The protection of your privacy is an important concern for us. We process your personal data only in accordance with the provisions of the General Data Protection Regulation (GDPR) and other statutory data protection regulations, in particular the Federal Data Protection Act (BDSG). All data will of course be treated confidentially. With the following data protection information, we would like to explain to you in detail how your data is handled when using our websites.
In principle, the collection, processing and use of personal data for the use of our Internet presence is limited to the necessary extent and data. Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. In addition, we use the common SSL (Secure Socket Layer) procedure within our website in conjunction with the highest level of encryption supported by your web browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
Responsible for the collection, processing and use of your personal data in accordance with Art. 4 para. 7 GDPR is
BOSIG GmbH,
Brunnenstraße 75-77
73333 Gingen
Phone: +49 (0) 7162/4099-0
Fax: +49 (0) 7162/4099-200
E-mail: info@bosig.de
Name and address of the Data Protection Officer
You can reach the BOSIG GmbH data protection officer at the following contact details:
MSO Consulting
Daniel Voigtländer
Zeisigweg 11
71397 Leutenbach
Phone: +49 (0) 7195 / 977 2959
E-mail: datenschutz@bosig.de
Whenever you visit our websites, our systems automatically record data and information from the computer system of the calling computer (personal data that your browser sends to our server). This also occurs if you do not register or otherwise provide us with information, for example through active entries. The following data is always collected when you visit our websites:
This data is stored in the log files of our system. A storage together with other of your personal data does not take place regularly.
The storage of the aforementioned data, in particular the IP address by our systems, is basically only temporary for the duration of the session and is necessary to enable the proper operation and presentation of the website. This processing of your data also serves the purposes of evaluating and further ensuring system security and system stability as well as other administrative purposes.
Insofar as your data is stored in our log files, this is also only done for reasons of ensuring the functionality of our websites. In addition, the data serves us to optimize and ensure the security of our information technology systems.
An evaluation of the data for marketing purposes does not take place in this context.
The legitimate basis for the processing and temporary storage of your personal data is Art. 6 para. 1 sentence 1 letter f GDPR. Our legitimate interests follow from the purposes for data collection described above.
Your data will be deleted as soon as they are no longer required for the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
In the case of storage of your data in log files, this is the case after seven days at the latest. Storage beyond this period is only envisaged in exceptional cases, for example if this is necessary for technical reasons or to improve our systems. In this case, the IP addresses of the users are deleted or alienated so that an allocation is no longer possible.
The collection of your data for the provision of the website and the storage in log files if applicable is absolutely necessary for the operation of the website.
There is therefore no possibility of objection.
A contact form is integrated on our website, through which you can get in touch with us. When using the contact form, the data entered in the input mask is transmitted to us and stored:
In addition, your IP address and the date and time of the request are stored. For the processing of the data, your consent will be obtained during the sending process and reference will be made to this Privacy Policy.
It is also possible to contact us via e-mail addresses provided by us. In this case, your personal data transmitted with the e-mail will be stored and processed by us, in particular to process your request or the reason for contacting us.
Depending on the content of your inquiry, the data will be forwarded to the responsible company in the BOSIG Group. The data will be used exclusively for processing the conversation.
The legitimate basis for the processing of your data when using the contact form is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
The legitimate basis for the processing of your data when sending an e-mail to us is Art. 6 para. 1 sentence 1 lit. a as well as f GDPR. The processing is based on an implied consent and on our legitimate interests. If the e-mail contact is aimed at the conclusion of a contract, the additional legitimate basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
The processing of personal data from the input mask or the e-mail sent to us serves only to process your contact with us. In the case of contacting us by e-mail, this indicates the necessary legitimate interest in the processing of the data by us. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
We will delete your data as soon as it is no longer required for the purposes described. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. As a rule, the conversation is finished when the circumstances indicate that the reason for contacting us has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of 7 days at the latest.
You have the possibility to revoke your consent to the processing of your personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In such a case, however, the conversation with you may not be able to continue. All personal data stored in the course of the contact will be deleted in this case.
We process your order data (such as name, address, e-mail address, delivery modalities and other order information) to process the order and to deliver the ordered goods. In addition, we process the payment information required according to the payment method; for example, we store IBAN and BIC ourselves.
The legitimate basis for processing is the conclusion and fulfilment of the purchase contract for the ordered goods, Art. 6 para. 1 sentence 1 lit. b GDPR.
