Skip Navigation

Privacy Policy

As the controller, we at Burnus GmbH take protection of your personal data very seriously. We would therefore like to provide you with comprehensive information in this Privacy Policy to explain how we process and store personal data when you use our websites.

Controller

Burnus GmbH
Roesslerstraße 94
64293 Darmstadt
Germany

Phone: +49 (0)6151 / 8 73-5
Fax: +49 (0)6151 / 8 73-800
E-mail: contact@burnus.de

Data Protection Officer

You can contact our Data Protection Officer by e-mail at:
datenschutz@burnus.de
or by regular mail at:

Burnus GmbH
Datenschutzbeauftragter (Data Protection Officer)
Roesslerstraße 94
64293 Darmstadt
Germany

General information on data processing

We collect and use personal data from our users strictly only to the extent necessary for providing a functional website as well as our content and products/services. The collection and use of our users’ personal data generally only takes place with the user’s consent. An exception is made in cases where it is actually impossible to obtain prior consent and the processing of the data is permitted by statutory regulations.

Legal basis for the processing of your data:

  • In cases where we obtain consent from data subjects for processing operations on personal data, Art. 6(1) a of the EU General Data Protection Regulation (GDPR) serves as the basis.
  • When processing personal data necessary for the performance of a contract to which the data subject is party, Art. 6(1) b of the GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out steps prior to entering into a contract.
  • In cases where processing of personal data is necessary to comply with a legal obligation which our company is subject to, Art. 6(1) c of the GDPR serves as the legal basis.
  • In cases where vital interests of the data subject or another natural person make it necessary to process personal information, Art. 6(1) d of the GDPR serves as the legal basis.
  • If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and the interests, fundamental rights, and fundamental freedoms of the data subject do not override the interests of the former, Art. 6(1) f of the GDPR shall serve as the legal basis for the processing.

In particular, legitimate interests may include:

  • Replying to enquiries;
  • Carrying out direct marketing measures;
  • Provision of services and/or information intended for you;
  • The processing and transfer of personal data for internal and/or administrative purposes;
  • The operation and administration of our website;
  • The technical support of users;
  • Avoiding and detecting cases of fraud and crimes;
  • Protecting against non-payment by obtaining credit reports in the case of enquiries regarding deliveries and performance; and or
  • Ensuring network and data security, provided that these interests comply with the corresponding applicable laws and the rights and freedoms of the user;

Usage data/server log files

Each time our webpages are accessed, our systems automatically collect data and information from the computer system of the accessing computer.
In this case, the following types of data are collected: Browser type, version used, operating system of the user, internet service provider, IP address of the user, date and time accessed, websites from which the user’s system are directed to our website or which the user is directed to from our website.

The legal basis for the temporary storage of the data and the log files is Art.6(1) f of the GDPR with the aforementioned legitimate interests.

The temporary storage of the IP address by the system is necessary to make it possible for the website to be delivered to the user’s computer. For this purpose, the IP address of the user must remain saved for the duration of the session.
Storage in log files takes place to ensure the functionality of the website. Furthermore, we use the data to optimise the website and to ensure the safety of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also justify our legitimate interests to perform data processing pursuant to Art. 6(1) f of the GDPR. The data will be deleted as soon as they are no longer necessary to fulfil the purpose of their collection. In the case of the collection of the data for the provision of the website, this is the case when the respective session is terminated. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Furthermore, we reserve the right to review the files when concrete indications exist which point to a justified suspicion of unlawful use or a specific attack on the pages. In this case, it is within our legitimate interests to perform processing for the purposes of clarifying the issue and the criminal prosecution of such attacks and unlawful use.

Use of the web analytics software AWStats

We use the AWStats program for statistical analyses of our website. We can use the statistics we obtain to improve our offering and make it more interesting for you as a user. The legal basis for that is Article 6 (1) point (f) GDPR. AWStats analyzes log files our web server creates on the basis of visitors’ requests. The program does not use cookie files for that. Statistical analyses are carried out using log files that also contain IP addresses (see section 3 above). This data cannot usually be used to identify specific persons. This data is not combined with data from other sources. It is not passed on to third parties. The data is also overwritten after a statistical analysis and erased after no later than 7 days. Unlike with other statistics programs, no data is transmitted to a third-party server with AWStats. The program is installed on our own computer system. The server is located in Germany.

The AWStats program is an open source project. You can obtain information on the third-party provider’s privacy policy at https://www.awastats.org.

Contact form and e-mail contact

Our webpage contains a contact form which can be used for getting in touch electronically. If a user makes use of this option, the data entered into the input form will be transmitted to us and saved. This data comprises: Name, address, e-mail address, telephone number etc. At the time the message is sent, the following data will also be saved: The IP address, date, and time. For processing the data, your consent will be obtained as part of the sending procedure, and reference will be made to this privacy statement.

