ALL DOCUMENTS AT A GLANCE
We have prepared a summary for you of our legal conditions and the contractual basis. Your privacy and data are important to us - learn more about processing.
§ 1 APPLICATION
1) All deliveries, services and offers by bb-net media GmbH - hereinafter referred to as "seller" - based on orders from contractual partners - hereinafter referred to as "customer" - are made exclusively on the basis of these general terms and conditions. These general terms and conditions are part of all contracts that the seller concludes with its customers for the deliveries and services it offers. These general terms and conditions also apply to all future deliveries, services or offers to the customer, even if they are not separately agreed again.
(2) Unless otherwise stated, the seller's product range is used goods, but not a newly manufactured item within the meaning of the BGB. Condition and scope of delivery are given in the product descriptions. Unless otherwise agreed, all products offered are delivered without software and accessories.
(3) The product range of the seller is aimed exclusively at entrepreneurs within the meaning of § 14 BGB. According to this, an entrepreneur is a natural or legal person or a legal partnership who, when concluding the contract, is exercising their commercial or independent professional activity.
(4) Terms and conditions of the customer or third parties do not apply, even if the seller does not separately object to their validity in individual cases. Even if the seller refers to letters, emails, faxes which contain or refer to the customer's or a third party's terms and conditions, this does not constitute consent to the validity of such terms and conditions. Conflicting terms and conditions only apply if their validity is expressly agreed in writing by the seller.
§ 2 OFFER AND CONCLUSION OF CONTRACT
(1) All offers made by the seller are subject to change and non-binding.
(2) When placing an order with the seller, the customer submits a binding offer to purchase the (desired) product to the seller. The customer is bound by the offer to the seller until the end of the seventh working day following the day on which the offer was received by the seller.
(3) The customer's offer is only considered accepted by the seller if the seller declares acceptance to the customer or sends the ordered goods.
(4) The customer receives an automatic notification of the order placed. This does not yet constitute a binding acceptance of the order, unless the acceptance is declared in addition to the confirmation of receipt.
§ 3 PRICES AND PAYMENT
(1) All prices quoted by the seller are in EURO plus the applicable statutory value added tax, insurance costs, transaction fees, costs for packaging and shipping at the time of the order. Customs and similar charges as well as other public, private charges and license fees are to be borne by the customer.
(2) Depending on the agreement between the customer and the seller, payments are made in advance, by direct debit or on account.
(3) If delivery by invoice has been agreed, this is due for payment to the seller immediately upon receipt of the goods and the invoice by the customer.
(4) The customer is not entitled to any right of set-off or retention, unless the counterclaim is undisputed or legally established.
(5) Invoice amounts, provided that the invoice has been received by the customer before delivery of the goods, must be paid within 30 days without any deduction, unless otherwise agreed in writing (also by fax and email). The receipt by the seller is decisive for the date of payment. If the customer does not pay by the due date, the outstanding amounts shall be subject to interest from the due date at 8 percentage points pa above the respective base rate; the assertion of higher interest rates and further damage in the event of default remain unaffected.
(6) The seller is entitled to perform or provide outstanding deliveries or services only against prepayment or security if it becomes aware of circumstances after the order of the contract which are likely to significantly reduce the creditworthiness of the customer and through which the payment of the open claims of the seller are endangered by the customer from the respective (pre-) contractual relationship.
§ 4 DELIVERY CONDITIONS
(1) Deliveries are made from the seller's warehouse in Schweinfurt or from a sub-supplier's warehouse.
(2) The availability of the goods and their delivery time result from the respective information provided by the seller. The deadlines and dates announced there by the seller for deliveries and services are always only approximate, unless a fixed period or a fixed date has been expressly promised or agreed. If a shipment has been agreed, the delivery periods and delivery dates refer to the times of handover to the forwarding agent, carrier or other third party commissioned with the transport.
(3) The seller can - without prejudice to its rights arising from the delay - demand from the customer an extension of delivery and service deadlines or a postponement of delivery and service dates by the period in which the customer does not meet his contractual obligations towards the seller.
(4) The seller is not liable for an impossibility of delivery or for delays in delivery insofar as these are not due to force majeure or other events that were not foreseeable at the time the contract was concluded, in particular operational disruptions of all kinds, difficulties in material or energy procurement, transport delays, strikes Timely or incorrect delivery was caused by the supplier for which the seller is not responsible. If such events make the delivery or service significantly more difficult or impossible for the seller and the hindrance is not only of temporary duration, the seller is entitled to withdraw from the contract. In the case of temporary obstacles, the delivery and service deadlines are extended or the delivery or service dates are postponed by the period of the hindrance plus a reasonable start-up period. If the customer cannot be expected to accept the delivery or service as a result of the delay, he can withdraw from the contract by means of an immediate written declaration (also by fax and e-mail) to the seller.
(5) If the seller is in default with a delivery or service or if a delivery or service becomes impossible, for whatever reason, the seller's liability is limited to compensation in accordance with Section 8 of these General Terms and Conditions.
§ 5 PLACE OF PERFORMANCE, SHIPPING, TRANSFER OF RISK
(1) The place of performance for all obligations arising from the contractual relationship is Schweinfurt, unless otherwise specified.
(2) The shipping method and the packaging are subject to the dutiful discretion of the seller.
(3) The risk is transferred to the customer at the latest when the delivered goods are handed over to the forwarding agent, carrier or other third party appointed to carry out the shipment. If the dispatch or handover is delayed due to a circumstance caused by the customer, the risk is transferred to the customer from the day on which the delivered goods are ready for dispatch and the seller has notified the customer of this. The customer bears the costs of storage. Insofar as the dispatch of the ordered goods has been agreed, the customer bears the risk of destruction or deterioration even if the ordered goods are dispatched directly to the customer from the warehouse of a sub-supplier as instructed.
§ 6 RETENTION OF TITLE
(1) The seller retains ownership of the goods it has delivered until the purchase price (including VAT and shipping costs) has been paid in full for the goods in question.
(2) If the delivered goods are processed or remodeled by the customer, it is agreed that the processing, remodeling of the delivered goods takes place in the name and for the account of the seller and that the seller directly owns the property or - if the processing takes place from materials of several owners or the value of the processed item is higher than the value of the delivered goods - acquires a corresponding co-ownership share in the newly created item.
(3) In the event that the delivered goods are resold, the customer hereby assigns the claims against third parties to the seller as a precaution.
(4) If third parties access the delivered goods, in particular through seizure, the customer will immediately inform them of the property of the seller and inform the seller of this in order to enable her to enforce her property rights. If the third party is unable to reimburse the seller for the resulting costs, the seller's customer is liable for this.
§ 7 WARRANTY
(1) The warranty for newly manufactured goods is 12 months. The warranty period begins with delivery or, if acceptance is required, with acceptance. The warranty does not apply to used goods, so-called used IT and processed used goods with the tecXL seal, our separate ones apply warranty Terms.
(2) The warranty does not apply if the customer changes the delivered goods or has them changed by a third party without the consent of the seller and this makes it impossible or unreasonably difficult to remedy the defect. In any case, the customer must bear the additional costs of remedying the defect resulting from the change.
(3) The warranty does not apply to untested, untested or defective goods.
§ 8 LIABILITY
(1) The seller's liability for damages, regardless of the legal reason, in particular for impossibility, delay, defective or incorrect delivery, breach of contract, breach of obligations in contract negotiations and tortious acts, insofar as fault is relevant, is in accordance with this Paragraphs restricted.
(2) The seller is not liable in the event of simple negligence on the part of its organs, legal representatives, employees or other vicarious agents, unless it is a breach of essential contractual obligations. Essential to the contract are the obligation to timely delivery of the goods free of significant defects as well as advisory, protection and custody obligations, which are intended to enable the customer to use the delivered goods in accordance with the contract and the protection of life and limb of the customer's staff or the protection of his property serve against significant damage.
(3) Insofar as the seller is fundamentally liable for damages in accordance with § 8 (2), this liability is limited to damage that the seller foresaw as a possible consequence of a breach of contract when the contract was concluded or that it should have foreseen had it been exercising due diligence. Indirect damage and consequential damage resulting from defects in the delivered goods are only eligible for compensation if such damage is typically to be expected when the delivered goods are used as intended.
(4) The restrictions of § 8 do not apply to the seller's liability for willful behavior, for guaranteed characteristics, for injury to life, limb or health or under the Product Liability Act
§ 9 WITHDRAWAL RIGHTS
(1) If the customer refuses to accept the goods, the seller is entitled to withdraw from the purchase contract and to claim damages.
(2) If the seller demands damages, this amounts to a flat rate of 15% of the sales price. The compensation is to be set lower if the customer proves lower damage. The customer has the opportunity to prove that the seller did not suffer any damage. If the seller can prove higher damage, she may also demand higher damage.
§ 10 FINAL PROVISIONS
(1) The place of jurisdiction for any disputes arising from the business relationship between the seller and the customer is, at the option of the seller, Schweinfurt or the customer's registered office. Schweinfurt is the exclusive place of jurisdiction for lawsuits against the seller. Mandatory statutory provisions on exclusive places of jurisdiction remain unaffected by this provision.
(2) The relationships between the seller and the customer are exclusively subject to the law of the Federal Republic of Germany. The United Nations Convention on the International Sale of Goods of April 11, 1980 (CISG) does not apply.
(3) The contract remains binding in its remaining parts even if individual points are legally ineffective. In place of the ineffective points, the statutory provisions apply, if they exist. To the extent that this would represent unreasonable hardship for one of the contracting parties, the contract as a whole becomes ineffective.
You can download our general terms and conditions as of March 26.03.2020, XNUMX as a PDF here:
§ 1 SCOPE OF APPLICATION; SHAPE
(1) The present General Terms and Conditions of Purchase (GPC) apply to all business relationships with our business partners and suppliers (“Contractors”). The GPC only apply if the contractor is an entrepreneur (Section 14 BGB), a legal entity under public law or a public law special fund.
(2) The GPC apply in particular to contracts for the sale and / or delivery of movable items ("goods"), regardless of whether the contractor manufactures the goods himself or buys them from suppliers (§§ 433, 650 BGB). Unless otherwise agreed, the GPC in the version valid at the time of the order of the contractor or at least in the version last communicated to him in text form apply as a framework agreement also for similar future contracts, without us having to refer to them again in each individual case.
(3) These GPC apply exclusively. Deviating, conflicting or additional general terms and conditions of the contractor will only become part of the contract if and to the extent that we have expressly agreed to their validity in writing. This consent requirement applies in any case, for example even if we accept the contractor's deliveries without reservation, knowing the general terms and conditions of the contractor.
(4) Individual agreements made with the contractor on a case-by-case basis (including side agreements, additions and changes) always take precedence over these GPC. A written contract or our written confirmation is decisive for the content of such agreements, subject to proof to the contrary.
(5) Legally relevant declarations and notifications by the contractor in relation to the contract (e.g. setting a deadline, reminder, withdrawal) must be made in writing, ie in writing or text form (e.g. letter, email, fax). Statutory formal requirements and other evidence, especially in the event of doubts about the legitimacy of the declaring party, remain unaffected.
(6) References to the validity of legal regulations are only used for clarification purposes. The statutory provisions therefore apply even without such a clarification, unless they are directly amended or expressly excluded in these GPC.
§ 2 CONCLUSION OF CONTRACT AND CONTRACT CONDITIONS
(1) Our order is considered binding at the earliest when it is submitted or confirmed in writing. The contractor must inform us of obvious errors (e.g. typing and calculation errors) and incompleteness of the order including the order documents for the purpose of correction or completion before acceptance; otherwise the contract is deemed not to have been concluded.
(2) Offers and cost estimates by the contractor are made free of charge and do not create any obligations for bb-net, unless legally stipulated.
(3) The contractor is required to confirm our order in writing within a period of 2 days or, in particular, to execute it without reservation by sending the goods (acceptance).
A late acceptance counts as a new offer and requires acceptance by us.
(4) In the event of changes to the content of the contract, such as the scope of delivery and services, which prove to be absolutely necessary from the point of view of the contractor, the contractor will notify bb-net immediately, in writing and prior to their implementation of the expected additional work. All changes and their implementation require the prior written consent of bb-net.
(5) All goods, furnishings and systems delivered to the client must comply with the legal requirements. Upon request, the contractor must provide bb-net with appropriate certifications and / or declarations of conformity immediately and free of charge. This applies in particular, but not exclusively, to goods with CE, RoHS or EAR markings.
(6) The contract termination rights are determined by the statutory provisions.
(7) The client can terminate the contract without notice for an important reason.
(8) In the event of termination, irrespective of the other rights of the client, there is only a claim to remuneration for the services rendered up to the time of termination that can be used by the client.
§ 3 DELIVERY TIME AND DELAY IN DELIVERY
(1) The delivery time specified by the client in the order is binding. If the delivery time is not specified in the order or otherwise agreed, it is 3 days from the conclusion of the contract. The contractor is obliged to notify us immediately in writing if he is unlikely to be able to meet the agreed delivery times - for whatever reason.
