Privacy Policy
Below we explain the collection of your personal data when you use the website www.boltze.de/boltze.com (hereinafter referred to as the “website”) and when you contact us by email or telephone. Personal data is any data that can be related to you personally, e.g. your name, address, email addresses, user behaviour.
I. Name and contact details of the data controller and the data protection officer
1. The data controller pursuant to Art. 4(7) of the EU General Data Protection Regulation (GDPR) is BOLTZE Gruppe GmbH, Alte Landstraße 42, 22145 Braak, Germany, tel.: +49 (0) 40 328079-0, fax: +49 (0) 40 328079-4999, email: info(at)boltze.de, see our legal notice at www.boltze.com/impressum.
2. You can contact our data protection officer at datenschutzbeauftragter@boltze.de or at our postal address, marked “FAO The Data Protection Officer”.
II. Information about the collection and disclosure of personal data
1. When you contact us by email, via a contact form or by telephone, the data you provide (your email address, name and telephone number, if applicable) is stored by us in order to answer your questions. We erase the data collected in this process once storage is no longer required or we restrict its processing if there are statutory retention obligations.
2. Where we use commissioned service providers for individual functions of our service or want to use your data for marketing purposes, we provide you with detailed information about the processes involved below. In doing so, we also specify the criteria established for the storage period.
3. Your personal data will not be transferred to third parties for purposes other than those listed below. We will only disclose your personal data to third parties if you have given your express consent in accordance with Art. 6(1) point (a) GDPR, if the disclosure is necessary for the assertion, exercise or defence of legal claims in accordance with Art. 6(1) point (f) GDPR and there is no reason to assume that you have an overriding, legitimate interest in the non-disclosure of your data, if there is a legal obligation for disclosure in accordance with Art. 6(1) point (c) GDPR and if it is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6(1) point (b) GDPR. We do not intend to transfer your data to a recipient in a third country (not a member state of the EU / EEA) or an international organisation, unless specified otherwise below.
III. Collection of personal data on our website
1. Visiting our website
1.1 If you use the website purely for information purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the data that is technically necessary for us to display our website to you and to ensure its stability and security:
• IP address
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Volume of data transmitted in each case
• Website from which the request comes
• Browser
• Operating system and its interface
• Language and version of the browser software.
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
1.2 The legal basis for the temporary storage of the data and the log files is Art. 6(1) point (f) GDPR.
1.3 Temporary storage of your IP address by the system is necessary to enable delivery of the website to your browser. Your IP address must be stored for this purpose for the duration of the session. Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in data processing according to Art. 6(1) point (f) GDPR. An evaluation of the data for marketing purposes does not take place in this context.
1.4 The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. In the case of collection of data for the provision of the website, this is the case when the session ends
1.5 Collection of data when you visit the website and storage of the data in log files is absolutely essential for the operation of the website. There is therefore no option to object on your part.
2. Use of cookies
2.1 When you use our website, cookies are stored on your computer system. Cookies are text files that are stored in your internet browser or by your internet browser on your computer system. When you visit a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters that enables unique identification of the browser when the website is accessed again.
2.2 There are different ways of distinguishing between cookies:
Firstly, there is a distinction between first- and third-party cookies, depending on where a cookie comes from:
first-party cookies are cookies that are set and accessed by the operator of the website as the controller or by a processor commissioned by the operator. Third-party cookies are cookies that are set and accessed by controllers other than the website operator who are not acting as processors on behalf of the website operator.
In addition, a distinction can be made between transient and persistent cookies, depending on the validity period:
Transient cookies (session cookies) are cookies that are automatically deleted when you close your browser. Persistent cookies are cookies that remain stored on your end device for a certain period of time after you close the browser.
Furthermore, a distinction can be made between cookies that do not require consent and those that do:
depending on their function and purpose, the use of certain cookies may require the consent of the user. In this respect, cookies can be differentiated according to whether the user’s consent is required for their use.
