Exclusion of liability
We do not guarantee that the information provided on our web pages is complete, correct and up-to-date in all cases, even if it has been prepared and updated to the best of our knowledge and belief. This also applies to all links this website directly or indirectly refers to. We are not responsible for the content of a site that is accessed through such a link. We reserve the right to make changes or supplements to the provided information without prior announcement.
We are delighted that you are interested in our company. The protection of your data is very important to us. In principle, it is possible to use the website without entering any personal data. However, if any persons wish to use our company’s services via our website, it may be necessary to process personal data. If processing of personal data is necessary and if there is no legal basis for such processing, we generally obtain the consent of the person concerned.
We always process personal data, for example the name, address, email address or telephone number of a person, in accordance with the General Data Protection Regulation and in compliance with the country-specific data privacy provisions that apply to our company. Our company issues this Privacy Statement to inform the public of the type, scope and purpose of the personal data that we collect, use and process. In addition, this Privacy Statement informs people concerned of their rights.
To meet our responsibility as a holder of personal data, our company has implemented numerous technical and organisational measures in order to ensure that the personal information processed via this website is protected as comprehensively as possible. However, online data transfers may always be exposed to gaps in security, meaning that absolute protection cannot be guaranteed. For this reason, every person affected is welcome to provide us with personal data by other means, for example via telephone.
Our Privacy Statement is based on the terms that were used by the European regulator for issuing directives and regulations when executing the General Data Protection Regulation (GDPR). Our Privacy Statement is intended to be easy to read and understand for the public, our customers and business partners alike. To guarantee this, we would like to explain the terms used in advance.
In this Privacy Statement we will use the following terms among others:
a) Personal data
Personal data is all information that refers to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
A data subject is an identified or identifiable natural person whose personal data is processed by the data controller.
Processing is any procedure carried out with or without the help of automated processes or such series of processes in connection with personal data such as the collection, recording, organisation, ordering, storage, adjustment or modification, reading, querying, use, publication via transmission, distribution or another form of provision, reconciliation or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the goal of restricting its further processing.
‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
f) Controller or data controller
‘Controller’ or ‘data controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
g) Data processor
A data processor is a natural or legal person, authority, facility or another body that processes personal data on behalf of the controller.
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
i) Third party
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the data controller
The controller in accordance with the General Data Protection Regulation, other data protection laws applicable in member states of the European Union and other provisions with a data protection nature:
BOWA-electronic GmbH & Co. KG
Tel.: +49 (0) 7072 6002 0
3. Name and address of the data protection officer
The data protection officer of the data controller is:
Hans Joachim Dionisius
Tel.: +49 70725 8446060
Mobile: +49 163 9781678
Every data subject can contact our data protection officer directly at any time for any questions and concerns about data protection.
The data subject can stop our website from placing cookies at any time by adjusting the settings in the website used and therefore permanently prevent the placement of cookies. In addition, cookies already placed can be deleted at any time via a web browser or other software programs. This is possible in all modern browsers. If the data subject deactivates the placement of cookies in the web browser they use, it is possible that not all functions of our website will be usable to their full potential.
a) Use of Facebook/LinkedIn social plugins
which are operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA and LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA (“LinkedIn”), may be used on our website. These are in particular the “Like” button provided by Facebook, as well as the “Share” button provided by LinkedIn.
When you visit a web page on our internet site that contains such a plugin, your internet browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser, which then integrates it into the web page.
Embedding the plugin means that Facebook or LinkedIn are notified about your visit on the corresponding page of our internet site. If you are logged in to your user account with Facebook or LinkedIn while you visit our website, Facebook or LinkedIn will be able to attribute the visit to your Facebook or LinkedIn account. Should you interact with plugins, for example by clicking on the “Like” button or by writing a comment, the corresponding information is communicated directly to Facebook or LinkedIn via your browser and saved there.
For more information about the purpose and scope of data collection and further data processing by Facebook or LinkedIn and your respective rights and data protection options, please see the Facebook or LinkedIn privacy policies:
If you do not want Facebook or LinkedIn to assign data collected through our website to your user account, you must log out of Facebook or LinkedIn before visiting our website.
b) Facebook Pixel
Our website uses the “visitor action pixel” of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). This makes it possible to track the behaviour of users after they have been redirected to the provider’s website by clicking on a Facebook ad. This procedure is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimise future advertising measures. The collected data is anonymous for us, so it does not offer us any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy). You may allow Facebook and its partners to place ads on and outside of Facebook. A cookie may also be stored on your computer for these purposes. Please click here if you wish to withdraw your consent: www.facebook.com/ads/website_custom_audiences/
We use Facebook Pixel to design our website according to your needs and to advertise it (legitimate interest according to Art. 6(1)(f) GDPR).
c) LinkedIn Insight Tag
LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
d) Use of etracker
This website uses technologies from etracker GmbH (www.etracker.com) to collect and store data for marketing and optimisation purposes. This data can be used to create usage profiles under a pseudonym. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the site visitor’s internet browser. Cookies allow the web browser to be recognised. The data collected with etracker technology is not used to identify visitors to this website personally and is not kept alongside personal data of the bearer of the pseudonym without the express consent of the data subject. You can object to data collection and storage at any time with future effect.