(2) Early services or deliveries as well as any partial service or partial delivery require the express prior written consent of the client.
(3) If the contractor does not provide his service or does not provide his service within the agreed delivery time or if he is in default, our rights - in particular to withdrawal and compensation - are based on the statutory provisions. The regulations in paragraph 4 remain unaffected.
(4) If the contractor is in default, we can - in addition to further legal claims - flat-rate compensation for our default damage i. H. v. Request 0,5% of the net price per working day, but not more than 5% of the net price of the late delivery. bb-net reserves the right to prove that greater damage has occurred. The contractor reserves the right to provide evidence that no or only significantly less damage has occurred.
§ 4 PERFORMANCE AND DELIVERY
(1) The contractor is not entitled to have the services owed by him performed by third parties (e.g. subcontractors) without our prior written consent. The contractor bears the procurement risk for his services, unless otherwise agreed in individual cases (e.g. limitation to stock).
(2) Delivery within Germany is “free domicile” to the location specified in the order. If the destination is not specified and nothing else has been agreed, delivery must be made to our registered office in Schweinfurt. The respective destination is also the place of performance for the delivery and any subsequent performance (obligation to provide).
(3) The delivery from third countries always has CIF acc. Incoterms 2010 to be done.
(4) The delivery must be accompanied by a delivery note stating the date (issue and dispatch), the content of the delivery (article number and number) and our order identifier (date and number). If the delivery note is missing or incomplete, we are not responsible for any resulting delays in processing and payment. A corresponding dispatch note with the same content must be sent to us separately from the delivery note.
§ 5 PRICES AND PAYMENT TERMS
(1) The price stated in the order is binding. All prices include the statutory sales tax if this is not shown separately.
(2) Unless otherwise agreed in individual cases, the price includes all services and ancillary services of the contractor (e.g. assembly, installation) as well as all ancillary costs (e.g. proper packaging, transport costs including any transport and liability insurance) .
(3) The agreed price is due for payment within 30 calendar days of complete delivery and service (including any agreed acceptance) and receipt of a proper invoice. If we make payment within 14 calendar days, the contractor grants us a 3% discount on the net amount of the invoice. In the case of bank transfers, payment is made on time if our transfer order is received by our bank before the payment deadline has expired; We are not responsible for delays caused by the banks involved in the payment process.
(4) We do not owe any maturity interest. The statutory provisions apply to default in payment.
(5) We are entitled to set-off and retention rights as well as the objection of the non-fulfilled contract to the extent permitted by law. In particular, we are entitled to withhold payments due as long as we are still entitled to claims against the contractor from incomplete or defective services.
(6) The contractor only has a right of set-off or retention for counterclaims that have been legally established or are undisputed.
§ 6 TRANSFER OF RISK, DEFAULT OF ACCEPTANCE
(1) The delivery of movable items to be produced or manufactured, as well as assembly services, requires written acceptance by bb-net. The transfer of risk takes place with the acceptance of the service by bb-net. An implied acceptance, in particular through the use of the objects of performance by bb-net, is excluded.
(2) The risk of accidental loss and accidental deterioration of the item is transferred to us upon delivery at the place of performance. If acceptance has been agreed, this is decisive for the transfer of risk. For the rest, the statutory provisions of the law on contracts for work and services also apply accordingly to acceptance. The handover or acceptance is the same if we are in default of acceptance.
(3) The statutory provisions apply to the occurrence of our default in acceptance. However, the contractor must also expressly offer us his services if a specific or definable calendar time has been agreed for an act or cooperation on our part (e.g. provision of material). If we are in default of acceptance, the contractor can demand reimbursement of his additional expenses in accordance with the statutory provisions (Section 304 BGB). If the contract concerns an unjustifiable item to be produced by the contractor (custom-made product), the contractor is only entitled to further rights if we are obliged to cooperate and are responsible for the failure to cooperate.
§ 7 INFORMATION OBLIGATIONS OF THE CONTRACTOR
(1) Should the contractor deviate from the agreed service, he will immediately and expressly inform bb-net of this.
(2) Should deviating solutions exist for the fulfillment of the agreed service, which are economically or technically more suitable, the contractor undertakes to inform bb-net immediately and comprehensively in writing.
(3) If the contractor realizes that he cannot meet his contractual obligations in whole or in part, or not in time, he must inform bb-net immediately and stating the reasons.
§ 8 PACKAGING
(1) The contractor is obliged to collect free of charge and properly and completely dispose of packaging material. At the request of the contractor, appropriate evidence of legally compliant disposal must also be provided by third parties, if necessary. If the contractor does not meet this obligation, the client is entitled to invoice the contractor for the costs for the professional collection and disposal and the associated expenses in full
(2) The contractor undertakes to comply with the obligations under the Packaging Ordinance, in particular with regard to proper licensing, to provide evidence of this to the client upon request and to fulfill the obligations arising for the client from the packaging ordinance. If these are not transferable, the contractor will support the client in fulfilling them free of charge.
§ 9 CONFIDENTIALITY
(1) The client reserves the right of ownership and copyrights to illustrations, plans, drawings, calculations, execution instructions, product descriptions and other documents. Such documents are to be used exclusively for the contractual service and returned to us after the contract has been completed. The documents must be kept secret from third parties, even after the contract has ended. The confidentiality obligation only expires when and to the extent that the knowledge contained in the documents provided has become generally known.
(2) The above provision applies accordingly to substances and materials (e.g. software, finished and semi-finished products) as well as to tools, templates, samples and other items that we provide to the contractor for manufacture. Such objects - as long as they are not processed - are to be stored separately at the contractor's expense and insured to an appropriate extent against destruction and loss.
§ 10 RETENTION OF TITLE
(1) An extended, forwarded, expanded or subsequent retention of title by the contractor to the ordered goods is not recognized by the client.
(2) If the client accepts an offer of the contractor for the transfer of ownership that is conditioned by the payment of the purchase price (simple retention of title), the retention of title expires at the latest with the payment of the purchase price for the goods.
§ 11 DEFECTIVE DELIVERY
(1) The statutory provisions apply to our rights in the event of material defects and defects in title of the goods (including incorrect and short deliveries as well as improper assembly, faulty assembly, operating or operating instructions) and for other breaches of duty by the contractor, unless otherwise specified below .
(2) According to the statutory provisions, the contractor is particularly liable for ensuring that the goods have the agreed quality when the risk passes to us. In any case, those product descriptions which - in particular by designation or reference in our order - are the subject of the respective contract or are included in the contract in the same way as these GPC apply as an agreement on the quality. It makes no difference whether the product description comes from us, the contractor or the manufacturer.
(3) Notwithstanding Section 442, Paragraph 1, Sentence 2 of the German Civil Code, the client is entitled to unlimited claims for defects even if the client was not aware of the defect when the contract was concluded due to gross negligence.
(4) The statutory provisions (§§ 377, 381 HGB) apply to the commercial inspection and notification obligation with the following stipulation: Our inspection obligation is limited to defects that are revealed during our incoming goods inspection under external assessment including the delivery papers (e.g. B. transport damage, wrong and short delivery) or are recognizable in our quality control in the random sampling procedure. If acceptance has been agreed, there is no obligation to examine. In addition, it depends on the extent to which an investigation is feasible in the normal course of business, taking into account the circumstances of the individual case. Our obligation to notify us for defects discovered later remains unaffected. Without prejudice to our duty to examine, our complaint (notification of defects) is deemed to be prompt and timely if it is sent within 5 working days of discovery or, in the case of obvious defects, of delivery.
(5) The supplementary performance also includes the removal of the defective goods and their reinstallation, provided that the goods were built into another item or attached to another item in accordance with their type and purpose; our legal right to reimbursement of corresponding expenses remains unaffected. The contractor bears the expenses required for the purpose of testing and subsequent performance even if it turns out that there was actually no defect. Our liability for damages in the event of an unjustified request to remedy defects remains unaffected; In this respect, however, we are only liable if we recognized or negligently failed to recognize that there was no defect.
(6) Without prejudice to our legal rights and the regulations in Paragraph 5, the following applies: If the contractor fulfills his obligation to supplementary performance - at our option by eliminating the defect (subsequent improvement) or by delivering a defect-free item (replacement delivery) - within a set, If not after a reasonable period of time, we can remedy the defect ourselves and demand reimbursement of the necessary expenses or a corresponding advance payment from the contractor. If the subsequent performance by the contractor has failed or is unreasonable for us (e.g. due to particular urgency, threat to operational safety or the threat of disproportionate damage), no deadline is required; we will inform the contractor immediately, if possible in advance, of such circumstances.
(7) In addition, in the event of a material or legal defect, we are entitled to reduce the purchase price or to withdraw from the contract in accordance with the statutory provisions. In addition, we are entitled to compensation for damages and expenses in accordance with the statutory provisions.
§ 12 SUPPLIER RECEIPT
(1) We are entitled to our legally determined recourse claims within a supply chain (supplier recourse according to §§ 445a, 445b, 478 BGB) in addition to the claims for defects. In particular, we are entitled to demand exactly the type of supplementary performance (repair or replacement delivery) from the contractor that we owe to our customers in individual cases. This does not restrict our statutory right to choose (Section 439 (1) BGB).
(2) Before we recognize or fulfill a defect claim asserted by our customer (including reimbursement of expenses in accordance with §§ 445a Paragraph 1, 439 Paragraph 2 and 3 BGB), we will notify the contractor and ask for a written statement, briefly explaining the facts . If a substantiated statement is not made within a reasonable period of time and if no amicable solution is found, the claim for defects actually granted by us shall be deemed owed to our customer. In this case, the contractor is responsible for providing evidence to the contrary.
(3) Our claims from supplier recourse also apply if the defective goods have been received by us or another entrepreneur, e.g. B. by incorporating it into another product.
§ 13 PRODUCER LIABILITY
(1) If the contractor is responsible for product damage, he has to indemnify us from third-party claims insofar as the cause is within his sphere of control and organization and he is himself liable in the external relationship.
(2) As part of his indemnity obligation, the contractor has expenses in accordance with To reimburse §§ 683, 670 BGB, which result from or in connection with a claim by third parties including recall campaigns carried out by us. We will inform the contractor about the content and scope of recall measures - as far as possible and reasonable - and give him the opportunity to comment. Further legal claims remain unaffected.
(3) The contractor must take out and maintain product liability insurance with a lump sum coverage of at least EUR 10 million per personal injury / property damage.
§ 14 PROPERTY RIGHTS
(1) Upon first written request and without prejudice to statutory claims, the contractor shall exempt the client from alleged infringements of patent law, copyright law or other property rights. The obligation to indemnify includes all expenses that the client incurs in connection with claims by third parties.
(2) The limitation period for the claim for exemption is three years from the client's knowledge or grossly negligent ignorance of the circumstances giving rise to the claim. Incidentally, regardless of knowledge or grossly negligent ignorance, the claim for indemnification expires ten years from its origin.
§ 15 LIMITATION OF LIMITATIONS
(1) The mutual claims of the contractual parties expire in accordance with the statutory provisions, unless otherwise specified below.
(2) Notwithstanding Section 438 (1) No. 3 BGB, the general limitation period for claims for defects is 3 years from the transfer of risk. If an acceptance has been agreed, the limitation period begins with the acceptance. The 3-year limitation period also applies accordingly to claims arising from defects of title, whereby the statutory limitation period for real claims for surrender by third parties (Section 438 (1) No. 1 BGB) remains unaffected; In addition, claims based on defects of title do not expire as long as the third party can still assert the right against us, especially in the absence of a limitation period.
(3) The statute of limitations of the sales law including the above extension apply - to the legal extent - for all contractual claims for defects. Insofar as we are also entitled to non-contractual claims for damages due to a defect, the regular statutory limitation (§§ 195, 199 BGB) applies, unless the application of the limitation periods of the sales law in individual cases leads to a longer limitation period.
§ 16 USAGE AND EXPLOITATION RIGHTS
(1) If no deviating agreements have been made, the contractor irrevocably grants the contractor unrestricted rights of use and exploitation of all calculations, graphics, plans, products, models, drawings, in terms of content, space and time, provided that he himself is the owner of all rights. Tools graphics or other documents in written, electronic or other form.
§ 17 REVIEW
(1) The client is entitled to review the execution of the contract by the contractor. The client reserves the right to inspect the test and execution documents and to check the systems and facilities necessary for the execution of the contract. If the client considers a visit to the contractor's premises to be necessary, the client will register in advance for an appointment within the operating hours.
(2) The client is also entitled to check compliance with the regulations in accordance with Section 19.
§ 18 REFERENCE
(1) The use of the client's company name, brand name or logo by the contractor in connection with advertising purposes or references requires the client's express, written consent in advance.
§ 19 BB-NET REGULATIONS, ACCESS RIGHTS
(1) When entering the factory premises of bb-net, the contractor undertakes to take note of and follow the external company regulations. The regulations can be found on the Internet at www.bb-net.de/fremdfirmenordnung be called.
