Name and contact details of the responsible party in line with Article 4 paragraph 7 of the GDPR:
BAS GmbH & Co. KG
Eglosheimer Str. 101
D‑71679 Asperg, Germany
+49 (0) 7141 — 48 71 153
Security and protection of your personal data
We make it our top priority to maintain the confidentiality of the personal data that you provide and protect it against unauthorised access. That is why we apply the utmost care and the latest security standards in order to guarantee maximum protection of your personal data. We are subject to the conditions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (FDPA) and have taken technical and organisational measures to ensure that the data protection regulations are not only adhered to by us, but also by our third-party service providers.
1.) Personal Data
‘Personal Data’ is any information that refers to an identified or identifiable natural person (hereinafter ‘affected person’); ‘identifiable’ refers to any person who can be directly or indirectly identified, particularly by means of association, after being recognised by their name, an ID number, location information, an online ID, or one or several particular characteristics that express the physical, physiological, genetic, mental, financial, cultural, or social identity of this natural person.
‘Handling’ refers to any operation or set of operations that is performed upon personal data, whether or not by automated means, extensive procedures, or any such set of operations in relation to personal data, such as the gathering, capture, organisation, arranging, storage, modification or alteration, reading, inquiry, use, publication as a result of transfer, distribution, or any other form of supply, matching or linking, restriction, deletion or destruction.
3.) Restriction of handling
‘Restriction of handling’ means marking stored personal data with the aim of limiting how it is handled in the future.
‘Profiling’ is any kind of automated handling of personal data that entails the personal data being used to evaluate certain personal characteristics referring to a natural person, especially analysing or predicting aspects related to the working capacity, financial situation, health, personal preferences, interests, reliability, behaviour, place of residence, or change of location of this natural person.
‘Pseudonymisation’ refers to the handling of personal data in such a way that the personal data can no longer be traced back to a specific affected person without consulting additional information, provided this additional information is stored separately and is subject to technical and organisational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
6.) File system
‘File system’ refers to any structured collection of personal data accessible according to certain criteria, regardless of whether this collection is managed in a way that is ordered in a centralised or decentralised manner according to functional or geographical aspects.
7.) Responsible party
‘Responsible party’ refers to any natural or juristic person, official authority, facility, or any other centre that, whether alone or together with others, decides upon the purposes and means of processing personal data; if the purposes and means for this processing arise through a decision made by European Union law or the law of a Member State, the responsible party and/or certain criteria that they have named can be earmarked in line with European Union law or the law of that Member State..
8.) Data processing company
‘Data processing company’ refers to any natural or juristic person, official authority, facility, or any other centre that processes personal data at the behest of the responsible party.
‘Recipient’ refers to any natural or juristic person, official authority, facility, or any other centre that receives personal data, regardless whether it is then forwarded to a third party or not. However, any official authorities who may receive personal data within the framework of a certain inquiry in accordance with European law or the law of a Member State are not classed as recipients; data handled by these authorities is done so in accordance with the applicable data protection guidelines according to the purposes of processing.
10.) Third party
‘Third party’ refers to any natural or juristic person, official authority, facility, or any other centre, except for the affected person, the responsible party, the data processing company, and the person who handles personal data under the direct authority of the responsible party or the data processing company.
The ‘consent’ of the affected person is any voluntary expression of intention for the specified case, provided in an informed and unambiguous manner, in the form of a declaration or any other clear, affirmative action, with which the affected person indicates that they consent to the processing of their personal data.
Lawfulness of the processing
The processing of personal data is only deemed lawful if there is a legal basis for processing to take place. A legal basis for processing could specifically refer to the following, in line with Article 6(1)
lit. (a) through (f) of the GDPR:
- the affected person has provided their consent for their personal data to be processed for one or more specified purposes;
- processing is necessary for the fulfilment of a contract, in which the affected person is a contract party, or for the implementation of pre-contractual measures, which are performed at the request of the affected person;
- processing is necessary for the fulfilment of a legal obligation to which the responsible party is subject;
- processing is necessary to protect the vital interests of the affected person or another natural person;
- processing is necessary for performing a task that was transferred to the responsible party and is in the public interest, or is performed in the exercise of official authority;
- processing is necessary for safeguarding the legitimate interests of the responsible party or a third party, insofar as this does not outweigh the interests or basic rights and basic freedoms of the affected person who is demanding the protection of personal data, especially if the affected person is a child.
Information about gathering personal data
(1) Hereinafter we will provide information about the gathering of personal data through the use of our website. Personal data are data such as name, address, email addresses, and user behaviour.
