Privacy

Data privacy policy

1. Date privacy at a glance

General information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data collection on this website

Who is responsible for data collecting on this website?
The data processing on this website is carried out by the website operator. You can find the contact details of the website operator in the section "Information about the responsible agency" in this data privacy policy.

How are we collecting your data?
Firstly, your data is collected when you share it with us. For example, data that you enter in a contact form.

Other data is collected automatically or after your approval by our IT systems when you visit the website. This is mainly technical data (e.g. Internet browser, operating system or time of page view). The collection of this data takes place automatically as soon as you enter this website.

What do we use your data for?
Some of the data is collected to ensure flawless operation of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your approval for data processing, you can revoke this approval at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to file a complaint with the responsible supervisory authority. 

You can contact us at any time with regard to this and other questions on the subject of data privacy.

2. Hosting

External Hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding approval has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, provided that the approval includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The approval can be canceled at any time.

Our hoster will only process your data to the extent necessary to fulfill its service responsibilities and follow our instructions with respect to such data.

We use the following hoster:

iComply GmbH
Große Langgasse 1A
55116 Mainz

Order processing
We have concluded an order processing agreement with the above-mentioned provider. This is a contract required by data privacy law, which ensures that this provider only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.

3. General information and mandatory information

Data privacy 
The operators of this website take the privacy of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data privacy laws as well as this privacy policy.

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is carried out.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Information on the responsible party
The responsible party for data processing on this website is:

Ferdinand Bilstein GmbH + Co. KG
Wilhelmstr. 47
58256 Ennepetal

Phone: +49 2333 911-0
E-Mail: support@bilsteingroup.com

The responsible party is the natural or legal person who alone or jointly with others regulates the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Storage duration
Unless a more specific storage duration has been stated within this data privacy policy, your personal data will remain with us until the purpose for data processing ceases to apply. If you assert a legitimate request for deletion or cancel approval for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law storage periods); in the latter case, deletion will take place after these reasons have ceased to apply.

General information on the legal basis for data processing on this website
If you have approved the data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special categories of data are processed according to Art. 9 para. 1 GDPR. In the case of explicit approval of the transfer of personal data to third countries, the data processing is also based on Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or to the access to information in your device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. The consent can be cancelled at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Information about the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

Data protection officer

We have appointed a data protection officer for our company.

Ferdinand Bilstein GmbH + Co. KG
 - z.Hd. Datenschutzbeauftragten-
 Wilhelmstr. 47
 58256 Ennepetal

Phone: +49 2333 911-0
E-Mail: privacy@bilsteingroup.com

Cancellation of your approval for data processing
Many data processing processes are only possible with your express approval. You can cancel consent you have already given at any time. The legality of the data processing carried out until the cancellation remains unaffected.

Right to object to the processing of data in special cases and to direct marketing (Art. 21 GDPR)
IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21 (1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ARTICLE 21 (2) GDPR).

Right of appeal to the responsible supervisory authority
In the event of violations of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their place of habitual residence, their place of work or the place of the alleged violation. The right of appeal is without prejudice to other administrative or legal remedies.

Data portability right
You have the right to have data that we process automatically on the basis of your approval or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another party responsible, this will only be done to the extent that it is technically feasible.

SSL- or TLS encryption
This website uses for security purposes and for protection of transmission of confidential content, e. g. orders or requests that you send to us as a hoster, SSL- or TLS coding. A confidential connection can be recognized on the change of the URL in your browser from „http://“ to „https://“  and the lock symbol in your browserline.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, cancellation and correction
Within the scope of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction or cancellation of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.

Right to  limitation of processing
You have the right to request the limitation of the processing of your personal data. For this purpose, you can contact us at any time. The right to limitation of processing exists in the following cases:

  • If you question the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the limitation of the processing of your personal data.
  • If the processing of your personal data happens to be ilegitimate, instead of cancelation you can request it's limitation of data processing.
  • If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
  • If you have filed an appeal in accordance with Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your approval or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

4. Data processing on this website

Cookies
Our websites use so called "Cookies". Cookies are small text data that do not harm your device. They are either for the duration of your session (session-cookies) or permanently (permanent cookies) saved on your device. Session cookies are automatically deleted after your session has ended. Permanent cookies are saved on your device until you delete them yourself or your browser automatically deletes them.

In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If approval to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the approval can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and, if necessary, request your approval.

5. Information

Information on data protection
Employees, customers or business partners of Ferdinand Bilstein GmbH + Co. KG can use "iWhistle" to report violations of compliance regulations, such as antitrust or corruption law in particular ("Compliance" reporting channel), as well as certain violations of data protection regulations ("Data Protection" reporting channel) or human rights ("Human Rights" reporting channel).
 
The three systems for submitting reports are operated by a specially established staff unit, and only the person responsible for them has access to the reports. Information is only passed on, for example to other departments, if this is necessary to process a specific case.
 
The infrastructure of the system including websites and database is operated by the service provider iComply GmbH, located in 55116 Mainz, Große Langgasse 1A. iComply GmbH is contractually bound to strict confidentiality and to comply with all data protection requirements.

What personal data and information is collected and processed?
When reporting violations via "iWhistle", personal data:

  • of the person submitting a report (e.g. name, contact details) (optional/voluntary!) and
  • of persons affected by an incident (e.g., description of actions of affected persons),
entered in the respective reporting form or transmitted via the protected mailbox are collected and processed. The data is processed by the responsible staff unit in order to review the reported incidents, initiate and conduct investigations, and take remedial action where necessary. 

As part of the audits, investigations and remedial measures to be taken, it may be necessary to pass on information about a reported incident to employees* in other departments such as the management of Ferdinand Bilstein GmbH + Co. KG, to external consultants (e.g. legal advisors) or to the responsible authorities. We may also be obligated to report a reported incident to the responsible authorities and the affected persons.

The legal basis for the processing is Art. 6 (1) lit. c GDPR in conjunction with EU Directive 2019/1937 and §26 BDSG.

How long will the personal data be stored?
The personal data and information you provide will be stored for as long as knowledge of them is required to process the report and, if necessary, to initiate sanctions, or for as long as the data must be stored by law. If a report proves to be unfounded, the report and any personal data contained therein will be deleted immediately.