Data protection information for the bk Group website
§ 1 General
As the operator of the Welcome to bk Group website, bk group AG (hereinafter referred to as “we”) is responsible for the personal data of users (hereinafter referred to as “you”) of the website in accordance with data protection laws, in particular the General Data Protection Regulation (“GDPR”) and the Federal Data Protection Act (“BDSG”).
We protect your privacy and your private data. We collect, process and use your personal data in accordance with the content of this privacy policy and the applicable data protection laws, in particular the GDPR and the BDSG.
This privacy policy explains the nature, scope and purpose of the processing of personal data within our online offering and the associated websites, functions and content, as well as external online presences, such as our social media profiles.
The protection of your privacy when using our websites is important to us. Therefore, please take note of the following information. We therefore ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing we carry out make this necessary.
If you are redirected to other websites via links on our website, please check their privacy policies to find out how they handle your data.
If you have any questions or comments regarding data protection matters, you can contact our data protection officer at any time. You can reach them at the following contact details:
Data controller:
bk Group AG
bk Group Platz 1 91628 Endsee
Telephone: +49 98 43 – 98 01 0 info@bk-group.eu
Contact details of our data protection officer:
bk Group Platz 1 91628 Endsee
§ 2 Definitions
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special characteristics that are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means or any series of such operations in connection with personal data. The term is broad and covers virtually any handling of data.
The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
§ 3 Provision of the website
Personal data also includes information about your use of our website. In this context, we collect personal data from you as follows:
- • Your IP address, Date and time of the request,
- • time zone difference from Greenwich Mean Time,
- • Content of the request,
- • access status/HTTP status code,
- • Scope of data transfer,
- • Website from which your request is forwarded
- • Browser, operating system and its interface, Language and version of the browser software,
- • the location from which you retrieve data from our site
- • as well as other connection data and sources that you retrieve
This is usually done through the use of log files and cookies. More information about cookies can be found below.
We use this data to protect our legitimate interests
- • to ensure that the website can be displayed on your computer,
- • to ensure the functionality of the website,
- • to optimise our website,
- • to ensure the security of our information technology The legal basis for data processing is Art. 6 (1) (f) GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Data that we collect for the provision of the website is deleted at the end of the respective session.
§ 4 Contact
We process the personal data that you provide to us by e-mail, contact form, etc. in order to respond to and handle your enquiries. You are not obliged to provide us with your personal data. However, without your e-mail address, we cannot respond to you by e-mail.
If you have given us your express consent to process your data, Art. 6 (1) (a) GDPR is the legal basis for this processing.
If we process your data for the purpose of implementing pre-contractual or contractual measures, Art. 6 (1) (b) GDPR is the legal basis.
In all other cases (in particular when using a contact form), Art. 6 (1) lit. f) GDPR is the legal basis.
Depending on the occasion, your data will be passed on to, for example, hosting providers, shipping service providers for orders and payment service providers for processing paid orders.
Your data will be deleted if it can be inferred from the circumstances that your enquiry or the matter in question has been conclusively clarified.
However, if a contract is concluded, we will store the data required under commercial and tax law for the legally specified periods, i.e. regularly for ten years (cf. Section 257 HGB, Section 147 AO).
In the case of processing based on your consent, you have the right to withdraw your consent at any time.
RIGHT TO OBJECT: You have the right to object to data processing based on Art. 6 para. 1 GDPR and not to direct marketing for reasons arising from your particular situation. In the case of direct marketing, however, you may object to the processing at any time without giving reasons.
§ 5 Information about cookies
We also collect information about your use of our website through the use of so-called browser cookies. These are small text files that are stored on your data carriers and store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data is sent, information about the age of the cookie and an alphanumeric identifier. Cookies enable our systems to recognise the user’s device and make any default settings immediately available. As soon as a user accesses the platform, a cookie is transmitted to the hard drive of the user’s computer.
The cookies we use only store the data described above about your use of the website. This is not done by assigning it to you personally, but by assigning an identification number to the cookie (“cookie ID”). The cookie ID is not merged with your name, IP address or similar data that would enable the cookie to be assigned to you.
If you do not wish to use browser cookies, you can set your browser so that it does not accept cookies. Please note that in this case you may only be able to use our website to a limited extent or not at all. If you only want to accept our own cookies, but not the cookies of our service providers and partners, you can select the “Block third-party cookies” setting in your browser.
We use cookies to protect our legitimate interest in improving our website and offering you a better and more personalised service. They enable us to recognise your computer when you return to our website and thus:
- • store information about your preferred activities on the website and thus tailor our website to your individual interests;
- • store your log-in details and display preferences (e.g. language);
- • speed up the processing of your enquiry
The legal basis for data processing by cookies is Art. 6 para. 1 sentence 1 lit. f) GDPR.
