The following information is intended to provide you, as a “data subject”, with an overview of how we process your personal data and your rights under data protection legislation. In principle, it is possible to use our website without providing any personal data. However, if you wish to make use of specific services offered by our company via our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally seek your consent.
As the data controller, we have implemented numerous technical and organisational measures to ensure the most comprehensive possible protection of the personal data processed via this website. Nevertheless, internet-based data transmissions may, in principle, be subject to security vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, you are free to provide us with personal data via alternative channels, such as by telephone or post.
You too can take simple and easy-to-implement measures to protect yourself against unauthorised access to your data by third parties. We would therefore like to provide you with some guidance on the secure handling of your data:
Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name or the names of relatives, but should include upper and lower case letters, numbers and special characters.
Burkard Bovensiepen GmbH + Co. KG
entered in the Commercial Register of Kempten Local Court under HRA 5540, represented by the general partner:
Bovensiepen Service- und Verwaltungs-GmbH,
entered in the Commercial Register of Kempten Local Court under HRB 915, the latter being represented by the Managing Directors Andreas Bovensiepen and Florian Bovensiepen.
VAT No.: DE 128 656 861
Email: datenschutz@alpina-classic.com
TÜV SÜD Akademie GmbH
External Data Protection Officer ALPINA CLASSIC
80339 München / Deutschland
datenschutz@alpina-classic.com
You can contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.
This privacy policy is based on the terminology used by the European legislators and regulators when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for the general public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
In this privacy policy, we use the following terms, amongst others:
1. Personal data
Personal data is any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).
3. Processing
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction.
4. Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their future processing.
5. Profiling
Profiling is any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
6. Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
7. Data processor
A data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
8. Recipient
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, irrespective of whether they are a third party or not. However, public authorities which may receive personal data in the course of a specific inquiry mandate under Union law or the law of the Member States shall not be regarded as recipients.
9. Third party
A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.
10. Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only disclose your personal data to third parties if:
To protect your data and, where necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have entered into data processing agreements based on the European Commission’s Standard Contractual Clauses. Where the Standard Contractual Clauses are insufficient to ensure an adequate level of security, your consent pursuant to Article 49(1)(a) of the GDPR may serve as the legal basis for the transfer to third countries. This does not apply, however, to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.
Your personal data will not be transferred to third parties for purposes other than those listed below.
As part of the processing operations described in this privacy policy, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and the EU Commission’s adequacy decision pursuant to Article 45 of the GDPR therefore applies. We have explicitly stated this in the privacy policy for the relevant service providers. To protect your data in all other cases, we have entered into data processing agreements based on the European Commission’s Standard Contractual Clauses. Where the Standard Contractual Clauses are insufficient to ensure an adequate level of security, your consent pursuant to Article 49(1)(a) of the GDPR may serve as the legal basis for transfers to third countries. This does not apply, however, to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.
7.1 SSL/TLS encryption
This website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact enquiries, which you send to us as the operator. You can recognise an encrypted connection by the fact that the address bar of your browser displays “https://” instead of “http://”, and by the padlock symbol in your browser bar.
We use this technology to protect the data you transmit.
7.2 Data collection when visiting the website
When you use our website for information purposes only – i.e. if you do not register, do not otherwise provide us with information, or do not give consent to processing operations requiring consent – we collect only those data that are technically essential for the provision of the service. These are typically data that your browser transmits to our server (in so-called server log files). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server’s log files. The following may be collected:
We do not draw any conclusions about your identity when using this general data and information. Rather, this information is required in order to:
1. Deliver the content of our website correctly,
2. Optimise the content of our website and the advertising on it,
3. Ensure the continued functionality of our IT systems and the technology of our website, and
4. Provide law enforcement agencies with the information necessary for criminal prosecution in the event of a cyber attack.
We therefore evaluate this collected data and information both statistically and with the aim of enhancing data protection and data security within our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from any personal data provided by a data subject.
The legal basis for data processing is Article 6(1)(f) of the GDPR. Our legitimate interest arises from the purposes of data collection listed above.
We host our website with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner).
When you visit our website, your personal data (e.g. IP addresses in log files) is processed on Hetzner’s servers.
The use of Hetzner is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring that our website is presented, provided and secured as reliably as possible.
We have entered into a data processing agreement (DPA) with Hetzner in accordance with Article 28 of the GDPR. This is a contract required under data protection law, which ensures that Hetzner processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Further information on Hetzner’s data protection policy can be found at: https://www.hetzner.com/de/rechtliches/datenschutz
7.4 WordPress (Content Management System)
On our website, we use the WordPress content management system (CMS), provided by Automattic Inc., 60 29th Street 343, San Francisco, CA 94110, USA.
We use the WordPress CMS to host our website and manage content efficiently. WordPress enables us to create, update and publish pages and posts in a structured manner without the need for individual programming for every change. Furthermore, WordPress supports the centralised management of media content (e.g. images and documents) as well as the consistent display of content across different devices. This allows us to keep our website up to date, organise content clearly and continuously improve user-friendliness.
