Privacy Policy

Introduction

This Privacy Policy is designed to inform you about the processing of personal data when using our websites.

Name and address of the party responsible for the processing (“controller”)

For Switzerland:
Bucher Leichtbau AG
Industriestrasse 1a
8117 Fällanden
Switzerland
www.bucher-group.com
bucher@bucher-group.com
+41 44 806 24 24

For the EU:
Bucher Interiors GmbH
Zur Dornheck 15–17
D-35764 Sinn-Fleisbach
interiors@bucher-group.com
+49 2772/57696-100
+49 2772/57696-199

Legally required Data Protection Officer

We have appointed a Data Protection Officer for our company.

Dipl.-Ing. Lars Ebertz on behalf of L-E-C.COM GmbH
Ober den Wiesen 17
D-35756 Mittenaar
datenschutz@l-e-c.com
+49 (0) 2778 6969 29

Right to information

According to Article 15 GDPR, you have the right to request that we confirm whether any personal data concerning your person is being processed by us. If this is the case, you have the right to be informed about these personal data and to further information specified in Art. 15 GDPR.

Right to correction

According to Art. 16 GDPR you have the right to demand the immediate correction of incorrect personal data concerning your person. Taking the purpose of processing into consideration, you also have the right to demand the completion of incomplete personal data, including by way of a supplementary explanatory note.

Right to erasure

You have the right to demand that we immediately delete any personal data concerning your person. We must delete personal data without undue delay, provided the corresponding conditions of Art. 17 GDPR apply. For details, please refer to Art. 17 GDPR.

Disclosure of data to third parties

On principle, we do not disclose any data transferred to us to third parties, particularly not for advertising purposes.
However, we work with third parties to operate this website or to provide products/services. In the context of such collaboration, third parties may gain knowledge of personal data. We select our service providers with care, particularly with regard to data protection and data security, and take all measures required under data protection law to ensure permissible data processing.

Data processing outside the EU

We do not ourselves process your personal data outside of the EU. However, service providers whose plug-ins and tools we use do partially process data outside of the EU. This is disclosed in this Privacy Policy in the information about each of the plug-ins/tools used.
An adequate level of data protection is ensured through participation in the so-called “Privacy Shield” and the data protection and data security measures taken by the service provider.

Right to restrict processing

According to Art. 18 GDPR you have, under certain conditions, the right to demand a restriction of our processing of your personal data.

Right to data portability

According to Art. 20 GDPR you have the right to obtain, in a structured, commonly used and machine-readable format, the personal data concerning your person which you have provided, and you have the right to transmit these data to another controller without hindrance by us, provided the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. (6) (1) (b) GDPR and the processing is performed by automated processes.

Right to object

According to Art. 21 GDPR you have the right to object to the processing of personal data concerning your person which takes place on the basis of Art. 6 (1) (e) or (f) GDPR; this also applies to any profiling based on these provisions.
Where we process your personal data to perform direct advertising you have the right at any time to object to the processing of personal data concerning your person for the purposes of such advertising; this also applies to profiling in connection with such direct advertising.
If you wish to exercise one of your rights, please contact us as the controller using the above contact details or use another contact option offered by us to notify us accordingly. If you have any questions, please do not hesitate to contact us.

Right to complain to supervisory authorities

According to Art. 77 GDPR you have the right, without prejudice to any other administrative or judicial legal remedy, to complain to the supervisory authority. This right may particularly be exercised in the member state of your place of residence, your place of work or the place of the alleged breach, if you believe that the processing of the personal data concerning your person breaches the GDPR.

Server log files

When you access our website, the company commissioned by us to operate the website processes and stores technical information about the terminal you use (operating system, screen resolution and other, non-personal features) and the browser (version, language settings), and particularly also the public IP address of the computer you use to access our website, as well as the date and time of access. The IP address is a distinct, numerical address under which your terminal sends and/or requests data to or from the internet. We and our service provider do not normally know the identity of the person behind the IP address, unless you disclose data to us during your use of the website which enable us to identify you. Users may also be identified if legal proceedings have to be taken against them (e.g. where our website is attacked) and we learn of their identity in the context of the investigations. You therefore do not normally need to worry about us being able to allocate your IP address to you personally.
Our service provider uses the processed data in non-personal form for statistical purposes, in order to enable us to understand which terminals and which settings are used to visit our website and to optimise the website if appropriate. The statistics do not contain personal data. The legal basis for the production of statistics is Art. 6 (1) (f) GDPR.
Your IP address is also used to enable you technically to access and use our website and for the detection and defence against attacks of our service provider or our website. Unfortunately, attacks with the aim of causing damage to website operators or their users do occur (e.g. preventing access, spying on data, disseminating malware, e.g. viruses, or for other illicit purposes). Such attacks would compromise the proper functioning of the data centre of our contracted company, the use of our website and/or its functionalities, and the security of visitors of our website. IP addresses and the time of access are processed for the purpose of defence against such attacks. Via our service provider, we use this processing to pursue our justified interest to secure the functioning of our website and defend against illegal attacks against us and the visitors of our website. The legal basis for processing is Art. 6 (1) (f) GDPR.
The stored IP data are deleted (by way of anonymisation) when they are no longer needed for the detection or defence against an attack.

