DATA PROTECTION

DATA PROTECTION INFORMATION

BS Systems GmbH & Co. KG

General Provisions

Every natural person has the constitutionally guaranteed right to determine the use to which their own personal data may be put. We, the BS Systems GmbH & Co. KG, take the protection of the personal data of our customers as well as those interested in our offers very seriously. For this reason, it is our duty to protect the users entrusted to us when visiting our website. We are very much concerned with the protection of the privacy of our website users at all times. If and insofar as the user voluntarily provides personal data, these are collected and stored in accordance with the statutory data protection provisions of the EU General Data Protection Regulation (DSGVO) and the Telemedia Act (TMG). Of course, all data shall be treated confidentially. With the following data protection information, we would like to explain in more detail which data is collected, what happens with these data and which security measures we have taken to protect these data from misuse. By providing this transparent and comprehensible information of our data protection regulations we wish to ensure that visitors and customers are well informed about the collection, processing and use of personal data.

Personal data

Personal data is any information relating to an identified or identifiable natural person (such as, but not limited to, name, address, telephone number, date of birth, etc.). As a rule, our online offer can be used without providing personal information. However, the use of certain services may require the provision of personal information. In general, the collection, processing and use of personal data for the use of our website is limited to the required extent and the required data. If you wish to use services that require concluding a contract, we shall ask you to register. As part of the registration, we collect the personal data required for the establishment and fulfilment of the contract as well as, possibly, other data on a voluntary basis.

When contacting us by e-mail or using a contact form, the data voluntarily provided by you (e-mail address, possibly, name, address, etc.) shall be saved in order to answer your questions. We delete the data related to this context after the storage is no longer required, or limit their processing if there are statutory retention requirements.

If we rely on contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we shall inform you in detail below about the respective procedures. In doing so, we shall also name the specified criteria for the storage duration.

Responsible authority

The responsible authority for the collection, processing and use of your personal data acc. to Art. 4 Sec. 7 DSGVO is the

BS Systems GmbH & Co. KG
Am Innovationspark 2
86441 Zusmarshausen

Phone: +49 (0)8291 8502300
Mail: info@l-boxx.de

Name and address of the data protection officer

You can contact the data protection officer of the BS Systems GmbH & Co. KG under the following contact details:

SECUWING GmbH & Co. KG | Data Protection Agency
Mr Maximilian Hartung
Frauentorstraße 9
86152 Augsburg
Phone: +49 (0)821 90786450
E-mail address: epost@datenschutz-agentur.de

 

Your rights

You have the right:

• in accordance with Art. 15 DSGVO, to request information about your personal data processed by us. In particular, you can request information with respect to the processing purposes, the category of personal data, the categories of recipients to whom your data has been or shall be disclosed, the planned retention period, the existence of the right to rectification, deletion, limitation of processing or objection, the existence of the right to complain, the source of your data, if not collected from us, and the existence of an automated decision-making process including profiling and, possibly, meaningful information about the details thereof;
• in accordance with Art. 16 DSGVO, to immediately demand the correction of incorrect or completion of incomplete personal data stored by us with respect to you;
• in accordance with Art. 17 DSGVO, to request the deletion of your personal data stored by us, except in cases when the processing is required for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for assertion, exercise or defence of legal claims;
• in accordance with Art. 18 DSGVO to demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, you, however, reject their deletion and we no longer require the data, but you require the said data in order to assert, exercise or defend legal claims, or if you have objected to the processing according to Art. 21 DSGVO;
• in accordance with Art. 20 DSGVO to receive your personal data provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible;
• in accordance with Art. 7 Sec. 3 DSGVO to revoke the consent you have granted towards us at any time. As a result, we shall not be allowed to continue the data processing based on this consent for the future and
• in accordance with Art. 77 DS-BER, to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

1. Collection of personal data for visits of our website

1.1 In the case of the use of our website www.l-boxx.systems for informational purposes only, i.e. if you do not register or otherwise provide us with information, we shall only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data that are technically necessary for us to display our website and to ensure stability and security:

• IP address
• Date and time of the request
• Time Zone Difference to Greenwich Mean Time (GMT)
• Content of the request (concrete page)
• Access status / HTTP status code
• respectively transmitted amount of data
• Website from which the request originates
• Browser
• Operating system and its interface
• Language and version of the browser software.