The following data, amongst others, may be collected:
The legal basis for processing is generally Article 6(1)(f) of the GDPR (legitimate interest in the functional, secure and technically efficient provision of our website). Where consent is required for certain WordPress functions or extensions used therein, such as when using cookies or filling in forms, processing is carried out on the basis of Article 6(1)(a) of the GDPR. Consent given may be withdrawn at any time with effect for the future.
Personal or pseudonymous data is stored only for as long as is necessary to achieve the stated purposes or where statutory retention periods apply; thereafter, it is deleted or anonymised.
This US company is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Article 45 of the GDPR is therefore in place, meaning that personal data may be transferred without further guarantees or additional measures.
Further information on data protection at WordPress can be found at: https://automattic.com/privacy/.
8.1 General information on cookies
Cookies are small files that your browser creates automatically and which are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.
The cookie stores information relating to the specific device used. However, this does not mean that we thereby gain direct knowledge of your identity.
The use of cookies serves to make your experience of our website more pleasant. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted when you leave our site.
In addition, to optimise user-friendliness, we also use temporary cookies that are stored on your device for a specific, defined period. If you visit our site again to use our services, the system automatically recognises that you have previously visited us and recalls the entries and settings you made, so that you do not have to enter them again.
We also use cookies to collect statistical data on the use of our website and to evaluate our offering for you for the purpose of optimisation. These cookies enable us to automatically recognise that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period of time. The respective storage duration of the cookies can be found in the settings of the consent tool used.
8.2 Legal basis for the use of cookies
The data processed by cookies that is necessary for the website to function properly is therefore required to safeguard our legitimate interests and those of third parties in accordance with Article 6(1)(f) of the GDPR.
For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Article 6(1)(a) of the GDPR.
8.3 Hinweise zur Vermeidung von Cookies in gängigen Browsern
Über die Einstellungen Ihres verwendeten Browsers haben Sie jederzeit die Möglichkeit Cookies zu löschen, nur ausgewählte Cookies zuzulassen oder Cookies vollständig zu deaktivieren. Weitere Informationen erhalten Sie auf den Support-Seiten der jeweiligen Anbieter:
8.4 Borlabs Cookie (Consent Management Tool)
Wir nutzen das WordPress Cookie Plugin “Borlabs Cookie” der Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Deutschland. Dieser Dienst ermöglicht es uns die Einwilligung der Webseitennutzer zur Datenverarbeitung einzuholen und zu verwalten.
Borlabs Cookie erhebt mithilfe von Cookies Daten, die von Endnutzern generiert werden, die unsere Website nutzen. Wenn ein Endnutzer eine Einwilligung abgibt, werden automatisch unter anderem folgende Daten protokolliert:
Der Zustimmungsstatus wird auch im Browser des Endnutzers gespeichert, sodass die Website die Zustimmung des Endbenutzers bei allen nachfolgenden Seitenanfragen und zukünftigen Endnutzer-Sitzungen für bis zu 12 Monate automatisch lesen und befolgen kann. Die Einwilligungsdaten (Einwilligung und Widerruf der Einwilligung) werden drei Jahre lang gespeichert. Die Aufbewahrungsdauer entspricht der regelmäßigen Verjährungsfrist gemäß § 195 BGB. Die Daten werden dann sofort gelöscht.
Die Funktionsfähigkeit der Website ist ohne die beschriebenen Verarbeitung nicht gewährleistet. Es besteht seitens des Nutzers keine Widerspruchsmöglichkeit, solange die rechtliche Verpflichtung besteht eine Einwilligung des Nutzers in bestimmte Datenverarbeitungsvorgänge einzuholen, Art. 7 Abs. 1, 6 Abs. 1 S. 1 lit. c) DS-GVO.
Die erhobenen Daten werden weder an die Borlabs GmbH weitergeleitet, noch erhält sie Zugriff auf diese.
Nähere Informationen finden Sie unter: https://de.borlabs.io/borlabs-cookie/.
9.1 Contracts concluded with online shops, retailers and goods dispatch
We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to companies entrusted with the delivery of goods or the credit institution responsible for payment processing. No further transfer of data takes place unless you have expressly consented to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 (1) lit. b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
9.2 Contacting us / Contact form
Personal data is collected when you contact us (e.g. via the contact form or by email). The data collected when using a contact form is specified in the relevant contact form. This data is stored and used exclusively for the purpose of responding to your enquiry or for establishing contact and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your enquiry in accordance with Article 6(1)(f) of the GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6(1)(b) of the GDPR. Your data will be deleted once your enquiry has been fully processed; this is the case when it is clear from the circumstances that the matter in question has been conclusively resolved and there are no legal retention obligations preventing deletion.