Data transfer upon contract conclusion for online shops, traders and goods shipping

When you buy a product in our shop we process the data you submit for the purpose of concluding and implementing the contract. Data are transferred to the service provider to the necessary extent for shipping and payment for your purchase. The legal basis for processing is Art. 6 (1) (b) GDPR.
We also process your data to detect and defend against attempted fraud, based on Art. 6 (1) (f) GDPR. This serves the purpose of protecting ourselves from fraudulent transactions.
Data which are stored in connection with the conclusion of a contract of purchase for a product are deleted following the expiry of the statutory retention period. Where statutory duties of recording and retention (e.g. storage of invoices pursuant to taxation law) arise from the implementation of a contract of purchase, the legal basis for the processing is Art. 6 (1) (c) GDPR.
We delete or anonymise the data when they are no longer required to implement the respective contract and statutory retention duties no longer apply.

Cookies

We use cookies and comparable technologies (local storage) to operate our website and ensure its functional capability, in order to understand the manner in which users use our website, and in order to store settings configured by users in their browsers.
A cookie is a small text file which is stored on your terminal by your browser when you access our website. If you visit our website again at a later time, we are able to read these cookies again. Cookies are stored for varying lengths of time. You have the option at any time of configuring in your browser which cookies you would like your browser to accept; however, our website may not properly function as a result. You may also delete cookies yourself at any time. If you do not do this, we may specify how long we wish the cookie to remain on your computer when the cookie is set. There is a difference between so-called session cookies and permanent cookies. Session cookies are deleted by your browser when you leave our website or close the browser. Permanent cookies are stored for the period of time specified by us when the cookie is set.
We use cookies for the following purposes:
• Technically required cookies, which are strictly necessary to use the functions of our website (e.g. detecting whether you are logged in). Without these cookies, certain functions cannot be provided.
• Functional cookies, which are used to enable the technical implementation of certain functions you wish to use.
• Analysis cookies, which serve the purpose of analysing your user behaviour.
• Cookies of third parties. Cookies of third parties are set by third parties whose functions we incorporate in our website in order to enable particular functions. They may also be used to analyse user behaviour.

Most browsers used by our users allow you to configure which type of cookie should be saved and enable the deletion of (particular) cookies. If you limit the setting of cookies on particular websites or reject any cookies from third-party websites, you may not be able to use our website to the full extent. Information about how to adjust cookie settings in the most common browsers can be found here:[TN: links=”” changed=”” to=”” link=”” en=”” versions=””][/TN:]
• Google Chrome (support.google.com/chrome/answer/95647?hl=en)
• Internet Explorer (https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies)
• Firefox (https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences)
• Safari (https://support.apple.com/kb/PH21411?locale=en_GB)

Contact form

When you send us a message through one of the contacting options offered, we use the data you submit to us to process your enquiry. The legal basis for this is our justified interest to respond to your enquiry pursuant to Art. 6 (1) (f) GDPR. If your enquiry relates to the conclusion of a contract with us, a further legal basis for the processing is Art. 6 (1) (b) GDPR. The data are deleted once your enquiry has been dealt with. Where we are under a statutory obligation to retain the data for a longer period, they will be deleted following expiry of the applicable retention period.

Applications in paper or electronic format (e.g. email)

We are delighted that you are interested in our company and are applying or have applied for a position with us. We would like to tell you about how we process your personal data in connection with the application.

We process the data you have supplied in the context of your application in order to assess your suitability for the post (or any other vacant position in our company) and to implement the recruitment process.

The legal basis for the processing of your personal data is the exercise of legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our interest is the implementation of the recruitment process and, if applicable, the assertion of or defence against claims.

If an application is rejected, the data of applicants are deleted within 12 months.

If you have been successful in your application in the course of the recruitment process, your data will be transferred from the applicant data system into the personnel information system.

Within the company, only the people who require access to your data in order to ensure the proper functioning of our recruitment process will have such assess.

Social media via “Shariff” method

We offer you the option of recommending and discussing our content via social media buttons. In compliance with data protection, this is done via the so-called “Shariff” method. Using this method means that social networks cannot collect data from users at any time, but only when users click on the respective button. The “Shariff” button replaces the usual social media buttons. Information will be shared with the social networks only when the button is clicked. You will find more information about this here: https://github.com/heiseonline/shariff
This tool does not enable any automatic transfer of user data to the operators of these platforms.