§ 20 CHOICE OF LAW AND PLACE OF JURISDICTION
(1) For these GPC and the contractual relationship between us and the contractor, the law of the Federal Republic of Germany applies to the exclusion of uniform international law, in particular the UN sales law.
(2) If the contractor is a merchant i. S. d. Commercial code, legal entity under public law or a public special fund, is the exclusive - also international - place of jurisdiction for all disputes arising from the contractual relationship. Our place of business in Schweinfurt applies accordingly if the contractor is an entrepreneur i. S. v. § 14 BGB is. In all cases, however, we are also entitled to take legal action at the place of performance of the delivery obligation in accordance with these GPC or a priority individual agreement or at the general place of jurisdiction of the contractor. Overriding statutory provisions, in particular those relating to exclusive responsibilities, remain unaffected.
You can download our General Terms and Conditions of Purchase from February 2020 as a PDF here:
This instruction applies to all business partners, suppliers, customers, authorities and other third parties including their employees and third parties involved by them (hereinafter referred to as "external companies") who work on the factory premises of bb-net Media GmbH (hereinafter referred to as "bb-net") Act. These external company regulations apply to Lisbon Street 4.
The scope of these instructions begins when you enter and ends when you leave the factory premises. The purpose of these instructions is to avoid or reduce safety, health, environmental and property risks when external companies are working on the factory premises.
In addition, these instructions serve to support the external companies in preparing their own risk assessment and at the same time to demand compliance with the requirements listed below.
§ 1 WORK AND ENVIRONMENTAL PROTECTION REGULATIONS
All relevant work and environmental protection regulations, state and trade association work safety regulations and generally recognized safety and occupational medicine rules, including the accident prevention regulations applicable to the scope of work, as well as the applicable working time laws, must be observed by the external companies when performing the activity. If the external companies are not aware of these regulations, they are obliged to obtain the necessary information. The external companies assure that neither they nor their subcontractors employ employees without valid and proper working papers and that the respective legal regulation on payment of remuneration is observed.
§ 2 COORDINATOR
The coordinator is always a bb-net employee. The coordinator is the direct contact person for the external company in all matters relating to the stay on the bb-net factory premises. The external company will be informed of the name and telephone number of the coordinator when entering the factory premises for the first time.
§ 3 ORDER, INSTRUCTIONS AND VIOLATIONS
The external company is obliged to obey the orders and instructions of the coordinator, his agents, the bb-net security specialist (hereinafter jointly referred to as the “authorizing officer”). If the external company has doubts about the authorization of the authorized person to issue orders and instructions, it is obliged to have the authorization confirmed by the coordinator. The monitoring and issuing of orders and instructions by authorized officers does not relieve the external company of its own responsibility towards its employees and bb-net.
In the event of violations of work and environmental protection regulations, as well as other breaches of duty, bb-net is entitled to order the cessation of work until the violation has been remedied and to exclude employees who do not act from further activities.
§ 4 WHAT TO DO IN THE EVENT OF ACCIDENTS
In the event of accidents of any kind, the plant manager, the coordinator and the safety specialist must be notified immediately. In addition, the external company is obliged to comply with the statutory reporting obligations applicable to all industrial accidents. Damage or malfunctions to bb-net facilities and systems must also be reported to the coordinator immediately.
§ 5 SAFETY CONSULTING
The bb-net safety specialist advises the external company on all issues relating to occupational safety. She is available to the external company for information and will advise them, for example, about the hazards arising from the individual systems and processes and measures to prevent them. The external company has to find out the contact details of the responsible safety officer via the coordinator.
§ 6 ENVIRONMENTAL CONSULTING
The bb-net security specialist advises the external company on all questions of environmental protection. She is available to the external company for information on all issues relating to waste disposal, soil and water protection, pollution control and hazardous goods handling. The external company has to find out the contact details of the responsible safety officer via the coordinator.
§ 7 SPECIAL EXTERNAL COMPANY OBLIGATIONS
The external company undertakes to comply with the following points:
- The external company informs the coordinator before the beginning, after the end and whenever the activities carried out on the factory premises are interrupted.
- The contractor ensures that they always leave the work environment in a safe state.
- The external company informs the coordinator of possible disruptions in the operational process. It reports to the coordinator all malfunctions and irregularities that occur during the execution of the activity.
- The external company defines the daily work with the responsible coordinator.
- The tools and equipment used, especially ladders and scaffolding, must be in a safe working condition. When leaving the workplace, they must be locked up or otherwise secured so that they do not pose any danger to people or property or they can be used without authorization.
- Electrical feed points when working on buildings and building services or production systems must have a residual current device (RCD).
- The vehicles used by the external company must comply with the applicable regulations at the location.
§ 8 INTERNAL SAFETY REGULATIONS
The external company observes the following internal safety regulations:
- Tools, devices, equipment and systems from bb-net may not be used without permission, without proof of the required qualifications and suitability, and without instruction from bb-net.
- Material stores and material stacks must be laid out in such a way that they do not endanger work safety, the production process, transport or traffic flow.
- Excavations, trenches, open channels, floor openings, etc. must be adequately secured everywhere and illuminated in the dark. Dangerous workplaces are to be cordoned off.
- Bringing and consuming alcoholic beverages and other intoxicating substances (drugs) are not permitted on the bb-net factory premises. Members of the external company who have reasonable grounds to suspect that they are under the influence of intoxicating substances or beverages can be expelled from the company premises.
- The external company observes the smoking ban.
- The external company ensures that its employees wear the necessary personal protective equipment (protective goggles, protective shoes, hard hats, etc.).
- The relevant statutory provisions for public road traffic apply on the bb-net factory premises. However, company traffic must always be given priority and internal company traffic and behavior rules must be observed. The maximum speed for vehicles of all types within the company premises is 20 km / h.
- Vehicles from external companies are only allowed on the company premises for loading and unloading.
- Employees of external companies who operate industrial trucks, cranes and aerial work platforms must be in possession of a corresponding training certificate.
- The employees of the external company are not permitted to enter parts of the company, with the exception of the break areas and sanitary facilities, which are not part of the external company's area of activity. Exceptionally, other parts of the company may be entered after consultation with the responsible coordinator, insofar as this is necessary to carry out the activity.
- Mandatory, prohibition and warning signs and markings must be observed. They must not be removed or made illegible.
- Escape routes and escape doors are marked. They are to be kept clear at all times.
- Fire extinguishers, hydrants and corresponding signs must not be covered, blocked up or otherwise made unusable. They must be accessible at all times. Any damage must be reported to the coordinator immediately.
- Pedestrians have to use the marked sidewalks and watch out for the traffic of industrial trucks.
§ 9 DANGEROUS WORK
Work permits or permits are required for dangerous work. The external company receives this from the responsible coordinator if necessary. The external company only uses qualified employees for dangerous work. The external company ensures that all activities on the bb-net factory premises are approved by the coordinator. Dangerous work includes in particular:
- the handling of dangerous substances,
- Work on or in the vicinity of electrical systems and equipment,
- Working with a risk of fire (welding, burning, heating, cutting) and flammable liquids,
- Work on steam or pressure lines,
- Working with a risk of falling,
- Work that requires special precautions because there are immediate dangers for employees of the external company and bb-net.
§ 10 MUTUAL RISK
One speaks of “mutual endangerment” when bb-net and / or the external company sees its own and / or external risk potential when carrying out the activities. If there is a possible mutual endangerment, the external company discusses with the coordinator whether and which safety measures are necessary before starting work. The agreement with the coordinator does not release the external company from its duty to supervise its own employees.
The following applies in detail:
- When working on or in the vicinity of live systems or equipment, the bb-net building technology responsible for this area must also be switched on. The external company has to find out the contact details of the relevant specialist department via the coordinator.
- Electrical energy may only be taken from the external company at the assigned feed points. The external company has to find out the feeding points via the coordinator.
- Other electrical connections to the company network may only be carried out by the building services department with the involvement of the coordinator.
- The execution of earthworks must be discussed with the plant management beforehand because of the possible damage to supply lines. The external company has to find out the contact details of the plant management through the coordinator.
§ 11 GUIDELINES FOR THE ENVIRONMENT, ENERGY AND OCCUPATIONAL SAFETY
The external company is obliged to adhere to the guidelines for the environment, energy and occupational safety.
In particular, the following applies:
- The provision and storage of water-polluting and environmentally hazardous substances must take place in collecting trays.
- Dealing with substances that are hazardous to water must not result in any harmful contamination of the soil, groundwater, surface or sewage. Working and storage containers must be suitable, in good condition and double-walled from 100 liters. Adequate quantities of binding agent must be kept available in the work area.
- The fuel system and the lubrication system of vehicles and machines must not show any leaks.
- The seepage of sewage and other liquids is prohibited. The same applies to the introduction into the sewer network, unless the environmental protection specialist has approved.
- The external company is obliged to properly recycle, dispose of and remove all waste that arises during the execution of the activity in compliance with the relevant regulations. A copy of all evidence and documents resulting from this obligation must be handed over to the coordinator immediately. The external company is entitled in individual cases to dispose of waste on the factory premises in compliance with the applicable waste separation system with the consent of the bb-net waste disposal officer. The external company has to find out the contact details of the responsible waste disposal officer via the coordinator.
- Burning waste of any kind on the factory premises is prohibited.
- Dust, odor and noise emissions must be reduced to what is technically achievable.
- Harmful exposure to employees and residents must be ruled out. The construction machines used must meet the requirements of the Equipment and Machine Noise Ordinance.
- Construction, auxiliary and operating materials that contain asbestos, halogenated hydrocarbons, lead and carcinogenic fiber materials must not be used.
- Resources (e.g. water, energy, auxiliary and operating materials) must be used sparingly.
- The external company only uses employees who are qualified through education, training or experience for activities with significant environmental impacts. The associated evidence must be shown to bb-net at any time upon request
§ 12 FIRE PROTECTION
In the course of activities with a fire risk, the external company is obliged to use the permit procedure for hot work and to arrange for the fire alarm systems to be decommissioned via the coordinator, with the involvement of the safety / fire protection officer. The external company is obliged to provide extinguishing agents and, after completion of the work, to remove flammable substances and gases from the building or the work areas such as the roof surfaces and, if necessary, to provide a fire protection post. Escape routes, doors and fire extinguishing equipment must be kept clear. Breakthroughs through fire walls are only permitted after consultation with the coordinator and can be closed again using the procedure specified by the coordinator.
§ 13 FURTHER REGULATORY INFORMATION
- The construction and assembly site must always be kept in a clean condition and tidied up at the end of work.
- Photography or filming on the company premises is not permitted - unless there is a special permit from bb-net.
- On Sundays and public holidays, employees from external companies are only permitted to enter our premises with written approval from bb-net.
- The extraction of construction water from hydrants is only permitted with the approval of the coordinator.
§ 14 ENERGY MANAGEMENT SYSTEM
bb-net is committed to careful use of energy and to continuously improve its energy efficiency. The external company therefore ensures economical and careful use of energy!
§ 15 SPECIFIC REGULATIONS
If specific regulations exist, the external company is obliged to adhere to them. The specific regulations are communicated by the coordinator during the briefing.
§ 16 EMPLOYEE TRAINING
The external company is obliged to instruct its employees about the content of these "bb-net instructions for external companies" before starting work and to provide evidence of this in a suitable form upon request from bb-net. Furthermore, the external company must ensure that its employees adhere to the regulations of the "bb-net instructions for external companies". The instruction about working conditions, hazards and protective measures must be demonstrably repeated at least once a year.
§ 17 LIABILITY FOR LANGUAGE VERSIONS
There is only a German version, this is binding.
The guarantee conditions of bb-net media GmbH (hereinafter bb-net) are aimed exclusively at commercial customers. If you have purchased a tecXL product as a private person, please contact the relevant dealer for warranty processing. Rights beyond the guarantee are not restricted by the granting of a guarantee.
§ 1 CONTENT OF THE WARRANTY
(1) bb-net guarantees its customers that the hardware sold is free from manufacturing, material and processing defects. The generally recognized rules of technology at the time of manufacture are decisive.
(2) bb-net will either repair the defective goods or replace them with a product that is at least equivalent or comparable. In any case, the costs will be borne by bb-net.
(3) If neither repair nor replacement of the defective device is possible, bb-net will reimburse you for the current value of the device. The fair value is determined on the part of bb-net on the basis of a progressive discount. If the defect occurs within the first 12 months, bb-net will reimburse the buyer for the full purchase price.
Fig. Progression of discounts:
> 12 months - 20% discount
> 18 months - 30% discount
> 24 months - 40% discount
> 30 months - 50% discount
(4) Replaced parts become the property of bb-net. There are no further claims. In particular, bb-net does not provide loan devices for repairs during the warranty period and does not assume the costs for this.
(5) If a rechargeable battery is used for the processed used goods with the tecXL seal, bb-net guarantees a minimum running time of 30 minutes in regular operation.
§ 2 EXCLUSION OF WARRANTY
(1) Wear parts are excluded from the guarantee. These include in particular, but not exclusively: batteries, capacitors, fans, heat-conducting agents, discoloration, hinges, levers, flaps or signs of wear in the input area. The guarantee for accumulators is limited to a maximum of 6 months.
