
  • Information on the number of visits to our website and the use of individual functions of our internet presence

When the cookie is activated it is allocated an identification number and your personal data are not assigned to this identification number. Your name, IP address and similar data, which would enable the cookie to be allocated to you, are not saved in the cookie. The cookie technology means that we only receive pseudonymised information, for example, on which sites have been visited.

You can set up your browser so that you are informed about the cookies in advance and can decide in individual cases whether you want to decline cookies in certain cases or in general, or whether cookies should be prevented completely. You can clear cookies from your browser in the settings. This may mean that the functionality of the website is limited.


Contact

When contacting us (e.g. by email, telephone or via social media), the user’s details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 para. 1 (b) GDPR. In answering your request for contact, we also have a legitimate interest in the processing of your transmitted data in accordance with Art. 6 para. 1 (f) GDPR.

We delete requests once they are no longer necessary. We review the necessity of requests regularly, at least every two years. Furthermore, the statutory retention obligations apply.


Google Maps

We integrate the maps of the “Google Maps” service from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, IP addresses and location data of the users, which, however, cannot be collected without their consent (usually based on the settings of their mobile devices). The data may be processed in the USA. Google’s Privacy Policy is available at https://www.google.com/policies/privacy/. You can manage your opt-out settings here: https://adssettings.google.com/authenticated.




Data protection declaration effective May 2018

Data protection information for applicants

We are delighted that you have expressed interest in our company and that you have applied for a position with us. In the following we would like to give you some information about the processing of your personal data in connection with your application.


Who is responsible for data processing?

The controller within the meaning of data protection law is:

Berichtsmanufaktur GmbH
Schleusenbrücke 1
20354 Hamburg

Phone: +49 (0)40 430 990-80
Email: welcome@berichtsmanufaktur.de

You can find further information about our company, details about the persons authorised to represent us and additional contact information in the legal notice section of our website: https://www.berichtsmanufaktur.de/impressum/


What personal data do we process? For what purpose?

We process the data that you send us in connection with your application to check your suitability for the position (or other open positions at our company) and to carry out the application process.


What is the legal basis for this?

The legal basis for the processing of your personal data in this application process is primarily Section 26 of the German Federal Data Protection Act (BDSG) in the version valid as of 25 May 2018. The Act authorises the processing of data that is needed in connection with the decision to establish an employment relationship.

If, after completion of the application process, the data might be required for legal prosecution, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 (f) GDPR. Our interest then lies in the assertion or defence of claims.


How long are the data stored?

The data of applicants are deleted after six months if the application does not lead to an employment relationship.

If you agree to your personal data being stored further, your data will be added to our applicant pool. These data will then be deleted after two years.

If the application process leads to an employment relationship, your data will be transferred from our applicant database to our personnel information system.


Who is the data transmitted to?

Your application data is reviewed by our HR department when we receive your application. Suitable applications are forwarded internally to the relevant department heads, and the next steps are then determined. In our company, only those persons who need access to your data for the proper course of our application process have access to your data.


Where are the data processed?

The data are processed exclusively in data centres in the Federal Republic of Germany.


Your rights as a data subject

You have the right to be informed about the personal data about you that we process.

In the case of a request for information that is not made in writing, we ask for your understanding that we may then require you to provide proof that you are the person you claim to be.

You also have a right to rectification or erasure or the restriction of processing, to the extent that you are legally entitled to this.

You also have the right to object to the processing of your personal data within the scope of the statutory provisions. The same applies to the right to data portability.


Our data protection officer

We have assigned a data protection officer for our company. You can contact this person at the following address:

Michael H. Heng
c/o PJM + Partner
Rathausstr. 13
20095 Hamburg


Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority about the processing of personal data by us.