Data protection at Basler

In the following, we would like to inform you about the handling of your data at Basler in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

Responsible for the data processing described below is

Basler AG

An der Strusbek 60-62

22926 Ahrensburg

Phone +49 4102 463 0

Mail: datenschutz@baslerweb.com

To give you a better overview, we have divided the data protection information into different sections. Simply click on the relevant headings to view the details of the respective data protection provisions.

Usage data

When you visit our website, so-called usage data is stored on our web server as a log for statistical purposes and analyzed in order to improve the quality of our website. This data record consists of

§ the name and address of the requested content

§ the date and time of the request,

§ the amount of data transferred,

§ the access status (content transmitted, content not found),

§ the description of the web browser and operating system used,

§ the referral link that indicates from which page you came to our site,

The aforementioned log data is only analyzed anonymously.

Storage of the IP address for security purposes

In addition, we store the complete IP address transmitted by your web browser for a strictly earmarked period of seven days in the interest of being able to recognize, limit and eliminate attacks on our websites. After this period has expired, we delete or anonymize the IP address. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.

Data security

We take technical and organizational measures to protect your data from unwanted access as comprehensively as possible. We use an encryption process on our websites. Your data is transmitted from your computer to our server and vice versa via the internet using TLS encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

Contact form

You have the option of contacting us via our contact form. To use our contact form, we first need the data marked as mandatory fields from you.

We use this data on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR to answer your request.

If you use and submit forms on our website, the personal data transmitted by you will be stored in applications of the provider Pardot LLC/Salesforce Inc. and processed by us. Data from the user profiles created on the basis of pseudonyms will not be enriched unless you have given us permission to do so when submitting the form.

The purpose of combining the usage information with your personal data is to get to know you better as a potential customer and to provide you with information on our websites and by e-mail that is of particular interest to you personally. It also allows us to evaluate the efficiency of our communication measures.

If you wish to revoke this authorization or generally request the deletion of the personal data transmitted via the forms, please contact: pardot-data-privacy@baslerweb.com.

Registering in the online store - creating a customer account

If you would like to order via our online shop, you must first register and create an Basler account. For further data protection information on the Basler account, please read the section on the Basler account.

Processing of your data when placing an order

If you decide to order goods or services, we process your data for the fulfillment and processing of the service or purchase contract and, if necessary, its reversal in the context of the termination of the contract. In addition, we use your data to inform you about the status of your order.

The legal basis for data processing for the fulfillment of the contract is Art. 6 para. 1 sentence 1 lit. b GDPR and for the fulfillment of legal information and storage obligations Art. 6 para. 1 lit. c GDPR.

If you appoint us as a contact person for a company or organization, we process your data on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. As the contact person, you can object to this processing at any time with effect for the future in accordance with Art. 21 GDPR.

Messages by email

We process your data in order to send you messages by email. These are

  • Necessary system-related messages, e.g. for invitations, account activation and password resets

  • Notifications about the status of orders

In order to continuously improve our services, we send a tracking pixel in our messages to determine whether the messages have been opened and whether links in the message have been clicked on,

Payment processing and reversal

Depending on the payment method you choose, we also process personal data as part of the processing and reversal of payments.

If you choose to pay by credit card, this includes the card number, cardholder, expiration date and card verification number.

In the case of a bank transfer after purchase on account, these are the name of the account holder, IBAN and BIC.

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. b GDPR.

Depending on the payment method selected, we may transmit data to commissioned payment service providers within the meaning of Directive (EU) 2015/2366 (PSD 2) and the Payment Services Supervision Act (ZAG). These include payment institutions such as banks, savings banks and credit card companies, e-money institutions and payment initiation service providers (Sofortüberweisung).

We transmit data to the following payment service providers, among others

adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands adyen is contractually obliged to us as a processor in accordance with Art. 28 GDPR to process your data in accordance with data protection regulations.

Collection and processing of personal data

When you apply, we process the data that we require from you as part of the application process. This may include contact details, all data related to the application (CV, certificates, qualifications, answers to questions, etc.) and, if applicable, bank details (to reimburse travel expenses). The legal basis for this results from § 26 of the Federal Data Protection Act.

When you visit our website, our web servers store the IP address assigned to you by your Internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of your visit for a standard period of seven days. The purpose of this is to be able to recognize, limit and eliminate attacks on our websites. The legal basis is Art. 6 para. 1 lit. f GDPR.

Deletion of data

If there is no statutory retention period, the data will be deleted as soon as storage is no longer necessary or the legitimate interest in storage has expired. If no recruitment takes place, this is usually the case no later than six months after the application process has been completed.

In individual cases, individual data may be stored for longer (e.g. travel expense reports). The duration of storage then depends on the statutory retention obligations, e.g. from the German Fiscal Code (6 years) or the German Commercial Code (10 years).

