We recognize and appreciate the responsible handling of personal data. Therefore, the processing of personal data in conjunction with the Internet offering on the bedford.de website (hereinafter also referred to as “website”) is executed in accordance with the General Data Protection Regulation (hereinafter abbreviated “GDPR”) and the country-specific data protection regulations applicable to us.
I. Name and contact details of the controller
The following information concerning data protection applies to data processing by:
Bedford GmbH + Co. KG
49090 Osnabrück, Germany
represented by Bedford Beteiligungsgesellschaft mbH
represented by its Managing Directors Thorsten Schäfer, Ulrike Stelzner & Carsten Leiber
Telephone: +(49) 0541.1218-0
Fax: +(49) 0541.1218-128
Our company data protection officer can be reached as follows:
Via post to the Data Protection Officer Marius Bruhn, Bedford GmbH + Co KG, Traiteur-Platz 1, 49090 Osnabrück, Germany
Via email at firstname.lastname@example.org
II. General information concerning data processing
1. Scope of the processing of personal data
We process personal data of the users of our website only to the extent required for provision of a functional website and our content and services. The processing of personal data of our users takes place regularly only after their consent has been obtained. An exception applies in those cases in which prior consent cannot be obtained for actual reasons and the processing of the data is permitted through statutory regulations.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the person concerned (data subject) for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis.
For the processing of personal data that is required for performance of a contract, with the data subject as contracting party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies for processing procedures that are necessary for pre-contractual measures.
If a processing of personal data is required for compliance with a legal obligation to which we as a company are subject, then Art. 6(1)(c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or of another natural person necessitate processing of personal data, then Art. 6(1)(d) GDPR serves as the legal basis.
If the processing is required for the purposes of a legitimate interest of our company or of a third party and the interests, fundamental rights and freedoms of the data subject do not override the first interest cited, then Art. 6(1)(f) GDPR serves as the legal basis for the processing.
3. Data erasure and storage period
The personal data of the data subject will be deleted (erased) or blocked as soon as the purpose of storage no longer applies. Moreover, storage can also occur if such storage has been provided for by European or national legislation in Union ordinances, laws or other regulations, to which we as the relevant controller are subject. The data shall also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless a necessity exists for further storage of the data to enter into a contract or perform a contract.
4. Recipients of collected data
We are the recipient of the data collected via our website as the responsible party (controller) cited under I. In addition, the processors (web hosters, technical support, etc.) we may use have access to the data collected via our website. The compliance with the statutory regulations is, however, guaranteed by data processing agreements which we enter into with our data processors domiciled in the EU.
We expressly state that we do not carry out any profiling via our website and that automated decision-making does not occur.
III. Provision of the website and data collection for technical reasons
In conjunction with a purely informative visit to our website, i.e. if you do not contact us and/or do not provide us with any information, we only collect data that the browser used on your end device automatically sends to the server of our website. This information is stored temporarily in a so-called log file. In this process the following information is collected without any action on your part and it is stored until automated erasure:
- IP address of the requesting computer
- Date and time of the access
- Name and URL of the accessed file,
- Website from which the access occurs (referrer URL)
- Browser used and possibly your computer’s operating system, as well as the name of your access provider
- Notification of successful access and
- quantity of data transmitted.
The data cited above is processed by us for the following purposes:
- Ensuring a smooth connection establishment to the website
- Ensuring a convenient use of our website
- Evaluation of system security and system stability, as well as
- for other administrative purposes
Our legitimate interest follows from the purposes of the data collection cited above. We do not, under any circumstances, use the collected data for the purpose of drawing conclusions about your person. The legal basis for the data processing cited above is Article 6(1)(1)(f) GDPR.
The server log files with the above data are automatically erased after 10 days. We reserve the right to store the server log files longer, if facts exist that substantiate the assumption of unauthorized access (such as an attempt at hacking or a so-called DDOS attack).
IV. Collection and storage of personal data, as well as type and purpose of the use of personal data
1) When contacting us via our contact form
If you contact us via the contact form on our website, we will ask for your form of address, your first and last name and your email address as mandatory information, so that we know who sent the request and so that we can process it. Additional information in the free text field is voluntary, i.e. it is up to you to decide whether you want to provide additional personal data (e.g. address, telephone number, etc.) as part of the contact form.
