Privacy policy

(Version: GDPR 2.1 from September 2024)

BHS-Sonthofen GmbH is responsible for this website and, as a provider of a teleservice, must inform you at the beginning of your visit about the type, scope and purpose of the collection and use of personal data in a precise, transparent, comprehensible and easily accessible form in clear and simple language. This content must be available to you at all times.

We attach great importance to the security of your data and compliance with data protection regulations. The processing of personal data is subject to the provisions of the European and national laws currently in force.

With the following data protection information, we would like to show you how we handle your personal data and how you can contact us:

BHS Control Systems GmbH & Co. KG
An der Eisenschmelze 47
87527 Sonthofen
Sonthofen, Germany

Phone: +49 8321 6099-600
E-mail: info@bhs-control-systems.com

Managing director with power of representation: Dr. Steffen Kämmerer

Our data protection officer
Sven Lenz
German data protection law firm - Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstrasse 50
87435 Kempten
Kempten, Germany

If you have any questions about data protection or other data protection concerns, please send an e-mail to the following e-mail address: datenschutz@bhs-sonthofen.com

A. General

For better comprehensibility, we refrain from gender-specific differentiation. In the interests of equal treatment, the corresponding terms apply to all genders. The meaning of the terms used, such as “personal data” or their “processing”, can be found in Art. 4 GDPR.

The personal data processed in the context of this website includes

• Usage data (e.g. pages visited on our website) and
• Content data (e.g. entries in online forms)

B. Specific

Data protection information 
We guarantee that we only process your data in connection with the processing of your inquiries and for internal purposes as well as to provide the services you have requested or to provide content.

Principles of data processing
We process your personal data only in compliance with the relevant data protection regulations and on the basis of the following legal bases:

Processing for the fulfillment of our services and implementation of contractual measures

• Art. 6 para. 1 lit. b) GDPR
  Processing for the fulfillment of our legal obligations
• Art. 6 para. 1 lit. c) GDPR
• Consent
  Art. 6 para. 1 lit. a) and Art. 7 GDPR
• Processing for the protection of our legitimate interests
  Art. 6 para. 1 lit. f) GDPR

Data transfer to third parties
Data transmission to third parties
We would like to point out that data may be transferred when you use our website if you select the services offered via the “cookie consent tool” provided on the website. If you do not select a service, no data will be transmitted to third parties.

In the context of website hosting, the service provider used may gain access to your data. We have outlined which web host we use in this privacy policy.

If we use subcontractors to provide our services, we take suitable legal precautions and appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.

Data transfer to a third country or an international organization
Third countries are countries in which the GDPR is not directly applicable law. This basically includes all countries outside the EU or the European Economic Area.

We would like to point out that data may be transferred to a third country when using our website, as we use a website security service or if you select the services offered via the “cookie consent tool” provided on the website. If you do not select a service, no data will be transferred to a third country.

The following applies to data transfers to the USA: Since July 2023, there has been an adequacy decision by the EU Commission (Data Privacy Framework), which identifies the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as the basis for data transfers to certified organizations in the USA.

The US services used are certified under the Data Privacy Framework. Details can be found under the individual services.

Storage duration of your personal data
We adhere to the principles of data minimization and data avoidance. This means that we only store your data for as long as is necessary to fulfill the aforementioned purposes or as stipulated by the various storage periods provided for by law. If the respective purpose no longer applies or after the corresponding periods have expired, your data will be routinely blocked or deleted in accordance with the statutory provisions.

Contacting us
Personal data is processed when you contact us electronically (e.g. via contact form or e-mail). The information you provide will be stored exclusively for the purpose of processing the request and for possible follow-up questions.

We would like to inform you of the legal basis for this: Processing for the fulfillment of our services and implementation of contractual measures
Art. 6 para. 1 lit. b) GDPR

We would like to point out that e-mails can be read or changed without authorization and unnoticed during transmission. We would also like to draw your attention to the fact that we use software to filter unwanted emails (spam filter). The spam filter can reject e-mails if they have been falsely identified as spam due to certain characteristics.

What rights do you have?
a) Right to information
You have the right to obtain information about your stored data free of charge. On request, we will inform you in writing which of your personal data we have stored. This also includes the origin and recipients of your data as well as the purpose of the data processing.

b) Right to rectification
You have the right to have your data stored by us corrected if it is incorrect. In this case, you can request a restriction of processing, e.g. if the accuracy of your personal data is disputed.

c) Right to blocking
You can also have your data blocked. To ensure that your data can be blocked at any time, this data must be kept in a lock file for control purposes.

d) Right to erasure
You can request the erasure of your personal data, provided that there are no statutory retention obligations. If such an obligation exists, we will block your data on request. If the relevant legal requirements are met, we will delete your personal data even without your request.

e) Right to data portability
You are entitled to request that we provide you with the personal data transmitted to us in a format that allows it to be transmitted to another location.

f) Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority.

