Privacy Policy

Data protection at a glance

This information in accordance with Art. 13 et seq. GDPR on data protection serve the information obligation when collecting personal data on our website.
In the following sections of this data protection notice, BS Systems would like to inform you, among other things, about the extent to which information about you is processed via the website and for what purposes this information is used.

1. name and contact details of the controller

BS Systems GmbH & Co. KG
Am Innovationspark 2
86441 Zusmarshausen
Phone: +49 8291 850-0
Email: info@l-boxx.de

2. contact details of the data protection officer:


SECUWING GmbH & Co. KG | Datenschutz Agentur
Maximilian Hartung
Frauentorstraße 9
D-86152 Augsburg
Phone: 0821 90786450
Email: epost@datenschutz-agentur.de

3. purposes for which the personal data is to be processed and the legal basis for the processing


3.1 Processing of access data

For technical reasons, we process a limited amount of data (so-called connection data) each time our website is accessed. This data is technically necessary in order to establish and execute a connection between your end device and our servers. This data is processed in the main memory of the web server for the duration of the connection:
  • The following data or data categories are collected:
  • IP address
  • Source port of the calling device or a gateway (e.g. firewall or proxy)
  • Timestamp (date and time) of the request
  • Amount of data transferred
  • Message as to whether the request was successful (via http error code)
  • Message as to why a retrieval may have failed (using http error code)
  • Referrer (the previously visited website)
  • User agent (browser type with which you access our website and version)
  • Width and height of the display screen
  • Language settings of your browser
The IP address, time stamp, HTTP error code, referrer and user agent are automatically logged when you visit our website in order to ensure the functionality and protection of our website. The logs are also used to optimize the website. Your IP address is only processed further in the logs in abbreviated form and is therefore anonymized. It is not possible for us to create user profiles with personal references with this data.
The processing is carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.  A balancing of interests was carried out and came to the conclusion that the processing is necessary to safeguard our legitimate interests and that these outweigh your interests, fundamental rights and freedoms, which require the protection of personal data.

The following data or data categories are collected:
- IP address
- Source port of the calling device or a gateway (e.g. firewall or proxy)
- Timestamp (date and time) of the request
- Amount of data transferred
- Message as to whether the request was successful (via http error code)
- Message as to why a retrieval may have failed (using http error code)
- Referrer (the previously visited website)
- User agent (browser type with which you access our website and version)
- Width and height of the display screen
- Language settings of your browser
The IP address, time stamp, HTTP error code, referrer and user agent are automatically logged when you visit our website in order to ensure the functionality and protection of our website. The logs are also used to optimize the website. Your IP address is only processed further in the logs in abbreviated form and is therefore anonymized. It is not possible for us to create user profiles with personal references with this data.
The processing is carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.  A balancing of interests was carried out and came to the conclusion that the processing is necessary to safeguard our legitimate interests and that these outweigh your interests, fundamental rights and freedoms, which require the protection of personal data.

3.2 Cookies and related technologies


3.2.1 General information


This website sometimes uses cookies and related technologies (e.g. scripts). Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your end device and saved by your browser, for example to remember information about you, such as your language settings or login information. Some of these cookies are set by us and are referred to as first-party cookies. We also use third-party cookies, which originate from a domain other than that of the website you are visiting.
We distinguish between the following cookie categories:
  • Technically necessary cookies
  • Preference cookies
  • Statistics cookies
  • Marketing cookies

Further information on the individual categories as well as the option to reject each cookie category (with the exception of technically necessary cookies) and a list of all cookies used can also be found in the "Cookie settings".

3.2.2 Technically required, necessary cookies


Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Such cookies are absolutely technically necessary for the operation of the website and to provide the service requested by the user and therefore cannot be deactivated.
The processing is carried out on the basis of the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.  A balancing of interests was carried out and came to the conclusion that the processing is necessary to safeguard our legitimate interests and that these outweigh your interests, fundamental rights and freedoms that require the protection of personal data.

3.2.3 Cookies requiring consent, such as analysis and tracking cookies and related technologies (e.g. tracking scripts)


Our website also includes advertising, marketing and analysis tools from third-party providers. These are not technically necessary for the operation of the website, but serve, for example, to record the behavior of the user, to display advertising tailored to this or to enable an analysis of the use of our website.
These services only become active after you have expressly given your consent using the consent banner.
An overview of all third-party services integrated on the website, as well as detailed information on each of these services, can be found in section 10.

3.3 Data processing in connection with contacting us via our contact form
When you contact BS Systems via our contact form, the information you provide, such as
- First name and surname
- e-mail address
- Company name (optional)
 
will only be stored for the purpose of processing and answering the inquiry and for possible follow-up inquiries and, if necessary, for further consultation. 
The legal basis for the processing of your data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. A balancing of interests was carried out and came to the conclusion that the interests of the data subjects do not outweigh our interests in the processing. We have a legitimate interest in responding to your request, for which the processing of the data and data categories mentioned here is necessary.

