privacy policy
Name and Address of the Data Controller
The data controller within the meaning of the General Data Protection Regulation (GDPR), other national data protection laws of the member states, and other data protection regulations is:
Barnet Europe
W.Barnet GmbH & Co. KG
Eisenbahnweg 24
52068 Aachen
Germany
Tel.: +49 241 57980
E-mail: sales@barnet-europe.com
Website: www.barnet.com
Data Protection Officer
The data protection officer of the data controller is:
Dieter Offermann
Tel.: +49 2473 928790
E-Mail: dsb@barnet-europe.com
General Information about Data Processing
1. Scope of Processing of Personal Data
In principle, we process the personal data of our users only to the extent necessary for providing a functional website as well as for our contents and services. Personal data is generally only processed after the user has given consent. An exception applies in cases in which prior consent can not be obtained for factual grounds, and processing of the data is permitted by law.
2. Legal Basis for the Processing of Personal Data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) lit. a of the General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is required for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to the processing required for the performance of pre-contractual actions.
Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and fundamental freedoms of the data subject do not outweigh the aforementioned interest, Article 6 (1) lit. f GDPR serves as the legal basis for processing.
3. Data Erasure and Storage Duration
The personal data of the data subject is deleted or blocked as soon as the purpose for storage has expired. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the data controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Provision of Website and Creation of Log Files
1. Scope of Processing of Personal Data
In principle, we process the personal data of our users only to the extent necessary for providing a functional website as well as for our contents and services. Personal data is generally only processed after the user has given consent. An exception applies in cases in which prior consent cannot be obtained for factual grounds, and processing of the data is permitted by law.
• Information about the browser type and version used
• The operating system of the user
• The ISP (internet service provider) of the user
• The IP address of the user
• Date and time of access
• Websites from which the system of the user accesses our website
• Websites that are accessed by the user’s system via our website
The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.
2. Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f GDPR.
3. Purpose of Data Processing
Temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. This requires that the IP address of the user remains stored for the duration of the session.
The log files are stored in order to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our computer systems. The data is not exploited for marketing purposes.
These purposes also include our legitimate interest in processing data pursuant to Art. 6 (1) lit. f GDPR.
4. Duration of Storage
The data will be deleted as soon as it is no longer required for the purpose of its collection. In the case of collecting data for the purpose of providing the website, this is the case when the respective session ends.
In the case of storing the data in log files, this is the case after no more than seven days. Further storage is possible. In this case, the IP addresses of the users are deleted or pseudonymized, so that it is no longer possible to assign them to the accessing client.
5. Right to Object and Removal
The collection of data for the provision of the website and the storage of data in log files is imperative for operating the website. Consequently, the user cannot object.
Contact Form and E-mail Contact
1. Description and Scope of Data Processing
Our website features a contact form which can be used to contact us electronically. If this option is used, the data provided by the user in the input fields is transmitted to us and saved by us.
• Company
• Your name
• E-mail
• Phone
• Country
• Message
At the time of sending the message, the following data is also stored:
• The IP address of the user
• Date and time of registration
To process the data, your consent is obtained in the process of sending and a reference to this privacy policy is provided.
You may also contact us via the e-mail address provided. In this case, the personal data transmitted by the user will be stored.
In this context, the data is not forwarded to third parties. The data is used exclusively to process the conversation.
2. Legal Basis for Data Processing
The legal basis for processing data to which the user is consenting is Art. 6 (1) lit. a GDPR.
The legal basis for processing data collected in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. If the objective of contacting by e-mail is to conclude a contract, Art. 6 (1) lit. b GDPR constitutes an additional legal basis.
3. Purpose of Data Processing
The personal data entered in the input screen is used for the sole purpose of processing the contact initiation. Communication by e-mail also constitutes a necessary legitimate interest in the processing of the data.
The other personal data processed during sending serve to prevent misuse of the contact form and ensure the security of our IT systems.
4. Duration of Storage
The data will be deleted as soon as it is no longer required for the purpose of its collection. In the case of personal data provided in the input mask of the contact form and data sent by e-mail, this data is no longer needed when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the facts in question have been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Right to Object and Removal
The user may at any time revoke his consent to the processing of personal data. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. The conversation can not continue in such a case.