If you are not hired but your application is still of interest to us, we will ask you whether we may keep your application on file for future vacancies. If you agree, we will process your data on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can revoke at any time.

Confidential treatment of your data

We treat your data confidentially and do not pass it on to third parties. We use strictly instruction-bound service providers who support us, for example, in the operation of the application process and the destruction of documents and with whom separate contracts for order processing have been concluded.

All data is transmitted in encrypted form via SSL/TLS; this applies to your application, registration and authentication data.

Please contact for these data protection rights:

Basler AG - Human Resources

Anja Sievers-Sack

An der Strusbek 60-62

22926 Ahrensburg

04102/463 369

anja.sievers-sack@baslerweb.com

If you register for a Basler customer account “Basler ID”, you consent to the associated data processing by us. You can have your Basler ID deleted at any time. It is possible that services provided via the Basler ID can then no longer be provided.

We need your contact details for the Basler ID. All accesses made via your account are recorded in our technical log files (timestamp, application, user name, IP address). The log files are used for the IT security of our systems, to rectify errors and for support purposes.

We analyze user experiences with our products exclusively on the basis of anonymous data, which cannot be used to identify individuals.

If you use pylon AI, we process all training data entered by you in pylon AI as a processor, provided that this is personal data under applicable data protection law. Depending on how pylon AI is used, the AI models generated may also contain personal data. Data processing is carried out in accordance with the instructions of our customers on the basis of our order processing contract.

Your consent to advertising measures

We use your contact data for the purpose of direct advertising if we have legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) or have received your express consent (Art. 6 para. 1 sentence 1 lit. a GDPR) to contact you by e-mail and/or telephone. We generally process contact data (e.g. name, postal address, email address, telephone numbers) and your interests/preferences in relation to our products for, for example

  • Invitations to events or trade fairs,

  • Offers and information about our services and products by e-mail,

  • Christmas/ New Year greetings,

  • invitations to participate in customer surveys or market research.

If you have given your consent for advertising, you can revoke this at any time without giving reasons. In the case of direct advertising based on our legitimate interests, you have the right to object at any time.

Newsletter registration and dispatch

You can subscribe to a newsletter on our website. Please note that we require certain data (at least your e-mail address) to subscribe to the newsletter.

The newsletter will only be sent if you have given us your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have placed an order on our website, you will receive a confirmation email to the email address you have provided (double opt-in). You can withdraw your consent at any time. An uncomplicated way to revoke your consent is, for example, via the unsubscribe link in every newsletter.

By creating an individual confirmation link, we can record that consent has been confirmed at the e-mail address sent. In this context, we also store the time at which the confirmation was made. The corresponding data processing takes place on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR and is carried out in the interest of being able to account for the legality of the newsletter dispatch.

If you order our newsletter, we will ask you to consent to further newsletter tracking as part of the ordering process.

If you give us the corresponding consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we integrate individual tracking pixels into our newsletters, with which we can recognize when the newsletter sent to you has been called up or opened and individualize the links in the newsletter in order to be able to evaluate when you clicked on which link.

If you wish to withdraw your consent, please use the link provided in each newsletter to unsubscribe or change your consent.

Communication by post, telephone, e-mail

If you communicate with us as an interested party, customer or business partner by post, telephone or e-mail, we process the data you provide for the respective business purposes of the correspondence. Data processing is generally carried out on the basis of existing or future contractual relationships (Art. 6 para. 1 lit. b GDPR) and/or on the basis of your consent (Art. 6 para. 1 lit. a GDPR). Depending on the individual case, we are legally obliged to process data (Art. 6 para. 1 lit. c GDPR), e.g. in the case of statutory retention obligations. Occasionally, we process your data on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR), if and to the extent that our interests in this data processing prevail, e.g. in the case of ongoing limitation periods.

Online appointment scheduling

Appointments are planned and managed with the help of Microsoft Bookings. In addition to the necessary contact details of the participants of an appointment, the available times of the participants are also processed as part of the scheduling process. As a rule, data processing is carried out for the contractually agreed or planned business relationship (Art. 6 para. 1 lit. b. GDPR) and otherwise on the basis of our legitimate interests for business correspondence with corporate customers (Art. 6 para. 1 lit. f GDPR).

We operate the following social media sites:

Data processing by us

The data you provide on our social media pages, such as user names, comments, videos, images, likes, public messages, etc., are published by the social media platform and are not processed by us for any other purposes at any time. We only reserve the right to delete content should this be necessary. We may share your content on our site if this is a function of the social media platform and communicate with you via the social media platform.

If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the content. For example, you can send us your inquiries at any time to the address or email address stated in the legal notice. The choice of the appropriate communication channel is your own responsibility.

The legal basis for the aforementioned processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR. The data processing is carried out in the legitimate interest of conducting public relations work for our company and being able to communicate with you.