3.4 Data processing in connection with registration for the newsletter mailing
You can register for our newsletter on our website. The following data will be processed:

  • Email address
  • First and last name
  • Company name (optional)
  • IP address

The information you provide will only be stored for the purpose of subscribing to the newsletter and analyzing your user behavior.

The information you provide will only be stored for the purpose of subscribing to the newsletter and analyzing your user behavior.

We use the so-called double opt-in procedure for the registration to receive this information by e-mail newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

We would like to point out that we evaluate your user behavior when sending a newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the data mentioned in section 1 and the web beacons with your e-mail address and an individual ID.

Links received in the newsletter also contain this ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and deduce your personal interests from this. We link this data to actions you have taken on our website.

The legal basis for the processing of your data is your express and voluntary consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time in accordance with the information under point 8.

3.5 Data processing in connection with the use of the online store L-BOXX Merch


On our website, we provide an online store under L-BOXX Merch, which is operated by our cooperation partner Toolbrothers Powertools GmbH. As soon as you click on the ‘L-BOXX Merch’ button, you will be redirected to the e-commerce platform Shopify and the new controller responsible for processing your personal data.

4. automated decision-making including profiling


BS Systems does not carry out automated individual decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR.

5. data transfer to a third country


Data transfers to countries outside the EU and the European Economic Area (“third countries”) occur in the context of the administration, development and operation of IT systems. The transfer only takes place on the basis
- an adequacy decision of the European Commission within the meaning of Art. 45 GDPR.
- an approved certification mechanism pursuant to Art. 42 GDPR together with legally binding and enforceable obligations of the controller or processor in the third country
- standard data protection clauses adopted by the Commission in accordance with the examination procedure pursuant to Art. 93 para. 2 GDPR.
When using our website, personal data is currently transferred to third countries, in particular to the USA, through the use of third-party services in the following cases
- Transmission of data to Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
- Transmission of data to Akamai Technologies, Inc, 145 Broadway, Cambridge, MA 02142, USA.
- Transmission of data to Amazon Web Services (AWS), Inc, 410 Terry Avenue North, Seattle, WA 98109-5210, USA
- Transmission of data to Flockler, Flockler Commerce, Inc, 1201 W Peachtree St NW Ste 2625 36051 Atlanta, USA - a company of Relay Commerce, Inc.

6. categories of recipients of data


We use the following categories of recipients as processors within the meaning of Art. 28 GDPR to process personal data for the purposes stated here:
- Server providers for the purpose of hosting our websites
- IT service providers for the maintenance of our IT infrastructure 
- External service providers for additional services
- Providers of marketing and analysis services
- Other processors within the meaning of Art. 28 GDPR in the course of order processing
 
These service providers process personal data and are contractually obliged to comply with the applicable data protection laws.
Your data will also be passed on if we are legally obliged to do so.

7. Storage duration and criteria for determining the duration


Personal data will only be stored for as long as is necessary to fulfill the purposes stated here or for as long as the retention periods stipulated by law require. After the respective purpose no longer applies or after the retention periods have expired, the data will be deleted in accordance with the statutory provisions.
We store your data for advertising purposes until you object to its use, you withdraw your consent or contacting you is no longer permitted by law.  We store your other data for as long as we need it to fulfill the specific purpose (e.g. to fulfill or process the contract) and delete it once the purpose no longer applies.
In this case, all connection data is automatically deleted from the web server's memory shortly after the end of the connection. The anonymized access logs are stored for 30 days. In the event that parts of the access logs are required for the purpose of preserving evidence, these are excluded from deletion until the respective incident has been finally clarified.

8. information on your rights as a data subject


BS Systems is responsible for the processing of your data, unless otherwise stated.
You can request information from us at any time (Art. 15 GDPR) about the data stored about you and its correction (Art. 16 GDPR) in the event of errors. You can also request the restriction of processing (Art. 18 GDPR), the portability (Art. 20 GDPR) of the data you have provided to us in a machine-readable format or the erasure of your data (Art. 17 GDPR) - insofar as it is no longer required.
You also have the right to object at any time to the use of your data based on public or legitimate interests (Art. 21 GDPR).
If we process your data on the basis of your consent, you can withdraw this consent at any time with effect for the future (Art. 7 para. 3 GDPR). Upon receipt of your revocation, we will no longer process your data for the purposes specified in the consent.
If you wish to exercise your rights as a data subject, please address your request to

BS Systems GmbH & Co.KG
Am Innovationspark 2
86441 Zusmarshausen
Tel.: +49 8291 850-0
E-Mai: info@l-boxx.de
 
or to:
 
E-mail: epost@datenschutz-agentur.de


9. right to lodge a complaint with a supervisory authority


You can also lodge a complaint with a supervisory authority at any time in accordance with Art. 77 (1) GDPR. The Bavarian State Office for Data Protection Supervision, 
, Promenade 18, 91522 Ansbach, P.O. Box 1349, 91504 Ansbach, email: poststelle@lda.bayern.de, telephone: +49 (0) 981 180093-0, is generally responsible for us. 
Alternatively, you can contact your local supervisory authority.

