Data protection & legal information

Privacy policy

The protection and security of your personal information when using our website is very important to us. We would like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used.

This privacy policy applies to the website of BPG Beratungs- und Prüfungsgesellschaft mbH, which is accessible under the domain bpg.de and the various subdomains ("our website").

Who is responsible and how can I reach you?

Person responsible
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
BPG Beratungs- und Prüfungsgesellschaft mbH
Uerdinger Street 532
47800 Krefeld

Data Protection Officer
CISO Datenschutz GmbH
Mr. Niklas Koenig
E-Mail: care-10177@ciso-datenschutz.de

Inquiries about the processing taking place, information about our processes or the implementation of your data subject rights should be addressed directly to the aforementioned data protection office.

What is it about?

This privacy policy fulfills the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior when visiting a website. Information for which we cannot (or only with disproportionate effort) establish a connection to your person, e.g. through anonymization, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defense of legal claims and in the event of statutory retention obligations.

Who receives my data?

We only pass on your personal data that we process on our website to third parties if this is necessary for the fulfillment of the purposes and is covered by the legal basis (e.g. consent or protection of legitimate interests) in individual cases. In addition, in individual cases we pass on personal data to third parties if this serves the assertion, exercise or defense of legal claims. Possible recipients may then be, for example, law enforcement authorities, lawyers, auditors, courts, etc.

Insofar as we use service providers for the operation of our website who process personal data on our behalf as part of order processing in accordance with Art. 28 GDPR, they may be recipients of your personal data. You can find more information on the use of processors and web services in the overview of the individual processing operations.

What rights do I have?

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

Information pursuant to Art. 15 GDPR about the personal data stored about you in the form of meaningful information on the details of the processing as well as a copy of your data;
Correction in accordance with Art. 16 GDPR of incorrect or incomplete data stored by us;
Erasure pursuant to Art. 17 GDPR of the data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims
Restriction of processing pursuant to Art. 18 GDPR if the accuracy of the data is contested, the processing is unlawful, we no longer need the data and you oppose the erasure of the data because you need it for the establishment, exercise or defense of legal claims or you have objected to processing pursuant to Art. 21 GDPR
Data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR or on the basis of a contract pursuant to Art. 6 para. 1 lit. b GDPR and these have been processed by us using automated procedures. You will receive your data in a structured, commonly used and machine-readable format or we will transmit the data directly to another controller if this is technically feasible.
Objection pursuant to Art. 21 GDPR to the processing of your personal data, insofar as this is carried out on the basis of Art. 6 para. 1 lit. e, f GDPR and there are reasons for this arising from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding, compelling legitimate grounds for the processing can be demonstrated or the processing is for the establishment, exercise or defense of legal claims. If the right to object does not exist for individual processing operations, this is indicated there.
Revocation pursuant to Art. 7 para. 3 GDPR of your consent with effect for the future.
Complaint pursuant to Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.

How is my data processed in detail?

Below we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. There is no automated decision-making in individual cases, including profiling.

Provision of the website

Type and scope of processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
Website from which the access was made (referrer URL)
Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.

Purpose and legal basis
Processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6 (f) GDPR. The collection of data and storage in log files is absolutely necessary for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 para. 1 GDPR. Insofar as further storage of the log files is required by law, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is not technically possible to access our website without providing the data.

Storage duration
The aforementioned data is stored for the duration of the display of the website and, for technical reasons, for a maximum of 14 days.

Contact form

Type and scope of processing
On our website, we offer you the opportunity to contact us using the form provided. The information collected via mandatory fields is required to process the request. You can also voluntarily provide additional information that you believe is necessary to process the contact request.

When using the contact form, your personal data will not be passed on to third parties.

Purpose and legal basis
The processing of your data by using our contact form is carried out for the purpose of communication and processing your request on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Insofar as your request relates to an existing contractual relationship with us, the processing is carried out for the purpose of fulfilling the contract on the basis of Art. 6 para. 1 lit. b GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing the information in the mandatory fields. If you do not wish to provide this data, please contact us by other means.

Storage duration
If you use the contact form on the basis of your consent, we will store the data collected for each inquiry for a period of three years, beginning with the completion of your inquiry or until you withdraw your consent.

