Data privacy declaration
1. Data Protection at a Glance
The following information gives a simple overview of what happens to your personal data when you visit our website. Personal data means all data which allow for your personal identification. For detailed information on the topic of data protection, please refer to our data privacy notice specified in this text.
Collection of data on our website
Who is responsible for the data collection on this website?
The data processing on this website is completed by the website operator. For their contact data, please refer to the legal notice on this website.
How do we collect your data?
One way of collecting your data is that you give them to us. These data may e.g. include information that you enter in a contact form.
Other data are automatically recorded by our IT systems when you visit the website. These data are mainly of a technical nature (e.g. internet browser, operating system or time at which the website was accessed). These data are recorded automatically as soon as you enter our website.
For which purpose do we use your data?
One part of the data is collected in order to ensure an error-free provisioning of the website. Other data may be used to analyse your user behaviour.
Which rights do you have with regard to your data?
You are at any time entitled to free information on the origin, recipient and purpose of your stored personal data. You are moreover entitled to request the rectification, restriction or erasure of these data. For this purpose or if you have any further questions regarding data protection, you can contact us at the address specified in the legal notice, at any time. Apart from that, you have the right to lodge a complaint with the competent supervisory authority.
Analysis tools and third-party tools
When you visit our website, your surfing behaviour can be statistically analysed. This is mainly done by means of cookies and so-called analysis programmes. Your surfing behaviour is usually analysed anonymously; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information is provided in the data privacy notice below.
You can object to this analysis. This data privacy notice contains information about the possibilities to object.
2. General Information and Mandatory Information
The operators of this site take the protection of your personal data very seriously. We treat your personal data confidentially and according to the legal data protection regulations as well as this privacy notice.
When you use this website, different personal data will be collected. Personal data are data which allow for your personal identification. This privacy notice explains which data we collect and what we use it for. It also explains how and for which purpose this takes place.
We refer to the fact that security gaps may exist when transferring data on the internet (with communication by email, for example). It is not possible to provide seamless protection of data from access by third parties.
Information on the responsible entity
The responsible entity for data processing on this website is:
Hugo Brennenstuhl GmbH & Co Kommanditgesellschaft
Telephone: +49 (0)7071 8801-0
The responsible entity is the natural or legal person who - alone or together with others - decides on the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
Withdrawal of your consent to the data processing
Many data processing operations are only possible with your explicit consent. You can withdraw consent that you provided on a previous occasion at any time. To do so, sending us an informal message by email is sufficient. In this respect, the lawfulness of the data processing prior to the withdrawal of consent remains unaffected.
Right to lodge a complaint with the responsible supervisory authority
In case of infringements of the data protection law, the data subject has the right to lodge a complaint with the responsible supervisory authority. The responsible supervisory authority in questions under the data protection law is the State Data Protection Officer of the state in which our company has its registered office. For a list of the data protection officers and their contact data, please refer to the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right for the data that we process automatically on the basis of your consent, or for the fulfilment of a contract, to be provided to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place insofar as it is technically feasible.
SSL and/or TLS encryption
For security reasons and in order to protect confidential content such as orders or enquiries you send to us as website operator, this website uses SSL and/or TLS encryption. You can recognise an encrypted connection by the address line in the browser changing from “http://” to “https://” and by the lock symbol in the browser line.
If the SSL- and/or TLS encryption is enabled, the data you transfer to us cannot be accessed by third parties.
Access, blocking, erasure
Within the scope of the applicable legal provisions, you are at any time entitled to free access to your stored personal data, their origin and recipients and the purpose of the data processing and to rectification, blocking or erasure of these data, if applicable. To that end, or if you have more questions related to the topic of personal data, you can contact us at the address specified in the legal notice at any time.
Objection to advertising emails
The use of contact data published to comply with imprint obligations for the purposes of sending not expressly requested advertisement and information material is hereby rejected. The operators of this website expressly reserve the right to take legal steps in the event of the unsolicited sending of advertising information, for instance by means of spam emails.