The stated data are processed by us for the following purposes:

• ensuring a smooth connection set-up to the website,
• ensuring comfortable use of our website,
• evaluation of system security and stability, and
• for further administrative purposes.

The legal basis for data processing is Art. 6 Sec. 1 s. 1 lit. f DSGVO. Our legitimate interest follows from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions regarding you.

In addition, we use cookies and analysis services for visits of our website. Further details can be found in paragraphs 9 to 11 of this data protection declaration.

2. Further features and offers of our website

2.1. In addition to the purely informative use of our website, we offer various services that you can use if you are interested. To do this, you generally need to provide further personal data that we use to provide the respective service and for which the aforementioned data processing principles apply. The legal bases therefore are Art. 6 Abs. 1 s. 1 lit. a, b and f DSGVO.

2.2. In part, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and undergo regular inspections.

2.3. Furthermore, we may pass on your personal data to third parties if contracts or similar services are offered by us jointly with partners. You receive further information in this respect when entering your personal data or in the description of the offer possibly used.

2.4. Insofar as our service providers or partners are based in a state outside the European Economic Area (EEA), we shall inform you of the consequences of this circumstance in the description of the offer possibly used.

2.5. Within the website we use the popular Secure Socket Layer (SSL) method in conjunction with the respectively highest encryption level supported by your web browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we shall use 128-bit v3 technology instead. Whether an individual page of our website is encrypted is indicated by the closed representation of the key or lock icon in the bottom status bar of your browser.

2.6. We also take appropriate technical and organizational security measures in order to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are constantly being improved in line with technological developments.

3. Newsletter

3.1. With your consent, you can also separately get information about current and future projects (by telephone, e-mail, telephone).

3.2. For the registration for reception of this information by e-mail newsletter we use the so-called double-opt-in-procedure. This means that after you have registered, we shall send you an e-mail to the e-mail address specified in which we ask you to confirm that you wish to receive the newsletter. 158/5000 If you do not confirm your registration within 24 hours, your information will be suspended and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data.

3.3. The only requirement for sending you the newsletter is your e-mail address. The specification of additional, separately indicated data is voluntary and shall be used to address you personally. After your confirmation, we shall save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 Abs. 1 S. 1 lit. a DSGVO.

3.4. You can cancel your consent at any time and unsubscribe from receiving the information about current and future projects. You can declare the cancellation by clicking on the link provided in every newsletter e-mail, by e-mail to info@l-boxx.de or by sending a message to the above stated contact details.

3.5. Please note that we evaluate your user behaviour when sending a newsletter. For this evaluation, the e-mails sent include so-called web beacons or tracking pixels that represent one-pixel image files stored on our website. For the evaluations, we link the data mentioned in point 1 and the web beacons with your e-mail address and an individual ID.

Also the links in the newsletter contain this ID. With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. In doing so, we record the times when you read our newsletters, which links in those you click on and make therefrom conclusions about your personal interests. We link these data with the actions you have taken on our website.

4. Product ratings by our customers

We request our prospective buyers and customers (hereinafter generally referred to as “customers”) to consider the following for the publication of ratings:

By submitting a rating, you agree to the publication of the text on our website as well as in catalogues and newsletters. The name of the author is abbreviated, so that in the publication only the first letter is given for the first name and the last name. Please note that your name and contact details are stored by us in accordance with the data protection regulations. The legal basis is Art. 6 Abs. 1 s. 1 lit. f DSGVO.