Further information on data protection at etracker can be found here.
5. BOWA ACADEMY
We use the software-based tool “AcademyMaker”, which is provided by the e-learning provider X-CELL AG (Kaistraße 2, 40221 Düsseldorf), to carry out further training measures. In order to design the “AcademyMaker” in line with requirements and to enable problem-free use of the platform, X-CELL collects the following data:
Registration data, as well as login attempts
Training results: Course units assigned, started and completed; page views with time; exams started, passed, failed, as well as the number of exam attempts with date
Master data: Name, first name, e-mail address, language
IP address, as well as the end device and browser used
This data may be stored for the purpose of support or service optimisation and may be viewed by X-CELL’s administrator at any time if required. There is an agreement with X-CELL AG on commissioned processing pursuant to Art. 28 GDPR, which regulates the processing of your personal data by the contractor. This agreement ensures that X-CELL processes your personal data exclusively on our instructions and also stores it there only for the duration that we specify to the provider. The legal basis for the processing by X-CELL AG is furthermore Art. 6(1)(b) GDPR (i.e. Fulfilment of contractual obligations entered into with us). X-CELL does not commission any other subcontractors to process your data. If you wish to exercise your rights as a data subject also with regard to the data processed by X-CELL, please address your request solely to us at firstname.lastname@example.org.
Further information on data protection at X-Cell AG can be found here.
6. Recording of general data and information
Every time our website is accessed by a data subject or an automated system, it collects a series of general data and information. This general data and information is stored in server log files. The information recorded can include: the type and version of the browser used, the operating system used by the accessing system, the website that the accessing system reached our website from (known as the ‘referrer’), the sub-sites that directed an accessing system to our website, the data and time of access to the website, an internet protocol address (IP address), the internet service provider of the accessing system and other similar data and information that is used to defend against danger in the event of attacks on our IT systems.
When using this general information and data, we will not draw any conclusions about the data subject. This information is actually required to correctly provide the content of our website, to optimise the content of our website and advertising for it, to guarantee the consistent functionality of our IT systems and the technology of our website as well as to provide the law enforcement authorities with the information required for criminal proceedings in the event of a cyber attack. This data and information collected anonymously is therefore evaluated by us statistically as well as for the goal of increasing data protection and data security in our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.
7. Contact options via the website
In line with legal regulations, the website contains information that allows users to quickly contact our company electronically and to communicate with us directly, which also includes a general email address. Where a data subject makes contact with the data controller via email or a contact form, the personal data sent by the data subject is stored automatically. Such personal data provided to the data controller voluntarily by a data subject will be stored for the purpose of handling contact with the data subject. None of this personal data is forwarded to third parties.
8. Routine deletion and blocking of personal data
The data controller only processes and stores personal data of the data subject for the period that is required to achieve the purpose of storage or insofar as this was envisaged by the European regulator and legislator or another legislator in laws or regulations to which the data controller is subject.
If the purpose of storage no longer applies or if a storage period prescribed by the European regulator and legislator or another legislator expires, the personal data will be blocked or deleted routinely and in line with statutory regulations.
9. Rights of the data subject
a) Right to confirmation
Each data subject shall have the right granted by the European regulator and legislator to obtain from the controller confirmation as to whether or not personal data concerning them is being processed. If a data subject would like to take advantage of this right to confirmation, they can contact our data protection officer or another employee of the data controller to do so at any time.
Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to obtain free-of-charge information from the controller regarding the personal data stored about them and a copy of this information. In addition, the European regulator or legislator has granted the data subject with the following information:
- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the right to lodge a complaint with a supervisory authority
- information to be provided where personal data has not been obtained from the data subject: any available information as to the source of data
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
In addition, the data subject has the right to be informed whether personal data has been transmitted to an external country or an international organisation. If this is the case, the data subject shall also have the right to obtain information about suitable guarantees in connection with the transmission.
If a data subject would like to take advantage of this right to information, they can contact our data protection officer or another employee of the data controller to do so at any time.
b) Right to correction
Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to request the immediate correction of inaccurate personal data concerning them. In addition, taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject would like to take advantage of this right to correction, they can contact our data protection officer or another employee of the data controller to do so at any time.
c) Right to erasure (‘right to be forgotten’)
Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to request that the controller immediately delete the personal data concerning them, where one of the following grounds applies and processing is not necessary:
- The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
- The personal data has been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
If one of the reasons stated below applies and a data subject would like to arrange the deletion of personal data that we have stored, they can contact our data protection officer or another employee of the data controller to do so at any time. Our data protection officer will organise the deletion to take place immediately.
d) Right to restriction of processing
The data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
- The data subject has lodged an objection to the processing of the data in accordance with Art. 21 (1) GDPR and it has not yet been determined whether the legitimate interests of the controller outweigh those of the data subject.