Reporting portal for the Whistleblower Protection Act (HinSchG), Supply Chain Due Diligence Act (LkSG) and Code of Conduct
We operate a reporting portal for reports of misconduct within the meaning of § 2 HinSchG, the § 8 LkSG and our Code of Conduct. The reporting portal is operated in accordance with the procedural rules of the HinSchG.
We use a service provided by bbg bitbase group GmbH, Am Heilbrunnen 47, 72766 Reutlingen, Germany for this purpose.
The purpose of the reporting portal is to check and document reports, for internal investigation and, if necessary, to pass them on to authorised bodies in order to report unlawful misconduct in accordance with § 2 HinSchG, § 2 Abs. 1, Anlage No. 1 to 11 LkSG and our Code of Conduct at the company and in our supply chain.
Whistleblowers have the option of registering on our website to use the whistleblower portal. To register, log in and make contact, we process data that the internet browser automatically transmits and personal data that you can provide as a whistleblower: Access data, title (if provided), first name and surname (if provided), contact details (email address, telephone number or postal address, if provided), personal data in the report, in particular behavioural verifications with corresponding facts.
You have the option of registering anonymously. You will receive a unique identification code that gives you access to a closed data protection room. Here you have the opportunity to submit your comment.
No data will be passed on to third parties outside your company without your consent, unless it is required by law or order, such as § 9 HinSchG or § 17 LkSG. The data can then be passed on to investigating authorities or courts.
The legal basis for data processing is in accordance with Art. 6 para. 1 sentence 1 a) GDPR your consent to the processing of your personal data and in accordance with the Code of Conduct as well as otherwise in accordance with Art. 6 para. 1 sentence 1 c) GDPR the legal obligations according to § 8 LkSG and § 12 HinSchG. Processing in relation to the Code of Conduct is carried out for employees on the basis of their contractual obligations in accordance with Art. 6 para. 1 sentence 1 b) GDPR in conjunction with Art. 88 GDPR, § 26 BDSG and otherwise in accordance with Art. 6 para. 1 sentence 1 f) GDPR, whereby our legitimate interest is to monitor compliance with our Code of Conduct.
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. According to § 11 HinSchG, this is usually the case after three years and according to § 10 LkSG usually after seven years. Other storage obligations due to contractual relationships and processing for the fulfilment of contractual or legal obligations, such as six- or ten-year storage obligations under commercial and tax law, as well as longer storage for the duration of legal disputes, remain unaffected.
3. Data Protection Officer
Statutory Data Protection Officer
For our company, we have appointed a data protection officer.
Hugo Brennenstuhl GmbH & Co Kommanditgesellschaft
Data Protection Officer
Telephone: +49 (0)7071 8801-0
4. Collection of data on our website
Some of the web pages use “cookies”. Cookies do not harm your computer and do not contain any viruses. Cookies serve the purpose of making our website more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored by your browser.
Most of the cookies used by us are so-called “session cookies”. These are deleted automatically at the end of your visit. Other cookies are stored on your end device until you delete them. These cookies allow us to recognise your browser during your next visit to our site.
Cookies that are required for execution of the electronic communication process or for the provision of certain features requested by you (e.g. shopping cart feature) are saved based on Art. 6(1) point (f) GDPR. The website operator has a legitimate interest in the storage of cookies for the technically smooth and optimised provision of their services. Where other cookies (e.g. cookies for analysis of your browsing behaviour) are stored, these are addressed separately in this data privacy notice.
Server log files
The website provider automatically collects and stores information in server log files which your browser automatically sends to us. This information includes the following:
- browser type and browser version
- operating system used
- referrer URL
- host name of the accessing computer
- time of the server query
- IP address
This data is not combined with other data sources.
The data processing is based on Art. 6(1) point (f) GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.