These data are deleted when they are no longer required for the execution of the contract (including customer service and warranty), unless we are legally obliged to store them, e.g. due to commercial or tax law retention obligations.
If you apply for a job offer or send an unsolicited application, you agree that we may save the documents sent and use the information contained therein to process your application. As a rule, your documents contain special categories of personal data (e.g. information on marital status; information on health; a photograph allowing conclusions to be drawn about your ethnic origin and, where applicable, sight and/or religion; similarly sensitive data within the meaning of Art. 9 GDPR), which may only be processed in the present form with your consent. You agree that we may process the special categories of personal data contained in your letter of application and the attached documents for the purpose of carrying out the application procedure. This consent serves exclusively to enable us to consider the application in its present form. The information will not be considered in the application process, unless there is a legal obligation to do so. You can refuse your consent to the processing of the application in the application process without giving reasons and revoke any consent you have given at any time, for example by e-mail. In the event of revocation, your data covered by your consent will be deleted immediately. As a result, data processing based on this consent may no longer be continued in the future. In the event that consent is not granted or is revoked, an application already submitted cannot be considered in its present form.
If your application is unsuccessful, you can agree that your personal data, which have been communicated during the entire application procedure (e.g. in cover letters, CV, certificates, applicant questionnaires, applicant interviews), may be stored beyond the end of the specific application procedure. For this purpose, you can consent to us using this data to contact you later and to continue the application procedure if you should be considered for another position. If special categories of personal data in accordance with Art. 9 GDPR have been communicated via the application documents (e.g. a photo that shows the ethnic origin, information about being severely handicapped, etc.), the consent also refers to this data. This consent also applies to data on your qualifications and activities from generally accessible data sources (especially professional social networks), which we have permissibly collected during the application process. Your data will not be passed on to third parties. This consent is voluntary and has no effect on your chances in the current application procedure. You can also revoke your consent at any time. In this case, your data will be deleted immediately after completion of the application procedure. As a result, we are not allowed to continue the data processing that was based on this consent in the future.
The legitimate basis for data processing of applications is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
When you visit and use our website, cookies are stored on your computer. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is called up again.
Some of them are essential, i.e. they are technically necessary for the operation of our website. Other cookies are used for statistical purposes or to analyze the access to our website or for marketing purposes or to offer you the use of external media. Temporary/session cookies as well as longer stored cookies (so-called permanent cookies) are used. Temporary cookies are deleted as soon as you close your browser. Permanent cookies are retained for a longer period of time, but can be deleted manually at any time. Some cookies are placed by third parties.
The legal basis for data processing in the use of essential cookies is Art. 6 para. 1 sentence 1 lit. f GDPR, in the use of all other cookies the legal basis is your consent under Art. 6 para. 1 sentence 1 lit. a GDPR. If we do not process your data on the basis of your explicit consent, your personal data will only be processed to the extent necessary to protect our legitimate interests or the legitimate interests of a third party and not to the extent that your interests or fundamental rights and freedoms that require the protection of personal data prevail.
We use so-called essential cookies as follows:
essential/technically necessary cookies (1)
Essential or technical cookies enable basic functions and are necessary for the proper functioning of the website.
consent_manager (privacy policy cookie, http-cookie)
We use so-called statistics cookies as follows:
Statistik Cookies
Statistics cookies are used to anonymously collect information that helps us understand how our visitors use our website.
Google Analytics
Provider: Google Inc. Bzw. Google Ireland Ltd.
The legal basis for data processing when using essential cookies is Art. 6 (1) p. 1 lit. f GDPR, when using all other cookies the legal basis is your consent according to Art. 6 (1) p. 1 lit. a GDPR.
Insofar as we do not process your data on the basis of your explicit consent, your personal data will only be processed to the extent that this is necessary to protect our legitimate interests or the legitimate interests of a third party and does not override your interests or fundamental rights and freedoms that require the protection of personal data.
This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
Subject to legal or contractual permissions, personal data may in prnciple only be processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. Accordingly, data may be transferred if the European Commission has determined by way of a decision within the meaning of Article 45 para. 1, 3 of the GDPR that an adequate level of data protection is provided in the third country concerned. By means of such so-called adequacy decisions, the European Commission certifies third countries a level of data protection that is comparable to the recognised standard in the European Economic Area (a list of these countries as well as a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).