If one of the requirement stated below applies and a data subject would like to arrange the restriction of personal data that our company has stored, they can contact our data protection officer to do so at any time. The data protection officer will arrange the restriction of processing.
e) Right to data portability
The data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to obtain from the controller the personal data concerning them, which has been made available to a data controller by the data subject, in a structured, accessible and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data was provided, provided that the processing is based on consent in accordance with point (a) of Art. 6(1) GDPR or point (a) of Art. 9(2) GDPR or on a contract in accordance with point (b) of Art. 6(1) GDPR and processing is carried out by automated means, provided that processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising their right to data portability pursuant to Art. 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible, and provided that this does not impede the rights and freedoms of another person.
To assert the right to data portability, the data subject can contact the data protection officer or another employee at any time.
f) Right to object
Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
In the event of revocation, we shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or such processing is necessary for the establishment, exercise or defence of legal claims.
Where we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing. This also applies to profiling that is connected with such direct marketing. Where the data subject objects to processing by our company for direct marketing purposes, we will no longer process the personal data for such purposes.
In addition, where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to such processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to revocation, the data subject can contact the data protection officer at any time. In addition, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may also exercise their right to object by automated means using technical specifications.
g) Automated individual decision-making, including profiling
Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, insofar as the decision is not required to enter into or fulfil a contract between the data subject and the controller, or is permitted in line with Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or which takes place with the explicit consent of the data subject.
If the decision is required for the initiation or fulfilment of a contract between the data subject and the controller or is based on the data subject’s explicit consent, we shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
If a data subject would like to exercise rights in relation to automated decisions, they can contact our data protection officer to do so at any time.
h) Right to revoke data protection-related consent
Each data subject affected by the processing of personal data shall have the right granted by the European regulator and legislator to revoke their consent to the processing of personal data at any time.
If the data subject would like to exercise their right to revoke consent, they can contact our data protection officer or another employee of the data controller to do so at any time.
10. Data protection during applications and in application procedures
The data controller collects and processes the personal data of applicants for the purpose of carrying out the application process. Processing may take place electronically. This applies in particular to when an applicant sends relevant application documents electronically, for example via email or via a web form located on the website, to the data controller. If the data controller signs an employment contract with an applicant, the data transmitted will be stored for the purpose of executing the employment relationship, in line with legal regulations. If the data controller does not sign an employment contract with the applicant, the application documents will be deleted automatically three months after notification of the rejection decision, provided that deletion does not oppose any other legitimate interests of the data controller. Other legitimate interests in this sense include a burden of proof in proceeding in accordance with the General Equal Treatment Act (Allgemeine Gleichbehandlungsgesetz, AGG).
11. Legal basis of processing
Art. 6 I lit. a of the GDPR shall serve as the legal basis for processing procedures at our company, through which we obtain consent for a certain processing purpose. If the processing of personal data is required to execute a contract for which the data subject is a contractual party, such as is the case during processing procedures, which is necessary for the delivery of goods or the provision of another service or considerations, the processing is based on Article 6 I lit. b GDPR. The same applies for such processing procedures that are required to execute precontractual measures, such as in the case of requests for our products or services. If our company is subject to a legal obligation that makes the processing of personal data necessary, such as to satisfy tax obligations, the processing shall be based on point (c) of Art. 6 I GDPR. In rare cases, processing may be necessary in order to protect the vital interests of the data subject or of another natural person. For example, this would be the case were a visitor to our company to be injured and, as a result, their name, age, health insurance data or other vital information needs to be sent to a doctor, a hospital or other third parties. The processing would then be based on Article 6 I lit. d GDPR. Ultimately, processing procedures may be based on Article 6 I lit. f GDPR. Processing procedures that are not covered by any of the legal bases specified above are based on this legal basis, if the processing is required to grant a justified interest out our company or a third party, insofar as this does not outweigh the interests, fundamental rights and freedoms of the data subject. We are therefore permitted to carry out such processing procedures in particular, as they have been highlighted by the European legislator. This covers in particular the fact that a legitimate interest may be assumed in the case of the data subject being a client of the data controller (recital 47(2) GDPR).
12. Legitimate interests in the processing, pursued by the controller or by a third party
If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest to carry out our business activity is for the benefit of the wellbeing of all of our employees and our shareholders.
13. Duration of data storage
The criterion for the storage of personal data is the relevant statutory storage deadline. After this period has expired, the relevant data will routinely be deleted, provided that it is no longer necessary for fulfilling or initiating contracts.
14. Statutory or contractual requirements to provide personal data; necessity to initiate the contract; obligation of the data subject to provide personal data; possible consequences of failure to provide such data
We draw your attention to the fact that the provision of personal data is often prescribed by law (e.g. tax regulations) or may result from contractual provisions (e.g. information about the contractual partner). Inter alia, it may be necessary when initiating a contract for a data subject to provide us with personal data then subsequently has to be processed by us. The data subject may for example be obliged to provide us with personal data if our company enters into a contract with them. Not providing personal data would result in the contract not being able to be entered into with the subject. Before the data subject provides personal data, the data subject must contact our data protection officer. On a case-by-case basis, our data protection officer shall explain to the subject whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data.