Cookies are stored until you delete them or until the respective cookie expires. In this case, the cookie is automatically deleted from your computer.
§ 6 Contact forms
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We will not pass on this data without your consent.
The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. To do so, simply send us an informal email.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for which it was collected no longer applies. Data storage is no longer necessary (e.g. after your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
§ 7 Use of external services
(1) Use and application of Google Analytics
On our website, we use the tracking tool Google Analytics from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This records and systematically evaluates your interactions with our website as a user.
The following data is stored about you:
IP address, usage data, click path, app updates, browser information, device information, JavaScript support, pages visited, referrer URL, downloads, Flash version, location information, purchase activity, widget interactions, date and time of visit
The legal basis for the processing of your personal data is your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time. The purpose of processing your personal data by the Google Analytics service is to analyse the interaction of our website visitors with our website. By evaluating the data obtained here, we can optimise our offering and increase user-friendliness. We delete or anonymise the data collected by Google Analytics as soon as it is no longer required for our purposes. This is the case after 26 months.
Google also processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. For more information, please visit Adequacy decision for the EU-US Data Privacy Framework | European
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and settings options for protecting your
privacy: http://www.google.de/intl/de/policies/privacy.
(2) Use and application of Google Tag Manager
This website uses Google Tag Manager from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This service allows website
Tags to be managed via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain. This means that no cookies are stored.
Cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager.
All tags used on our website are integrated via Google Tag Manager and activated on the basis of your consent (Art. 6 (1) (a) GDPR). You will find the option to revoke your consent in the description of the individual services. If you object to a service, this objection will also be automatically transferred to the other services included in Google Tag Manager.
Google also processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. For more information, please visit Adequacy decision for the EU-US Data Privacy Framework | European
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information on your rights and settings options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.
(3) Use and application of Google Recaptcha
We use Google reCAPTCHA to protect our forms (e.g. contact or login forms) from misuse by automated requests. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to check whether the data entry is made by a human or an automated programme. To do this, the service analyses various information (e.g. IP address, mouse movements, time spent on the page) and transmits it to Google.
Processing is based on Art. 6 (1) lit. f GDPR (legitimate interest) in preventing misuse and spam. If consent has been obtained via the consent banner, processing is based on Art. 6 (1) lit. a GDPR.
Google also processes your data in the United States, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the United States. For more information, see Adequacy decision for the EU-US Data Privacy Framework | European
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information on your rights and settings options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.
(4) Use and application of Elementor
The WordPress plugin Elementor is used on the website. The provider is Elementor Ltd., 12 Abba Eban Ave, Herzliya, Israel.
Elementor is used for the design and technical implementation of website content (page builder). Page content, layout elements and widgets are provided within the WordPress system.
Provided that no external libraries or cloud services from Elementor are integrated, processing takes place exclusively on the website operator’s servers. In this case, no personal data is passed on to Elementor. However, if cloud functions, templates or external content from Elementor are used (e.g. fonts, icons or templates from the Elementor library), a connection to Elementor’s servers may be established. In this case, technical data (e.g. IP address, browser information) is transmitted.
The legal basis for this is the legitimate interest pursuant to Art. 6 (1) lit. f GDPR in a uniform and modern presentation of the website.
Further information on data processing by Elementor can be found at: https://elementor.com/about/privacy/
(5) Use and application of WebToffee
The website uses the GDPR Cookie Consent plugin from WebToffee / Mozilor Limited, 3rd Floor, Nattakom Arcade, Kottayam, Kerala, India.
The plugin is used to obtain and manage consent for cookies and tracking services in accordance with the GDPR and TDDDG.
To this end, cookies are set in the user’s browser to store the consent status.
The plugin blocks all non-essential cookies and scripts until explicit consent has been given. The following data is processed:
- • IP address (in abbreviated form),
- • Consent or rejection status,
- • Timestamp and origin of consent (consent log).
This information is stored locally on the website operator’s server and is not transmitted to WebToffee.
Processing is carried out on the basis of Art. 6 (1) (c) GDPR (fulfilment of legal obligations) and Art. 6 (1) (f) GDPR (proof of consent given).
Further information can be found in the provider’s privacy policy: https://www.webtoffee.com/privacy-policy/
(6) Use and application of Brevo
The website uses the Brevo service (formerly Sendinblue) provided by Sendinblue GmbH,
Köpenicker Straße 126, 10179 Berlin. Brevo is used to manage and send newsletters and for communicating with interested parties and customers. For this purpose, the data you enter – in particular your email address, name and technical data (e.g. IP address, time stamp of registration) – is stored on Brevo’s servers.