Insofar as a data transfer between the USA and the EU takes place in exceptional cases, it should be noted that no such adequacy decision exists for the USA. Therefore, other suitable guarantees would have to exist to ensure that data protection is sufficiently guaranteed in the US. This would generally be possible via binding corporate regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct.
Although Google has submitted to corresponding standard contractual clauses of the European Commission, US companies are nevertheless obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. Furthermore, you may not be able to assert or enforce your rights to information against Google in the long term. Furthermore, the technical and organisational measures for the protection of personal data at Google may not fully meet the requirements of the GDPR in terms of quantity and quality.
It is therefore possible that the standard contractual clauses of the European Commission used by Google do not constitute sufficient guarantees within the meaning of Art. 46 para. 2 lit. a of the GDPR.
By consenting to the collection of data by Google, you expressly agree to the transfer of data as set out herein, and you have been informed above of the potential risks of such data transfers without the existence of an adequacy decision and without appropriate safeguards.
This consent may be revoked at any time. A revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
The legitimate basis is your explicit and voluntary consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR to the processing of your personal data for administrative purposes using the Google Tag Manager.
Further information on the purpose and scope of the data collection and its processing as well as further information on your rights in this regard and setting options for protecting your privacy can be obtained from: Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland , Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA; More information: https://support.google.com/tagmanager/answer/6102821?hl=en as well as the privacy policy: http://www.google.de/intl/en/policies/privacy.
This website uses Google Analytics, a web analysis service of Google Inc. (hereinafter: Google). Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymization is activated on this website (see below), your IP address will be shortened by Google within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area before this happens. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and then shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the internet.
The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
Google Analytics is used on this website with the extension "_anonymizeIp()". This allows IP addresses to be processed in a shortened form and thus excludes the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded and the personal data is immediately deleted.
We use Google Analytics to analyze our website and to improve it regularly. We can use the statistics obtained to improve our offer and make it more interesting for you.
Subject to legal or contractual permissions, personal data may only be stored in a third country if the special requirements of Art. 44 ff. GDPR may be processed in a third country. Data may be transferred if the European Commission has determined by way of a decision within the meaning of Art. 45 para. 1, 3 GDPR that an adequate level of data protection is provided in the third country concerned. The European Commission certifies that third countries have a level of data protection comparable to the recognized standard in the European Economic Area through such so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be obtained here: https://ec.europa.eu/info/law/law-topic/data-protection_en).
If, in exceptional cases, data is transferred between the USA and the EU, it should be noted that no such adequacy decision exists for the USA. Therefore, other suitable guarantees would have to exist in principle to ensure that data protection is sufficiently guaranteed in the USA. This would generally be possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct.
Although Google has submitted to such standard contractual clauses of the European Commission, U.S. companies are still obliged to surrender personal data to security authorities without you as the data subject being able to take legal action against this. Therefore, it cannot be excluded that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities. It is also possible that you will not be able to assert or enforce your rights to information against Google on a sustained basis. Furthermore, the technical and organizational measures for the protection of personal data at Google may not fully comply with the requirements of the GDPR in terms of quantity and quality.
It is therefore possible that the standard contractual clauses of the European Commission used by Google do not constitute sufficient guarantees within the meaning of Art. 46 para. 2 lit. a GDPR.
By consenting to the collection of data by Google Analytics, you expressly consent to the data transfer described here, whereby you have been informed above about the possible risks of such data transfers without the existence of an adequacy decision and without suitable guarantees.
This consent can be revoked at any time. Revocation does not affect the lawfulness of the processing carried out on the basis of the consent given until revocation.
The legal basis is your explicit and voluntary consent under Art. 6 para. 1 sentence 1 lit. a GDPR to the processing of your personal data for the purposes of analysis and statistics on user behaviour using Google Analytics.
For further information on the purpose and scope of data collection and its processing, as well as further information on your rights in this regard and setting options to protect your privacy, please contact Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. terms of use: https://marketingplatform.google.com/about/analytics/terms/us/, and the privacy policy: https://policies.google.com/privacy?hl=en.
For communication with our customers, we use, for example, the conference tool Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052-6399, USA ("Microsoft").