Alternatively, you can also get in touch via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be saved. No disclosure of the data to third parties takes place in this context. The data will be used exclusively for processing the conversation.
The legal basis for the processing is:

  • For the processing of the data after the user registers for the newsletter, provided that the user has given consent, Art. 6(1) a GDPR.
  • For the processing of data which is transmitted as part of the sending of an e-mail, Art. 6(1) f GDPR with the aforementioned legitimate interests.
  • If the e-mail contact serves the purpose of entering into a contract, Art. 6(1) b of the GDPR serves as the additional legal basis for the processing.

For us, the processing of the personal data from the input form is exclusively for processing the establishment of contact. In the case of the establishment of contact via e-mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending procedure serve to prevent the abuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted as soon as they are no longer necessary to fulfil the purpose of their collection. For the personal data from the input fields of the contact form and data that have been transmitted via e-mail, this is the case when the respective conversation with the user has terminated. The conversation is terminated when circumstances allow one to surmise that the respective issue has been conclusively resolved. The additional personal data collected during the sending procedure will be deleted no later than after a deadline of seven days.

The user has the option of revoking his consent for the processing of the personal data at any time. If the user establishes contact with us via e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

Newsletter

Users can subscribe to a free newsletter containing promotional content on our Internet site. Our newsletters contain information on our service offerings, campaigns, events, contests, job offers and contributions/articles. However, the newsletters do not include messages without promotional information that are sent out as part of our contractual or other business relationship. That includes, for example, service mails containing technical information or queries about orders, events, notifications about contests or similar messages. The data provided in the input screen used in registering for the newsletter is sent to us. The IP address of the computer system calling the registration site and the time it is called are also collected. Your consent to processing of the data is obtained and your attention is drawn to this Privacy Statement during the subscription process. No data is passed on to third parties in connection with the processing of data needed to send newsletters. The data is used solely for sending the newsletter. The legal basis for processing data after the user has registered for the newsletter is Article 6 (1) point (a) GDPR if the user has given consent.

The user’s e-mail address is collected so that the newsletter can be delivered. Other personal data is collected as part of the subscription process so as to prevent misuse of the services or the e-mail address used. Users can cancel their subscription to the newsletter at any time. Every newsletter contains a link allowing them to do that. They can also use the link to withdraw consent to being sent the newsletter.

Reading behavior is only analyzed statistically to the extent that it is possible to determine whether recipients have opened the newsletter when their e-mail program has downloaded the graphics files contained in the newsletter from our web server. However, we only use this function to minimize the data volume of the actual e-mail and to let users choose whether to load the image files as well. This function can be enabled and disabled in any e-mail program.

The image files are not personalized, i.e. no personal data is collected when they are loaded (see “Usage data/log files”).

Disclosure of data

When you provide us with personal data, it is only disclosed to third parties to the extent necessary for the performance of the contractual relationship or other legal grounds legitimise this disclosure.

However, we provide certain services with the assistance of service providers. We have carefully selected these service providers and taken corresponding measures to protect your personal data.

Retention periods

The personal data of the data subjects are deleted or rendered unavailable as soon as the purpose of storage no longer applies. Furthermore, storage may also take place when this is provided for via European or national legislation in Union regulations, laws, or other provisions which the controller is subject to. The data is also rendered unavailable or deleted when a prescribed storage duration mandated by the specified standards expires, unless there exists a necessity for the continued storage of the data for the conclusion of a contract or the fulfilment of a contract.

Information on your rights

You have the right:

  • to obtain from us confirmation as to whether or not personal data concerning you is being processed; where that is the case, you have the right to access the personal data and the information specified in Article 15 GDPR.
  • to demand surrender of the data concerning you, subject to the restrictions defined in Article 20 GDPR, in a commonly used, electronic and machine-readable format. That also includes transmission of the data (where possible) to another controller directly named by you.
  • to demand that we rectify your data, if it is incorrect, inaccurate and/or incomplete. Rectification also includes completion of incomplete data by means of supplementary statements or notification.
  • to demand that we erase personal data concerning you without undue delay if one of the grounds specified in Article 17 GDPR applies. Unfortunately, we are not allowed to erase data which is subject to a statutory retention period. If you no longer want us to contact you by newsletter or another means, we store your related contact data in a blacklist.
  • to withdraw any consent you have given with effect for the future, without suffering any disadvantages as a result.
  • to demand that we restrict processing if one of the requirements defined in Article 18 GDPR is met.
  • to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. We will no longer process the personal data unless we demonstrate compelling legitimate grounds which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims (Article 21 GDPR).
  • without prejudice to any other administrative or judicial remedy, and if you consider that processing of personal data concerning you infringes the GDPR, to lodge a complaint with
    • our Data Protection Officer datenschutz@burnus.de or by regular mail (see the Imprint)
    • a supervisory authority in the Member State of your habitual residence, your place of work or place of the alleged infringement. The supervisory authority responsible for us is: The Hesse Data Protection Commissioner

If you have questions or comments about data protection (such as obtaining information on and updating of your personal data), please do not hesitate to contact us (using the subject line “Data protection”) at the e-mail address datenschutz@burnus.de or by regular mail (see the Imprint).

Download this privacy policy as PDF.