The following privacy statement is intended to clarify which types of personal data (hereinafter also referred to as “data”) we process for what purposes and to what extent. The Privacy Policy applies to all processing of personal data carried out by us, both in the framework of the provision of our services and in particular on our websites, in mobile applications and within external online features, such as our social media profiles (collectively referred to as the “online offer”).
G. Baumann GmbH
Welsches, 1
88239, Wangen, BW
Authorised representatives: Giuliano Baumann
Email address: info@gbaumann.com
The table below summarises the types of data processed and the purposes for which they are processed and refers to the data subjects.
Below we provide the legal bases of the General Data Protection Regulation (GDPR) on which we process the personal data. Please note that, in addition to the rules of the GDPR, the national data protection rules may apply in your or our country of residence.
National data protection regulations in Germany: In addition to the data protection provisions of the General Data Protection Regulation, national rules on data protection apply in Germany. This includes, in particular, the Law on the Protection against the Abuse of Personal Data in the Processing of Data (Federal Data Protection Law - BDSG). In particular, the BDSG contains special rules on the right of access, the right of erasure, the right of appeal, the processing of specific categories of personal data, the processing for other purposes and the transmission and automated decision-making in individual cases, including profiling. It also regulates the processing of data for the purposes of the employment relationship (Article 26 of the BDSG), in particular as regards the creation, performance or termination of employment and the consent of employees. In addition, national laws on data protection can be applied in the individual federal states.
We shall take appropriate technical and organisational measures, taking into account the state of the art, the cost of implementation and the nature, extent, circumstances and purposes of the processing, the different probabilities of entry and the extent of the threat to the rights and freedoms of natural persons, in accordance with the legal requirements, to ensure a level of protection commensurate with the risk.
Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data through control of physical and electronic access to the data, as well as access to the data relating to them, input, transfer, securing availability and separation. We have also put in place procedures to ensure the exercise of rights of data subjects, the erasure of data and the response to data threats. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly defaults.
SSL encryption (https): We use SSL encryption to protect your data transmitted via our online services. You can recognise encrypted connections by the prefix “https://” in the page link in the address line of your browser.
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place within the scope of the use of third-party services or the disclosure or transmission of data to other people, bodies or companies, this is only done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transmission, we only process or let the data be processed in third countries with a recognised data protection level, to which belong the US processors certified under the “Privacy Shield”, or on the basis of special guarantees, such as process contractual obligations through so-called standard protection clauses of the EU Commission, the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de .)
When contacting us (e.g. via contact form, e-mail, telephone or social media), the information provided by the requesting persons is processed, insofar as this is necessary to respond to the contact requests and any measures requested.
Responses to contact requests in the context of contractual or pre-contractual relations shall be given either for the fulfilment of our contractual obligations or for the purpose of answering (pre)contractual requests and also on the basis of the legitimate interests in answering the questions.
In order to provide our online offering safely and efficiently, we are using one or more web hosting providers whose servers (or servers they manage) can access the online offering. For these purposes, we can use infrastructure and platform services, computing capacity, storage and database services, as well as guarantees and technical maintenance.
The data processed in the context of the provision of the hosting offer may include any information related to the users of our online offer arising from use and communication. This regularly includes the IP address that is necessary to be able to deliver the content of online offers to the browsers and all entries made within our online offer or from websites.
E-mail dispatch and hosting: The web hosting services we use also include the sending, receiving and storage of emails. For these purposes, the addresses of the recipients and senders are processed, as are other information concerning e-mail dispatch (e.g. the providers involved) and the content of each e-mail. The above data may also be processed for the purpose of detecting SPAM. Please note, however, that emails are generally not sent in encrypted form on the Internet. Typically, while e-mails are encrypted during transport, they are not encrypted on the servers from which they are sent and received (unless the end-to-end encryption method is used). Therefore, we cannot take responsibility for the transmission of e-mails between the sender and the reception on our server.
Collection of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files can include the address and name of the websites and files accessed, date and time of access, amount of data transferred, notification of successful access, browser type along with version, the operating system of the user, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.
The server log files can be used on the one hand for security purposes, e.g. to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability.
The data processed by us will be deleted in accordance with the statutory provisions as soon as their consent permitted for processing is revoked or other permissions lapse (e.g. if the purpose of processing this data has lapsed or it is not necessary for the purpose).
If the data are not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.
Further information on the deletion of personal data can also be found in the individual data protection notices of this data protection declaration.
We ask you to inform yourself regularly about the contents of our privacy policy. We will adapt the data protection policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
As data subjects, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 GDPR:
This section gives you an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are mainly defined in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily for understanding. The terms are listed in alphabetical order.