Data processing for the purpose of contacting us occurs on the basis of your consent voluntarily provided. The legal basis here is Article 6(1)(1)(a) GDPR.
We will erase the data collected or communicated in the course of your contacting us after storage is no longer necessary, or we will restrict processing if we are obliged to store the data for a longer period due to legal storage obligations.
2) When contacting us via email
If you contact us via email, the data provided by you (in particular your email address, your last name and first name, possibly your telephone number, etc.) will be stored by us in order to process and answer your enquiry.
The data processing in the cases cited above serves the purpose of processing the establishment of the contact as a necessary legitimate interest. Legal basis for the processing of the data transmitted by you is Article 6(1)(1)(f) GDPR.
The transmitted data will be erased as soon as they are no longer required for the purpose of their collection, i.e. in particular if the conversation with you has ended, i.e. if it can be inferred from the circumstances that the relevant facts have been conclusively clarified for both sides.
V. Forwarding of data to third parties
We only disclose your data to third parties, if
1) you, in accordance with Article 6(1)(1)(a) of the GDPR, have given us express permission to do so,
2) the disclosure in accordance with Article 6(1)(1)(f) GDPR is required for the establishment, exercise or defence of legal claims, and that there is no reason to believe that you have an overriding interest in the non-disclosure of your data,
3) a statutory obligation exists for disclosure in accordance with Article 6(1)(1)(c) GDPR, and
4) this is legally permissible and necessary for execution of contractual relationships with you pursuant to Article 6(1)(1)(b) GDPR.
We use so-called cookies on our website. Cookies are text files that are generated and stored in the Internet browser. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.
In the event that you access a website again with the same end terminal, the usage data stored in that end terminal is either sent back to the website that generated it (First Party Cookie) or sent to another website to which it belongs (Third Party Cookie). Thus the website can recognize whether or not the user has already visited the website with this browser during subsequent visits. This makes it possible to adapt the website to the needs of the user when the website is accessed again and to statistically evaluate the use of the website. Cookies have a different storage duration depending on their use.
The following cookies can always be used on a website:
a) So-called session cookies: These are only stored during your current visit to a website and provide the user with an unrestricted and convenient use of services for the current visit to the website, as well as the most convenient possible use of our website for the current visit to our site.
b) So-called Permanent cookies: These cookies remain temporarily stored, even after your visit to our website (temporary cookies) and enable you to use our website as conveniently as possible even after your current visit. Depending on their function and purpose, cookies can be divided into the following categories:
aa) Necessary cookies (type 1): These cookies are strictly required for our website and its functions to work properly. They make it possible to improve the comfort and performance of websites and they make various functions available. They can be used, for example, to save information you have already entered (such as user name, age, language selection or your current location) so that you do not have to enter this information again.
bb) Functional cookies (type 2): These cookies are used to obtain information about your use of our website. For example, they make it possible to identify particularly popular areas of our Internet offering, so that we can tailor the content of our website more specifically to your needs.
cc) Marketing cookies and third party Cookies (type 3): These cookies are used to run advertisements that are more relevant to the user and adapted to his interests. This information can be shared with third parties, such as advertisers. Cookies to improve the addressing of the target group and advertising are often linked to page functionalities of third parties.
In addition, our website contains third-party content such as Vimeo (see number IX for more information). These third parties may set cookies while you are using our website and they may receive information about this website use. The cookies are primarily used to integrate the content of these third parties on our website.
An overview of the cookies we use on our website and when they will be deleted is provided at https://bedford.de/en/cookies
Cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and thus we can constantly optimize our offering.
In the purposes cited above, our legitimate interest lies in the processing of personal data. The legal basis for the processing of personal data using cookies is
Article 6(1)(1)(f) GDPR.
VII. Use of Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enables analysis of your use of the website (also see number VI in this regard). As a rule, the information generated by the cookie about your use of this website will be transferred to a Google server in the USA and stored there.
We have activated the IP anonymization function on this website. Through this measure, within the Member States of the European Union, or in other States party to the Agreement on the European Economic Area, your IP address will be shortened by Google before transmission to the USA. The full IP address will only be transmitted to Google in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to produce reports on website activities and to provide other services related to the use of the website and of the Internet to the operator of the website. The IP address communicated by your browser in conjunction with Google Analytics will not be linked by Google with other data.