As a customer, you are responsible for ensuring that your publication does not infringe illegally on the rights of third parties. This means, in particular, that you must ensure that your texts have not been copied unlawfully, that they are factual and that their content is truthful. In the event that claims are made against us by third parties for infringements based on a publication of the customer, the customer shall release us of these claims and compensate us the resulting damage (for example, the costs required for a legal defence).

Texts that contain advertising for third-party products, whether they are in competition with us or not, are generally undesirable. We reserve the right to take action against such advertising publications in the event of an infringement.

We are not obliged to publish texts. We also reserve the right to delete published texts at any time.

5. Product recommendations for our customers

You receive regular product recommendations from us by e-mail. These product recommendations are provided by us, regardless of whether you have subscribed to a newsletter. In this way, we wish to provide you with information about products from our offer that you may be interested in based on your recent purchases from us. The legal basis is Art. 6 Abs. 1 s. 1 lit. f DSGVO. If you no longer wish to receive product recommendations from us, you can object to this at any time. Please use the unsubscribe link included in each e-mail or send us a message to the above contact details.

6. Credit check and scoring

If we make a delivery before payment, for example, in the case of a purchase on account, then in order to safeguard our legitimate interests we may request a credit check based on mathematical-statistical procedures at diligently selected service providers. For this purpose, we shall forward the personal data required for a credit check to the relevant bodies and shall use the received information about the statistical probability of a default for making a balanced decision on whether the payment option should be granted. The collection, storage and forwarding are therefore carried out for the purpose of checking the creditworthiness in order to avoid a payment default and on the basis of Art. 6 Sec. 1 s. 1 lit. b DSGVO and Art. 6 Sec. 1 s. 1 lit. f, DSGMO. The credit report can contain probability values (score values) which are calculated on the basis of scientifically recognized mathematical-statistical methods and whose calculation includes, among other things, address data. Your protectable interests shall be considered in accordance with the statutory provisions. You can object to this check at any time with effect for the future. As a result, we may no longer be able to offer you certain payment options.
Currently we use information from the following service providers:

IHD Gesellschaft für Kredit-
und Forderungsmanagement mbH
Augustinusstraße 11B
D-50226 Frechen www.ihd.de

Further information according to Art. 14 DSGVO can be found at www.ihd.de/datenschutz/Selbstverpflicht.html

Creditreform Augsburg Frühschulz & Wipperling KG Beethovenstr. 4
86150 Augsburg www.creditreform-augsburg.de

7. Objection or revocation with respect to the processing of your data

7.1. If you have given your consent to the processing of your data, you can revoke it at any time. Such revocation, after you have stated it towards us, shall affect the admissibility of the processing of your personal data.

7.2. Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if, in particular, the processing is not required to fulfil a contract with you, which we describe in each case in the following description of the functions. In the event of such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we shall examine the situation and shall either discontinue or adapt the data processing or point out to you our compelling legitimate reasons due to which we continue the processing.

7.3. Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising using the contact details mentioned in point 1.2 above

8. Use of cookies

8.1. In addition to the data mentioned in point 3, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and by which the website that places the cookie (here – us) receives certain information. Cookies cannot run programs or transfer viruses to your computer. They serve to make the Internet offer overall more user-friendly and effective.

8.2. This website uses the following types of cookies, the scope and operation of which are explained below:

• Transient cookies, i. e. cookies that are automatically deleted when you close the browser. These include in particular the session cookies. They store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
• Persistent cookies, i. e. cookies in whose respect you can configure your browser settings according to your wishes. Here, for example, you can accept third-party cookies or reject all cookies. Please be aware that you may not be able to use all features of this site.

We use cookies to identify you for follow-up visits if you have an account with us. Otherwise you would have to log in anew for each visit.

The used Flash cookies are detected not by your browser but by your Flash plug-in. Furthermore, we use HTML5 storage objects, which are stored on your device. These objects store the required data regardless of your browser and do not have an automatic expiration date. If you do not want to process the Flash cookies, you must install an add-on such as, for example, “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/en/firefox/addon/betterprivacy/) or the Adobe-Flash killer-cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. In addition, we recommend that you regularly delete your cookies and the browser history manually.