2.3 You give your consent to the use of cookies on our website by means of a so-called “cookie banner”:
when you access our website, we display the “cookie banner”. You can declare your consent to the use of all cookies requiring consent on our website by pressing the “Accept all” button on the cookie banner. Alternatively, you can completely reject the use of cookies requiring consent by clicking on the “Reject” button. This decision is stored in a cookie. If you click on the “More” link on our cookie banner or, if the banner is not displayed (or has disappeared), on the blue icon at the bottom right, you will be taken to our “cookie dashboard”, where you can adjust your specific privacy settings. You can select the cookies that you wish to accept individually; and you can also adjust the selection at a later date. We store your cookie settings in the form of a cookie on your end device so that, when you return to the website, we can determine whether you already have cookie settings in place.
Cookies required for the website to function cannot be disabled via the website’s cookie management function. However, you can generally disable these cookies in your browser at any time. Different browsers offer different ways to configure the cookie settings in the browser. Further detailed information on this can be found, for example, at www.allaboutcookies.org/how-to-manage-cookies. However, we would like to point out that some functions of the website may not work or may not work properly if you disable cookies generally in your browser.
2.4 Usercentrics Consent Management Platform (“CMP”)
We use the services of the “Usercentrics Consent Management Platform” of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (“Usercentrics”) for our cookie banner. Usercentrics collects log file and consent data using JavaScript. This JavaScript enables us to inform users of their consent to certain cookies and other technologies on our website and to obtain, manage and document that consent.
Usercentrics is therefore a recipient of your data within the meaning of Art. 13(1) point (e) GDPR. We transmit personal data (consent data) to Usercentrics within the framework of a commissioned data processing agreement with Usercentrics. Consent data means the following data: date and time of visit or consent/refusal, information about the type and version of your internet browser, information about the operating system of your computer or smartphone, your internet service provider, your IP address (anonymised) and the internet pages from which you accessed us.
The data is processed for the purpose of compliance with legal obligations (obligation to provide evidence pursuant to Art. 7(1) GDPR) and the associated documentation of consent and thus on the basis of Art. 6(1) point (c) GDPR. The purpose is to be aware of users’ preferences and to act accordingly.
Local storage is used to store the data, and consent data (consent given and consent revoked) is stored in a consent database within the European Union. The consent data (consent given) is stored for three years, unless longer storage has been expressly agreed. Notice of revocation of consent previously given is also kept for three years. The retention is based, among other things, on our accountability under Art. 5(2) GDPR. “Usercentrics CMP” is not a cookie. Usercentrics itself does not use cookies, but local storage.
You can permanently prevent the execution of JavaScript at any time by adjusting the relevant settings in your browser, which would also prevent Usercentrics from running its JavaScript.
For more information about the privacy policy of Usercentrics, please visit: https://usercentrics.com/privacy-policy.
2.5 Individual cookies
2.5.1 Google Analytics (statistics cookie)
If you have given your consent (see above), we use the web analysis tool Google Analytics on our website. With the help of Google Analytics, we can examine the usage behaviour of visitors to our website in pseudonymised and anonymised form.
You can disable data processing by Google Analytics at any time on our “cookie dashboard” (see above). Alternatively, you can install a browser plug-in from Google that prevents data collection by Google Analytics: tools.google.com/dlpage/gaoptout. You can also prohibit storage of cookies in the settings of your browser.
(a) The purpose of the data processing is to increase the efficiency of our use of resources for our website and our advertising campaigns and the satisfaction of our visitors and (potential) customers. (Usage-based) optimisation of our website is achieved by measuring the use of the website and (usage-based) optimisation of our advertising campaigns by measuring the success of the advertising we use on our website (advertising impact monitoring).
(b) The data processed includes:
• Google Analytics HTTP data
This is protocol data that is technically generated when using the Google Analytics web analysis tool on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes IP address, type and version of your internet browser, operating system used, the page accessed, the previously visited page (referrer URL) and the date and time of access.
• Google Analytics end device data
Data generated by the web analysis tool Google Analytics and assigned to your end device. This includes a unique ID for the (re-)identification of returning visitors (so-called “client ID”) and certain technical parameters for controlling data collection for web analytics.