You can prevent the collection of your data through Google Analytics by clicking the following link: https://tools.google.com/dlpage/gaoptout?hl=de. An opt-out cookie will be set then that prevents the collection of your data at future visits to this website.
We use Google Analytics to analyse and regularly improve the use of our website. Via the statistics obtained we can improve our services and make them more interesting for you as a user.
We have entered into a contract processing agreement with Google regarding the use of Google Analytics, according to which Google is obligated to protect the data of our users, to process it on our behalf in accordance with their privacy provisions and, in particular, not to disclose it to third parties.
Google is certified under the US-EU Privacy Shield and is committed to complying with the EU data protection directives: https://www.privacyshield.gov/EU-US-Framework.
The legal basis for the use of Google Analytics is Article 6 (1)(1)(f) GDPR.
More information concerning the handling of user data by Google Analytics is provided here: https://support.google.com/analytics/answer/6004245?hl=de.
VIII. Use of Vimeo
Our website uses plugins of the video portal Vimeo. The provider is Vimeo Inc. 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages provided with a Vimeo plug-in, a connection is established to the Vimeo servers. In this process the Vimeo server will be informed which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged into Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
If you are logged in to your Vimeo account, you enable Vimeo to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Vimeo account.
IX. The rights of those affected (data subjects)
If your personal data is processed, then as set forth in the General Data Protection Regulation (GDPR), you as the person concerned (data subject) are entitled to the following rights vis-à-vis the responsible party (controller):
1. Right to information
You can demand a confirmation from us as to whether the personal data relating to you is processed by us.
If such processing exists, you can demand that we disclose the following information:
(a) the purposes for which the personal data is processed;
(b) the categories of personal data that are processed;
(c) the recipients or the categories of recipients to whom the applicable personal data has been disclosed or will yet be disclosed;
(d) the planned duration of storage of the personal data relating to you, or if specific information in this regard is not possible, the criteria for determination of the duration of storage;
(e) the existence of a right to rectification or erasure of the personal data relating to you, a right of restriction of the processing through the controller or a right to object to this processing;
(f) the existence of a right to appeal to a supervisory authority;
(g) all available information concerning the origin of the data if the personal data is not collected from the data subject;
(h) the existence of automated decision-making, including profiling pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information concerning the logic involved, as well as the scope and the intended effects of this type of processing for the data subject.
You are entitled to the right to demand information as to whether the personal data relating to you has been transferred to a third country or to an international organisation. In this context you can demand to be informed of the suitable guarantees pursuant to Article 46 GDPR in conjunction with the transfer.
2. Right to rectification
You have a right to rectification and/or completion vis-à-vis us, if the processed personal data relating to you is incorrect or incomplete. We are obligated to undertake the correction without delay.
3. Right to restriction of the processing
Under the following prerequisites you can demand restriction of the processing of the personal data relating to you:
(a) if you dispute the correctness of the personal data relating to you for a duration that enables the controller to review the correctness of the personal data;
(b) if the processing is unlawful and you refuse erasure of the personal data and instead demand restriction of the use of the personal data;
(c) if we no longer require the personal data for the purposes of processing, and you however require this data for establishment, exercise or defence of legal claims, or
(d) if you have lodged an objection to the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether our legitimate interests override your interests.
If the processing of the personal data relating to you has been restricted, this data – apart from its storage – may only be processed with your consent or for establishment, exercise or defence of legal claims or for protection of the rights of another natural or legal person or for reasons of an important public interest on the part of the Union or of a Member State.
If the restriction of the processing has been limited pursuant to the prerequisites cited above, we will inform you before the restriction is removed.
4. Right to erasure
a) Erasure obligation
You can demand from us as controller that we delete the personal data relating to you without delay. In this case we are obligated to erase this data without delay, if one of the following reasons applies:
(1) The personal data relating to you is no longer required for the purposes for which it was collected or it has been processed in some other manner.
(2) You revoke your consent to the processing on which, in accordance with Article 6(1)(a) or Article 9(2)(a) GDPR, the processing was based and there is no other legal basis for the processing.
(3) In accordance with Article 21(1) GDPR you object to the processing and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
(4) The personal data relating to yourself has been unlawfully processed.
(5) The erasure of the personal data relating to yourself is required for fulfilment of a legal obligation pursuant to Union law or the law of the Member States, to which the controller is subject.