Simply send an e-mail to info@barnet-europe.com to order the deletion of data.
If this is undertaken, all personal data stored in the course of establishing contact will be deleted.
Mailchimp
1. Description and Purpose of Data Processing
We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (MailChimp) to send our newsletter. This allows us to contact subscribers directly. In addition, we analyze your usage behavior in order to optimize our offer.
2. Scope of Data Processing
For this purpose, we share the following personal data with Mailchimp:
• Email address
Mailchimp is a recipient of your personal data and acts as a processor for us as far as sending our newsletter is concerned. The processing of the data provided under this section is not required by law or contract. Without your consent and the transmission of your personal data, we cannot send out a newsletter to you.
In addition, Mailchimp collects the following personal data using cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection). In addition, usage data is collected such as date and time, when you opened the email / campaign and browser activity (e.g. which emails / web pages were opened). Mailchimp needs this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of abuse. This corresponds to the legitimate interest of Mailchimp (according to Article 6 (1) lit. f GDPR) and serves the execution of the contract (according to Article 6 (1) lit. b GDPR). Furthermore, Mailchimp evaluates performance data, such as the delivery statistics of emails and other communication data. This information is used to create usage and performance statistics of the services.
Mailchimp additionally collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no control over this process.
3. Legal Basis for Data Processing and Right to Object and Removal
The legal basis for these processing operations is your consent pursuant to Article 6 (1) lit. a GDPR. You can revoke your consent to the processing of your personal data at any time. A corresponding link can be found in all mailings. In addition, the revocation can be made via the specified contact options. By declaring the revocation, the lawfulness of the processing carried out so far is not affected.
4. Duration of Storage
Your data will be processed as long as a corresponding consent is available. Apart from that, they will be deleted after the termination of the contract between us and Mailchimp, unless legal requirements make further storage necessary.
Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities where Mailchimp processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://mailchimp.com/legal/data-processing-addendum/.
Web Analysis by Matomo (formerly PIWIK)
1. Scope of Processing of Personal Data
On our website, we use the open-source software tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users. The software places a cookie on the user’s computer (for cookies, see above). If individual pages of our website are accessed, the following data is stored:
• Two bytes of the IP address of the accessing system of the user
• The website accessed
• The website from which the user was referred to the accessed website (referrer)
• The subpages that are accessed from the accessing website
• The length of stay on the website
• The frequency of accessing the website
The software runs exclusively on the servers of our website. The personal data of the users is only stored there. The data is not forwarded to third parties.
The software is configured so that the IP addresses are not stored in their entirety, but instead 2 bytes of the IP address are masked (example: 192.168.xxx.xxx). In this way, the truncated IP address cannot be assigned to the accessing computer.
2. Legal Basis for the Processing of Personal Data
The legal basis for processing the personal data of the users is Art. 6 (1) lit. f GDPR.
3. Purpose of Data Processing
Processing the personal data of the users enables us to analyze their surfing behavior. By evaluating the data collected, we are able to compile information on how the individual components of our website are used. This helps us to constantly improve our website and its usability. These purposes also include our legitimate interest in processing data pursuant to Art. 6 (1) lit. f GDPR. By anonymizing the IP address, the interest of the users in the protection of their personal data is sufficiently taken into account.
4. Duration of Storage
The data is deleted as soon as it is no longer needed for our logging purposes.
In our case, these purposes cease after 12 months.
5. Right to Object and Removal
Cookies are stored on the user’s computer and transmitted to our site by the user. This means that you as the user have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be automated. If cookies are disabled for our website, not all functions of the website may work as intended.
On our website, users can optionally opt out from the analysis process. To do so, you must follow the appropriate link. Another cookie is then placed on your system which indicates to our system not to store the user’s data. If the user deletes the corresponding cookie from his system at any time, he must set the opt-out cookie again.