• Google Analytics measurement data
Device-related raw data (so-called “dimensions” and “measured values”), which is collected and analysed by the web analysis tool Google Analytics when using our website. This includes, in particular, information about the sources through which visitors access our website, information about the location, the browser and the end device used, information about the use of the website (in particular page impressions, frequency of page access and length of stay on accessed pages) and information about the fulfilment of certain objectives. The data is assigned to the client ID allocated to your end device. As a result, device-related usage profiles are created in which all raw device-related data is combined into a client ID. The data we collect using Google Analytics does not enable us to identify you directly on a personal basis (i.e. by your real name). We also do not merge the raw device-related data and the resulting device-related usage profiles with data that directly identifies you personally without your consent.
• Google Analytics report data
Data contained in aggregated segment and device-related reports generated by the Google Analytics web analytics tool based on the analysis of raw device-related data.
There are four reporting categories available to us in Google Analytics: target group (location, browser, devices used and other device-related data), acquisition (sources through which visitors access the website), behaviour (information about accessing content of the website, in particular pages of the website accessed, visit time, bounce rate), conversions (information about previously configured objectives).
(c) The legal basis for the processing is Art. 6(1) point (a) GDPR (consent).
(d) The data is automatically provided by the user’s browser.
(e) The recipients of the data are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and analysis and support service providers based in the European Union within the framework of commissioned data processing.
(f) This website uses so-called IP anonymisation for the use of the web analysis tool Google Analytics. This means that the IP address transmitted by the browser for technical reasons is anonymised by truncating it (deletion of the last octet of the IPv4 address or the last 80 bits of the IPv6 address) before storage.
(g) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation for you to provide the data. In the event that the data is not provided, we will not be able to carry out any web analysis using Google Analytics.
(h) No automated decision-making takes place.
2.5.2 Matomo (statistics cookie)
We use the open source web analysis service Matomo.
(a) Matomo is an open source web analysis platform that is used to analyse user behaviour on a website and derive findings for improving the website. Data processing is carried out to analyse visitor interactions, collect statistical data on the use of the website and optimise the online offering.
(b) Matomo collects and processes various types of data, including
• The IP address (the last bytes are anonymised)
• The type of end device and operating system
• The pages accessed and content
• The referrer URL (the previously visited page)
• The time spent on the website
• The geographical origin (country)
• The language settings
• The device type and screen resolution
(c) The legal basis for processing is Art. 6 (1) (a) GDPR (consent).
(d) The data is provided automatically by the user's browser.
(e) We use IP anonymisation for the analysis with Matomo. Your IP address is shortened before it is analysed so that it can no longer be clearly assigned to you.
(f) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation for you to provide the data. If the data is not provided, we cannot carry out web analyses using Matomo.
(g) No automated decision-making takes place.
3. Other functions and services on our website
3.1 In addition to the purely informational use of our website, we offer various services that you can use if you are interested. This usually requires you to provide further personal data which we use to provide the relevant service and to which the aforementioned data processing principles apply.
3.2 We may also pass on your personal data to third parties if participation in promotions, competitions, conclusion of contracts or similar services are offered by us in conjunction with partners. You will receive more information about this when you provide your personal data or you can find it below in the description of the service.
3.3 Insofar as our service providers or partners have their registered office in a state outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the service.
4. Use of contact forms
4.1 Further personal data is only collected if you provide it to us voluntarily via our contact forms. We then collect the information that comes about in the course of our contact with you. This includes, in particular, names and transmitted contact details, date and reason for contact. We only use the personal data collected from you for the purpose of providing you with the requested products or services (legal basis Art. 6(1) point (b) GDPR), or for other purposes for which you have given your consent (legal basis Art. 6(1) point (a) GDPR) and which are described in this privacy policy. Your consent, for example to accept cookies set by third-party providers or for web tracking by them, can also be given in the appropriate technical settings of your browser. You have the option to revoke your consent to the processing of personal data at any time.
4.2 The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. As far as the personal data on the input screen of the contact form is concerned, this is the case when the respective conversation with you has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
5. Use of our B2B dealer portal my.Boltze
5.1 Registration and the creation of a user account (“my.Boltze-Account”) is required for the use of our B2B dealer portal, which may only be used for commercial trade. The following data is collected as part of the registration process: title, first name, last name and email address. A password must also be set. The aforementioned data is stored revocably. Deletion of your user account is possible at any time and can be initiated by sending a message using the contact details above. The legal basis for the processing of this personal data is Art. 6(1) point (b) GDPR.