Microsoft collects all data that you provide/use for the usage of the tools (e-mail address and/or your telephone number). Furthermore, Microsoft processes the duration of the conference, start and end (time) of participation in the conference, number of participants and other "contextual information" related to the communication process (metadata). Furthermore, Microsoft processes all technical data that are necessary for the handling of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection. If content is exchanged, uploaded or otherwise made available within Microsoft Teams, it will also be stored on Microsoft's servers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemail uploaded photos and videos, files, whiteboards and other information shared while using Microsoft Teams. Please note that we do not have full control over the data processing operations of the tools used.
Subject to legal or contractual permissions, personal data may in principle only be processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. Accordingly, data may be transferred if the European Commission has determined by way of a decision within the meaning of Article 45 (1), (3) of the GDPR that an adequate level of data protection is provided in the third country concerned. By means of such so-called adequacy decisions, the European Commission certifies to third countries a level of data protection that is comparable to the recognised standard in the European Economic Area (a list of these countries as well as a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).
Insofar as a data transfer between the USA and the EU takes place in exceptional cases, it should be noted that no such adequacy decision exists for the USA. Therefore, other suitable guarantees would have to exist to ensure that data protection is sufficiently guaranteed in the US. This would generally be possible via binding corporate regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct.
Microsoft has submitted to corresponding standard contractual clauses of the European Commission, but US companies are nevertheless obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. Furthermore, you may not be able to assert or enforce your rights to information against Microsoft in the long term. Furthermore, the technical and organisational measures for the protection of personal data at Microsoft may not fully meet the requirements of the GDPR in terms of quantity and quality.
It is therefore possible that the standard contractual clauses of the European Commission used by Microsoft do not constitute sufficient guarantees within the meaning of Article 46 (2) lit. a) of the GDPR. Microsoft has nonetheless complied with the standard contractual clauses set out here https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=18600
Microsoft has nevertheless committed itself, according to the document available here, to only hand over data to US security authorities if Microsoft has been legally bound to do so by a government order. Microsoft is also obliged to take legal action to challenge the government order to hand over the data. Further, Microsoft will generally indemnify a data subject against any material or non-material damage suffered by the data subject as a result of Microsoft disclosing personal data of the data subject that was transferred pursuant to the Standard Contractual Clauses in response to an order from a non-EU/EEA governmental body or law enforcement authority.
By consenting to the collection of data by Microsoft, you also expressly consent to the transfer of data set forth herein, and you have been informed above of the potential risks of such transfers without an adequacy decision and without appropriate safeguards.
This consent may be revoked at any time. A revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
The legitimate basis is your explicit and voluntary consent in accordance with Art. 6 (1) p. 1 lit. a) GDPR to the processing of your personal data for communication purposes
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected. We have no influence on the storage period of your data stored by Microsoft for its own purposes.
Further information on the purpose and scope of the data collection and its processing as well as further information on your rights in this respect and setting options for protecting your privacy can be obtained from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA and at https://privacy.microsoft.com/en-us/privacystatement and https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=18600.
We do not share personal information with companies, organizations or individuals outside of our company except in one of the following circumstances:
We pass on personal data to third companies, organizations or persons outside our company if you have given us your explicit consent to do so.
We may make your personal data available to our third party business partners, other trustworthy companies or persons who process it on our behalf. This will always be done based on our instructions and in accordance with our privacy policy and other appropriate confidentiality and security measures.
We will disclose your personal information to companies, organizations or individuals outside of our company if we have a good faith belief that access to or use, preservation or disclosure of such information is reasonably necessary, in particular to comply with any applicable law, regulation or legal process or to comply with an enforceable governmental request.
Unless expressly stated in this privacy policy, your personal data will not be transferred to third countries or international organizations.
There is no automated decision making.
You have the right:
The competent supervisory authority in Baden-Württemberg is:
The State Commissioner for Data Protection and freedom of Information Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Telephone: 0711/ 61 55 41 - 0
Fax: 0711/61 55 41 – 15
E-mail: poststelle@lfdi.bwl.de
If you have given your consent to the processing of your data, you can revoke this consent at any time in accordance with Art. 7 Para. 3 GDPR. Such revocation will affect the permissibility of processing your personal data after you have given it to us.
Insofar as we process the processing of your personal data in accordance with the balancing of interests in accordance with Art. 6 para. 1 sentence 1 letter f GDPR, you have the right to object to the processing in accordance with Art. 21 GDPR. This is the case if the processing is not necessary, in particular, for the fulfilment of a contract with you, which is described by us in each case in the description of the functions. If you exercise such an objection, we request that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the facts of the case and will either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us about your objection to advertising by using the contact details given above.