(2) In the event that you contact us via email or using a contact form, the data that you supply (your email address, possibly your name and telephone number) will be saved by us in order to answer your questions. We delete any data that is accrued in this context once storage is no longer necessary, or processing is limited in the event that statutory storage obligations are in place.
Gathering personal data by visiting our website
If you simply visit our website for informational purposes, i.e. you do not register or send us information in any other manner, we will only gather the personal data that your browser sends to our server. If you would like to look at our website, we will gather the following data that we require on a technical level in order to show you our website and to ensure stability and security (the legal basis is Article 6(1)(1)(f) of the GDPR):
- Date and time of the request
- Contents of the request (bas-gebaeudeautomation.de)
- Access status/HTTP status code
- Quantity of data transmitted in each case
- Website issuing the request
- Operating system and interface
- Browser language and version.
(1) In addition to the above-mentioned data, cookies will also be saved on your computer through the use of our website. Cookies are small text files that are saved on your hard drive and that are assigned by the browser to provide certain information to the site that sets the cookie. Cookies cannot run programmes or transfer viruses to your computer. They serve to make the overall website easier to use and more effective.
(2) This website uses the following kinds of cookies, the scope and functionality of which are explained below:
- Transient cookies (as well as a.)
- Persistent cookies (as well as b.).
a) Transient cookies are automatically deleted whenever you close the browser. This refers in particular to session cookies. These save a so-called session ID, with which various requests from your browser can be assigned to the common session. This makes it possible to recognise your computer when you return to our website. The session cookies are deleted when you log out or close the browser.
b) Persistent cookies are automatically saved after a certain period, which can differ from one cookie to the next. You can delete cookies at any time using the security settings of your browser.
You can configure your browser settings in line with your wishes and reject the acceptance of certain types of cookies e.g. third-party cookies or all types of cookies. So-called ‘third-party cookies’ are cookies that have been set by a third-party, which means they were not set by the website where you currently find yourself. We point out that by deactivating cookies, you may not be able to use all functions of this website.
We implement cookies in order to identify you on future visits, in the event that you have an account with us. If not, you will have to log in again with each visit.
Flash cookies used will not be gathered by your browser, but rather by your Flash plug-in. We also use HTML5 storage objects, which are stored on your end device. These objects store the necessary data, regardless of which browser you use, and do not have an automatic expiry date. If you do not want Flash cookies to be processed, it is necessary to install a relevant add-on, e.g. ‘Better Privacy’ for Mozilla Firefox www.addons.mozilla.org/de/firefox/addon/betterprivacy/ or the ‘Flash Cookie Killer’ for Google Chrome. You can block the use of HTML5 storage objects by switching your browser to private mode. We also recommend manually deleting your cookies and your browser history on a regular basis.
Our offer is strictly aimed at adults. Persons under the age of 18 should not send us any personal data without the permission of a parent or guardian.
Rights of the affected person
(1) Revocation of consent
If the processing of personal data is based upon declared consent, you have the right to revoke this consent at any time. The lawfulness of the processing that has already taken place between the declaration being made and the revocation will remain unaffected if consent is revoked. You can contact us at any time with regards exercising your right to revocation.
(2)Right to confirmation
You have the right to demand confirmation from the responsible party as to whether we are processing your personal data. You can demand confirmation at any time using the contact details provided above.
(3) Right to information
Insofar as the personal data being processed, you can demand details about these personal data at any time, and about the following information:
- purposes of processing;
- categories of personal data that are being processed;
- recipients or categories of recipients with whom the personal data were shared or are still being shared, particularly in the case of recipients located in third countries or in international organisations;
- if possible, the planned period for which the personal data shall be stored, or if this is not possible, the criteria used to determine the length of this period;
- if a right to the correction or deletion of your personal data or to the restriction of handling by the responsible party or a right to object to processing is in place;
- if a right to complain to a regulatory authority is in place;
- if the personal data are not gathered where the affected person is located, all available information about the origin of the data;
- if an automated decision-making process is in place, including profiling in line with Article 22(1) and (4) of the GDPR and – at least in these cases – meaningful information about the involved logic as well as the consequences and the desired effects of this kind of processing for the affected person.
If personal data are transferred to a third country or an international organisation, you have the right to learn about the appropriate guarantees in line with Article 46 of the GDPR in relation to the transfer. We provide a copy of the personal data that are the subject to data handling. We are able to claim reasonable compensation for all other copies requested by you, due to the administration costs. If you make the request electronically, the information will be provided in a common electronic format, insofar as nothing else is available. The right to receiving a copy in line with paragraph 3 of the above-mentioned article shall not affect the rights and freedoms of other persons.