(2) The guarantee does not cover damage caused by force majeure or natural disasters in particular, but not exclusively: fire, radiation, frost, sun / heat, floods, war, computer viruses, programming and software errors, external forces or impacts.
(3) The improper use or modification of the devices is also excluded from a guarantee claim. Examples of improper use are in particular, but not exclusively: water damage, corrosion damage, defects due to accessories not approved by the manufacturer and the installation of software not approved by the manufacturer.
(4) Manufacturer-side serial errors, software errors and / or errors in connection with the operating system are excluded from the guarantee.
(5) In addition, the validity of the guarantee ends if the installation, care instructions and repair of the device are not followed by any person / company other than bb-net. Except bb-net, a repair by a third party has expressly agreed in writing.
(6) Stand-alone, but also built-in displays, are classified into four pixel error classes according to ISO 13406-2. These products are tested and sold according to the ISO category pixel error class II. The maximum permissible number of defects per million pixels is two continuously lit pixels (defect type 1), two continuously black pixels (defect type 2) or five defective sub-pixels, either continuously lit in the colors red, green, blue and continuously black ( Error type 3). Defective pixels do not represent a guarantee case within the applicable specification.
(7) Assembling or dismantling the defective part or the product are not covered by the guarantee.
§ 3 WARRANTY PERIOD
(1) The warranty period for tecXL products is 24 months, for other used hardware, so-called used IT, 3 months and begins from the invoice date.
(2) If the customer resells products with the tecXL seal for the first time, the guarantee period begins again, but the extension is limited to a maximum of 6 months. Upon request, bb-net must be given the original purchase receipt, which clearly identifies the device. Accumulators are excluded from this.
(3) If components are exchanged in the course of fulfilling the guarantee, this does not trigger a new start of the guarantee period.
§ 4 PROCEDURE IN THE CASE OF WARRANTY (BRING-IN WARRANTY)
(1) If you discover a defect in your tecXL product, please contact our customer service immediately using the online form in your customer account.
(2) If our customer service determines that the product complained about is possibly defective and the guarantee claim is justified, you will receive a processing number (RMA) and instructions for shipping the product to bb-net.
(3) Returns to bb-net authorized by us in suitable transport packaging are paid for in advance and insured accordingly. The dispatch takes place to the address indicated on the return.
(4) After the guarantee has been provided, you will receive your tecXL product back with the same configuration that it originally had when you purchased it, subject to possible updates.
(5) You may not return an incomplete product to bb-net without contacting our customer service in advance. bb-net reserves the right to return unannounced consignments and to invoice the sender for the shipping and handling costs.
§ 5 ACCEPTANCE OF COSTS
(1) The costs of sending and the ancillary costs are to be borne by the buyer. In the event of complaints within the first 60 days after the delivery date, bb-net grants the option of also bearing the return costs.
(2) After completion of the repair, bb-net will send the devices back to the customer at bb-net's expense without further notice.
§ 6 DISCLAIMER
(1) bb-net assumes no liability for data and installed software. bb-net reserves the right to delete data carriers within the scope of guarantee compliance and to reinstall the operating system. It is the customer's responsibility to reinstall the operating system and other software.
(2) bb-net assumes no liability for data that is lost in transit from or to bb-net. The transport insurance only covers the value of the shipment.
(3) bb-net assumes no liability for repairs carried out as a gesture of goodwill.
§ 7 DATA PROTECTION
(1) The data necessary for the implementation and processing of the guarantee is recorded, transferred and processed. By using the currently valid return procedure, the customer agrees that this data may be collected and processed. bb-net basically acts in accordance with the stipulation of data economy.
§ 8 PLACE OF PERFORMANCE, JURISDICTION AND APPLICABLE LAW
(1) The place of fulfillment of the obligations from this guarantee is Schweinfurt. As far as permissible, the jurisdiction is the regional court district of Schweinfurt. German law applies to this guarantee to the exclusion of the UN sales law, unless this is contrary to mandatory international consumer protection law.
The following principles of conduct describe the desired ethically correct behavior on all business occasions in accordance with applicable law and relevant internal guidelines. All bb-net employees are responsible for compliance with the code of conduct. Mainly the principles are divided into integrity, reliability and transparency.
§ 1. GENERAL
This code of conduct was drawn up by the management and describes which values we share and how we want to work together - today and in the future. They give us a clear target image that has to be achieved in order to secure our company's long-term success. A respectful and cooperative cooperation as well as the conscious perception of social responsibility form the basis for our long-term corporate success. Responsible, ethically correct and honest behavior is expected from management, employees, but also business partners, suppliers and possibly future subsidiaries or cooperation companies.
The code of conduct makes a claim on ourselves, at the same time it is a promise to the outside world for responsible behavior towards business partners and the public, but also in dealing with one another within the company. It should serve as a guideline for our daily behavior.
Our managers have a special role model function. A prerequisite for the company-wide implementation of the Code of Conduct is that our values are exemplified by the managers. They are the first point of contact for questions about understanding the regulations and ensure that all employees know and understand the code of conduct. As part of their management tasks, they prevent unacceptable behavior or take suitable measures to prevent rule violations in their area of responsibility.
§ 2 VALUES AND PRINCIPLES OF CONDUCT
For us, compliance with laws and regulations is an essential basic principle of economically responsible action. We always observe the applicable legal prohibitions and obligations.
Our employees are the foundation for the success of our company. So that their strengths can develop, we create a work environment that lives this appreciation and promotes integrity. We trust each other and keep our word. We stand for equal opportunities, because there is great potential in the diversity of our employees. We treat all employees equally, regardless of ethnic or national origin, gender, religion, worldview, political attitude, disability, age or sexual identity or any other protected characteristic or status. We show each employee the necessary respect, treat each other with decency and if we disagree on things, then we are without humiliation. We take full responsibility for our decisions, actions and results. Credibility arises when we take responsibility for what we say and do. Everyone clearly states their intentions and goals and expects others to share their opinion.
Our employees are hired and promoted exclusively on the basis of their qualifications and their technical, but also social skills. Every single employee is obliged to refrain from any form of discrimination and to live together in a respectful and friendly manner.
We do not tolerate sexual harassment in any form and use language that is neither discriminatory, intimidating, harassing, threatening, abusive, sexually objectionable, or otherwise insulting or inappropriate.
The right to appropriate remuneration is recognized for all employees. The remuneration and the other services correspond at least to the respective national and local legal standards.
The health and safety of our employees are just as important to us as the quality of our work and business success. Occupational health and safety are an integral part of all operational processes from the outset. The health of our employees is our greatest asset and an obligation for everyone. Our company takes into account the relevant occupational safety regulations, the state of the art, occupational medicine, hygiene and other ergonomic findings. Each of our employees promotes safety and health protection in their working environment and adheres to the regulations on occupational health and safety. The manager is obliged to instruct and support his employees in fulfilling this responsibility.
All employees are obliged to use the company's property and resources appropriately and carefully and to protect it from loss, theft or misuse. We use company tangible and intangible property only for corporate purposes and not for personal use unless expressly permitted.
Important corporate goals for us are sustainable environmental and climate protection as well as resource efficiency. We check and validate our options for CO2-To minimize emissions and to continuously optimize our products and our actions. We achieve this through a comprehensive sustainability concept, a large number of environmental projects and the unavoidable CO2-Compensate the footprint with climate certificates. Every employee is responsible for treating natural resources carefully and contributing to the protection of the environment and climate through their individual behavior.
Corruption, money laundering activities and violations of applicable law lead to sanctions against the person / s concerned. Each employee may not accept, demand or be promised any gifts or other benefits from customers, suppliers or other persons in open or covert form for or in the fulfillment of his contractual obligations without the consent of the employer. If you have any questions, legal doubts or justified suspicions, you must always consult your line manager. None of our employees are allowed to use the company's business connections for their own benefit or for others' disadvantage.
Corruption, money laundering activities and violations of applicable law lead to sanctions against the person / s concerned.
Our company is aware of its responsibility for education and science, for culture and sport as well as for social issues. Social responsibility and social commitment have been an integral part of the corporate culture for decades.
We make donations and other forms of social engagement solely in the company's interests. We do not make any financial donations to recipients with whom a conflict of interest could arise.
Donations are made transparently, as the purpose, recipient of the donation and confirmation of the donation by the recipient of the donation are documented and verifiable.
The public perception of bb-net media GmbH is essentially shaped by the appearance, actions and behavior of each individual employee. We are all responsible for this. Inappropriate behavior by an individual can cause considerable damage to our company.
Therefore, every employee is called upon to maintain the reputation of our company through their behavior and appearance in public or in social media.
Our company respects the internationally recognized human rights and is committed to their observance and protection. We respect the dignity and personal rights of our employees and third parties. We strictly reject any form of forced and child labor.
§ 3 DEALING WITH BUSINESS PARTNERS / COMPETITORS
Business relationships are based on objective criteria, including price and quality, but also the existence of a well-established, fair cooperation. Our success is also based on a trusting relationship with our customers.
Business decisions are made in the best interests of the company only. It is important to us that our decisions are not guided by private interests. Conflicts of interest with private, other economic or other matters are to be avoided for all employees right from the start. Transparent disclosure of the conflict is a prerequisite for resolving any conflicts of interest that arise.
We can achieve successful and sustainable business deals in competition with the convincing quality and performance of our products and services. The principles of honesty and integrity must be observed in all business and social activities.
Exchanging gifts and invitations in day-to-day business is entirely legitimate as long as it does not exceed a reasonable value and frequency.
Moral behavior and fair competition are the basis for our success. We adhere to the rules of fair competition. The exchange of information on prices, price-setting factors or price components, the division of territorial and customer groups, agreements or information about delivery relationships and their conditions are not permitted among competitors. We expect our employees and our business partners to fully assume their responsibility to ensure fair competition.
§ 4 CONFIDENTIALITY AND DATA PROTECTION
Our own developments and our knowledge are of outstanding value. We protect these intangible assets because they are of considerable economic importance for the future of our company.
We respect intellectual property rights and adhere to data protection laws and regulations. When using external information technologies and software, we undertake to only use legally acquired and licensed versions.
The employee is obliged to maintain secrecy about all business and operational processes of which he has become aware through his or her work or in any other way. This also extends to business secrets or operational processes of other companies with which the employer is legally, economically or organizationally linked that became known during the term of the contract.
The operational processes include, in particular, manufacturing processes, distribution channels, customer lists, calculation bases, company software and comparable information. This also includes the employee's own observations, experiences and results. All business documents and records of business transactions are to be treated as the property of the employer and handed over to the employer at the latest when the employment relationship is terminated. The duty of confidentiality does not apply to processes and facts that are accessible to everyone and the disclosure of which is clearly without disadvantage for the employer. In case of doubt, the employee is obliged to obtain instructions from his superior or the management.
Even after the employment relationship has ended, the obligation to maintain confidentiality continues to exist, provided that this does not or only insignificantly hinder the employee's professional advancement. Should the post-contractual confidentiality obligation inappropriately hinder the employee in his professional advancement, he has a right to an exemption from this obligation against the employer.
The employee is prohibited from processing personal data without authorization (data secrecy). They are to be committed to data secrecy when starting their work. Data secrecy persists even after the activity has ended (Section 53 of the Federal Data Protection Act). The employee must protect trade secrets even after the termination of the employment relationship.
We structure our relationships with current and former employees, applicants, business partners and other groups of people in such a way that business-relevant, confidential, secret and personal data is protected. We collect, process or use personal data only insofar as this is necessary for specified, clear and legitimate purposes. The use of the data for those affected should be transparent. We maintain the right to information and correction as well as, if necessary, objection, blocking and deletion of the data.
Our employees undertake to comply with data protection regulations, statutory and operational regulations and to protect them from misuse. We undertake to adhere to an appropriate standard when securing data.
All data processing components must be secured in such a way that unauthorized internal or external use is prevented.
§ 5 CONTACT PERSON
All employees are requested to contact their line manager, the management or by email in confidence [email protected] to turn, free from fear of negative consequences.
All contact persons undertake to maintain absolute secrecy if this is requested by the person making the contact or if their protection requires this.
The United Nations Global Compact is the world's largest and most important initiative for responsible corporate governance. Based on 10 universal principles and the Sustainable Development Goals, he pursues the vision of an inclusive and sustainable world economy for the benefit of all people, communities and markets, today and in the future. We have been part of the Global Compact since 2019. The 10 principles are divided into 4 areas:
01. HUMAN RIGHTS
(1) Companies should support and respect the protection of international human rights.
(2) Businesses should ensure that they are not complicit in human rights abuses.
02. LABOR STANDARDS
(3) Companies should uphold the freedom of association and the effective recognition of the right to collective bargaining.
(4) Companies should advocate the elimination of all forms of forced labor.
(5) Companies should advocate the abolition of child labor.
(6) Companies should stand up for the elimination of discrimination in employment and gainful employment.