Data processing under joint responsibility

We are jointly responsible for some of the processing activities with the respective operator of the social media platform.

Accordingly, we have concluded the necessary agreement in accordance with Art. 26 GDPR, insofar as the operator of the social media platform allows this.

X https://gdpr.x.com/en.html

https://gdpr.x.com/en/controller-to-controller-transfers.html

Facebook https://www.facebook.com/about/privacy/update

https://www.facebook.com/legal/controller_addendum?_rdr

Instagram https://www.instagram.com/legal/privacy/

https://www.facebook.com/legal/controller_addendum?_rdr

LinkedIn https://www.linkedin.com/static?key=privacy_policy

https://legal.linkedin.com/pages-joint-controller-addendum

The main elements of joint responsibility can be found in the following section.

Statistics (insights)

The social media platforms used regularly compile statistics (insights) based on usage data that contain information about your interaction with our social media site. We cannot influence or prevent the performance and provision of these statistics.

However, we do not make use of optional statistics from the social media platform.

We process the aforementioned information (statistics) in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in the legitimate interest of validating the use of our social media pages and improving our content in a target group-oriented manner.

Target group-oriented advertising

We also use the social media platforms described to display targeted advertising.

For this purpose, we use target group definitions provided to us by the social media operator. We only use anonymous target group definitions, i.e. we define characteristics based on general demographic information, behavior, interests and connections, for example. The operator of the social media platform uses these to display advertisements to its users accordingly. The legal basis for this is the consent that the operator of the social media platform has obtained from its users.

If you wish to revoke this consent, please use the revocation options provided by the operator of the social media platform, as the social media platform operator is responsible for this processing.

We or the operator of the social media platform also use publicly available data to define the target group. The legal basis for this processing is then Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest on our part is to define the most suitable target group possible. We never use sensitive categories of personal data listed in Art. 9 and 10 GDPR (e.g. political opinions, sexual orientation) to define target groups.

We also use information about visits to and interactions with other websites (remarketing) to define target groups. We also use cookies for this purpose. In these cases, however, we obtain the consent of the users in advance via a consent banner on the respective other pages and inform them about the data processing at this point. You can revoke this consent at any time by calling up the consent banner of the corresponding website again.

Data processing by the operator of the social media platform

The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform.

We would therefore like to point out that it cannot be ruled out that the operator of the social media platform may use and evaluate your profile and behavioral data for its own purposes. We have no influence on the processing of your data by the operator of the social media platform. Please bear this in mind when using the social media platform.

For more information on data processing by the operator of the social media platform, configuration options to protect your privacy and other objection options, please refer to the operator's privacy policy.

We pass on your data to service providers who support us in the operation of our websites and the associated processes as part of order processing in accordance with Art. 28 GDPR. These are, for example, hosting service providers. Our service providers are strictly bound by our instructions and contractually obligated accordingly.

Below we list the processors with whom we work, if we have not already done so in the above text of the privacy policy. If data is transferred outside the EU or the EEA in this context, we will provide information on the appropriate level of data protection.

Processor

Purpose

Adequate level of data protection

Microsoft

Webhosting and support

Third country transfer on the basis of the EU standard contractual clauses

Netlify Inc. (USA)

Webhosting and support for docs.baslerweb.com

Third country transfer on the basis of the EU standard contractual clauses

Pardot (Salesforce.com)

Newsletter

Third country transfer on the basis of the EU standard contractual clauses

Usercentrics A/S Cookiebot

Consent Management (Banner)

Third country transfer on the basis of the EU standard contractual clauses

We only store your personal data for as long as is necessary for the respective purpose. After these periods have expired, your data will be securely deleted or anonymized to ensure the protection of your privacy.

Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer required for the aforementioned processing purposes and no statutory retention obligations prevent deletion.

When processing your personal data, the GDPR grants you certain rights as a data subject:

Right of access (Art. 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed.

Right to erasure (Art. 17 GDPR)

You have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the examination by the controller.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.

Right to withdraw consent (Art. 7 GDPR)

If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 para. 3 GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

Right to object (Art. 21 GDPR)

If data is collected on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (data processing to protect legitimate interests) or on the basis of Art. 6 para. 1 sentence 1 lit. e GDPR (data processing to protect the public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right to lodge a complaint can be exercised in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

Assertion of your rights

Unless otherwise described above, please contact the office named in the legal notice to assert your rights as a data subject.

Our external data protection officer will be happy to provide you with information on the subject of data protection using the following contact details:

datenschutz nord GmbH

Konsul-Smidt-Strasse 88

28217 Bremen

Web: www.datenschutz-nord-gruppe.de

E-mail: office@datenschutz-nord.de

If you contact our data protection officer, please also indicate the responsible body named in the imprint.

How can we support you?

We will be happy to advise you on product selection and find the right solution for your application.