The data protection authority responsible for us:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27, 91522 Ansbach, Germany
Telephone: +49 981 53-1300
Fax: +49 981 53-981300

You can open the complaint form via the following link: https://www.lda.bayern.de/de/beschwerde.html
Note: It is also possible to lodge a complaint with any data protection supervisory authority within the EU.

g) Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your data in accordance with Art. 6 (1) (e) and (f); this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In the event of such an objection, we will no longer process your personal data for the purposes of direct advertising. All you need to do is send us an email to this effect.

h) Right of revocation
You have the option to revoke your consent to the processing of your data at any time with effect for the future without giving reasons. You will not suffer any disadvantages as a result of the revocation. All you need to do is send us an e-mail to this effect.

However, such a revocation does not affect the legality of the processing carried out up to the time of revocation on the legal basis of Art. 6 para. 1 letter a) GDPR.

To assert your rights as a data subject, please send us an email to one of the email addresses listed above.

Protection of your personal data
We take contractual, technical and organizational security measures according to the state of the art to ensure that the data protection laws are complied with and thus to protect the processed data against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

The security measures include in particular the encrypted transmission of data between your browser and our server. For this purpose, 256-bit SSL (AES 256) encryption technology is used.

Your personal data is protected within the scope of the following points (excerpt):
a) Safeguarding the confidentiality of your personal data
In order to protect the confidentiality of your data stored by us, we have taken various measures to control access.

b) Safeguarding the integrity of your personal data
In order to protect the integrity of your data stored by us, we have taken various measures to control the transfer and input of data.

c) Safeguarding the availability of your personal data
In order to ensure the availability of your data stored by us, we have taken various measures to control orders and availability.

The security measures in use are continuously improved in line with technological developments. Despite these precautions, we cannot guarantee the security of your data transmission to our website due to the insecure nature of the Internet. For this reason, any data transmission by you is at your own risk.

Protection of minors
Persons who have not yet reached the age of 16 may only provide us with personal information if they have the express consent of their legal guardians. This data is processed in accordance with this data protection notice.

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

Browser type and browser version
Operating system used
referrer URL
Host name of the accessing computer
Time of the server request
IP address
This data is not merged with other data sources.

The basis for data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.

Online applications via a form
We offer applicants a career section on our website in which we advertise vacancies. Applications for these positions can be submitted via an online form, which is forwarded to a subpage. In order to be included in the application process, applicants must provide us with all the personal data required for a well-founded and informed assessment and selection via the form.
For this purpose, we use the service provider softgarden e-recruiting GmbH, Tauentzienstraße 14, 10789 Berlin, Germany, to which the data is forwarded when the data is called up and entered on the page. We have concluded an order processing contract with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

You will receive information obligations as part of the application process directly in the system/as a response. You can access this data protection information for the application process at the following link: https://www.bhs-control-systems.de/datenschutzhinweise-bewerbung

Cookies
Cookies are small text files that are stored locally in the cache of your Internet browser. Cookies make it possible, for example, to recognize the Internet browser. The files are used to help the browser navigate through the website and to make full use of all functions.

Cookie consent tool
We use a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent.

This website uses the cookie consent tool “consentmanager” from the provider consentmanager AB, Håltegelvägen 1b, 72348 Västerås

The “cookie consent tool” is displayed to users when they access the website in the form of an interactive user interface, on which consent for certain cookies and/or cookie-based applications can be given by ticking a box. By using the tool, all cookies/services requiring consent are only loaded if the respective user gives their consent by ticking the appropriate box. This ensures that such cookies are only set on the user's end device if consent has been granted.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is not processed in this process.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

Another legal basis for the processing is Art. 6 para. 1 lit. c GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

Website hosting
We use the system of the following provider to host our website and display the page content: port-neo GmbH, Relenbergstraße 80, 70174 Stuttgart, Germany

All data collected on our website is processed on the provider's servers.
We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

etracker (with cookies)
This website uses the web analysis service of the following provider: etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany

With the help of cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading end device and browser information), the service collects and stores pseudonymized visitor data, including information about the end device used, such as the IP address and browser information, in order to evaluate it for statistical analyses of usage behavior on our website and to create pseudonymized usage profiles. Among other things, this makes it possible to evaluate movement patterns (so-called heat maps), which show the duration of page visits and interactions with page content (e.g. text input, scrolling, clicks and mouse-overs). Pseudonymization rules out the possibility of direct personal identification. Your personal data will not be merged with clear data collected in any other way.

All of the processing described above only takes place if you have given us your consent to do so in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG have given your express consent. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service via the “cookie consent tool” provided on the website.

We have concluded an order processing contract with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

You can find more information about etracker's privacy policy at this link: https://www.etracker.com/de/datenschutz.html

Cloudflare
This website uses the content delivery network of the following provider: Cloudflare Inc, 101 Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. Processing is carried out on the legal basis of Art. 6 para. 1 lit. f GDPR (protection of legitimate interests). Our legitimate interest here lies in improving the stability and functionality of our website.

We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

The following applies to data transfers to the USA: Since July 2023, there has been an adequacy decision by the EU Commission (Data Privacy Framework), which identifies the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as the basis for data transfers to certified organizations in the USA.