(6) The personal data was collected in reference to offered information society services pursuant to Article 8(1) GDPR.
b) Information to third parties
If we have made the personal data public and we are obligated to erase it in accordance with Article 17(1) GDPR, then we take appropriate measures with due consideration of the available technology and implementation costs, also of a technical nature, to inform the relevant responsible parties (controllers) that process the personal data, that you as the data subject have demanded from them the erasure of all links to this personal data or to copies or replications of this personal data.
The right to erasure does not exist if the processing is required
(1) for exercise of the right to freedom of expression and information;
(2) for fulfilment of a legal obligation that requires the processing pursuant to the law of the Union or of the Member States to which we as the controller are subject, or for performance of a task that is in the public interest or in the exercise of official authority that has been vested in us;
(3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i), as well as Article 9(3) GDPR;
(4) for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, insofar as the law referred to in Section a) presumably makes the attainment of the objectives of such processing impossible or seriously impairs them, or
(5) for establishment, exercise or defence of legal claims.
5. Right to be informed
If you have asserted the right to correction, deletion or restriction of the processing vis-à-vis us, we shall be obligated to inform all recipients to whom the personal data relating to you has been disclosed, to correct the data or delete the data or restrict the processing, unless this proves to be impossible or it involves disproportionate effort.
You have the right to be informed of these recipients by us as the controller.
6. Right to data portability
You have the right to receive the personal data relating to you that you have provided to us, in a structured, commonly used and machine-readable format. Moreover you have the right to transmit this data to a different controller without hindrance from us, to which the personal data was provided, if
(a) the processing is based on a consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) of the GDPR or on a contract in accordance with Article 6(1)(b) GDPR and
(b) the processing occurs by automated means.
Moreover, in exercising this right you have the right to have the personal data relating to you transmitted from us to another controller if this is technically feasible. Freedoms and rights of other persons must not be hereby impaired.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been vested in us as the controller.
7. Right to object
You have the right, at any time, to object to the processing of your personal data, for reasons arising from your particular situation, which is based on Article 6(1)(e) or (f) GDPR, including profiling based on these provisions.
We as collector no longer process the personal data relating to you, unless we can provide compelling legitimate reasons for the processing that override your interests, rights and freedoms, or if the processing is used for establishment, exercise or defence of legal claims.
If the personal data relating to you is used for direct marketing, you have the right to object to the processing of your personal data for the purpose of this type of marketing; this also applies for profiling, to the extent that profiling is related to such direct marketing.
If you object to the processing of your personal data for direct marketing purposes, then the personal data will no longer be processed for these purposes.
You have the possibility, in the context of use of information society services – notwithstanding Directive 2002/58/EU – to exercise your right to object via automated means using technical specifications.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Through revocation the lawfulness of the processing due to the consent that occurred until revocation remains unaffected.
9. Automated decision-making in the specific case, including profiling
You have the right to not be subjected to a decision based exclusively on automated processing – including profiling – that develops its legal effect relative to yourself or that considerably affects you in a similar manner. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and us,
(2) is permitted by the laws of the Union or of the Member States to which we are subject as collector, and those laws contain appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
(3) occurs with your express consent.
However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) GDPR, if Article 9(2)(a) or (g) does not apply and appropriate measures have been taken for protection of rights and freedoms, as well as your legitimate interests.
With regard to the cases cited in (1) and (3) the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his own point of view and to contest the decision.
10. Right to appeal to a supervisory authority
Without prejudice to other administrative or judicial remedy, you also have the right to appeal to a supervisory authority, in particular a supervisory authority in the Member State in which you reside, in which your place of work is located, or in which the presumed infringement occurs, if you are of the opinion that the processing of the personal data relating to you is in violation of the GDPR.
The supervisory authority to whom the appeal has been submitted informs the appellant of the status and of the results of the appeal, including the possibility of judicial remedy pursuant to Article 78 GDPR.
X. Data security
Within the website visit we use the popular SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption that is supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether a specific page of our web presence is transmitted with encryption by the depiction of a closed key symbol or lock symbol in the lower status bar of your browser.
In all other aspects we use suitable technical and organizational measures to protect your data against random or wilful manipulation, partial or total loss, destruction or from unauthorized third-party access. Our security measures are subject to continuous improvement in accordance with technological development.