If you send us enquiries using the contact form, we will store your data from the enquiry form, including the contact data specified there by you for processing the enquiry and in case follow-up questions arise. We will not pass such information on without your consent.
In this manner, the data entered by you in the contact form will only be processed based on your consent (Art. 6(1) point (a) GDPR). You can withdraw this consent at any time. To do so, sending us an informal message by email is sufficient. The lawfulness of the data processing operations based on consent before its withdrawal shall remain unaffected.
The data entered by you in the contact form (company or private person, first name, surname, company, telephone, email address, address, country, your message for us) will remain with us until you ask us to erase them, withdraw your consent to their storage, or the purpose for the data storage ceases to apply (e.g. after completed processing of your enquiry). Imperative legal provisions – particularly retention periods – shall remain unaffected.
We use the cloud-based customer support platform "Zendesk", of the provider Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA, in order to be able to process and manage user inquiries faster and more efficiently (consent pursuant to Art. 6 para. 1 lit. a. DS-GVO). We cooperate with Zendesk under EU standard contractual clauses (SCC) as a guarantee pursuant to Art. 46 DS-GVO. The data is stored on Zendesk's servers. Zendesk uses data centers in three main regions for this purpose - USA, Asia-Pacific and European Union. We have an order processing agreement with Zendesk, in accordance with Art. 28 Para. 3 DSGVO. This ensures that contractual assurances regarding applicable EU data protection laws and regulations required by the GDPR are met. This ensures the protection of your data. Cookies are also used so that you can use the services in the service area. These are exclusively technically necessary cookies that cannot be disabled.
Purchase online button
On the website, the provider makes use of the conversion tracking of Commerce Connector GmbH, Deckerstraße 41, 70372 Stuttgart.
On our website, we present to you a selection of different online dealers that you can reach using a link from our website. The linking is effected by means of the “Purchase online” button or a shop logo of the relevant online dealer. If you click the linking, our partner – Commerce Connector – will store a cookie on your end device for a limited period (usually 7 days). If within that time, you complete a purchase with the online dealer, Commerce Connector may access the cookie to receive information regarding your purchase with the online dealer as soon as you reach the order confirmation page of the online dealer.
Commerce Connector is not provided with personal information which allow for your identification, but only with a singular cookie number. Commerce Connector will use the received purchase information to prepare anonymised sales statistics of our products that were purchased via the linking and will finally provide us with these statistics.
B2B Portal Data processing when using a customer account
The use of our B2B portal on our website https://www.brennenstuhl.co.uk/en-GB/b2b-service-portal is directed exclusively at commercial suppliers and is linked to the information we have on you from our merchandise management system, such as name, e-mail address and your company function.
In order to use the functions of the B2B portal, you must - if you have not received an invitation - have yourself activated by your responsible contact person in sales. The registration takes place via your e-mail address and a password you have assigned. Afterwards you can view orders, delivery status and much more digitally.
The following data is automatically stored by our system in so-called server log files, which your browser automatically transmits to us:
- Date, time of registration
- IP address
- Executed events, such as catalogue orders or price information on articles
Your data will be stored for the duration of the legal retention periods and then deleted. If you wish your customer access to be deleted, your data will be blocked for further use. Deletion is possible at any time and can be done by sending a message to the above address of the person responsible or directly via the sales department.
In case of non-use of the B2B Portal, we will delete B2B Portal accesses that have not been used within a period of 12 months.
5. Social Media
Sharing of contents via plug-ins (Facebook, Twitter & co.)
The contents of our web pages can be shared on social networks such as Facebook, Twitter & co. in a manner which complies with data protection law. In order to do so, this website uses Shariff.
The automatic transfer of user data to the operators of these platforms does not take place via this tool. Should the user be logged in to one of the social networks, an informational window appears when using one of the social buttons from Facebook, Twitter & co., where the user can confirm the text before it is sent.
Our users are able to share the contents of this website on social networks in a manner which complies with data protection law without the complete surfing profile of the user being generated by the operators of the networks.
6. Analysis Tools and Advertisement
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called “cookies”. These are text files stored on your computer allowing them to analyse how you use our website. In general, the information about your use of this website generated by the cookie is transferred to a Google server in the USA and stored there.
The Google Analytics cookies are saved on the basis of Art. 6(1) point (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both their web offer and their advertisement.
We have activated the IP anonymisation function on this website. This means that your IP address is abbreviated by Google within European Union member states or other states which are part of the European Economic Area before it is transmitted to the US. Only in exceptional cases is the complete IP address transferred to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to assess your use of the website, to compile reports about the website activities and to perform other services connected to the use of the website and of the internet for the website operator. The IP address which Google Analytics transmits from your browser will not be associated with other data from Google.
By changing your browser settings accordingly, you may prevent cookies from being stored; however, we point out that you may not have full access to all website functions in this case. In addition, you may prevent any data created by the cookie and relating to website usage on your part (including your IP address) from being transmitted to and being processed by Google by downloading and installing the browser plug-in available at the link below: https://tools.google.com/dlpage/gaoptout?hl=en.
Objection to data collection
You can prevent Google Analytics from collecting your data by clicking on the following link. This places an opt-out cookie which prevents the future collection of your data when visiting this website: Deactivate Google Analytics .
You can find more information on how user data is handled in Google Analytics in Google’s data privacy statement: https://support.google.com/analytics/answer/6004245?hl=en.
Contract data processing
We have concluded an agreement for contract data processing with Google and fully implement the strict regulations of German data protection authorities when using Google Analytics.
Demographic data in Google Analytics
This website uses the “demographic data” function of Google Analytics. This allows for the compilation of reports that contain information regarding the age, gender, and interests of the visitors to the website. These data originate from interest-based advertising from Google as well as third-party visitor data. These data cannot be associated with a specific person. You can deactivate this function using the display settings in your Google account at any time or you can generally prohibit the collection of your data by Google Analytics as described in the section “objection to data processing”.
Google AdWords and Google conversion tracking
This website uses Google AdWords. AdWords is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Within the scope of Google AdWords, we use the so-called conversion tracking. When you click on an advertisement placed by Google, a cookie is set for the conversion tracking. Cookies are small text files stored by the Internet browser on the user’s computer. These cookies will become invalid after 30 days and do not serve the personal identification of the users. If the user visits certain sites of this website and the cookie has not yet expired, Google and we are able to see that the user clicked on the advertisement and was referred to this site.
Every Google AdWords customer receives a different cookie. The cookies cannot be tracked via the websites of AdWords customers. The information which was obtained with the help of the conversion cookie is used to create conversion statistics for AdWords customers who opted for conversion tracking. The customers receive information on the total number of users who clicked on their advert and were referred to a page with a conversion tracking tag. They do not, however, receive any information which can be used for the personal identification of users. If you do not want to participate in the tracking, you can object to this use at any time by deactivating the Google conversion tracking cookie in your Internet browser under user settings. This means that you will not be included in the conversion tracking statistics.
“Conversion cookies“ are stored and this tracking tool is used on the basis of art. 6(1) point f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both their web offer and their advertisement.
For more information on Google AdWords and Google conversion tracking, please refer to the Google data protection regulations: https://policies.google.com/privacy?hl=en.
Google Analytics Remarketing
Our websites use the functions of Google Analytics Remarketing in connection with the functions of Google AdWords and Google DoubleClick, which operate across devices. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
This function enables the advertisement target groups created through Google Analytics Remarketing to be linked with the functions of Google AdWords and Google DoubleClick, which operate across devices. In this way, interest-based, customised advertising messages which were adjusted based upon your use and surfing behaviour using one device in the past (e.g. mobile phone) can also be displayed on another end device used by you (e.g. tablet or PC).