5.2 If you wish to place an order in our B2B merchant portal, it is necessary for conclusion of the contract that you provide the personal data that we require to process your order. Mandatory information required for the processing of contracts is marked specifically as such; other information is voluntary. The legal basis for the processing of this personal data is also Art. 6(1) point (b) GDPR.
5.3 Your address and payment and order details are stored for the obligatory retention period under tax and commercial law of ten years after completion of the contract and then erased, unless you have consented to storage beyond this or further processing of the data is necessary for the assertion, exercise or defence of legal claims. The legal basis for processing of personal data for the purpose of fulfilling the statutory archiving and retention obligations is Art. 6(1) point (c) GDPR.
5.4 We process the data you provide to deal with your order. In order to fulfil the contract, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the order process, we pass on the payment data collected for this purpose to the financial institution commissioned with the payment and, if applicable, to the payment service providers commissioned by us or the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. You must then log in to the payment service provider with your access data during the order process. In this respect, the privacy policy of the respective payment service provider applies. We are entitled to disclose personal data in the aforementioned cases pursuant to Art. 6(1) sentence 1 point (b) GDPR. Our service providers may only process or use your data for the purpose for which it was transmitted to them, as necessary. Where data is passed on to external service providers, we have taken technical and organisational measures to ensure that the data protection regulations are observed.
5.5 You are not obliged to provide the aforementioned personal data. The data provided is necessary for the conclusion of a contract. Without provision of the data, it may not be possible to communicate or to conclude or process a contract.
6. Newsletter
6.1 With your consent, you can subscribe to our newsletter, by means of which we inform you about our latest interesting offers. The advertised goods and services are specified in the declaration of consent.
6.2 We use the so-called double-opt-in procedure to register for our newsletter. This means that, following your registration, we send you an email to the email address you have provided, in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of the process is to be able to prove your registration and, if necessary, to clarify any misuse of your personal data. The legal basis is Art. 6(1) point (a) and (c), Art. 7(1) GDPR.
6.3 The only mandatory information for sending the newsletter is your email address. The provision of further, specifically marked data is voluntary and is used to address you personally. Following your confirmation, we store your email address for the purpose of sending you the newsletter. The legal basis is Art. 6(1) point (a) GDPR. The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. The user’s email address is therefore stored for as long as the subscription to the newsletter is active.
6.4 You can revoke your consent to receipt of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation of consent by clicking on the link provided in every newsletter email or by sending a message to the contact details provided in the legal notice.
6.5 We use the services of “Evalanche” for the distribution of newsletters. The provider of the “Evalanche” services is SC-NETWORKS GmbH, Enzianstr. 2, 82319 Starnberg, Germany.
Evalanche is a service that can be used, among other things, to organise and analyse the distribution of newsletters. The data you enter for the purpose of receiving our newsletter is stored on Evalanche servers in Germany.
If you do not want Evalanche to carry out any analysis, you can unsubscribe from the newsletter at any time. We provide a link for this in every newsletter. You can also unsubscribe from the newsletter directly on the website.
(a) Data analysis by Evalanche
With the help of Evalanche, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, you have clicked on. In this way, we can determine, among other things, which links have been clicked on particularly often. We can also see whether certain previously defined actions have been carried out after opening/clicking (conversion rate). Among other things, this enables us to recognise whether you have visited a website after clicking on the newsletter. Evalanche also allows us to subdivide (“cluster”) newsletter recipients according to different categories. For detailed information about the functions of Evalanche, see the following link:
https://www.sc-networks.de/loesungen/enterprise/.
(b) Legal basis
The data processing is based on your consent (Art. 6(1) point (a) GDPR). You can revoke this consent at any time. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.
(c) Storage period
The data you provide for the purpose of receiving the newsletter is stored by us until you unsubscribe from the newsletter and will be erased from our servers and from the servers of Evalanche after you have unsubscribed. Data stored by us for other purposes (e.g. email addresses for enquiries) remains unaffected by this. For more details, please refer to Evalanche’s privacy policy at https://www.sc-networks.com/data-protection.
(d) Conclusion of a commissioned data processing agreement
We have concluded a commissioned data processing agreement with SC-Networks GmbH / Evalanche, in which we oblige Evalanche, among other things, to protect the data of newsletter recipients and not to disclose it to third parties.