(7) Companies should follow the precautionary principle when dealing with environmental problems.
(8) Companies should take initiatives to promote greater environmental awareness.
(9) Businesses should accelerate the development and diffusion of environmentally friendly technologies.
04. CORRUPTION PREVENTATION
(10) Businesses should stand up against all forms of corruption, including extortion and bribery.
A. EXECUTIVE SUMMARY
1. Who is responsible for data protection law?
Responsible i. S. d. Data protection is the bb-net media GmbH, Lisbonstrasse 4 97424 Schweinfurt.
2. Are cookies and analysis tools used on the website?
Yes. Details about their purpose and options for deletion can be found in the Privacy settings for bb-net.de, and Privacy settings for shop.bb-net.de.
3. Where and for how long do we store your personal data?
For the processing operations we carry out on the website, we specify how long the data are stored by us and when they are deleted or blocked. Unless an express storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data will only be stored on servers in Germany.
4. Do we pass your data on to third parties?
No. We do not pass on your data to unauthorized third parties. However, we use external service providers as part of our processing operations and to handle our business transactions (e.g. for the areas of IT, logistics, telecommunications, sales and marketing). They only act according to our instructions and have been contractually obliged under Art. 28 GDPR to comply with data protection regulations and to take the necessary data security measures to protect your data from loss and unauthorized access at all times.
5. Is there an obligation to provide personal data?
No. We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. For you as a customer there is basically no legal or contractual obligation to provide us with your personal data. However, it may be that we are only able to provide certain offers to a limited extent or not at all if you do not provide the necessary data (e.g. orders in the web shop).
6. Who can you contact if you have any questions?
If you have any questions about data protection, please contact [email protected].
B. PRIVACY INFORMATION
See point B) 1. to 9.
B 1. General information on data protection
This data protection information applies to the processing of personal data when accessing and using the website "bb-net.de" and the web shop that can be accessed via it ("shop.bb-net.de").
The body responsible for processing your personal data within the meaning of Art. 4 No. 7 DS-GVO is bb-net media GmbH, Lisbon Str. 4 97424 Schweinfurt, e-mail: [email protected]
1.3 Data protection officer
Our company data protection officer is available to you at any time for all questions and as a contact person on the subject of data protection. His contact details are: Mr. Andreas Pohl, Pohl Consulting Team GmbH, Mengeringhäuser Str. 15, 34454 Bad Arolsen, email: [email protected]
B 2. Data processing when you visit our website
2.1 log files
(1) When you visit the website, we collect so-called access data and save this in a log file (so-called log file). This access data also includes the IP address. In addition, the log file contains the name of the website you accessed, the file accessed, the date and time of access, the amount of data transferred and notification of successful access, the browser type and version, the operating system, the so-called referrer URL (the previously visited page) and the requesting provider are saved.
(2) We collect such technical information only for the technical optimization of the website, for the purpose of the security of our technical infrastructure and so that the website is correctly displayed. Our legitimate interest in data processing also lies in these purposes. The legal basis is Article 6 Paragraph 1 lit. f) GDPR.
(3) The log files are stored on the basis of a corresponding order processing contract (Art. 28 GDPR) by the provider and operator of our web server (1 & 1 Telecommunication SE, Elgendorfer Str. 57, 56410 Montabaur. The log files are automatically saved two (2) months later Collection deleted.
(2) The data processing with the help of "necessary / essential cookies" takes place on the basis of Art. 6 Para. 1 f) GDPR, since otherwise it will not be possible to access or basic functions of the website will be restricted. The use of preference / statistics or so-called marketing cookies requires your consent and is based on Art. 6 Para. 1 a) GDPR.
2.3 Use of analysis and performance tools
(1) So-called analysis and performance tools are used on our website, with the help of which we can evaluate the user behavior of our visitors for the purpose of optimizing our services and offers on the website. With these tools z. For example, it can be examined how and where the visitors come to our site or which areas on a website are visited particularly often.
(2) The legal basis for the data processing that takes place is Art. 6 Para. 1 lit. a) GDPR, i.e. we need your prior consent to use these tools. For details about the analysis and performance tools used on the website, including their deletion options, please also refer to Privacy settings for bb-net.de, and Privacy settings for shop.bb-net.de(Statistics).
2.4 Use of Marketing Tools
Our website does not currently use any so-called marketing tools.
B 3. Web shop
3. Web store
(1) If you would like to order products via our webshop, you must first log in or register. For this we need the following personal data: first and last name, address, delivery address, billing address, e-mail address, name of the manager and the contact person. After registering, you will receive access to our customer portal (using a user name and password).
(2) We process all data exclusively to enable you (or your company's contact person) to access our web shop (login) and to be able to take, process and process the order. The legal basis for the data processing that takes place is Art. 6 Para. 1 lit. b) GDPR.
(3) We store the data collected for contract initiation (e.g. registration) and processing for the duration of the business relationship with you, but at least until the expiry of any warranty periods. After an order or an order has been carried out, the personal data will be kept for a period of five (5) years, unless you ask us to delete it beforehand. Any retention periods under tax and commercial law remain unaffected (Art. 6 Para. 1 lit. c) GDPR).
B 4. Contact area
(1) We offer a contact form on our website to answer questions to interested parties and users and to provide information about our services. The personal data collected in this way includes the email address, the name and your message / request.
(2) We store your data for a maximum period of any resulting contractual relationship with you (Art. 6 Para. 1 lit. b) GDPR). If such a contractual relationship does not exist or does not arise as a result of the request, we will delete your data no later than nine (9) months after the last contact with you.
B 5. Press mailing list & newsletter
(1) By registering for the press distribution list or for our newsletter, you will receive information about our products and services. The legal basis for processing the data collected during registration (name, email address, telephone number) is Art. 6 Para. 1 lit. a) GDPR.
(2) If you no longer want to receive the information, you can object to the receipt and the associated data processing at any time and unsubscribe accordingly without affecting the legality of the processing based on the consent until the revocation.
B 6. Application portal
Details about the type and scope of data processing in connection with an application via our website can be found separately in the Data protection information for applicants and employees.
B 7. Social media and fan pages
(1) We operate appearances on the following online platforms and networks in order to interact with potential or existing customers, to exchange ideas with interested parties and users or to advertise offers and services:
Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany
(2) We operate our websites in so-called joint (data protection) responsibility with the providers. As the controller, we process data that you share or publish directly via online platforms and networks (e.g. via comment and chat functions) in order to interact with you or to exchange ideas with you. As part of this interaction, we may also receive statistical data from the platform operators on the use of our "channels and fan pages". These include B. Information about interactions, likes, comments or summarized information and statistics (e.g. IP address; origin of the followers) that help us to find out something about the interactions with our site. The legal basis for data processing in our area of responsibility is Art. 6 Para. 1 S. 1 lit. f) GDPR.
(4) If we have personal data from you in connection with the use of the online platforms and networks, please address your concerns to us. Should you also want to assert rights against a specific provider, please contact the person responsible.
B 8. Plugins and Widgets
8.1 General information about plugins from Google
As part of the use of the following plugins on our website, Google (Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland) usually collects your IP address and thus the information that you are using the corresponding service and the corresponding Have accessed the subpage. If you are logged into Google, your data will be assigned directly to your account. Google stores usage profiles and may use them for advertising and / or market research purposes. In this respect, Google acts as the controller (Art. 26 GDPR). We have no influence on the data collected and the data processing operations. We are also not aware of the scope of the data collection, the purposes or the storage periods. You have the right to object to the creation of these user profiles, although you must contact Google to exercise this right. Further information on the purpose and scope of data collection and processing can be found in Google's data protection declarations, available at http://www.google.de/intl/de/policies/privacy. There you will also find further information on your rights in this regard and setting options to protect your privacy.
8.2 Google reCAPTCHA
We use the reCAPTCHA service from Google as part of the contact options. reCAPTCHA is used to differentiate whether an entry is made by a human or improperly by automated, machine processing (e.g. by so-called bots). Our legitimate interest in data processing also lies in these purposes. The legal basis is Article 6 Paragraph 1 lit. f) GDPR. Further information on Google reCAPTCHA and Google's data protection declaration can be found in the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/ android.html.
8.3 Google Maps
On our website we use the offer of Google Maps, with the help of which we can display interactive maps directly on the website and thereby enable the convenient use of the map function (Art. 6 Paragraph 1 lit. f) GDPR). Further information on the purpose and scope of the data collection and its processing can be found at www.google.de/intl/de/policies/privacy.
8.4 Google Translate
We use the Google Translate tool on our website to display our page content in foreign languages in order to improve the user experience for foreign language users. This also includes our legitimate interest in the processing of the above data by the third party provider. The legal basis is Art. 6 Para. 1 S. 1 lit. f) GDPR. You can find information on the purpose and scope of data collection and processing by Google in the data protection notice listed below: http://www.google.com/intl/de_de/policies/privacy/
8.5 Google Fonts and Font Awesome
8.6 Content delivery network GStatic Google Static Content and Cloudflare
We use the JivoChat chat service on our website to make it easier for us to contact our visitors. Our legitimate interest in data processing also lies in this simplified communication option. The legal basis is Article 6 Paragraph 1 lit. f) GDPR. The provider is JivoSite Inc., 525 W. Remington Drive, Sunnyvale, CA 94087, USA. The chat can be used completely anonymously and is used to advise interested parties and customers on product selection and product questions. The service provider collects and stores anonymized data for the purpose of web analysis and to operate the live chat system to answer live support inquiries. Usage profiles can be created from this anonymized data under a pseudonym.
Name, origin and industry of the visiting company, source / referrer of the visiting company, keyword, visitor behavior (pages visited, time of visit, duration of visit). No cookies or similar files are stored on the website visitors' end devices. Further information can be found on the website of the web analysis system https://www.salesviewer.com/de/datenschutz.
C. YOUR RIGHTS
You have the right to request confirmation from us at any time as to whether we are processing your personal data and the right to information about this personal data. In addition, you have the right to correct, delete and restrict data processing, as well as the right to object to the processing of personal data at any time, or to revoke your consent to data processing at any time or to request data transfer. Please send all information requests, requests for information, revocations or objections to data processing by email [email protected]. In addition, you have the right to complain to a supervisory authority in the event of data protection violations.
Notes on the special right of objection
You also have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you, which, among other things, is based on Art. 6 Para. e) or f) DS-GVO takes place, to lodge an objection according to Art. 1 DS-GVO. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims. If you would like to make use of your right of objection, an email to will also suffice [email protected].
In accordance with the requirements of Art. 13 and 14 GDPR, we hereby inform you about the processing of personal data and your rights in this regard. Which data is processed in detail and how it is used depends largely on the requested or contractually agreed services.
1. Who is responsible for processing your personal data and who can you contact?
Responsible for data processing is:
bb-net media GmbH
Lisbon Street 4th
T +49 9721/64 694 - 0
E-mail: [email protected]
You can contact our data protection officer at the following address:
Andreas Pohl i. H. Pohl Consulting Team GmbH
Mengeringhauser Strasse 15
34454 Bad Arolsen, Germany
T + 49 5691 8900 501
E-mail: [email protected]
2. What data do we use and how do we collect it?
With regard to business initiation and the subsequent processing of the business relationship, we process data from our business partners or their contact persons that we have received directly from them or other authorized third parties (e.g. to fulfill contracts or based on consent given). On the other hand, we process data in this regard that we obtain from publicly accessible sources (e.g. commercial register). The processed data categories are as follows:
- Personal / contact details (e.g. first name, surname, gender, company form, telephone numbers, fax, email
- Communication data in connection with the correspondence (e-mails, correspondence)
Customers, suppliers, service providers:
- Personal / contact data (e.g. first name, surname, gender, company form, telephone numbers, fax, e-mail)
- Contract and billing data (e.g. bank details, ordered goods & services, billing data)
- Tax identification numbers
- Communication data in connection with the correspondence (e-mails, correspondence)
- Credit ratings
3. For what purposes and on what legal basis are your data processed?
The data processing by bb-net media GmbH takes place for the performance of your business tasks in compliance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other relevant laws (e.g. HGB, AO, etc.)
3.1 On the basis of consent in accordance with Art. 6 Para. 1 lit. a GDPR
If you have given us your consent to the processing of personal data for specific purposes (e.g. for newsletters), the legality of this processing is given on the basis of your consent. Consent given can be withdrawn at any time with future effect. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force. Please note that the revocation will only take effect in the future; processing that took place before the revocation is not affected.
3.2 For the implementation / fulfillment of a contract or for pre-contractual measures in accordance with Art. 6 Para. 1 lit. b GDPR
The processing of personal data takes place to fulfill contracts with our customers, suppliers and service providers. This also includes the implementation of pre-contractual measures at the request of the business partner.