(4) Right to correction
You have the right to demand the immediate correction of personal data related to you that is incorrect. You have the right to demand the completion of any incomplete data relating to yourself, taking the purposes of processing into consideration – even if this is by means of a complementary declaration.
(5) Right to deletion (‘Right to be forgotten’)
You have the right to ask the responsible party to delete your personal data immediately, and we are obliged to delete that personal data immediately, so long as one of the following reasons applies:
- The personal data are no longer needed for the purposes that they were gathered for or for processing in any other manner.
- The affected person revokes their consent, which formed the basis of processing in line with Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for processing.
- The affected person lodges the objection against processing in line with Article 21(1) of the GDPR and no overriding legitimate reasons for processing exist, or the affected person lodges an objection in line with Article 21(2) of the GDPR.
- The personal data have been processed unlawfully.
- Deletion of personal data is required for the fulfilment of a legal obligation in line with European Union law or the law of a Member State, to which the responsible party is subject.
- The personal data were gathered in relation to services offered by the information society in line with Article 8(1) of the GDPR.
If the responsible party has published the personal data and is obliged to deletion in line with paragraph 1, then they must take appropriate measures, which might also be of a technical nature, in order to inform the party responsible for data processing who is processing the personal data that an affected person has demanded the deletion of all links to this personal data or of copies or replications of this personal data, while taking the technology available and the implementation costs into consideration.
There is no right to deletion (‘Right to be forgotten’) if processing is necessary:
- for exercising the right to freedom of expression and information;
- for the fulfilment of a legal obligation, which makes processing necessary in line with European Union law or the law of a Member State, to which the responsible party is subject, or for performing a task that is in the public interest or in the exercise of official authority which has been transferred to the responsible party;
- for reasons of public interest in the field of public health in line with Article 9(2)(h) and (i) as well as Article 9(3) of the GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in line with Article 89(1) of the GDPR, insofar as the right named in paragraph 1 presumably rules out or seriously affects the realisation of the processing objectives; or
- for the enforcement, exercise, or defence of legal claims.
(6) Right to the restriction of handling
You have to the right to demand that we restrict the handling of your personal data, if one of the following requirements are in place:
- the accuracy of the personal data relating to the affected person is disputed, and, for a length of time that allows the responsible party to examine the accuracy of the personal data,
- handling is being performed unlawfully and the affected person declines the deletion of personal data and instead demands that the use of their personal data is restricted;
- the responsible party no longer requires the personal data for the purposes of processing, but the affected person requires them for the enforcement, exercise, or defence of legal claims; or
- the affected person has lodged an objection against processing in line with Article 21(1) of the GDPR, as long as it is not yet certain whether the legitimate reasons of the responsible party take precedent over those of the affected person.
If processing has been restricted in line with the above-mentioned requirements, these personal data shall only be processed – not including storage, and only with the consent of the affected person – for the enforcement, exercise or defence of legal claims, or for the protection of the rights of another natural or juristic person or for reasons of important public interests of the European Union or one of the Member States.
In order to claim the right to the restriction of handling, the affected person can get in touch with us at any time using the contact details provided above.
(7) Right to data transferability
You have the right to receive the personal data that you supplied us with in a structured, common, and machine-readable format, and you have the right to transfer these data to another responsible party without objection from the responsible party to whom the data have been transferred, so long as:
- processing is based on consent in line with Article 6(1)(a) or Article 9(2)(a), or on a contract in line with Article 6(1)(b) of the GDPR and
- processing is performed by means of automated procedures.
In exercising the right to data transferability in line with paragraph 1, you have the right to effect the direct transfer of personal data from one responsible party to another insofar as this is technically possible. Exercising the right to data transferability does not affect the right to deletion (‘Right to be forgotten’). This right does not apply if processing is necessary in order to perform a task that was transferred to the responsible party and is in the public interest, or is performed in the exercise of official authority;
(8) Right of objection
You have the tight to lodge an objection against the processing of your personal data related at any time for reasons that emerge as a result of Article 6(1)(e) or (f) of the GDPR; this also applies for profiling protected by these conditions. The responsible party shall no longer process the personal data unless they can prove compelling legitimate grounds for processing, which take precedence over the interests, rights, and freedoms of the affected person, or processing is for the enforcement, exercise, or defence of legal claims.
If personal data are being processed in order to pursue direct advertising, you have to right to lodge an objection at any time against the processing of your personal data for the purpose of this kind of advertising; this also applies to profiling if it is in connection with this kind of direct advertisement. If you object to processing for the purposes of direct advertising, your personal data will no longer used for these purposes.