More information about the privacy settings of the Matomo software can be found under the following link: https://matomo.org/docs/privacy/
You can decide whether a unique web analytics cookie may be stored in your browser in order to allow the operator of the website to collect and analyze various statistical data.
If you wish to opt out, click the following link to place the Matomo opt-out cookie in your browser.
Your visit to this website is currently logged by Matomo Web Analytics. Click here to stop logging your visit.
Web Analysis by Google Analytics (with anonymization function)
On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analysis service. Web analysis is the collection, gathering and evaluation of data about the behavior of visitors to websites. Among other things, a web analysis service collects data on the website from which a data subject came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. Web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising.
The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
The data controller uses the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the person concerned is shortened and anonymized by Google if access to our Internet pages is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our website, and to provide other services related to the use of our website.
Google Analytics places a cookie on the data subject’s IT system. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. During the course of this technical procedure, Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a cookie on the data subject’s IT system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
Furthermore, the data subject has the option of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the data subject’s IT system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person who is attributable to their sphere of control, it is possible to reinstall or reactivate the browser add-on.
Further information and the applicable data protection provisions of Google may be retrieved under https://policies.google.com/privacy and under https://marketingplatform.google.com/about/analytics/terms/us/. Google Analytics is explained in more detail at this link https://marketingplatform.google.com/about/.
Call-To-Action Buttons “Buttonizer.io”
In order to offer you simple and practical links to our social media channels and other helpful services, we use the Buttonizer.io service. This service is operated by a Dutch company (“Blinktuit”) and complies with all European data protection regulations.
You can find out more about Buttonizer.io’s privacy policy here: https://buttonizer.pro/gdpr/
What data is transmitted or stored?
NO data is transmitted to Buttonizer.io when the page and the call-to-action buttons are loaded. Only when you click on one of the buttons is the following information transmitted and stored for statistical purposes:
• When the button was clicked
• On which page the button was clicked (URL)
• How long the user was on the page before the button was clicked
• Country of the user (Cloudflare information is used for this)
• Device type of the user (desktop, tablet or phone)
• The Buttonizer.io web server temporarily stores the user’s IP address in the log files. However, these are automatically anonymized and deleted and are not used or passed on outside Buttonizer.io.
Overview about our used services
Consent History
Change Settings
Website Firewall by webkultur
The data controller has integrated a plugin from webkultur on this website. webkultur is a
so-called website firewall. The service detects and blocks cyber attacks on websites. webkultur is used on many websites and protects websites and website visitors.
The operator of webkultur is webkultur, Falkstrasse 1, 45147 Essen, Germany.
By accessing any of the individual pages of this website operated by the data controller, webkultur has access to information about
1. the browser types and versions used
2. the operating system used by the system accessing the site
3. the website from which an accessing system accesses this website (so-called referrer)
4. the subwebsites, which are accessed via an accessing system on this website
5. the date and time of accessing the website
6. the IP address
7. the ISP of the accessing system
8. any other similar data and information that may be used to protect against attacks against IT systems.
In regards to the transmitted data, IP addresses are considered personal data. All IP addresses of accesses that do not activate the firewall mechanism are anonymized. webkultur uses the data for specific purposes in order to deter and detect cyber attacks as well as to recognize patterns of behavior of cyber attacks. The data are transmitted encrypted, stored on a server in Germany, and routinely deleted. The valid data protection regulations of webkultur can be found under https://www.webkultur.de/datenschutz.php.
Rights of the Data Subject
If your personal data is processed, you are considered the data subject within the meaning of the GDPR, and you have the following rights towards the data controller:
1. Right to Information
You may request confirmation from the data controller as to whether your personal data is processed.
If this is indeed the case, you may request the following information from the data controller:
1. the purposes for which the personal data is processed;
2. the categories of personal data processed;
3. the recipients or categories of recipients to whom your personal information has been or will be disclosed;
4. the planned duration of storing your personal data or, if it is not possible to provide specific information in this regard, criteria for determining the duration of storage;
5. the existence of the right to have your personal data concerning you rectified or deleted or the right to have the data controller restrict such processing or object to such processing;
6. the existence of the right of appeal to a supervisory authority;
You have the right to request information as to whether your personal data will be transferred to a third country or to an international organization. In this context, you may ask to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.