3.3 In the context of a weighing of interests in accordance with Art. 6 Para. 1 lit. f GDPR
If necessary, we process your data beyond the actual fulfillment of the contract to safeguard our legitimate interests or those of third parties. These are for example:
- Assertion of legal claims and defense in legal disputes
- internal administrative purposes of bb-net media GmbH
- Guarantee of IT security and IT operations
- Building security measures, property and theft protection through access control and video recording
- Advertising, insofar as you have consented to the use of your data
- Examination and optimization of procedures for direct customer contact
- Data retrieval and transmission from credit agencies for credit checks
3.4 Due to legal requirements according to Art. 6 Para. 1 lit. c GDPR or in the public interest in accordance with Art. 6 Para. 1 lit. e GDPR
In addition, we are subject to various legal obligations to meet legal requirements (e.g. tax and commercial regulations), which make processing personal data necessary.
4. Who will get your data?
Within our company, only those departments and persons have access to your data who need it to fulfill our contractual and legal obligations or the above-mentioned purposes. Service providers and vicarious agents used by us can also receive data for this purpose.
Data will only be passed on outside the company if this is necessary for the aforementioned purposes, if there are legal obligations or if you have given your consent. All recipients are obliged on their part to comply with data protection.
Under these conditions, recipients of personal data can be:
- Public bodies and institutions (e.g. tax authorities) if there is a legal or official obligation,
- Processors to whom we transmit personal data in order to carry out the business relationship with you (e.g. payment transactions, accounting),
- those positions for which you have given us your consent to the transfer of data,
- Credit bureaus for credit checks,
- Logistics service provider,
- Lawyers and insurance companies for claims settlement and assertion of claims.
There is basically no transfer to recipients in countries outside the EU or the EEA (so-called third countries). If, in individual cases, data should be transferred to third countries, this is either necessary for the performance of the contract, takes place in the context of order processing, is required by law or is based on consent that you have given us.
If service providers are used in third countries, the transfer generally only takes place if the EU Commission has confirmed an adequate level of data protection in the third country or other appropriate data protection guarantees within the meaning of Art. 44 ff ) available.
5. How long will your data be stored?
We process and store your personal data for as long as it is necessary to fulfill the purposes mentioned in section 3. It should be noted that many of our business relationships are long-term. If the data are no longer required for the fulfillment of contractual or legal obligations, they must be deleted regularly, unless their temporary further processing is necessary for the following purposes:
- Fulfillment of commercial and tax retention periods, e.g. according to the German Commercial Code (HGB) or Tax Code (AO). The deadlines specified there are up to 10 years.
- Preservation of evidence within the framework of statute of limitations (e.g. §§ 195 ff. BGB). The storage period is usually 3 years, in certain cases it can be up to 30 years.
6. What data protection rights do you have?
Every data subject has the right to:
- Information according to Art. 15 GDPR
- Correction according to Art. 16 GDPR
- Deletion according to Art. 17 GDPR
- Restriction of processing according to Art. 18 GDPR
- Data portability according to Art. 20 GDPR
- Objection from Art. 21 GDPR
The restrictions according to Sections 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right of appeal to the responsible data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.
7. Is there an obligation on your part to provide data?
The provision of personal data for the establishment, implementation, fulfillment of a contract or for the implementation of pre-contractual measures is usually not required by law or by contract.
You are therefore not obliged to provide information about personal data. Please note, however, that these are usually required for the decision on the conclusion of a contract, the performance of the contract or for pre-contractual measures.
If you do not provide us with any personal data, we may not be able to make a decision within the framework of contractual measures. We always recommend only providing personal data that is necessary for the conclusion of the contract, the performance of the contract or pre-contractual measures.
8. Is there automatic decision-making (including profiling)?
We do not use automatic decision-making in accordance with Art. 22 GDPR to establish, implement and terminate the business relationship. There is also no profiling.
This data protection information informs you about the processing of personal data at bb-net media GmbH (hereinafter bb-net). Personal data belong to Art. 4 No. 1 GDPR all information that can be related to a natural person, in particular by means of assignment to an identifier such as a name or a personnel number with which your person can be identified. bb-net processes personal data exclusively for a specific purpose and in good faith in accordance with the applicable data protection regulations.
* For the sake of better readability, the feminine and masculine names are not used. As far as neutral or masculine terms are used, all employees are to be understood, regardless of gender.
1. Name and contact details of the person responsible
bb-net media GmbH
Represented by managing director Michael Bleicher
Lisbon Street 4th
Tel: + 49 (0) 9721 6469 40
E-mail: [email protected]
2. Name and contact details of the data protection officer
Pohl Consulting Team GmbH
Mengeringhauser Strasse 15
34454 Bad Arolsen, Germany
E-mail: [email protected]
3. Legal basis for the processing of personal data
The legal bases for the processing of personal data at bb-net are:
- 6 para. 1 (a) GDPR - processing with the consent of the data subject,
- 6 Para. 1 (b) GDPR - processing for pre-contractual and contractual purposes,
- 6 para. 1 (c) GDPR - processing for the fulfillment of legal obligations,
- 6 Para. 1 (f) GDPR - processing in order to safeguard the legitimate interests of bb-net or a third party, unless the protection of interests, fundamental rights and freedoms of those affected prevail,
- 88 GDPR in conjunction with Section 26 BDSG - processing for the purposes of the employment relationship.
4. Purposes of the collection and processing
bb-net collects, processes and uses personal data:
- for the purpose of implementing employment and other contractual relationships,
- for purposes permissible in the context of our business activities as well as safeguarding related legitimate interests, e.g. B. in connection with the initiation of an employment contract, a business relationship or an interested party,
- within the scope of fulfilling legal requirements and obligations to cooperate.
Processing of personal data for purposes other than those mentioned above does not take place. Before processing personal data for purposes other than those mentioned above, bb-net will inform you about this processing and, if necessary, obtain your consent.
For the purposes mentioned above, z. B. in detail include:
- Processing of applications,
- Initiation, implementation and termination of an employment or other Contractual relationship,
- Acquisition of customer orders,
- Order fulfillment, needs assessment,
- Advertising for our own service portfolio,
- Detection of possible breaches of contract or criminal offenses,
- Performance determination and performance management,
- Payroll, invoicing, billing and payment transactions, garnishments,
- Personnel administration, personnel planning, personnel management, personnel development and training,
- Occupational safety and medicine,
- Compliance with legal requirements, e.g. B. according to labor law, tax law and social security law principles and legal obligations to cooperate,
- Processing of leases,
- Applying for benefits from employment subsidies,
- internal administrative, organizational and statistical purposes, quality assurance,
- Ensuring the security and protection of processing methods and data against unauthorized access, falsification and unauthorized use,
- Protecting the company's facilities, equipment and assets from theft and other damage.
5. Personal information and personal data
bb-net collects and processes personal data and personal information for the above-mentioned purposes. The collection and processing takes place in strict compliance with the principles of data economy and purpose limitation. The provision of the data by the person concerned is voluntary outside of existing contractual relationships or resulting legal obligations. Even in employment contracts, data can be collected on a voluntary basis and forwarded with the consent of the person concerned. The data are processed both in paper format and in digital form.
These data include in particular:
- all types of master data (name, academic title, address, date and place of birth, gender, personnel number, etc.),
- Marital status, children, spouse, heirs, believers, religious affiliation and nationality,
- Applicant data (application, curriculum vitae, certificates, evidence of school and vocational training, evidence of other educational qualifications, references, picture),
- all types of contract data (e.g. type of employment, degree of employment, start / end of employment, conditions and performance fees, bank details, etc.),
- Organizational data (e.g. job title, position, superior, location, management level, etc.),
- Wage and wage payment data (e.g. wage accounting data, bank details, information on social security, information on wage garnishment, etc.),
- Performance data (e.g. assessments, competence assessments, potential assessments, evaluation data for the Structogram test, wage determination data, information on work performance, information on participation in training measures within the scope of the employment relationship, etc.),
- Business contact and communication data including social media contact details,
- Profile data, certifications, information on school and vocational training, completed training courses for further education and training and for qualifications and other qualifications, such as first aid, disaster relief, fire and evacuation aid,
- Working hours, absenteeism, vacation, reasons for absenteeism, travel and travel times, leave of absence (paid, unpaid, maternity and parental leave),
- Permissions such as B. Access rights and access rights to IT systems,
- IT log data, such as B. on the operation and use of communication and data processing equipment, procedures and systems as well as records from the video surveillance system,
- Data on material resources issued and company property used by those affected,
- Information on dunning and bankruptcy procedures,
- personal data from e-mail and correspondence, out-of-office notes,
- History data,
- Data on residence status, work permit, registration status with employment agencies or agencies that are involved in the implementation of the basic security according to SGB II are instructed, customer number of the employment agency, community number, insurance numbers,
- Copies of identity card, registration documents, ID card for the severely handicapped, driver's license,
- Information on hospital stays,
- Information on health and corporate integration management, severely disabled status and other work-related health data.
6. Duration of storage
Personal data will only be stored by bb-net as long as knowledge of the data is necessary for the aforementioned purposes for which it was collected or legal or contractual retention requirements exist.
Different statutory retention periods result from tax law, labor law and social security law regulations. If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their temporary further processing is necessary for legal reasons.
7. Transmission of personal information and personal data
- Personal data are only transmitted or disclosed by bb-net to external bodies insofar as there is permission to do so in accordance with data protection regulations.This is the case when:
- the transmission is prescribed by a legal norm,
- the transmission serves to fulfill a contractual relationship,
- bb-net has a legitimate interest within the meaning of the aforementioned purposes and the transmission is permissible in accordance with data protection regulations,
- the consent of the person concerned has been obtained beforehand.
The recipients of the personal data can include: B. include:
- Clients, customers and interested parties,
- Agents and contractors who provide a service for bb-net (e.g. data processing tasks in external data centers, payroll tax office, Lessor),
- Authorities (e.g. tax and social security authorities, employment agencies, providers of basic security according to SGB II) and insurance companies,
- Legal representatives, courts,
- Education and training providers,
- Insurance companies,
- Banks, auditors,
- Creditor, third party debtor.
If bb-net sends personal data to agents, authorities, service providers or clients /-This is done exclusively within the framework of order processing contracts.
Should consent or separate notification of the person concerned be required for the transmission of personal data, bb-net will obtain consent beforehand or inform the person concerned about it in good time.
If data is transferred to third countries or is disclosed to bodies in third countries, additional requirements are observed. In accordance with these regulations, a contract prescribed by the GDPR is concluded between bb-net and the processing agency in accordance with the EU standard contractual clauses.
8. Your privacy rights
Every data subject has the right to:
- Information according to Art. 15 GDPR,
- Correction according to Art. 16 GDPR,
- Deletion according to Art. 17 GDPR,
- Restriction of processing according to Art. 18 GDPR,
- Data portability according to Art. 20 GDPR,
- Objection according to Art. 21 GDPR.
The restrictions according to Sections 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right of appeal to a data protection supervisory authority in accordance with. Art. 77 GDPR in conjunction with Section 19 BDSG.
You can revoke your consent to the processing of personal data at any time by contacting the person responsible. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force. You can revoke your consent at any time with future effect. Processing that took place before the revocation is therefore not affected by the revocation.
You can send us all rights by email at [email protected] or use the contact details given in the "Responsible" section.
bb-net Media GmbH (hereinafter also “bb-net”) undertakes to comply with data protection laws within the framework of its social responsibility. This data protection guideline applies to bb-net in relation to the basic principles of data protection. Maintaining data protection is a basis for trusting business relationships for bb-net in its properties as an employer and as a partner for its business partners.
The data protection guideline creates one of the necessary framework conditions for the transmission of data between bb-net, customers, interested parties and other business partners. It guarantees the appropriate level of data protection required by the European data protection guidelines and national laws.
Exclusively for reasons of better readability, the respective proper use of male, female or various forms of language is not used. The male form of speech used here is representative of the female or diverse gender. The same applies to the female form, it also applies as a proxy for the male or diverse sex, also applies to the diverse sex, it also applies as a proxy for the male or female sex.
This data protection guideline applies to bb-net. The data protection guideline extends to all processing of personal data. Anonymized data, e.g. B. for statistical evaluations or investigations, are not subject to this data protection guideline. The latest version of the data protection guidelines can be requested from bb-net.
3. Application of state law
This data protection guideline contains the European General Data Protection Regulation without replacing existing state law. It supplements the respective national data protection law. The respective state law takes precedence if it requires deviations from this guideline or if it makes further requirements.
4. Principles for the processing of personal data
When processing personal data, the personal rights of the person concerned must be protected. Personal data must be collected and processed in a lawful manner.
The processing of personal data may only take place for the purposes that were specified before the data was collected. Subsequent changes to the purposes are only possible to a limited extent and require justification.
The person concerned must be informed about the handling of their data. In principle, personal data must be collected from the person concerned. When collecting the data, the data subject must be able to recognize at least the following or be informed accordingly about:
- the identity of the responsible body,
- the purpose of the data processing,
- Third parties or categories of third parties to whom the data may be transmitted.
4.4 Data avoidance and data economy
Before processing personal data, it must be checked whether and to what extent this is necessary to achieve the intended purpose of processing. Personal data may not be retained for potential future purposes unless required or permitted by state law.
Personal data that are no longer required after the statutory or business process-related retention periods have expired must be deleted. If there are indications of legitimate interests in this data in individual cases, the data must remain stored until the legitimate interest has been legally clarified and checked by bb-net.
Personal data must be stored correctly, completely and - if necessary - up to date. Appropriate measures must be taken to ensure that inapplicable, incomplete or out of date data is deleted, corrected, supplemented or updated.
Data secrecy applies to personal data. They must be treated confidentially in personal dealings and secured by appropriate technical and organizational measures against unauthorized access, unlawful processing or disclosure, as well as accidental loss, modification or destruction.
5. Admissibility of data processing
The collection, processing and use of personal data is only permitted if one of the following permissions is given. Such a permit is also required if the purpose for the collection, processing and use of personal data is to be changed from the original purpose.
5.1.1 Data processing during initiation, conclusion and contract termination
Personal data of the interested parties, customers, partners or business partners concerned may be processed to justify, execute and terminate a contract. This also includes looking after the contractual partner, provided this is related to the purpose of the contract. In the run-up to a contract - i.e. in the contract initiation phase - the processing of personal data for the preparation of offers, the preparation of purchase or service contracts or to fulfill other wishes of the interested party aimed at concluding a contract is permitted. Interested parties may be contacted during the contract initiation using the data they have provided. Any restrictions expressed by the interested party must be observed.
5.1.2 Data processing for advertising purposes
Customer loyalty or advertising measures require additional legal requirements. The processing of personal data for advertising purposes is permitted, provided this is compatible with the purpose for which the data was originally collected. The data subject is to be informed about the use of his data for advertising purposes. If data is collected exclusively for advertising purposes, it is voluntary by the person concerned. The data subject should be informed about the voluntary nature of the provision of data for these purposes. As part of the communication with the data subject, the data subject's consent to the processing of their data for advertising purposes should be obtained. The data subject should be able to choose between the available contact channels such as electronic mail and telephone within the scope of the consent (consent).
5.1.3 Consent to data processing
Data processing can take place on the basis of the consent of the person concerned. Before giving consent, according to 4.3. of this data protection guideline. For reasons of evidence, the declaration of consent must be obtained in writing or electronically. Under certain circumstances, e.g. B. in the case of advice over the phone, consent can also be given orally. Their issuance must be documented.
5.1.4 Data processing based on legal permission
The processing of personal data is also permitted if state legal requirements require, require or permit data processing. The type and scope of the data processing must be necessary for the legally permissible data processing and are based on these legal provisions.
5.1.5 Data processing based on legitimate interest
The processing of personal data can also take place if this is necessary for the realization of a legitimate interest of bb-net. Legitimate interests are usually legal (e.g. enforcement of outstanding claims) or economic (e.g. avoidance of contractual disruptions) facts. A processing of personal data on the basis of a legitimate interest may not take place if there is an indication in individual cases that the interests of the data subject worthy of protection outweigh the interest in the processing. The interests worthy of protection must be checked for each processing.
5.1.6 Processing of particularly sensitive data
The processing of particularly sensitive personal data may only take place if this is required by law or if the person concerned has expressly consented. The processing of this data is also permissible if it is absolutely necessary in order to assert, exercise or defend legal claims against the person concerned. If the processing of particularly sensitive data is planned, the data protection officer must be informed in advance.
5.1.7 User data and internet
If personal data is collected, processed and used on websites or in apps, those affected must be informed of this in data protection notices and, if applicable, cookie notices. The data protection notices and, if applicable, cookie notices must be integrated in such a way that they are easily recognizable, directly accessible and constantly available for those affected. If usage profiles are created to evaluate the usage behavior of websites and apps (tracking), those affected must be informed about this in the data protection information. Personal tracking may only take place if national law allows this or if the person concerned has consented. If the tracking takes place under a pseudonym, the data subject should be given an option to object in the data protection notice (opt-out). If access to personal data is enabled on websites or apps in an area that is subject to registration, the identification and authentication of those affected must be designed in such a way that appropriate protection is achieved for the respective access.
5.2.1 Data processing for the employment relationship
For the employment relationship, the personal data that are required for the establishment, implementation and termination of the employment contract may be processed. When initiating an employment relationship, applicants' personal data may be processed. After rejection, the applicant's data must be deleted taking into account the deadlines for evidence, unless the applicant has consented to further storage for a later selection process. In the existing employment relationship, data processing must always be related to the purpose of the employment contract, unless one of the following permissions for data processing apply.
If it is necessary to collect further information about the applicant from a third party during the initiation of the employment relationship or in the existing employment relationship, the respective national legal requirements must be taken into account. In case of doubt, the consent of the person concerned must be obtained.
For the processing of personal data that are in the context of the employment relationship, but not originally used to fulfill the employment contract, there must be a legal legitimation. These can be legal requirements or the consent of the employee or the legitimate interests of the company.
5.2.2 Data processing based on legal permission
The processing of personal employee data is also permitted if state legal provisions require, require or permit data processing. The type and scope of the data processing must be necessary for the legally permissible data processing and are based on these legal provisions. If there is legal scope for action, the interests of the employee that are worthy of protection must be taken into account.
5.2.3 Consent to data processing
Processing of employee data can take place on the basis of the consent of the person concerned. Declarations of consent must be given voluntarily. Involuntary consent is ineffective. For reasons of evidence, the declaration of consent must be obtained in writing or electronically. If the circumstances do not permit this, the consent can be given orally. In any case, their issuance must be properly documented. In the case of an informed, voluntary disclosure of data by the person concerned, consent can be assumed if national law does not require explicit consent. Before giving consent, according to 4.3. of this data protection guideline.
5.2.4 Data processing based on legitimate interest
The processing of personal employee data can also take place if this is necessary for the realization of a legitimate interest of bb-net. Legitimate interests are usually justified legally (e.g. the assertion, exercise or defense of legal claims) or economically (e.g. evaluation of employees).
Processing of personal data on the basis of a legitimate interest may not take place if there is an indication in individual cases that the employee's interests worthy of protection outweigh the interest in processing. The existence of legitimate interests must be checked for each processing. Control measures that require the processing of employee data may only be carried out if there is a legal obligation to do so or if there is a justified reason. Even if there is a justified cause, the proportionality of the control measure must be checked. The company's legitimate interests in carrying out the control measure (e.g. compliance with legal provisions and internal company rules) must be weighed against a possible legitimate interest of the employee affected by the measure in excluding the measure and may only be carried out if they are appropriate . The legitimate interests of the company and the possible legitimate interests of the employees must be determined and documented before any action is taken. In addition, other requirements that exist under national law (e.g. information rights of those affected) must be taken into account.
5.2.5 Processing of particularly sensitive data
Particularly sensitive personal data may only be processed under certain conditions. Data that are particularly worthy of protection are data on the racial and ethnic origin, political opinions, religious or philosophical convictions, trade union membership or the health or sex life of the person concerned. Due to state law, other data categories can be classified as particularly worthy of protection or the content of the data categories can be filled out differently. Likewise, data relating to criminal offenses may often only be processed under special conditions established by state law. The processing must be expressly permitted or prescribed by state law. In addition, processing may be permitted if it is necessary so that the responsible body can meet its rights and obligations in the field of labor law. The employee can also voluntarily expressly consent to the processing. If the processing of particularly sensitive data is planned, the data protection officer must be informed in advance.
5.2.6 Telecommunications and the Internet
Telephone systems, e-mail addresses, intranet and internet as well as internal social networks are primarily made available by the company as part of the operational tasks. They are work equipment and company resource. They may be used within the framework of the applicable legal provisions and internal company guidelines.
Private use is excluded and prohibited in any case.
For security reasons, the use of telephone systems, e-mail addresses and the Internet can be logged for a limited period of time. Personal evaluations of this data may only be carried out in the event of a concrete, justified suspicion of a violation of laws or guidelines of bb-net. These controls may only be carried out by the investigating areas in compliance with the principle of proportionality and by the control of the data protection officer. The respective national laws must be observed.
6. Transmission of personal data
Order processing is when a contractor is commissioned to process personal data without being assigned responsibility for the associated business process. In these cases, an agreement on order processing must be concluded with external contractors. The commissioning company retains responsibility for the correct implementation of the data processing.
The contractor may only process personal data in accordance with the instructions of the client. When placing the order, the following requirements must be observed; the commissioning department must ensure their implementation.
- The contractor is to be selected according to his suitability to ensure the necessary technical and organizational protective measures. The contractor has the security acc. Art. 28 para. 3 lit. c, 32 GDPR, in particular in connection with Art. 5 Paragraph 1, Paragraph 2 GDPR.
- The order must be placed in text form. The instructions for data processing and the responsibilities of the client and the contractor must be documented.
- The contractual standards provided by the data protection officer must be observed.
- The client must convince himself of the compliance with the obligations of the contractor before starting the data processing. A contractor can prove compliance with the data security requirements, in particular by submitting a suitable certification. Depending on the risk of data processing, the control may have to be repeated regularly during the contract period.
- At numerous points of the GDPR there are independent data protection obligations, which are also directed at the processor.
- 27 para. 1 GDPR: The duty to appoint a "representative" also applies to the processor.
- 30 para. 2 GDPR: The processor is obliged to keep procedural directories.
- 31 GDPR: The duty to cooperate with the data protection supervisory authority also applies to the processor.
- 32 Para. 1 GDPR: The obligation to take technical and organizational data security measures also applies to the processor.
- 37 para. 1 GDPR: The duty to appoint a company data protection officer also applies to the processor.
- 44 GDPR: The processors must also observe the restrictions on data transfer to third countries.
7. Data processing on behalf
A transmission of personal data to recipients outside of bb-net or to recipients within the company is subject to the admissibility requirements for processing personal data under Section 5. The recipient of the data must be obliged to use them only for the specified purposes.
In the case of data transfer from third parties to bb-net, it must be ensured that the data can be used for the intended purposes.
8. Rights of the person concerned
Everyone concerned can exercise the following rights. Your assertion must be processed immediately by the responsible department and must not lead to any disadvantages for the person concerned. Please note the following:
- Name and contact details of the person responsible (possibly also the representative)
- Contact details of the data protection officer
- Purpose and legal basis of processing
- Legitimate interests (for processing according to Art. 6 GDPR)
- Recipients or categories of recipients
- Transmission to third countries or to international organizations
- Duration of storage
- Existence of a right to information, correction, deletion, restriction, objection and data portability
- Existence of the right to withdraw consent
- Existence of a right of appeal to a supervisory authority
- Information on whether the provision of the data is required by law or contract or is necessary for the conclusion of a contract and possible consequences of failure to provide it
- Existence of automated decision-making including profiling
- Information about a possible change in the purpose of data processing
- Purposes of data processing
- Categories of data
- Recipients or categories of recipients
- Duration of storage
- Right to correction, deletion and objection
- Right of appeal to a supervisory authority
- Origin of the data (if not collected from data subjects)
- Existence of automated decision-making including profiling
- Transmission to a third country or to an international organization
always exists when
- the storage of the data is no longer necessary,
- the data subject has withdrawn his consent to data processing,
- the data has been processed unlawfully,
- there is a legal obligation to delete according to EU or national law.
9. Processing confidentiality
Personal data are subject to data secrecy. Employees are prohibited from unauthorized collection, processing or use. Any processing that an employee undertakes without being entrusted with it in the context of the performance of his or her tasks and being appropriately authorized is unauthorized. The need-to-know principle applies: Employees may only have access to personal data if and to the extent that this is necessary for their respective tasks. This requires the careful division and separation of roles and responsibilities as well as their implementation and maintenance within the framework of authorization concepts.
Employees may not use personal data for their own private or commercial purposes, transmit it to unauthorized persons or make them accessible in any other way. Superiors must inform their employees about the obligation to maintain data secrecy at the beginning of the employment relationship. This obligation continues even after the employment relationship has ended.
10. Security of processing
Personal data must be protected at all times against unauthorized access, unlawful processing or disclosure, as well as against loss, falsification or destruction. This applies regardless of whether the data is processed electronically or in paper form. Before introducing new data processing procedures, especially new IT systems, technical and organizational measures to protect personal data must be defined and implemented. These measures must be based on the state of the art, the risks arising from processing and the protection requirements of the data. The responsible department can, in particular, consult the data protection officer. The technical and organizational measures to protect personal data are part of information security management and must be continuously adapted to technical developments and organizational changes.
11. Data protection control
Compliance with the guidelines on data protection and the applicable data protection laws must be checked regularly through data protection audits and other controls. Implementation is the responsibility of the data protection officer and other corporate areas with audit rights.
The results of the data protection controls must be communicated to the data protection officer. The management is to be informed about essential results. The competent data protection supervisory authority can also carry out its own controls of compliance with the provisions of this guideline within the scope of the powers it is entitled to under state law.
12. Data protection incidents
Every employee should immediately report cases of violations of this data protection guideline or other regulations for the protection of personal data to the data protection officer. The manager responsible for the function or the unit is obliged to inform the responsible data protection officer immediately about data protection incidents.
In cases of:
- unlawful transfer of personal data to third parties,
- unlawful access by third parties to personal data or
- a loss of personal data
The notifications provided for in the company must be made immediately so that existing reporting obligations of data protection incidents can be fulfilled under national law.
13. Responsibilities and penalties
The management is responsible for data processing. It is therefore obliged to ensure that the statutory data protection requirements and those contained in the data protection guideline are taken into account (e.g. national reporting obligations). It is a management task of the manager to use organizational, personnel and technical measures to ensure proper data processing in compliance with data protection. The implementation of these requirements is the responsibility of the responsible employees. In the event of data protection controls by authorities, the data protection officer must be informed immediately.
The management is obliged to support the data protection officer in his work. Those responsible for business processes and projects must inform the data protection officer in good time about new processing of personal data. In the case of data processing projects that may result in particular risks for the personal rights of those affected, the data protection officer must be involved before the processing begins. This applies in particular to particularly sensitive personal data. Managers must ensure that their employees are trained in data protection to the extent necessary. Improper processing of personal data or other violations of data protection law are also prosecuted in many countries and can result in claims for damages. Violations for which individual employees are responsible can lead to sanctions under labor law.
14. Data Protection Officer
The data protection officer, as a body that is not subject to specific instructions, works towards compliance with national and international data protection regulations. He is responsible for data protection guidelines and monitors compliance with them. The data protection officer was appointed by the management of bb-net.
Anyone affected can contact the data protection officer with suggestions, inquiries, requests for information or complaints in connection with questions about data protection or data security. Inquiries and complaints will be treated confidentially on request.
If the responsible data protection officer cannot remedy a complaint or prevent a violation of data protection guidelines, the management must be taken into account to remedy the data protection violation.
Inquiries from supervisory authorities must always be brought to the attention of the data protection officer. The data protection officer can be reached as follows:
Pohl Consulting Team GmbH
Data protection officer
Mengeringhäuser Strasse 15
34454 Bad Arolsen, Germany
T + 49 5691 8900 501
E-Mail: [email protected]
2. Principles for the processing of personal data (Art. 5 GDPR)
- Legality and Transparency:
In order to protect the personal rights of the person concerned, personal data must be processed in a lawful manner, in good faith and in a manner that is understandable for the person concerned. Affected parties are to be informed about the handling of their personal data. In addition, it must be clear how useful the data collected and how it is processed is.
With the processing of personal data, only those purposes may be pursued that were explicitly defined before the data was collected. The purposes emerge from the respective underlying work instructions and must be noted by the employee before the first processing begins.
- Data minimization:
Personal data must be appropriate for the purpose and limited to what is necessary for processing. Only those personal data are to be recorded and processed which are necessary for the work step. The respective specifications can be found in the work instructions.
Personal data must be factually correct and up to date. Incorrect data must be deleted or corrected immediately using appropriate measures.
- Storage limit:
Personal data must be stored in such a way that the identification of the data subjects is only possible for as long as is necessary for the required duration of the processing purposes. A longer storage is possible if the personal data is protected by suitable technical or organizational measures.
- Integrity and Confidentiality:
Personal data must be treated confidentially and processed in such a way that appropriate data security can be guaranteed. Appropriate technical measures must be taken to protect the data from unauthorized access, unlawful processing or modification, and accidental loss or destruction.
3. Legality of processing (Art. 6 GDPR)
The collection, processing and use of personal data may only take place if one of the following conditions is met:
- Consent to data processing by those affected
- Data processing for a contractual relationship
- Data processing to fulfill a legal obligation
- Data processing based on legitimate interest
- Data processing to protect the vital interests of the data subject or another natural person
- Data processing employment relationship according to §26 BDSG-new
4. Transmission of personal data
Personal data may only be transmitted to recipients inside and outside the company if one of the requirements of Section III is fulfilled. Furthermore, the recipient must be obliged to use the data only for the specified purposes.
5. Order data processing (Art. 28 f. GDPR)
If a contractor is commissioned with the collection, processing or use of personal data by the responsible body (bb-net), this is an order data processing. This is done on the basis of a contract. The processor may only process the personal data on the instructions of the controller.
6. Rights of the data subject (Art. 16 ff. GDPR)
The person affected by data processing has various rights that must be protected. At the request of the person concerned, their assertion must be processed immediately by the responsible department.
- The data subject can request information about which personal data is being processed for which purpose.
- The person concerned can request a correction or completion of personal data.
- The data subject can request the deletion of his or her data if the basis for processing the data does not exist or no longer exists.
- The data subject can request the restriction of processing if the accuracy of the data is disputed or the processing is unlawful.
7. Data protection incidents
Violations of the data protection guideline must be reported to the respective supervisor.
In the event of a violation of the protection of personal data, the relevant is
Follow work instructions. There is a breach of security if:
- personal data are unlawfully transmitted to third parties.
- personal data are unlawfully destroyed or changed.
- Third parties gain unlawful access to personal data.
Information about the implementation of the legal requirements of the
EU General Data Protection Regulation by bb-net
Here you can find out what bb-net media GmbH is doing for you in terms of data protection, how we have implemented the requirements of the new EU General Data Protection Regulation and which processes and documentation we have available for you.
1. How have we implemented the requirements of the EU data protection regulation?
bb-net takes the handling of personal data of customers and interested parties very seriously. In cooperation with an external data protection specialist and a law firm, all areas in connection with personal data in the company and on the digital platforms provided were carefully checked. For all processes in which data is stored or processed,
technical and organizational measures were taken to secure them. In the event that data was passed on to third parties, all recipients were checked and all possible measures were taken to rule out improper processing of the data. Below you will find all information and the exact storage location for all necessary documents on the subject of data protection in our company.
3. Our data protection information for our customers
4. Where can I find information about data processing on the bb-net website?
5. Our technical and organizational measures on the subject of data security
In accordance with Art. 32 of the GDPR, comprehensive measures have been taken to secure your data in cooperation with our external data protection officer and a specialist lawyer. You can find the detailed measures in our TOMS ...
6. On what basis do we pass on data?
Based on the evaluation of our processing activities, we pass on the data on the following bases:
- Individual contract, ie order data processing contracts both as contractor or client
- Legal basis
- Contractual relationships
- EU standard contractual clauses
7. What are your rights?
You have the right to request confirmation at any time as to whether we are processing personal data and the right to information about this personal data. In addition, you have the right to correct, delete and restrict data processing, as well as the right to object to the processing of personal data at any time, or to revoke your consent to data processing at any time or to request data transfer. In addition, you have the right to complain to a supervisory authority in the event of data protection violations.
8. Do you have any questions?
Please send us an email to: [email protected]
In order to protect the rights and freedoms of natural persons with regard to the processing of personal data, it is necessary that suitable technical and organizational measures are taken and the requirements of this Ordinance are thus met. In order to be able to prove compliance with the regulation, the contractor defines internal strategies and takes measures which, in particular, satisfy the principles of data protection by technology and data protection by default.
The use of the security systems intrusion alarm system (EMA) with integrated access control, fire alarm system and video surveillance is intended to protect the property boundary, ward off intruders and avoid sabotage, espionage and inventory differences.
For this purpose, fixed doors leading to the outside are provided with opening and closing contacts. In addition, there is trap-like surveillance inside with motion detectors for certain areas in order to detect and report unauthorized access via windows and skylights or the trapping of people. In all other phases, the recording is only dependent on movement. Images are only recorded on the hard drives of the digital video system when there is movement in the image or by the moving cameras.
The intrusion alarm system is activated or deactivated via a reader using a transponder. This ensures that only authorized persons can operate. Inevitability is guaranteed and only in connection with the securing of all external doors to lock and open. Inevitability means taking measures to counter false alarms caused by incorrect operation. In this concept, the alarm is transmitted to a constantly manned control center and to selected people's smartphones.
In the case of demands from insurers or auditors for equipment according to the guidelines according to VdS, LKA or DIN 0833, inevitability and an alarm transmission to a constantly manned control center is essential. Fixed video cameras at fixed points that can be viewed and controlled via the factory network are used for outdoor area monitoring and verification of the alarm. The video images are recorded outside of business hours. Due to data protection regulations, access is only password-protected and in accordance with the specifications of the data protection officer. The camera network itself is set up as a separate unit in order to avoid constant stress on the factory network.
The technical and organizational measures are subject to technical progress and further development. The state of the art, the implementation costs, the type, scope and purposes of the processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons within the meaning of Art. 32 GDPR must be taken into account. Significant changes must be documented. Overall, these are data security measures and to ensure a level of protection appropriate to the risk in terms of confidentiality, integrity, availability and resilience of the systems, which are suitable depending on the type of personal data or data categories to be protected. To meet the legal requirements, the client implements this agreement in his area of influence as follows:
1. Confidentiality (Art. 32 Para. 1 lit. b GDPR)
1.1 Access control
Not to provide unauthorized physical access to data processing systems such as server rooms, network cabling or work rooms in which workstation computers are located. The contractor shall ensure that neither entry, insight nor possible access can be obtained.
The contractor has taken the following measures:
- Key management with documentation of key allocation
- Burglar alarm system according to VDS standard
- Visitor and personal control
- Video surveillance of the company premises
- Door security of the server room with electronic access control
- Windowless server room
1.2 Access Control
In addition to the access control, data processing systems must be prevented from being used by unauthorized persons. Access to systems with which personal data is processed must be provided by means of user identification.
The contractor has taken the following measures:
- Personal user login with authorization concept when logging on to the company network
- Password procedure and control of the procedure
- Suitable anti-virus protection solution with current updates on the server and clients
- Hardware-based redundant firewall system
- Automatic locking of the client after a period of time without user activity
- Digital system for all passwords and encryption
- Encrypted transmission paths are secured using VPN
- Hard drives of mobile devices such as notebooks and tablets are encrypted
- All workstation systems, fixed or mobile, are provided with a BIOS password
- Agreements for the secure use of mobile devices and home offices
1.3. Access control
Authorized persons only have access based on the data subject to their access authorization, so that no unauthorized reading, copying, changing or removing of personal data is possible.
The contractor has taken the following measures:
- Personal user login with authorization concept and dedicated user rights
- Password identification and password policy
- Access restriction at IP level and remote access using an encrypted VPN
- Application-level logging
- Prohibition of private use of clients and own mobile devices
- Used data carriers are deleted before being used again
- Devices with a SIM card function are secured with a PIN
- Hard drives of mobile devices such as notebooks and tablets are encrypted
- Old files and old data carriers are destroyed with certified shredders or punches
- The USB connections are blocked on all workstation systems
1.4 Separation requirement
The data collected for different purposes must be processed separately. The separation must be carried out in such a way that it cannot be mixed up with data from other clients or accessed by third parties.
The contractor has taken the following measures:
- Separate databases and processing systems
- Separate production and test systems
- Access authorization concept
- Separation of clients in software products used
2. Integrity (Art. 32 Para. 1 lit. b GDPR)
2.1. Transfer control
It must be ensured that no unauthorized reading, copying, changing or removing is possible during electronic transmission or during transport and storage on external data carriers. It must be possible to check and determine at which points a transfer of personal data by the data transfer facility is planned.
The contractor has taken the following measures:
- Encrypted email transmission of personal data in emails
- Secure wireless LAN (WLAN)
- Encrypted transmission paths are secured using VPN
- Encryption of data carriers during transport
- Suitable anti-virus protection solution with current updates on the server and clients
- Hardware-based redundant firewall system
- Obligation of all employees to comply with data protection requirements in accordance with Art. 5 GDPR
2.2. Input control
Enabling a subsequent determination of whether and by whom personal data has been entered, changed or removed in data processing systems, with a logging system.
The contractor has taken the following measures:
- Document management with revision and history
- Logging facilities for input, change and deletion
- Access rights are limited
- Restricted group of people to change the company-wide bbCore software
3. Availability and resilience (Art. 32 Para. 1 lit. b GDPR)
3.1. Availability control
Suitable protection against accidental, willful or unpredictable loss of personal data must be set up.
The contractor has taken the following measures:
- Data backup concept with regular reviews
- Emergency manual with emergency plans available
- Data backup in separate fire section
- Encrypted backup media
- Storage of data carriers with backup copies outside of the company
- Uninterruptible power supply (UPS)
- Burglar alarm system according to VDS standard
- Suitable fire extinguishing systems in the server room and company premises
- Regular e-check according to DGUV3 of all electronic systems
- Separate electronic circuit fuses
4. Procedure for regular review, assessment and evaluation (Art. 32 Para. 1 lit. d GDPR; Art. 25 Para. 1 GDPR)
4.1. Order control
Guarantee that personal data that is processed in the order can only be processed in accordance with the instructions of the client. As soon as subcontractors are used by the contractor, they are obliged to comply with the instructions and to comply with data protection in the same way.
The contractor has taken the following measures:
- Written contract for order data processing with the contractor
- Review and selection of the contractor, especially for data security
- Obligation of all employees to comply with data protection requirements in accordance with Art. 5 GDPR
- Check of the contractor whether a data protection officer has been appointed
- Ongoing review and control rights with regard to the contractor