10. data protection information for all third-party services integrated on this website


10.1 Data protection information on the use of Friendly Captcha


This website uses Friendly Captcha to protect our website from automated attacks and spam. Friendly-Captcha is a software solution from Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.
Friendly Captcha is a privacy-friendly protection solution to make it more difficult for automated programs and scripts to use our website. A program code from Friendly Captcha is integrated into our website under ‘Contact’ so that the visitor's end device can establish a connection to the Friendly Captcha servers in order to receive a calculation task from Friendly Captcha. The visitor's end device solves the calculation task, which requires certain system resources, and sends the calculation result to our web server. This contacts the Friendly Captcha server via an interface and receives a response as to whether the puzzle has been solved correctly by the end device. Depending on the result, we can assign security rules to requests via our website and thus process them further or reject them.

The data collected is used exclusively to protect against spam and bots as described above. Friendly Captcha does not set or read any cookies on the visitor's end device. IP addresses are only stored in hashed, i.e. one-way encrypted form and do not allow us or Friendly Captcha to draw any conclusions about individuals. If personal data is stored, this data is deleted within 30 days.
 
The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TDDDG. The legal basis for the further processing of your personal data is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR.

10.2 Data protection notice on the use of Google Analytics


This website uses Google Analytics, a web analytics service provided by Google Inc. LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookies about your use of the website, such as
- Browser type/version,
- operating system used,
- Referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request,
are generally transmitted to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. We have also added the code “anonymizeIP” to Google Analytics on this website.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TDDDG. The legal basis for the further processing of your personal data is your voluntary and informed consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You give your consent via the consent banner.
You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

10.3 Data protection notice on the use of Google Tag Manager


This website uses Google Tag Manager, a web analysis service of Google Inc. LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.  
The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TDDDG. The legal basis for the further processing of your personal data is your voluntary and informed consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You give your consent via the consent banner.
You can find more information about Google Tag Manager at: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

10.4 Data protection notice on the use of Mailingwork


If you subscribe to our newsletter, we integrate the service provider Mailingwork GmbH, Schönherrstraße 9, 09113 Chemnitz, Germany.we use this service provider for newsletter marketing to increase our traffic and strengthen the bond with our customers.the storage of and access to information in the end user's end device is carried out in accordance with § 25 para. 1 TDDDG. The legal basis for the further processing of your personal data is your voluntary and informed consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You give your consent via the consent banner, and you can find further information on the collection and use of data by Mailingwork at: https://mailingwork.de/datenschutzerklaerung 

10.5 Data protection notice on the use of Akamai


On our website we use the Akamai Content Delivery Network (CDN) from Akamai Technologies, Inc, 145 Broadway, Cambridge, MA 02142, USA.
 
We use the Content Delivery Network (CDN) to increase the security and delivery speed of our website. Data such as the IP address, times and duration of website visits or information about the operating system may be processed.

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TDDDG. The legal basis for the further processing of your personal data is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR.
You can find more information on the handling of user data by Akamai in Akamai's privacy policy: https://www.akamai.com/de/legal/compliance/privacy-trust-center 
10.6 Data protection notice on the use of Cloudfront
On our website we use the Cloudfront content delivery network from Amazon Web Services (AWS), Inc, 410 Terry Avenue North, Seattle, WA 98109-5210, USA
 
We use the Content Delivery Network (CDN) to increase the security and delivery speed of our website. Data such as the IP address, times and duration of website visits or information about the operating system may be processed.
 
The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TDDDG. The legal basis for the further processing of your personal data is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR.
You can find more information on the handling of user data by Amazon in Amazon's privacy policy: https://docs.aws.amazon.com/de_de/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html

10.7 Data protection notice on the use of the service provider Flockler


On our website we use the social media service provider Flockler, Flockler Commerce, Inc, 1201 W Peachtree St NW Ste 2625 36051 Atlanta, USA - a company of Relay Commerce, Inc.
Flockler enables us to integrate content from social networks such as Instagram, Facebook or LinkedIn directly on our website. Personal data such as your IP address and browser and device properties may be transmitted to Flockler or to the integrated social media platforms. Flockler itself does not store any personal data that directly identifies you, but merely serves as an intermediary for displaying external content. 
The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TDDDG. The legal basis for the further processing of your personal data is your voluntary and informed consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You give your consent via the consent banner.
You can find more information on the handling of user data by Flockler in Flockler's privacy policy: https://www.relaycommerce.io/privacy-policy


11. Implementierte Technologien


Updated July 2025
This privacy policy is subject to constant review and BS Systems