Brevo logs registration processes as part of the double opt-in procedure in order to be able to prove the legality of consent. In addition, Brevo evaluates whether newsletters have been opened or links clicked; this statistical information is used to optimise email marketing.
Processing is based on your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time, for example via the unsubscribe link in the newsletter.
Further information on data processing by Brevo can be found at: https://www.brevo.com/de/legal/privacypolicy/
(7) Use and application of Eye-Able
The website uses the accessibility tool Eye-Able® from Web Inclusion GmbH, Schillerstraße 20, 97980 Bad Mergentheim. Eye-Able provides functions such as Contrast adjustment, screen reader support and font enlargement are available to improve the accessibility of the website.
When using the tool, technical data such as IP address, browser information and accessibility settings are processed. This information is stored exclusively on the provider’s servers. Eye-Able uses cookies to save your selected settings so that they can be restored when you visit again.
The legal basis is Art. 6 (1) lit. f GDPR due to our legitimate interest in a barrier-free, user-friendly presentation of the website and to comply with legal accessibility requirements.
Further information on data processing can be found at:
https://eye-able.com/datenschutz/
(8) Use and application of MailingBlue
The website uses the newsletter and marketing service MailingBlue from MailingBlue UG (limited liability), Oedenberger Str. 149, 90491 Nuremberg. MailingBlue enables the sending of email newsletters and the evaluation of newsletter performance.
For the purpose of sending newsletters, the data you enter, such as your email address, name and any other voluntary information, will be stored. In addition, MailingBlue collects technical data such as your IP address, device information, time of registration and interaction data (opens, clicks). This data is processed on MailingBlue’s servers.
Processing is carried out exclusively on the basis of your consent in accordance with Art. 6 (1) (a) GDPR as part of the double opt-in procedure. You can revoke your consent at any time.
Further information can be found in the provider’s privacy policy: https://www.mailingblue.de/datenschutz/
(9) Use and application of WordPress
Our website is based on the WordPress content management system from the provider Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. WordPress processes technical data required for the operation of the website, including IP address, browser type, date and time of access, and other log data collected on the server side.
Insofar as we exclusively use self-hosted WordPress installations, personal data is only processed on our own server and is not passed on to WordPress. However, when integrating external WordPress functions or plugins, a connection to servers from Automaticc or third-party providers may be established, whereby technical data is transferred.
The legal basis for processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR in the stable and secure provision of the website and Art. 6(1)(b) GDPR, insofar as content is provided for the fulfilment of a contract.
Further information on Automattic’s data protection can be found at: https://automattic.com/privacy/
§ 8 Rights of data subjects
As a data subject, you have the following rights under the General Data Protection Regulation (GDPR):
1. Right of access (Art. 15 GDPR)
You have the right to obtain information about whether and which personal data we process about you. This includes information about the purposes of processing, the categories of data, the recipients, the planned storage period and your other rights in connection with this processing.
2. Right to rectification (Art. 16 GDPR)
You have the right to request the rectification of inaccurate personal data or the completion of incomplete personal data.
3. Right to erasure (Art. 17 GDPR)
You have the right to request the erasure of your personal data, provided that none of the legal reasons for storage or processing prevent this (e.g. legal retention obligations or overriding legitimate interests).
4. Right to restriction of processing (Art. 18 GDPR)
You may request that the processing of your personal data be restricted, e.g. while requests for correction or objection are being reviewed.
5. Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and, where applicable, to transmit that data to another controller.
6. Right to object (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR.
If an objection is lodged, we will no longer process your data unless there are compelling legitimate grounds for doing so or the processing serves to assert, exercise or defend legal claims.
7. Right to withdraw consent (Article 7(3) GDPR)
If the processing is based on your consent, you may withdraw this consent at any time with effect for the future. The withdrawal does not affect the lawfulness of the processing carried out up to that point.
8. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
You have the right to complain to a data protection supervisory authority about the processing of your personal data. The supervisory authority responsible is usually that of your habitual residence, your place of work or the place of the alleged infringement.
9. Right relating to automated decisions, including profiling (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
We do not engage in such automated decision-making.
Insofar as we evaluate data automatically, this is done exclusively for the purpose of optimising our services, statistical analysis or interest-based communication and without any significant impact on the persons concerned.
Note:
To exercise your rights, you can contact the controller or the data protection officer at any time – the contact details can be found in the imprint or in the section “Controller” section.