7. Links to social media channels
We offer links to the following social media channels on our website: Facebook, Instagram, Pinterest, Xing and LinkedIn. We do not process personal data through the link. We do not use social media plugins on our website.
8. Use of our social media pages
8.1 We maintain publicly accessible profiles on various social networks. Visiting those profiles initiates a variety of data processing operations. You are not obliged to provide us with your personal data when using our social media pages. However, this may be necessary for individual functions of our pages. These functions are only available to you to a limited extent, if at all, if you do not provide us with your personal details.
8.2 When you visit our social media pages, your personal data is collected, used and stored not only by us, but also by the operators of the social network in question. This happens even if you yourself do not have a profile on the social network in question. The individual data processing operations and their scope differ depending on the operator of the social network, and they are not necessarily known to us. For details about the collection and storage of your personal data and the type, scope and purpose of use by the operator of the social network, please refer to the privacy policies of the respective operator:
- Privacy policy for the social network Facebook operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland: www.facebook.com/privacy/policy;
- Privacy policy for the social network Instagram operated by Meta Platforms Ireland Limited: https://privacycenter.instagram.com/policy;
- Privacy policy for the social network Pinterest, which is operated by Pinterest, Inc.: policy.pinterest.com/en/privacy-policy;
- Privacy policy for the social network Xing, which is operated by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany: privacy.xing.com/en/privacy-policy;
- Privacy policy for the social network LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland: https://www.linkedin.com/legal/privacy-policy?.
8.3 As the operator of the social media page, we can only view the information stored in your public Facebook profile, and only if you have such a profile. In addition, the respective operator of the social network provides us with anonymous usage statistics, which we use to improve the user experience when visiting our social media page. We do not have access to the usage data that the operator of the social network collects to create these statistics. The operator of the social network has made a commitment to us to assume primary responsibility under the GDPR for the processing of this data, to fulfil all obligations under the GDPR with regard to this data and to provide the data subjects with the essential provisions of this commitment. This data processing serves our (and your) legitimate interest in improving the user experience for specific target groups who visit our social media site. The legal basis for the data processing is therefore Art. 6(1) point (f) GDPR.
8.4 If you use our social media pages to contact us (e.g. by creating your own posts, responding to one of our posts or by sending us private messages), the data you provide us with is processed by us solely for the purpose of contacting you. The legal basis for the data collection is Art. 6(1) point (a) and (b) GDPR. We erase stored data as soon as its storage is no longer required or you request us to erase it; in the case of statutory retention obligations, we limit processing of the stored data accordingly.
9. Integration of YouTube videos
9.1 We have integrated YouTube videos into our website, which are stored on YouTube.com and can be played directly from our website. These are all integrated in “privacy-enhanced mode”, i.e. no data about you as a user is transmitted to YouTube unless you play the videos. Only when you play the videos is the data referred to in clause 9.2 transmitted. We have no control over this data transmission. The legal basis for displaying the videos is Art. 6(1) point (a) GDPR, i.e. the integration only takes place with your consent.
9.2 When you visit the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, basic data such as your IP address and the time stamp are transmitted. This takes place regardless of whether you have a YouTube user account to which you are logged in or no user account exists. If you are logged in to Google, your data is assigned directly to your account. If you do not wish the data to be assigned to your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for the purposes of advertising, market research and/or designing its website according to needs. Such usage is made in particular for the provision of needs-based advertising (even for users who are not logged in) and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; you must contact YouTube to exercise this right.
9.3 The information collected is stored on Google servers, including in the USA. In these cases, the provider states that it has imposed a standard on itself that is equivalent to the former EU-US Privacy Shield and has undertaken to comply with applicable data protection laws when transferring data internationally. We have also agreed so-called standard data protection clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.
9.4 For more information about the purpose and scope of data collection and its processing by YouTube, please see the privacy policy. You will also find further information on your rights and setting options to protect your privacy here: www.youtube.com/intl/ALL_uk/howyoutubeworks/user-settings/privacy/.
