Here you can find out which of your personal data Bösch Boden Spies GmbH & Co. KG processes. Information on the controller and the data protection officer can be found in the privacy policy for the website: https://www.boeschbodenspies.com/datenschutz/
We process your personal data for the following purposes:
Depending on the individual case, your data will be processed on the basis of the following legal grounds:
Bösch Boden Spies processes personal data (e.g. legal representatives, company, commercial register number, VAT ID, address, contact details, bank details) for the purpose of establishing, executing and terminating contracts in accordance with Art. 6 (1) b GDPR. Without this data, cooperation is not possible.
In addition, we process the following personal data:
As a rule, you receive your data yourself, through recommendations or research in publicly accessible data sources, e.g. the Internet.
We receive data from applicants personally (in writing or by e-mail), via the employment agency, via web portals or recruitment agencies.
Consent is always voluntary. If it is not given, there are no disadvantages. Your consent can be revoked or amended at any time with effect for the future without giving reasons. Data processing that has already taken place remains unaffected by this.
Please send your revocation either to our postal address or to office@BoeschBodenSpies.com
We do not carry out any automated assessments (profiling).
All services are provided by Bösch Boden Spies GmbH & Co. KG, personal data is transferred within the framework of legal requirements (e.g. to the supervisory authorities or the tax office) or through cooperation with other service providers, also in the context of recommendations or contact requests.
In connection with our normal range of services, we also transfer your data to so-called third countries for the purpose of order placement or contractual cooperation.
We use systems from Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich ("Salesforce") to provide our store system, to manage our customer data and to send our personalized newsletter.
We therefore process the data that we process as part of the provision of your customer account, the purchase process and the personalized newsletter, including the analysis of your user behavior, in Salesforce systems.
We use Salesforce on the basis of our legitimate interest in accordance with Art. 6 (1) f GDPR. Our legitimate interest lies in the simplification of administrative and IT processes, customer management and communication, the processing of inquiries, increasing efficiency and the efficient implementation of marketing measures.
Salesforce is a group of companies with branches worldwide. The parent company of the group is salesforce.com Inc, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA. Data may therefore be transferred to the USA as part of data processing at Salesforce. There is no adequacy decision by the EU Commission regarding data transfers to the USA. However, Salesforce ensures an appropriate level of data protection through so-called Binding Corporate Rules (BCR). These are binding internal regulations that have been approved by a European supervisory authority. You can access a copy of the BCR under the following link: https://compliance.salesforce.com/en/salesforce-bcrs. In addition, Salesforce ensures an adequate level of data protection via the EU standard contractual clauses. You can access a copy of the clauses at the following link: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf
We use MS 365 from Microsoft to carry out our office work and for communication for conference calls, online meetings, video conferences and online collaboration.
We are interested in simplifying IT processes, internal and external communication, processing inquiries, increasing efficiency and promoting cross-company collaboration.
MS 365 is a service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown Dublin 18, Ireland,
When using MS 365, various types of data, including personal data, are processed. We have concluded a data processing agreement with Microsoft for this purpose. A corresponding order processing contract is included in the Online Service Terms (OST).
https://www.microsoft.com/de-de/servicesagreement
https://www.microsoft.com/en-us/licensing/product-licensing/products
When using MS 365, Microsoft processes a large amount of data.
Exactly which personal data is processed depends on the individual case:
Your personal data will only be passed on without your express prior consent in addition to the cases explicitly mentioned in this data protection declaration if it is legally permissible or required.
Data processing outside the European Union (EU) does not generally take place, as we have limited our storage location to data centers in the European Union. However, this does not apply to telemetry or diagnostic data, the support hotline and any other data that is processed outside the EU in Microsoft's area of responsibility.
Furthermore, due to legal obligations, personal data may be passed on or disclosed to third parties (in particular authorities), including to third countries (USA) with a different level of data protection.
In order to achieve the required secure level of data protection, in addition to internal organizational measures, the so-called Standard Contractual Clauses (SCC) were concluded with Microsoft, which are part of the Data Protection Addendum (DPA) as an annex to the above-mentioned OST.
The data will NOT be used by us for profiling, data analysis, market research or advertising.
Data is encrypted during transmission and at rest. This includes messages, files (video, audio, etc.), meetings and other content. Teams also uses TLS and MTLS to encrypt chat messages.
If a user (or an administrator on behalf of the user) deletes the data, Microsoft will ensure that all copies of the personal data are deleted within 60 days.
If a service offered by Microsoft is terminated, the corresponding personal data will be deleted between 60 and 180 days after the service is discontinued. We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. Microsoft must then comply with the company administrator's request.
In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.
We use the "Microsoft Teams" tool to conduct presentations, meetings, joint project work, team meetings, conferences, training courses and seminars.
Type of data
The legal basis for data processing when conducting "online meetings" is Art. 6 (1) b GDPR, insofar as the meetings are conducted within the framework of contractual relationships. If there is no contractual relationship, the legal basis is Art. 6 (1) f GDPR. Our legitimate interest lies in the effective conduct of online meetings.
Audio or video content will only be recorded with your consent; you will be informed of this in advance. The legal basis for this is Art. 6 (1) a GDPR.
Further information on the processing of personal data in Microsoft Teams can be found above or here: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.
Bösch Boden Spies GmbH & Co. KG stores your data for the duration of the business relationship. For legal, tax and commercial reasons, personal data is stored for ten years or longer if necessary and only deleted after the legal obligation has expired.
If we process your personal data, you are entitled to the following rights as a "data subject" within the meaning of the GDPR: You have the right to information, correction, blocking, deletion or restriction of the processing of your data at any time. You can revoke your consent to the processing of your data at any time. You can receive your personal data for data transmission in electronic form.
Please contact us either by post (see address above) or by e-mail datenschutz@BoeschBodenSpies.com
You can request information from us as to whether your personal data is being processed by us. The right to information is excluded if the data is only stored because it may not be deleted due to legal or statutory retention periods or serves exclusively for the purposes of data backup or data protection control, provided that the provision of information would require a disproportionately high effort and processing for other purposes is excluded by suitable technical and organizational measures. If the right to information is not excluded in your case and your personal data is processed by us, you can request the following information from us: