The EU General Data Protection Regulations (from here on GDPR) apply throughout Europe. We would like to inform you about the processing of personal data carried out by our company in accordance with this regulation (compare Art. 13 and 14 GDPR).
The privacy policy of Buss Energy Group GmbH applies equally to its subsidiaries Buss Blade Services GmbH & Co. KG, Buss Wind Services GmbH and Buss Windtechnik GmbH.
If you have questions or comments on this data protection declaration you may direct them to the place given in points 2 or 3 at any time.
Overview | II. The data processing in detail | III. Rights of persons concerned | IV. Glossary |
---|---|---|---|
|
|
|
In this section of the data protection declaration you will find information on the scope of application, on the person responsible for the data processing, his data protection officer and on data security.
The data processing done by Buss Energy Group GmbH can essentially be split into two categories:
This data protection declaration applies to the following offers:
All of these offers will be referred to collectively as “Services”.
The controller of the data processing - so the one who decides on the purposes and means of the processing of personal data - in connection with the services is:
Buss Energy Group GmbH
Am Sandtorkai 48
20457 Hamburg
Phone: +49 40 3198-0
buss-energy@buss-group.com
www.buss-energy.com/en
Buss Blade Services GmbH
Schwartauer Allee 92
23554 Lübeck
Phone: +49 451 879 29 441
buss-energy@buss-group.com
www.buss-energy.com/en
Buss Wind Services GmbH
Stockenkamp 15 a
27793 Wildeshausen
Phone: +49 4431 73 809-0
buss-energy@buss-group.com
www.buss-energy.com/en
Contact to our data protection officer you may get in touch as follows:
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
22589 Hamburg
To develop the measures called for in Art. 32 of GDPR and thereby attain a level of protection appropriate to the risk, we have in our company established the Information Security Standard according to ISO/IEC 17799:2000.
The recommendations of ISO/IEC 17799:2000 include requirements and assistance for various control mechanisms for information security, as well as concrete measures for the organizational and technical protection of IT infrastructures. They are designed with the aim of ensuring an appropriate level of protection.
In this section of the data protection declaration we will provide you with detailed information on the processing of personal data within the framework of our services. For the sake of clarity we organize this information according to specific functions of our services. During normal use of the services different functions, and therefore also different processing, may take effect either in succession or at the same time.
Unless otherwise indicated, for all of the following processings, applies:
a) No obligation to provide
There is neither a contractual nor legal obligation to provide personal data. You are not obliged to provide data.
b) Consequences of non-provision
The consequence of not providing data that is required (data that is marked as mandatory information when entering it) is that the service concerned cannot be provided. Other than that the consequence of non-provision if necessary is that our services cannot be provided in the same form and Quality.
c) Consent
In various cases you have the option of also giving us your consent in connection with the processing described below (if necessary for part of the data) for further processing. In this case we are providing you with information in connection with the submission of the respective declaration of consent separately, on all modalities and the range of consent and what we aim to do with this processing.
d) Transfer of personal data to third countries
If we transfer data to third countries, that is countries outside of the European Union, then the transfer takes place exclusively in compliance with the legally controlled admissibility requirements.
The admissibility requirements are regulated by Art. 44 to 49 GDPR.
e) Hosting with external service providers
Our data processing to a large extent is done using so-called Hosting Service Providers, who provide us with storage space and processing capacities in their data centres and under our instruction also process personal data on our behalf. These service providers process data either exclusively within the EU or with the aid of the EU standard data protection clauses we have an appropriate level of data protection guaranteed.
f) Transfer to state authorities
We pass on personal data to state authorities (including law enforcement agencies), if this is necessary to fulfil a legal obligation, which we are subject to (legal basis: Art. 6, para. 1c) GDPR) or if it is required for the enforcement, execution or defence of legal claims (legal basis: Art. 6, para 1 f) GDPR).
g) Storage duration
We do not store your data any longer than we need it for the respective purposes of processing. If the data is no longer required for the fulfilment of contractual or legal obligations it will be periodically deleted, unless it is temporarily still necessary to retain it. Reasons for this could include, for example:
It is also possible for us to continue to store your data, if you have expressly given us your express consent for this.
h) Categories of recipients
Besides the explicit categories of recipients given below, personal data may, if necessary, also be sent to the following categories of recipients: Shipping providers, telephone and fax providers.
i) Data categories
Here we will describe how we process your personal details when our services are called up. We point out in particular that the sending of access data to external content providers (see under b), due to the technical functioning of the information transfer, is inevitable.
a) Informationen on processing
Data category | Intended purpose | Legal basis | Legitimate interest, if applicable | Retention period |
---|---|---|---|---|
Access data | Establishing a connection, display of contents of the service, detection of threats to our website based on unusual activity, troubleshooting | Art. 6 para. 1 f) GDPR | Proper functioning of the services, data security and business processes, prevention of abuse, prevention of damage by interference with information systems | 60 days |
b) Recipients of personal data
Categories of recipients | Affected data | Legal Basis for the data transfer | Legitimate interest, if applicable | |
---|---|---|---|---|
External content providers who provide content (such as images, videos, embedded posts from social networks, ad banners, fonts, update information) that is necessary to display the service | Access data | Art. 6 para. 1 f) GDPR | proper function of services, (accelerated) display of content, creating added value for users | |
External Internet agencies | Access data | Job processing (Art. 28 GDPR) | ||
Associated companies charged with maintaining the website | Access data | Job processing (Art. 28 GDPR) | ||
Hosting Service provider | Access data | Job processing (Art. 28 GDPR) |
c) Cookies
Cookie name | Provider | Legal basis | Purpose | Retention period | Type |
---|---|---|---|---|---|
__Secure-typo3nonce_# | www.buss-energy.com | § 25 para. 2 no. 2 TDDDG | Used to prevent potential cross-site requests. | Session | HTTP-Cookie |
fe_typo_user | www.buss-energy.com | § 25 para. 2 no. 2 TDDDG | Retains the user's status for all page requests. | Session | HTTP-Cookie |
In a regular application process, we process your personal data in the following ways:
a) Informationen on processing
Data category | Intended purpose | Legal basis | Legitimate interest, if applicable | Retention period |
---|---|---|---|---|
Address data, contact data | Identification, making contact, communication to initiate contract | Para. 26 BDSG-neu in conjunction with Art. 88 DSGVO | After 6 months the data is anonymised | |
Personal master data | Identification, making contact, verifying age | Para. 26 BDSG-neu in conjunction with Art. 88 DSGVO | After 6 months the data is anonymised | |
Application data | Applicant selection | Para. 26 BDSG-neu in conjunction with Art. 88 DSGVO | After 6 months the data is anonymised |
b) Recipients of personal data
Recipient categories | Data affected | Legal basis for transmission | Legitimate interest, if applicable | |
---|---|---|---|---|
The company charged with application selection | All under a) | Order processing (Art. 28 DSGVO) | ||
HR software service provider | All under a) | Order processing (Art. 28 DSGVO) |
Here we describe what happens with the personal data you provide when getting in contact with us:
a) Information on processing
Data category | Intended purpose | Legal basis | Legitimate interest, if applicable | Retention period |
---|---|---|---|---|
Contact data (mail required field) | Enquiries from customers and interested parties | Art. 6 para. 1 f) GDPR | Processing enquiries | Enquiry processing period |
Address data | Postal address | Art. 6 para. 1 b) and f) GDPR | Processing enquiries | Enquiry processing period |
Personal master data | Enquiry processing customisation | Art. 6 para. 1 f) GDPR | Enquiry processing customisation | Enquiry processing period |
Free text | Information about requests | Art. 6 para. 1 f) GDPR | Processing enquiries | Enquiry processing period |
b) Recipients of personal data
Recipient categories | Data affected | Legal basis for transmission | Legitimate interest, if applicable | |
---|---|---|---|---|
Companies to whom requests refer | all under a) specified data | Job processing (Art. 28 GDPR) |
We generally handle all data that reaches our company via e-mail, such as business correspondence. This is subject to archiving required by law. All parties involved are aware that e-mail transmission channels without special precautions to authenticate the involved parties or for encryption of e-mail messages allows the non-secure transmission of data. Here we describe what happens with the personal data you provide when sending and receiving e-mails:
a) Information on processing
Data category | Intended purpose | Legal basis | Legitimate interest, if applicable | Retention period |
---|---|---|---|---|
E-mail contact data (mail header) | Establishing connection, identifying sender and recipient(s) by pseudonym | Art. 6 para. 1 f) GDPR | Making contact and processing requests | 10 years |
Content of e-mail (subject, body, attachments) | Information about requests | Art. 6 para. 1 f) GDPR | Processing enquiries | 10 years |
b) Recipients of personal data
Recipient categories | Data affected | Legal basis for transmission | Legitimate interest, if applicable |
---|---|---|---|
Associated companies to whom requests refer | all under a. specified data | Job processing (Art. 28 GDPR) | |
Hosting service provider | Access data | Job processing (Art. 28 GDPR) |
In the following, we describe how your personal data is processed using tracking technologies for analysis and optimisation of our services.
The tracking procedure depicted processes personal data only in pseudonymous form. There is no connection to a specific identified natural person, and the data will not be conflated with information about the bearer of the pseudonym.
We measure the reach of our website with the logfile analysis of Matomo, an open source tool that we operate on the server of our hosting service provider. We have concluded an order processing agreement with this provider in accordance with Art. 28 GDPR. No further transmission to third parties or to recipients outside the EU takes place.
The web server truncates each requesting IP address before storing it in the Matomo log file. This means that the database is sufficiently anonymised and no conclusions can be drawn about individual persons. Matomo analyses the page views; meta or technical data such as images and CSS files are not recorded. Matomo cannot create user profiles from the data read from the log file. For this purpose, there are no identification features that make a clear assignment possible. Furthermore, the web server has been configured in such a way that it does not record or log visits if the Do-Not-Track header is transmitted by the browser of the person concerned.
The legal basis for the analysis is based on Art. 6 para. 1 f GDPR. Our legitimate interest is the optimisation of our website as well as the improvement of our offers.
You can find more information about Matomo here: https://matomo.org
This website does not contain any add-on programs (plugins) for social Networks.
Under the URL https://www.facebook.com/bussenergygroup/ we operate a fan page on the social network "Facebook", which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland ("Facebook"). Facebook's privacy policy can be found at: https://www.facebook.com/about/privacy
The call and every interaction on our Facebook fan page leads to the processing of personal data, whereby it makes no difference whether you have an account with Facebook or not. If you are logged in with your Facebook account while accessing our Facebook fan page, Facebook and/or its affiliated companies may combine the information about the access to the Facebook fan page with your account information and may use this to create profiles. If you do not wish to be profiled in this way, please log out of your Facebook account before accessing our Facebook fan page.
Facebook provides us with statistical data on the use of our Facebook fan page via the "Facebook Insights" function. This data is data such as gender, age range, location, page views, interactions and information on paid activities, reach, accounts reached, impressions and impressions per day. Important to know: We cannot infer individual visitors to our Facebook presence from this data. We use the data generated by "Facebook Insights" on the basis of Art. 6 (1) f) GDPR, whereby our legitimate interests are to make our Facebook fan page more attractive and to provide it with content that is tailored to interests.
As we are jointly responsible with Facebook for the processing of your data on our Facebook presence, we have entered into an agreement with Facebook, the content of which you can view here: https://www.facebook.com/legal/terms/page_controller_addendum.
As a data subject, you are entitled to the rights set out in section III. of this data protection declaration. You can choose to assert these rights against us (see section I.2 above) or directly against Facebook at https://www.facebook.com/help/contact/540977946302970. If you assert your rights against us, we will forward your requests to Facebook in accordance with our agreement with them.
We operate a presence on the social network LinkedIn under the URL https://www.linkedin.com/company/ssc-wind-gmbh/ (Buss Energy Group took over SSC Wind GmbH in 2019 and thus also the LinkedIn account). LinkedIn is a service of LinkedIn Ireland Unlimited Company. Information on which personal data is processed by LinkedIn when you visit our presence and for what purposes can be found at https://www.linkedin.com/legal/privacy-policy.
The call and every interaction on our LinkedIn presence leads to the processing of personal data, whereby it makes no difference whether you have an account with LinkedIn or not. If you are logged in with your LinkedIn account while accessing our LinkedIn presence, LinkedIn as the operator may combine the information about the call to our LinkedIn presence with your account information and may use this to create profiles. If you do not wish to be profiled in this way, please log out before accessing our LinkedIn presence.
LinkedIn provides us with statistical data on the use of our LinkedIn presence via the "Page Insights" function. This data is data such as gender, age range, location, page views, interactions and information on paid activities, reach, accounts reached, impressions and impressions per day. Important to know: We cannot infer individual visitors to our LinkedIn presence from this data. We use the data generated by "Page Insights" on the basis of Art. 6 (1) f) GDPR, whereby our legitimate interests are to make our LinkedIn presence more attractive and to provide it with content that is relevant to interests.
As we are jointly responsible with LinkedIn for the processing of your data on our LinkedIn presence, we have entered into an agreement with LinkedIn, the content of which you can view here: https://legal.linkedin.com/pages-joint-controller-addendum
As a data subject, you are entitled to the rights set out in section III. of this data protection declaration. You can assert these against us at your discretion (see section I.2 above). If you assert your rights against us, we will forward your requests to LinkedIn in accordance with our agreement with them
If we process your personal data for the purposes of direct advertising, you have the right to object to the processing of your personal data for this sort of advertising at any time, with effect for the future; this also applies to profiling related to such direct advertising.
You also have the right to object, on grounds related to your particular situation, at any time to processing of personal data that concerns you based on point e) or f) of Art. 6(1) GDPR; this also applies to profiling based on these provisions. You may assert your right to object at no cost.
You can reach us using the contact information provided under I.2.
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed by us and, if it is, which personal data this is and other information pursuant to Art. 15 GDPR. You may assert your right of access in writing.
You have the right to request that we immediately rectify inaccurate personal data concerning you (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed - including by means of providing a supplementary statement.
You have the right to request that we delete the personal data concerning you without delay where one of the grounds specified in Art. 17(1) GDPR applies and processing is not required for one of the purposes regulated in Art. 17(3) GDPR. You may assert your right to erasure in writing.
You have the right to request the restriction of processing of your personal data where one of the requirements under Art. 18(1) a)-d) GDPR applies. You may assert your right to the restriction of processing in writing.
You have the right to receive the personal data concerning you that you provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance from us or to have us transmit it directly where technically feasible. This shall always apply where the basis of data processing is consent or a contract and data is processed automatically. Thus this does not apply to data held in paper form.
If processing is based on your consent, you have the right to revoke this consent at any time. This does not affect the legality of processing based on consent up to the time of revocation.
You have the right to lodge a complaint with a supervisory authority.
Browser:
Computer program for displaying websites (e.g. Chrome, Firefox, Safari)
Cookies:
The term “cookie” actually comes from English; its original meaning can be translated into German as “Keks.” When used in relation to the internet, however, a cookie refers to a small text file that is stored locally on the user’s computer when they visit a website. This file stores data about the user’s behaviour. If the browser is accessed and the respective website is visited again, the cookie comes into use and used the data stored to provide the web server with information about the user’s surfing behaviour.
So a cookie in this context is not a biscuit, but a piece of information that a website stores locally on the user’s computer in a small text file. This can be in the form of settings that a user has already made on their end, but can also be information that the website has independently collected from the user. Later, these locally stored text files can be read by the same web server that stored them. Most browsers accept cookies automatically. You can manage cookies by using browser functions (usually under “Options” or Settings”). This disables the storing of cookies, allows you to consent to cookies in individual cases, or otherwise restricts their use. You can also erase cookies at any time.
Non-member countries:
Countries that are not bound to the legal requirements of the EU Data Protection Directive (countries outside the EEA)
Personal data:
Any information relating to an identified or identifiable natural person. Identifiable refers to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Processing:
Any operation or set of operations that is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processor:
A natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Profiling:
Any form of automated processing of personal data consisting of the use of that personal data to evaluate certain personal aspects related to a natural person, in particular to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Services:
Our offers to which this privacy statement applies (see scope of application).
Tracking:
The collection of data and its evaluation regarding the behaviour of visitors to our services.
Tracking technologies:
Tracking may be done through the activity logs (log files) stored on our web servers or through data collection from your device via pixels, cookies and similar tracking technologies.