In the context of the use of services of the information society, you can exercise your right to objection, regardless of Directive 2002/58/EC, by means of an automated procedure in which technical specifications are employed.
You have the right, for reasons that emerge from your particular situation, to lodge an objection against the processing of your personal data which are being processed for scientific or historical research purposes or statistical purposes in line with Article 89(1), unless they are being processed for the fulfilment of a task that is in the public interest.
You can exercise the right to objection at any time by contacting the relevant responsible party.
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will take legal effect on you, or significantly affect you in a similar manner. This does not apply if the decision:
- is required for the completion or fulfilment of a contract between the affected person and the responsible party,
- is permissible on the basis of the legal guidelines of the European Union or a Member State, to which the responsible party is subject, and these legal guidelines feature appropriate measures for protecting the rights and freedoms as well as the legitimate interests of the affected person or
- takes place with the express consent of the affected person.
The responsible person takes appropriate measures to protect the rights and freedoms as well as the legitimate interests of the affected person, which incorporates at the least the right to effect the intervention of a person on the part of the responsible party, explanation of their own standpoint, and appeal against the decision.
The affected person can exercise this right at any time by contacting the relevant responsible party.
(9) Right to complain to a regulatory authority
You also have the right to complain to a regulatory authority, irrespective of any other administrative or judicial legal remedy, particularly in the Member State of your current place of residence, your workplace, or the place of suspected infringement if the affected person is of the opinion that the processing of their personal data infringes upon this regulation.
(10) Right to an effective legal remedy
You have the right to an effective legal remedy, irrespective of any administrative or judicial legal remedy in place, including the right to complain to a regulatory authority in line with Article 77 of the GDPR, if you are of the opinion that the rights available to you as a result of this regulation shall be infringed upon due to your personal data being processed against the provisions of this regulation.
Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service from Google LLC („Google“). Google Analytics uses so-called ‘cookies’, text files that are saved on your computer and enable the analysis of use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the United States where it is saved. However, if IP anonymisation has been activated on this website, your IP address will be shortened in advance by Google inside the Member States of the European Union or in other contract States party to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the United States, where it will then be shortened, in exceptional cases. At the behest of the operator of this website, Google will use this information to evaluate your use of the website in order to generate reports about website activities and to continue provide the website operator with services associated with the use of this website and the Internet.
(2) The IP address transferred by your browser within the framework of Google Analytics will not be combined with other data from Google.
(4) This website uses Google Analytics with the ‘_anonymizeIp()’ add-on. This means that IP addresses are processed in an abbreviated format, which makes it impossible to trace them back to a specific individual. As such, if the gathered data can be traced back to a specific person, this will be rule out immediately, and the personal data will be deleted straight away.
(5) We use Google Analytics to analyse and improve the use of our website on a regular basis. We can use the statistics gained to improve our offer and make it more interesting for you the user. In the exceptional case that personal data are transferred to the United States, Google is subject to the EU–US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6 (1) (f) of the GDPR.
(6) Information about the third-party supplier: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 4361001. User conditions:
(7) This website also uses Google Analytics to gain cross-device analyses of user streams, which are carried out by means of a user ID. You can deactivate cross-device analysis of your use under ‘My Data’ > ‘Personal Data’.
Integration of Google Maps
(1) We also use the application Google Maps on this website. This enables us to provide you with interactive maps within the website itself and gives you convenient use of the maps feature.
(2) Through the use of this website, Google receives the information that you have called up on the relevant sub-page of our website. . The data listed under Section 3 of this declaration are also transferred. This takes place regardless of whether Google supplies a user account, which you use to login, or if there is no user account. If you are logged in to Google, your data will be automatically assigned to your account. If you do not want there to be a connection to your profile via Google, you must log out before activating the button. Google saves your data in the form of a user profile and uses it for the purpose of advertising, market research, and/or the needs-based design of its website. This kind of evaluation takes places especially (even for users who are not logged in) for the purpose of needs-based advertising and in order to inform other users of the social network about your activities on our website. You have the right to object to the creation of this user profile. To do so, you must address Google directly.
Data processing company
We use third-party service providers (data processing companies) for the hosting, design, maintenance, and management of our website. A separate order data processing has been concluded as a way of ensuring the protection of your personal data.
We work with the following service providers:
D‑10587 Berlin, Germany
Tel.: +49 30–300 146 0
Fax: +49 30–886 15 111
Web design and programming:
Immagine GmbH (Werbeagentur und Webagentur)
Rosenheimer Straße 12, D‑81669 Munich, Germany
Tel.: +49 89 330 351 10