Privacy Policy

Data protection information regarding the use of our website

This privacy policy pursuant to Art. 13 ff. GDPR serves to fulfill our obligation to provide information when collecting personal data on our website.
In the following sections of this privacy policy, BS Systems would like to inform you, among other things, about the extent to which information about you is processed via the website and for what purposes this information is used.

1. Name and contact details of the controller

BS Systems GmbH & Co.KG
Am Innovationspark 2
86441 Zusmarshausen
Tel.: +49 8291 850-0
E-mail: info@l-boxx.de

2. Contact details of the data protection officer:

SECUWING GmbH & Co. KG | Datenschutz Agentur
Maximilian Hartung
Frauentorstraße 9
D-86152 Augsburg
Phone: +49 821 90786450
E-mail: epost@datenschutz-agentur.de

3. Purposes for which the personal data will be processed and the legal basis for processing


3.1 Processing of access data

For technical reasons, we process a limited amount of data (known as connection data) each time you access our website. This data is technically necessary to establish and maintain a connection between your device and our servers. This data is processed in the main memory of the web server for the duration of the connection:

The following data or data categories are collected in this process:
  • IP address
  • Source port of the calling device or a gateway (e.g., firewall or proxy)
  • Time stamp (date and time) of the request
  • Amount of data transferred
  • Message indicating whether the retrieval was successful (via HTTP error code)
  • Message indicating why a retrieval may have failed (using an HTTP error code)
  • Referrer (the previously visited website)
  • User agent (browser type used to access our website, including version)
  • Width and height of the display screen
  • Language settings of your browser
The IP address, time stamp, HTTP error code, referrer, and user agent are automatically logged when you visit our websites to ensure the functionality and protection of our websites. The logs are also used to optimize the website. Your IP address is only processed in abbreviated form in the logs and is therefore anonymized. We cannot create user profiles with personal references using this data.

Processing is carried out on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. A balancing of interests has been carried out and has come to the conclusion that the processing is necessary to safeguard our legitimate interests and that these outweigh your interests, fundamental rights, and fundamental freedoms, which require the protection of personal data.

3.2 Cookies and related technologies


3.2.1 General 

This website uses cookies and related technologies (e.g., scripts) in some cases. Cookies serve to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your device and saved by your browser, for example to remember information about you, such as your language settings or login information. Some of these cookies are set by us and are referred to as first-party cookies. We also use third-party cookies, which come from a domain other than the website you are visiting.

We generally distinguish between the following cookie categories:
  • Technically required, necessary cookies
  • Preference cookies
  • Statistical cookies
  • Marketing cookies
Further information on the individual categories, as well as the option to reject each cookie category (with the exception of technically necessary cookies) and a list of all cookies used, can also be found in the "Cookie settings."

3.2.2 Technically required, necessary cookies

Most of the cookies we use are so-called "session cookies." They are automatically deleted at the end of your visit. Such cookies are technically necessary for the operation of the website and to provide the service requested by the user and therefore cannot be deactivated.

Processing is based on legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. A balancing of interests has been carried out and concluded that the processing is necessary to safeguard our legitimate interests and that these interests outweigh your interests, fundamental rights, and freedoms requiring the protection of personal data.

3.2.3 Cookies requiring consent, such as analysis and tracking cookies and related technologies (e.g. tracking scripts)


Our website also uses advertising, marketing, and analysis tools from third-party providers. These are not technically necessary for the operation of the website, but serve for example, to record user behavior, to display advertising tailored to the user, or to enable an analysis of the use of our website. These services only become active after you have expressly given your consent via the consent banner.

An overview of all third-party services integrated into the website, as well as detailed information on each of these services, can be found in section 10.

3.3 Data processing in connection with contacting us via our contact form

When you contact BS Systems via using our contact form, the information you provide, such as
  • first and last name
  • email address
  • company name (optional)
 
will only be stored for the purpose of processing and responding to your inquiry, as well as for possible follow-up inquiries and, if necessary, for further consultation.
The legal basis for the processing of your data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. A balancing of interests has been carried out and has concluded that the interests of the data subjects do not outweigh our interests in processing. In the present case, we have a legitimate interest in responding to your inquiry, for which the processing of the data and data categories mentioned here is necessary.

3.4 Data processing in connection with newsletter registration

You can subscribe to our newsletter on our website. The following data will be processed:
  • Email address
  • First and last name
  • Company name (optional)
  • IP address

The information you provide will only be stored for the purpose of registering you for the newsletter and analyzing your user behavior.