9. Google Analytics

9.1. This website uses Google Analytics, a web analytics service provided by Google Inc. („Google“). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event of activation of IP anonymisation on this website, your IP address shall be shortened prior to that by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide to the website operator other services related to website usage and internet usage.

9.2. The IP address provided by your browser within the framework of Google Analytics will not be merged with other Google data.

9.3. You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. You can also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

9.4. This website uses Google Analytics with the extension “_anonymizeIp ()”. As a result, IP addresses are processed in an abridged form, this eliminates direct reference to persons. Insofar as the data collected about you is assigned a personal reference, it will subsequently be immediately excluded and the personal data will be deleted immediately.

9.5. We use Google Analytics to analyze and regularly improve the use of our website. Using the obtained statistics we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data are transferred to the USA, Google is submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework. The legal basis for the use of Google Analytics is Art. 6 Sec. 1 s. 1 lit. f DSGVO.

9.6. Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User Conditions: http://www.google.com/analytics/terms/de.html, Overview on Data Protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy.

10. Our Social Media Presence

10.1 Scope of this Privacy Policy
This privacy policy applies to the following social media platforms:

• Facebook
• Instagram
• LinkedIn
• YouTube
• TikTok

10.2 Data Processing by Social Networks
We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks such as Facebook, Instagram, TikTok, LinkedIn, and YouTube can typically analyze your user behavior comprehensively when you visit their websites or websites with integrated social media content (e.g., like buttons or ad banners). When you visit our social media profiles, various data processing operations are triggered that are relevant to data protection.

Specifically:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can associate this visit with your user account. Your personal data may also be collected even if you are not logged in or do not have an account with the respective social media portal. This data collection occurs, for example, through cookies stored on your device or by capturing your IP address.

With the help of the data collected in this manner, the operators of social media portals can create user profiles that store your preferences and interests. This allows for interest-based advertising to be displayed both within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be shown on all devices you are logged in to or have logged in to.

Please note that we cannot track all data processing activities on social media portals. Depending on the provider, additional processing operations may be carried out by the social media portal operators. For details, please refer to the terms of use and privacy policies of the respective social media portals.
10.3 Legal Basis
Our social media presence aims to ensure the most comprehensive online presence possible. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g., consent within the meaning of Article 6(1)(a) of the GDPR).
10.4 Controller and Assertion of Rights
If you visit one of our social media profiles (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing activities triggered by your visit. You can assert your rights (access, rectification, erasure, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media portal (e.g., against Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our ability to influence them is largely determined by the corporate policies of the respective provider.
10.5 Retention Period
The data we directly collect through our social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions—particularly retention periods—remain unaffected.

We have no influence on the retention period of your data that is stored by the social network operators for their own purposes. For details, please refer directly to the privacy policies of the respective social network operators (see below).
10.6 Your Rights
You have the right to obtain information about the origin, recipient, and purpose of your stored personal data at any time, free of charge. You also have the right to object, the right to data portability, and the right to lodge a complaint with the competent supervisory authority. Furthermore, you can request the rectification, blocking, erasure, and, under certain circumstances, the restriction of the processing of your personal data.

Specific Social Networks

10.7.1 Facebook
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter Meta). According to Meta, the collected data is also transferred to the USA and other third countries.

We have entered into an agreement with Meta regarding joint processing (Controller Addendum). This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

For details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.
10.7.2 Instagram
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

For details on how they handle your personal data, please refer to Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.
10.7.3 LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on how they handle your personal data, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider at the following link: https://www.dataprivacyframework.gov/participant/5448.
10.7.4 YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

For details on how they handle your personal data, please refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=en.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
10.7.5 TikTok
We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

For details on how they handle your personal data, please refer to TikTok’s privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=en.

Data transfer to insecure third countries is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.tiktok.com/legal/privacy-policy?lang=en.

Last updated: 09/2024

​