Privacy policy according to the GDPR

I. Name and address of the controller
The controller in terms of the basic data protection regulation and other national data protection laws of the member states and other data protection regulations is the:

Budelmann Elektronik GmbH
Kopenhagener Str. 11
48163 Münster
Tel.: +49 (2501) 9208440
E-Mail: mail@budelmann-elektronik.com

II. Name and address of the Data Protection Officer
The data protection officer of the controller is:

Herr Erden Yücel (FYNE Consulting GmbH)
Kaiserstraße 10b
49809 Lingen (Ems)
Tel.: +49 591 900 26 953
Mail: info@fyne-consulting.com
Internet: www.fyne-consulting.com

III. General information on data processing

1. Scope and purpose of the processing of personal data
We process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of personal data of our users regularly only takes place with the user's consent. An exception is made in cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by legal regulations.

2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 (1) lit. f GDPR serves as the legal basis for the processing.

3. Data erasure and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage is no longer applicable. Furthermore, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other regulations to which the controller is subject. Data is also blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing
Each time our website is accessed, our system (and possibly also the system of our hosting provider) automatically collects data and information from the computer system of the calling computer. The following data is collected:

(1) Information about the browser type and version used
(2) The user's operating system
(3) The Internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user's system reaches our website
(7) Websites that are accessed by the user's system via our website

The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.

2. Legal basis for the data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

4. Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
In the case of data stored in log files, this is the case after seven days at the latest. The reason for the storage are various security reasons (e.g. for the clarification of criminal offences) - for this reason a storage beyond that is possible. In case of other storage of the data, the IP addresses of the users are deleted or alienated, so that an allocation of the calling client is no longer possible.

5. Right to object
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Therefore, the user has not right to object in this case.

V. Use of Cookies

a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use cookies to make our website more user-friendly. Some elements of our website require the calling browser to be able to be identified even after a page change.
The following data is stored and transmitted in the cookies:

(1) Language settings
(2) Log-in information

b) Legal basis for the data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

c) Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change.
We require cookies for the following applications:

(1) Acceptance of language settings

The user data collected through technically necessary cookies is not used to create user profiles.
These purposes also include our legitimate interest in processing personal data in accordance with Art. 6 Para. 1 lit. f GDPR.

d) Duration of storage, right to object and removal
Cookies are stored on the user's computer and transmitted by the user to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it is possible that not all functions of the website can be used to their full extent.

VI. Contact

Whenever the user contacts us (e.g. via contact form, e-mail, telephone or via social media), the user's details are used to process the specific contact request and its handling in accordance with Art. 6 Para. 1 lit. b. (within the framework of contractual/pre-contractual relations), Art. 6 Para. 1 lit. f. (other inquiries) GDPR are processed. Furthermore, we would like to point out that the information is stored in a computer/software system (e.g. in a "CRM system").
We delete the data as soon as they are no longer required. The necessity is checked every two years (the necessity of the storage can also be given by legal regulations).

VII. Your Rights

Are personal data of you processed, you are affected within the meaning of the GDPR and you have the following rights against the controller:

1. Right of access by the data subject
You shall have the right to obtain confirmation from the controller whether personal data concerning you will be processed by us.
If such processing has taken place, you can request the following Information from the controller:

(1) the purposes for which the personal data are processed;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
(4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

2. The right to rectification
You have a right of rectification and/or completion against the data controller if the personal data processed concerning you are incorrect or incomplete. The controller shall make the correction without delay.

3. Right to restriction of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:

(1) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
(4) the data subject has objected to processing pursuant to Art. 21 para.1 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

where the processing of your data has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Wurde die Einschränkung der Verarbeitung nach den o.g. Voraussetzungen eingeschränkt, werden Sie von dem Verantwortlichen unterrichtet bevor die Einschränkung aufgehoben wird.

4. Right to erasure
a) Duty to delete
You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:

(1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw consent on which the processing is based according to point (a) or Art. 6 para. 1 GDPR, or point (a) of Art. 9 para. 2 GDPR, and where there is no other legal ground for the processing;
(3) the data subject objects to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 para. 2 GDPR;
(4) the personal data have been unlawfully processed;
(5) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) the personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.

b) Information to third parties
If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

c) Exceptions
The right to cancellation shall not apply where processing is necessary

(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 para. 2 GDPR as well as Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.

5. Right to information
If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

The controller shall have the right to be informed of such recipients.

6. Right to data potability
You have the right to receive the personal data conceming you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another data controller without obstruction by the data controller to whom the personal data was provided, provided that (1) the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and para. 2 the processing is carried out using automated procedures.
In exercising this right, you also have the right to request that the personal data conceming you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

7. Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6 para. 1 lit. e or f of the GDPR; this also applies to profiling based on these provisions.
The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising: this also applies to profiling, insofar as It is associated with such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right of objection In connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

8. Right to revoke the data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

9. Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and a data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate Interests.
In the cases referred to In (1) and (3), the controller shall take reasonable measures to safeguard your rights, freedoms and legitimate Interests, including at least the right to obtain the Intervention of a person by the controller, to state his own position and to challenge the decision.

10. Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this Regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.