9.3 Dienstleistungen / Digitale Güter
Wir übermitteln personenbezogene Daten an Dritte nur dann, wenn dies im Rahmen der Vertragsabwicklung notwendig ist, etwa an das mit der Zahlungsabwicklung beauftragte Kreditinstitut.
Eine weitergehende Übermittlung der Daten erfolgt nicht bzw. nur dann, wenn Sie der Übermittlung ausdrücklich zugestimmt haben. Eine Weitergabe Ihrer Daten an Dritte ohne ausdrückliche Einwilligung, etwa zu Werbezwecken, erfolgt nicht.
Grundlage für die Datenverarbeitung ist Art. 6 Abs. 1 lit. b) DS-GVO, der die Verarbeitung von Daten zur Erfüllung eines Vertrags oder vorvertraglicher Maßnahmen gestattet.
9.4 Bewerbungsmanagement / Stellenbörse
Wir erheben und verarbeiten die personenbezogenen Daten von Bewerbern zum Zwecke der Abwicklung des Bewerbungsverfahrens. Die Verarbeitung kann auch auf elektronischem Wege erfolgen. Dies ist insbesondere dann der Fall, wenn ein Bewerber entsprechende Bewerbungsunterlagen auf dem elektronischen Wege, beispielsweise per E-Mail oder über ein auf der Website befindliches Webformular, an uns übermittelt. Schließen wir einen Arbeits- oder Dienstvertrag mit einem Bewerber, werden die übermittelten Daten zum Zwecke der Abwicklung des Beschäftigungsverhältnisses unter Beachtung der gesetzlichen Vorschriften gespeichert. Wird von uns kein Vertrag mit dem Bewerber geschlossen, so werden die Bewerbungsunterlagen sechs Monate nach Bekanntgabe der Absageentscheidung automatisch gelöscht, sofern einer Löschung keine sonstigen berechtigten Interessen unsererseits entgegenstehen. Ein sonstiges berechtigtes Interesse in diesem Sinne ist beispielsweise eine Beweispflicht in einem Verfahren nach dem Allgemeinen Gleichbehandlungsgesetz (AGG).
Die Rechtsgrundlage der Verarbeitung Ihrer Daten ist Art. 6 Abs. 1 lit. b), 88 DS-GVO i.V.m. § 26 Abs. 1 BDSG.
Der Zustimmungsstatus wird auch im Browser des Endnutzers gespeichert, sodass die Website die Zustimmung des Endbenutzers bei allen nachfolgenden Seitenanfragen und zukünftigen Endnutzer-Sitzungen für bis zu 12 Monate automatisch lesen und befolgen kann. Die Einwilligungsdaten (Einwilligung und Widerruf der Einwilligung) werden drei Jahre lang gespeichert. Die Aufbewahrungsdauer entspricht der regelmäßigen Verjährungsfrist gemäß § 195 BGB. Die Daten werden dann sofort gelöscht.
Die Funktionsfähigkeit der Website ist ohne die beschriebenen Verarbeitung nicht gewährleistet. Es besteht seitens des Nutzers keine Widerspruchsmöglichkeit, solange die rechtliche Verpflichtung besteht eine Einwilligung des Nutzers in bestimmte Datenverarbeitungsvorgänge einzuholen, Art. 7 Abs. 1, 6 Abs. 1 S. 1 lit. c) DS-GVO.
10.1 Right to confirmation
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
10.2 Right of access (Art. 15 GDPR)
You have the right to obtain from us, free of charge, information at any time regarding the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.
10.3 Right to rectification Art. 16 GDPR
You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
10.4 Erasure (Article 17 of the GDPR)
You have the right to request that we erase personal data concerning you without undue delay, provided that one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.
10.5 Restriction of processing Art. 18 GDPR
You have the right to request that we restrict processing if one of the legal conditions is met.
10.6 Data portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller to whom the personal data has been provided, without hindrance from us, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have the personal data transmitted directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of others.
10.7 Objection under Article 21 of the GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) (data processing in the public interest) or (f) (data processing based on a balancing of interests) of the GDPR, as set out.
This also applies to profiling based on these provisions within the meaning of Article 4(4) of the GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves to establish, exercise or defend legal claims.
In individual cases, we process personal data for the purposes of direct marketing. You may object at any time to the processing of your personal data for the purposes of such marketing. This also applies to profiling insofar as it is related to such direct marketing. If you object to us processing your data for direct marketing purposes, we will no longer process your personal data for these purposes.
Furthermore, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you that we carry out for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
You are free, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
10.8 Withdrawal of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
10.9 Complaint to a supervisory authority
You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.
We process and store your personal data only for the period necessary to fulfil the purpose of storage or insofar as this is required by the legal provisions to which our company is subject.
If the purpose of storage ceases to apply or a prescribed retention period expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.
This privacy policy was created with the support of the data protection software: TÜV SÜD DSMS.