Should you have given corresponding consent, Google links your web and app browser history with your Google account for this purpose. In this manner, the same personalised advertising messages can be displayed on any end device to which you are logged in with your Google account. To support this function, Google Analytics collects Google-authenticated IDs of users which are temporarily linked with our Google Analytics data in order to define and create target groups for advertising campaigns which operate across devices. You can permanently object to remarketing/targeting across devices by deactivating personalised advertising in your Google account. To do so, use this link: https://adssettings.google.com/authenticated?hl=en.
The summary of the data collected in your Google account takes place exclusively based on your consent, which you can give to or withdraw from Google (Art. 6(1) point (a) GDPR). When it comes to data collection processes which are not combined in your Google account (e.g. because you have no Google account or because you have objected to said combination) the collection of data is based on Art. 6(1) point (f) GDPR. The legitimate interest arises from the website operator having an interest in the anonymised analysis of visitors to the website for advertising purposes.
Google Tag Manager
Google Tag Manager is used on our website. The Google Tag Manager is a solution from Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, with which we can manage our website tags via an interface (and thus, for example, integrate Google Analytics 4 and other Google marketing services into our online offering).
The Tag Manager itself (which implements the tags) does not process any personal data of the users. The Google Tag Manager triggers other tags (cookies and pixels), which in turn may collect data. We hereby point this out separately. If a deactivation has been made by the user at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
Amazon Advertising Tag
The website uses an Amazon advertising tag on certain pages. This is a tool that uses advertising cookies or similar technologies to create usage profiles. These are used for interest-based advertising and to control the frequency with which users see certain ads. Amazon processes your data based on your consent in the area of marketing via the Amazon Advertising Tag to create campaign reports on the website target group, tracking of conversions, click events and targeted advertising outside our website (retargeting).
If you would like to subscribe to the newsletter which is offered on the website, we require your email address and information which enables us to verify that you are the owner of the email address provided, as well as your confirmation that you agree to the receipt of the newsletter. Other data will only be collected on a voluntary basis. We use this data exclusively for the purposes of sending the requested information and do not pass them on to third parties.
The data entered during the registration process are processed exclusively on the basis of your consent (Art. 6(1) point (a) GDPR). You can withdraw your consent to the storage of data and the e-mail address, as well as their use for the sending the newsletter, at any time, for instance via the “unsubscribe” link in the newsletter. The lawfulness of the data processing prior to the withdrawal of consent shall remain unaffected.
The data which you have stored with us for the purposes of the newsletter will be stored by us until you have unsubscribed from the newsletter and, after the newsletter has been cancelled, will be deleted. Data which are stored with us for other purposes (e.g. email addresses for the member area) remain unaffected by this.
8. Plug-ins and Tools
Our website uses plug-ins of the website YouTube, which is operated by Google. The operator of the websites is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
If you visit one of our websites that features a YouTube plug-in, a connection with the YouTube servers is established. In this context, the YouTube server is informed about which of our websites you have visited.
If you are logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to ensure a uniform and appealing presentation of our online offers. This is a legitimate interest in the sense of Art. 6(1) point (f) GDPR.
This website uses the map service Google Maps via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Your IP address has to be saved in order to be able to use the features of Google Maps. This information will usually be transferred to a Google server in the US, where it will be saved. The provider of this website has no influence on this transfer of data.
Google Maps is used to ensure an appealing representation of our online offers and easy finding of the places specified by us on the website. This is a legitimate interest in the sense of Art. 6(1) point (f) GDPR.
Please see the privacy notice of Google for more information regarding the handling of user data: https://policies.google.com/privacy?hl=en&gl=en
9. Online Marketing and Partner Programmes
Amazon Associates Programme
“Amazon cookies” are stored on the basis of Art. 6 point (f) GDPR. The operator of the website has a legitimate interest here, as it is only through cookies that the amount of their affiliate remuneration can be determined.