10. Use of data for postal marketing and your right to object
We also reserve the right to store your first and last name, your postal address and – insofar as we have received this additional information from you within the framework of the contractual relationship – your title, academic qualifications, year of birth and your profession, industry or business name in summarised lists and to use this information for our own marketing purposes, e.g. to send you interesting offers and information about our products by post. You can object to the storage and use of your data for these purposes at any time by sending us a message using the contact details below.
11. Data security
11.1 During your website visit, we use the widespread SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the display of a key or closed lock icon in the lower status bar of your browser.
11.2 We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction and unauthorised access by third parties. Our security measures are continuously being improved in line with technological developments.
IV. Collection of personal data when contacting us by email, post and telephone
1. We only collect your personal data as a customer, potential customer or supplier if you provide it to us of your own accord by email, post or telephone. We then collect the information that comes about in the course of our contact with you. This includes, in particular, names and transmitted contact details, date and reason for contact. The personal data collected from you is only used for the purpose of providing you with the requested products or services (legal basis Art. 6(1) point (b) GDPR), or for other purposes for which you have given your consent (legal basis Art. 6(1) point (a) GDPR) and which are described in this privacy policy. You have the option to revoke your consent to the processing of personal data at any time.
2. You are not obliged to provide the aforementioned personal data. The data provided may be necessary for the conclusion of a contract. Without provision of the data, it may not be possible to communicate or to conclude or process a contract.
3. The data relevant in the individual case is transferred on the basis of the legal provisions or a contractual agreement to public bodies in the case of overriding legal provisions, to external service providers or other contractors and to other external bodies, insofar as you have given your consent or a transfer is permissible on the basis of overriding interests. We do not intend to transfer your data to a recipient in a third country (not a member state of the EU / EEA) or an international organisation.
4. The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data provided, this is the case when the respective conversation with you has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified. Insofar as the data provided is subject to retention obligations under tax and commercial law, it is stored for the obligatory retention period of ten years and then erased unless you have consented to storage beyond this or further processing of the data is necessary for the assertion, exercise or defence of legal claims. The legal basis for the processing of personal data for the purpose of fulfilling the legal archiving and retention obligations is Art. 6(1) sentence 1 point (c) GDPR.
V. Revocation of consent and objection to the processing of your data
1. If you have given your consent to the processing of your data, you can revoke that consent at any time. Such a revocation affects the permissibility of processing of your personal data from the point at which you express it to us.
2. Where we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case, in particular, if the processing is not necessary for fulfilment of a contract with you, which is indicated by us in each case in the following description of the functions. When exercising this right to object, we ask you to explain the reasons why we should not process your personal data as we have done previously. In the event of your legitimate objection, we will examine the merits of the case and either discontinue or adapt the data processing or demonstrate to you the overriding legitimate grounds on the basis of which we will continue the processing.
3. Of course, you can object to the processing of your personal data for the purposes of marketing and data analysis at any time.
4. You can inform us of your revocation of consent or objection using the following contact details: BOLTZE Gruppe GmbH, Alte Landstraße 42, 22145 Braak, Germany, tel.: +49 (0) 40 328079-0, fax: +49 (0) 40 328079-4999, email: info(at)boltze.de.
VI. Your rights
1. You have the right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of the right to lodge a complaint, the origin of your data if it has not been collected by us and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the details of it.
2. Pursuant to Art. 16 GDPR, you may immediately request the rectification of inaccurate or incomplete personal data stored by us. In accordance with Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
3. In accordance with Art. 18 GDPR, you have the right to request the restriction of processing of your personal data if the accuracy of the data is disputed by you, if the processing is unlawful but you object to erasure of the data, if we no longer require the data but you need it for the assertion, exercise or defence of legal claims or if you have objected to the processing in accordance with Art. 21 GDPR.
4. In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
5. In accordance with Art. 7(3) GDPR, you have the right to revoke your consent at any time. This has the consequence that we may no longer continue the data processing based on that consent for the future.
6. You also have the right under Art. 77 GDPR to complain to a supervisory authority about our processing of your personal data.
VII. Current version and amendment of this privacy policy
1. This privacy policy is currently valid as of June 2023.
2. As a result of further development of our website and the services offered on it or of changes in legal or official requirements, it may become necessary to amend this privacy policy. You can access and print out the current privacy policy at any time on the website at www.boltze.de.