Analysis tool “Google Analytics”

In the context of a third-party data processing agreement we use Google Analytics, where applicable via the Google Tag Manager, a service provided by Google LLC (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA. Google as the third-party data processor uses a “cookie” for this purpose. A cookie is a small text file which is stored on your computer via the browser. Via this cookie, Google will obtain information about which website you have accessed and, in addition, particularly the following information: browser type/version, operating system used, technical information about the operating system and the browser, and the public IP address of the computer used by you. We use Google Analytics in a manner which means that your IP address is only used in anonymised format. According to information from Google, this anonymisation takes place in the European Union or a member state of the EEA. Only in exceptional cases should a full IP address be transmitted to a Google server in the USA and be shortened there. According to Google, anonymisation takes place before the first time that an IP address is stored on a permanent server. For details, please refer to the Google privacy policy, available at https://support.google.com/analytics/answer/6004245?hl=en.
Google Analytics allows us to create user statistics about our website in non-personalised form and to collect demographic data about visitors and their usage behaviour. Furthermore, statistics are produced which help us to understand how users find our website, in order to improve our search engine optimisation and our advertising campaigns. This processing serves our justified interest to improve our website and advertising campaigns. The legal basis for processing is Section 6 (1) (f) GDPR.
At http://tools.google.com/dlpage/gaoptout?hl=en Google provides information about how to object to the use of Google Analytics.
Google is a party to the Privacy Shield agreement and has concluded a third-party data processing agreement for Google Analytics with us.

Google Webfonts

We use Google Webfonts to display our website. This is a collection of fonts of Google LLC (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA, which may be used especially for websites. When your browser accesses the font used by our website, the public IP address of the computer used by you is transferred to Google LLC (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA. The IP address is a distinct, numerical address under which your computer sends and/or requests data to or from the internet. When our website is accessed, your browser will load the fonts required to display the website correctly and in the manner which we have intended. If your browser does not support web fonts, a standard font of your terminal will be used to display our website. You can find more information about Google Webfonts here: https://developers.google.com/fonts/faq. The general Google privacy policy applies to Webfonts, available at https://www.google.com/policies/privacy/. Our legitimate interest in using Google Webfonts lies in ensuring a uniform appearance of our website and therefore its functionality on all terminals. The legal basis for processing is therefore Art. 6 (1) (f) GDPR.

YouTube

YouTube videos are integrated on this website. YouTube is an internet video portal which enables video publishers to upload video clips for free and other users to view, rate and comment on these videos, also for free. YouTube allows the publication of any kind of video, which means that complete films and TV shows but also music videos, trailers and videos made by users are accessible via the internet portal.

The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

At each access of any individual page of this website that is operated by the party responsible for the processing and on which a YouTube component (YouTube video) has been integrated, the internet browser on the data subject’s information technology system is automatically prompted by the YouTube component to download a display of the corresponding YouTube component from YouTube. More information about YouTube is available at https://www.youtube.com/yt/about/. In the course of this technical procedure, YouTube and Google learn which specific page of our website is visited by the data subject.

If the data subject is simultaneously logged in to YouTube, YouTube will recognise upon access of a page which contains a YouTube video which specific page of our website is visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google always obtain information via the YouTube component about the fact that the data subject has visited our website if the data subject is, at the time of accessing our website, simultaneously logged into YouTube; this information transfer takes place whether or not the data subject clicks on the YouTube video. If the data subject does not wish this information to be transferred to YouTube and Google, the transfer may be prevented by logging out of the YouTube account prior to visiting our website.

The YouTube privacy policy, available at https://www.google.de/intl/en/policies/privacy/, provides information about the collection, processing and use of personal data by YouTube and Google.

Newsletters with “MailChimp”

When you register for our email newsletter, your data will be used for the purpose of creating and sending the newsletter and of evidencing the registration for our newsletter until you revoke your consent. The legal basis for processing is Section 6 (1) (a) GDPR. In order for newsletters to be sent to you, you must click on the confirmation link in the verification email that we will send you following registration in order to demonstrate your consent. When you click on the appropriate link we process the public ID of the computer from which the link is accessed, together with the date and time of the click. We process these data to be able to prove that you have confirmed your request to receive the newsletter.
The legal basis for this processing is Section 6 (1) (f) GDPR. Our justified interest in this case lies in the compliance with our duties of providing evidence regarding the subscription you have taken out.

You may revoke your consent at any time by unsubscribing from the newsletter. Each newsletter contains a link for this purpose at the bottom.

We will delete your data when you unsubscribe from the newsletter. The data that we need to prove that you consented to the sending of the newsletter will be deleted following expiry of the limitation period applicable to such duties of evidence.

We use an external service provider for our newsletter, who acts for us as a contracted third-party processor.
This processor is MailChimp. This company is domiciled in the USA but is a member of Privacy Shield.