We use the double opt-in procedure to register you to receive this information via email newsletter. This means that after you register, we will send an email to the email address you provided asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to verify your registration and, if necessary, to investigate any misuse of your personal data.

We would like to point out that we evaluate your user behavior when sending a newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the data mentioned in section 1 and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on, and infer your personal interests from this. We link this data to your actions on our website.

The legal basis for the processing of your data is your express and voluntary consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time in accordance with the information provided in section 8. 

3.5 Data processing in connection with the use of the L-BOXX Merch online shop

On our website, we provide an online shop under L-BOXX Merch, which is operated by our cooperation partner Toolbrothers Powertools GmbH. When you click on the "L-BOXX Merch" button, you will be redirected to the Shopify e-commerce platform and the new controller is responsible for processing your personal data.

4. Automated decision-making, including profiling

BS Systems does not carry out automated individual decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR.

5. Data transfer to a third country


Data transfers to countries outside the EU and the European Economic Area ("third countries") occur in the context of the administration, development, and operation of IT systems. The transfer takes place only on the basis of:

  • an adequacy decision by the European Commission within the meaning of Art. 45 GDPR.
  • an approved certification mechanism pursuant to Art. 42 GDPR together with legally binding and enforceable commitments by the controller or processor in the third country.
  • standard data protection clauses adopted by the Commission in accordance with the procedure laid down in Article 93(2) of the GDPR.
Currently, when using our website, personal data is transferred to third countries, in particular to the USA, through the use of third-party services in the following cases:
  • Transfer of data to Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
  • Transfer of data to Akamai Technologies, Inc., 145 Broadway, Cambridge, MA 02142, USA.
  • Transfer of data to Amazon Web Services (AWS), Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA
  • Transfer of data to Flockler, Flockler Commerce, Inc., 1201 W Peachtree St NW Ste 2625 36051 Atlanta, USA – a company of Relay Commerce, Inc.

6. Categories of recipients of data

For the processing of personal data for the purposes stated here, we use the following categories of recipients as processors within the meaning of Art. 28 GDPR:
  • Providers of servers for hosting our websites
  • IT service providers for maintaining our IT infrastructure 
  • External service providers for additional services
  • Providers of marketing and analysis services
  • Other processors within the meaning of Art. 28 GDPR in the course of order processing
These service providers process personal data and are contractually obliged to comply with the applicable data protection laws.

Your data will also be passed on if we are legally obliged to do so.

7. Storage duration and criteria for determining the duration

Personal data is generally only stored for as long as is necessary to fulfill the purposes stated here or as required by the statutory retention periods. Once the respective purpose has ceased to exist or the retention periods have expired, the data will be deleted in accordance with the statutory provisions.

For advertising purposes, we store your data until you object to its use, revoke your consent, or contact is no longer permitted by law. We store your other data for as long as we need it to fulfill the specific purpose (e.g., to fulfill or process a contract) and delete it once the purpose no longer applies.

In this case, all connection data is automatically deleted from the web server's memory shortly after the end of the connection. The anonymized access logs are stored for 30 days. In the event that parts of the access logs are required for the purpose of preserving evidence, they are excluded from deletion until the respective incident has been finally clarified.

8. Information about your rights as a data subject

BS Systems is responsible for the processing of your data, unless otherwise stated. 

You can request information from us at any time (Art. 15 GDPR) about the data stored about you and its correction (Art. 16 GDPR) in the event of errors. Furthermore, you can request the restriction of processing (Art. 18 GDPR), the transferability (Art. 20 GDPR) of the data you have provided to us in a machine-readable format, or the deletion of your data (Art. 17 GDPR) – insofar as it is no longer required.

In addition, you have the right to object at any time to the use of your data based on public or legitimate interests (Art. 21 GDPR).

If we process your data on the basis of your consent, you can revoke this consent at any time with effect for the future (Art. 7 para. 3 GDPR). Upon receipt of your revocation, we will no longer process your data for the purposes specified in the consent. 

If you wish to exercise your rights as a data subject, please address your request to:

BS Systems GmbH & Co.KG
Am Innovationspark 2
86441 Zusmarshausen
Tel.: +49 8291 850-0
E-mail: info@l-boxx.de
or to:
 
E-mail: epost@datenschutz-agentur.de

9. Right to lodge a complaint with a supervisory authority

In addition, you can lodge a complaint with a supervisory authority at any time in accordance with Art. 77 (1) GDPR. The supervisory authority responsible for us is the 

Bayerische Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, P.O. Box 1349, 91504 Ansbach, email: poststelle@lda.bayern.de ,  Tel: +49 (0) 981 180093-0. 

Alternatively, you can contact your local supervisory authority. 

10. Data protection information for all third-party services integrated into this website


10.1 Data protection information on the use of Friendly Captcha


This website uses Friendly Captcha to protect our website from automated attacks and spam. Friendly Captcha is a software solution provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.

Friendly Captcha is a privacy-friendly protection solution designed to make it more difficult for automated programs and scripts to use our website. A program code from Friendly Captcha is integrated into our website under "Contact" so that the visitor's device can establish a connection to the Friendly Captcha servers in order to receive a calculation task from Friendly Captcha. The visitor's device solves the math problem, which uses certain system resources, and sends the result to our web server. The server contacts the Friendly Captcha server via an interface and receives a response indicating whether the puzzle was solved correctly by the device. Depending on the result, we can apply security rules to requests made via our website and process or reject them accordingly. 

The collected data is used exclusively for the protection against spam and bots described above. Friendly Captcha does not set or read any cookies on the visitor's device. IP addresses are only stored in hashed, i.e., one-way encrypted form and do not allow us or Friendly Captcha to identify individuals. If personal data is stored, this data will be deleted within 30 days. 
 
The storage of and access to information on the end user's terminal device is carried out in accordance with § 25 (1) TDDDG. The legal basis for the further processing of your personal data is based on our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR.

For more information on how Friendly Captcha handles user data, please refer to Friendly Captcha's privacy policy: https://friendlycaptcha.com/legal/privacy-end-users/
 

10.2 Data protection notice on the use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Google Analytics uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website, such as
  • browser type/version,
  • operating system used,
  • referrer URL (the previously visited page),
  • host name of the accessing computer (IP address),
  • time of the server request,
are usually transmitted to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. We have also extended Google Analytics on this website with the code "anonymizeIP". 

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
 
The storage of and access to information in the end user's terminal equipment is carried out in accordance with § 25 (1) TDDDG. The legal basis for the further processing of your personal data is your voluntary and informed consent in accordance with Art. 6 (1) (a) GDPR. You give your consent via the consent banner.

For more information on how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

10.3 Data protection notice on the use of Google Tag Manager


This website uses Google Tag Manager, a web analytics service provided by Google Inc. LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It is used solely to manage and deliver the tools integrated through it. However, Google Tag Manager does collect your IP address, which may be transferred to Google's parent company in the United States.  

The storage of and access to information in the end user's terminal equipment is carried out in accordance with § 25 (1) TDDDG. The legal basis for the further processing of your personal data is your voluntary and informed consent in accordance with Art. 6 (1) (a) GDPR. You give your consent via the consent banner.

Further information on Google Tag Manager can be found at: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/ 

10.4 Data protection notice on the use of Akamai

On our website, we use the Content Delivery Network (CDN) Akamai from Akamai Technologies, Inc., 145 Broadway, Cambridge, MA 02142, USA.
 
We use the Content Delivery Network (CDN) to increase the security and delivery speed of our website. This may involve the processing of data such as the IP address, time and duration of website visits, or information about the operating system.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with § 25 (1) TDDDG. The legal basis for the further processing of your personal data is based on our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR.

For more information on how Akamai handles user data, please refer to Akamai's privacy policy: https://www.akamai.com/de/legal/compliance/privacy-trust-center 

10.5 Data protection notice on the use of Cloudfront

On our website, we use the Content Delivery Network Cloudfront from Amazon Web Services (AWS), Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA
 
We use the Content Delivery Network (CDN) to increase the security and delivery speed of our website. This may involve the processing of data such as the IP address, time and duration of website visits, or information about the operating system.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with § 25 (1) TDDDG. The legal basis for the further processing of your personal data is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR.

For more information on how Amazon handles user data, please refer to Amazon's privacy policy: https://docs.aws.amazon.com/de_de/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html 

10.6 Data protection notice regarding the use of the service provider Flockler

We use the social media service provider Flockler, Flockler Commerce, Inc., 1201 W Peachtree St NW Ste 2625 36051 Atlanta, USA – a company of Relay Commerce, Inc.

Flockler enables us to integrate content from social networks such as Instagram, Facebook or LinkedIn directly into our website. In doing so, personal data such as your IP address and browser and device characteristics may be transmitted to Flockler or to the integrated social media platforms. Flockler itself does not store any personal data that directly identifies you, but merely serves as an intermediary for displaying external content. 

The storage of and access to information in the end user's terminal equipment is carried out in accordance with § 25 (1) TDDDG. The legal basis for the further processing of your personal data is your voluntary and informed consent in accordance with Art. 6 (1) (a) GDPR. You give your consent via the consent banner.