2. Right of Rectification
You have the right to have your personal data corrected and/or completed by the data controller if the personal data processed related to you is inaccurate or incomplete. The data controller must carry out the correction immediately.
3. Right to Restriction of Processing
You may request that the processing of your personal data is restricted under the following conditions:
1. if you dispute the accuracy of the personal data concerning you over a period of time which allows the data controller to verify the accuracy of the personal data;
2. the processing is unlawful and you refuse to have the personal data deleted and instead request a restriction on the use of the personal data;
3. the data controller no longer needs the personal data for the purposes of processing, but you need them for the purpose of asserting, exercising, or defending legal claims, or
4. you have lodged an objection to the processing referred to in Article 21 (1) GDPR until it has been established whether the data controller’s justified grounds outweigh those of your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used (notwithstanding its storage) with your consent or for the purpose of asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the processing restriction was limited in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.
4. Right of Erasure
(a) Duty to Delete
You have the right to ask the data controller to immediately delete personal data relating to you, subsequent to which the data controller is obliged to immediately delete the personal data if one of the following applies:
1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You revoke your consent upon which the processing referred to in Article 6 (1) lit. a or Article 9 (2) lit. a GDPR was based, and there is no other legal basis for the processing.
3. You oppose processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for processing, or you oppose processing under Article 21 (2) GDPR.
4. The personal data concerning you have been processed unlawfully.
5. The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the data controller is subject.
6. The personal data concerning you have been collected pursuant to services offered by the Information Society in accordance with Article 8 (1) GDPR.
b) Information to Third Parties
If the data controller has made the personal data concerning you public and is obliged to delete them in accordance with Article 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested to delete all links to this personal data or of copies or replications of this personal data.
c) Exceptions
The right to deletion does not exist if the processing is necessary
1. to exercise the freedom of expression and information;
2. for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the data controller is subject or for the performance of a task in the public interest or in carrying out official authority conferred upon the data controller;
3. for reasons of public interest in the field of public health in accordance with Article 9 (2) lit. h and i and Article 9 (3) of the GDPR;
4. to assert, exercise, or defend legal claims.
5. Right to Information
If you have asserted your right to rectify, cancel, or limit the processing of your personal data towards the data controller, the data controller is obliged to notify all recipients to whom your personal data have been disclosed of such rectification, cancellation, or limitation, unless this proves to be impossible or involves undue effort.
You have the right to be informed about these recipients by the data controller.
6. Right to Data Transferability
You have the right to receive your personal data which you have provided to the data controller in a structured, common, and machine-readable format. In addition, you have the right to transfer these data to another data controller without being hindered by the data controller to whom the personal data were provided, provided that
1.the processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and
2.the processing takes place using automated procedures.
In exercising this right, you also have the right to cause any data controller to directly transfer your personal data to another data controller, insofar as this is technically feasible. Freedoms and rights of other persons shall not be affected by this.
The right to data transferability does not apply to the processing of personal data necessary for the performance of a task in the interest of the public or in the course of exercising official authority bestowed upon the data controller.
7. Right of Objection
For reasons related to your unique situation, you have the right to object at any time to the processing of your personal data carried out pursuant to Article 6 (1) lit. e or f of the GDPR, including profiling based on these provisions.
The data controller will cease to process your personal data unless he can prove compelling and justifiable grounds for processing which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise, or defend legal claims.
If you object to the processing for direct marketing purposes, the relevant personal data will no longer be processed for these purposes.
In connection with the use of Information Society services, notwithstanding Directive 2002/58/EC, you may exercise your right of objection by means of automated procedures that use technical specifications.
8. Right to Revoke the Declaration of Consent under Data Protection Law
You have the right to revoke your data protection consent at any time. Revoking your consent does not affect the legality of the processing carried out based on your consent prior to revocation.
9. Right of Appeal to a Supervisory Authority
Notwithstanding any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you believe that the processing of your personal data is in breach of the GDPR.
The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.