For more information on how Flockler handles user data, please refer to Flockler's privacy policy: 
https://www.relaycommerce.io/privacy-policy 
https://flockler.com/de/dsgvo 

11. Data protection information regarding the use of social media channels

11.1 LinkedIn

We operate our own company page on LinkedIn and use the technical platform and services provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

We would like to point out that you use this LinkedIn page and its functions at your own risk. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating).

LinkedIn and BS Systems GmbH & Co.KG operate this page in accordance with Art. 26 GDPR on a joint responsibility basis insofar as the "Page Insights" functions are concerned. 

By presenting our company on LinkedIn, we aim to increase our presence on social media and thus support our marketing and public relations efforts. At the same time, we can communicate with users and respond to any enquiries or encourage users to apply for a job with us. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is, in particular, our business interest in sharing information with our users and being able to communicate with them.

We would like to point out that LinkedIn also processes your personal data for its own purposes, over which we have no influence. This may also involve data being processed outside the EU, in particular in the USA. Information on the use of this data by LinkedIn can be found at: 
https://www.linkedin.com/legal/privacy-policy 
https://www.linkedin.com/help/linkedin/ask/TSO-DPO 

11.2 Facebook 

We have a fan page on Facebook and use the information service provided by Meta Platforms Ireland Ltd, Merrion Road Dublin 4, D04 X2K5, Ireland. 

By operating the Facebook page, we support targeted and balanced public relations work and support our marketing activities. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is, in particular, our business interest in sharing information with our users and being able to communicate with them.

We would like to point out that you use this Facebook page and its functions at your own risk. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating). 

Facebook and BS Systems GmbH & Co.KG operate this page in accordance with Art. 26 GDPR in joint responsibility with regard to the "Page Insights" functions. Page Insights are summary statistics created based on certain "events" logged by Facebook servers when people interact with pages and their associated content. Page operators themselves do not have access to the personal data processed in the context of "events," but only to the aggregated, anonymized Page Insights. Details of the agreement can be found at the following link:
https://www.facebook.com/legal/terms/page_controller_addendum 
Facebook processes a range of personal data of page visitors in its so-called Page Insights for its own purposes. The processing takes place regardless of whether page visitors are logged into Facebook or not and whether page visitors are members of the Facebook network. Users who access Facebook pages without being registered or logged in to Facebook also have the option of influencing the scope of data processing by means of a cookie banner set by Facebook. For more information about Facebook cookies, please visit: 
https://www.facebook.com/privacy/policies/cookies 


When you visit this Facebook page, Facebook collects, among other things, your IP address and other information stored on your computer in the form of cookies. This information is used to provide us, as the operator of the Facebook page, with anonymous statistical information about the use of the Facebook page.

The data collected about you in this context is processed by Meta Ltd. and may be transferred to countries outside the European Union. Facebook describes what information Facebook receives and how it is used is described in Facebook's data usage policy. There you will also find information about how to contact Facebook and how to adjust your advertising settings.

The privacy policy is available at the following link: 
https://de-de.facebook.com/privacy/policy 

11.3 Instagram

We have a company page on Instagram, a service provided by Meta Platforms Ireland Ltd., Merrion Road Dublin 4, D04 X2K5, Ireland. 

Meta and BS Systems GmbH & Co.KG operate this page jointly in accordance with Art. 26 GDPR.

The purpose of data processing on our Instagram page is to provide information about our products and services, combined with the opportunity for users to interact with us in a targeted manner. The legal basis for data processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is, in particular, our business interest in sharing information with our users and being able to communicate with them.

We place advertisements on Instagram and use Instagram Insights to evaluate the behavior of our target group when interacting with our page. The targeted control of advertising is a legitimate interest of our company. Instagram users are informed of this; responsibility for data collection lies primarily with Meta Platforms Ireland Ltd. There are no overriding legitimate interests of users (display of individual target group-optimized advertising). The legal basis for us is Art. 6 (1) lit. f GDPR.

The data collected about you in this context will be processed by Meta Ltd. and, where applicable, transferred to countries outside the European Union. Meta describes what information it receives and how it is used in its data use policy. There you will also find information about how to contact Meta and how to adjust your advertising settings.

The privacy policy is available at the following link: help.instagram.com/155833707900388/


12. Implementierte Technologien


Updated August 2025
This privacy policy is subject to review and BS Systems reserves the right to make changes at any time. Such changes will be posted on this website accordingly.