If you use the contact form as part of a contractual relationship, we will store the data collected for each inquiry for a period of six years from the end of the contractual relationship.

Use of a CAPTCHA application

To ensure the security of our contact form and prevent automated access by bots, we use a CAPTCHA application. This privacy policy explains the handling of personal data in connection with the use of CAPTCHA technology.

Type and scope of processing
The CAPTCHA application usually requires the user to solve certain tasks that are difficult for automated bots to perform, but easy for humans to accomplish. This can include entering letter and number combinations from a distorted image or solving a simple puzzle. In some cases, the CAPTCHA application can also analyze the user's behavior (such as mouse movements and keystrokes) to determine whether it is a human user or an automated bot. The CAPTCHA application may set temporary cookies to verify user input during the session.

Purpose and legal basis
The CAPTCHA application is used to protect our contact form from spam and misuse and to ensure the security of our website. By verifying that the entries are made by a human and not by an automated program, CAPTCHAs help to maintain the integrity and functionality of our online services. The processing of data by the CAPTCHA application is based on our legitimate interest in the security of our online services and protection against unauthorized automated access and spam, in accordance with Art. 6 para. 1 lit. f) GDPR.

Storage duration
The data collected as part of the CAPTCHA verification is only stored for the duration of the verification and is deleted immediately after the CAPTCHA test has been completed, provided there are no further retention obligations. Cookies that are set by the CAPTCHA application are usually short-lived and are automatically removed after the browser is closed.

Processing of applicant data via Personio

Type and scope of processing
We collect and process the personal data of applicants. Corresponding data processing takes place electronically, for example when applicants submit application documents to Personio via the interface we have implemented. On our website, we offer you the opportunity to submit applications for advertised vacancies to us digitally.

Your data will only be stored in an applicant database beyond the current application process if you have given us your separate consent to do so.

Purpose and legal basis
The processing of your data in connection with your application is carried out for the purpose of processing your application and deciding on the establishment of an employment relationship on the basis of Art. 6 para. 1 lit. a, b and f GDPR. If your application documents are passed on to third parties, in particular to companies affiliated with us, and if your data is stored beyond the current application process, your data will be processed on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. Service providers commissioned by us as part of the application process (e.g. Personio HR) are designated by us as processors in accordance with Art. 28 GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your application without providing the information.

Storage duration
We store the data collected for a period of six months from the date the position is filled or your application is rejected.

Presence on social media platforms

We maintain so-called fan pages or accounts or channels on the networks listed below in order to provide you with information and offers within social networks and to offer you further ways to contact us and find out about our offers. In the following, we will inform you which data we or the respective social network process in connection with your accessing and using our fan pages/accounts.

Data that we process from you
If you wish to contact us via Messenger or via Direct Message via the respective social network, we generally process your user name that you use to contact us and, if necessary, store other data provided by you insofar as this is necessary to process/answer your request.

The legal basis is Art. 6 para. 1 sentence 1 f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller).

(Static) usage data that we receive from the social networks
We receive automated statistics regarding our accounts via Insights functionalities. The statistics include the total number of page views, likes, information on page activities and post interactions, reach, video views/views and information on the proportion of men/women among our fans/followers.

The statistics only contain aggregated data that cannot be linked to individual persons. They are not identifiable to us.

What data the social networks process from you
In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and therefore no user account is required for the respective social network.

Please note, however, that the social networks also collect and store data from website visitors without a user account (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies when the respective social network is accessed, over which we have no influence whatsoever. Details on this can be found in the data protection provisions of the respective social network (see the corresponding links above).

If you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our posts/contributions and/or wish to contact us via messenger functions, you must first register with the respective social network and provide personal data.

We have no influence on the data processing by the social networks in the context of your use. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behavior (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising based on your interests is displayed both within and outside the respective social network. It cannot be ruled out that your data will also be stored by the social networks outside the EU/EEA and passed on to third parties.

Information on the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use of the social networks can be found in the data protection provisions/cookie guidelines of the social networks. There you will also find information on your rights and options to object.

Facebook-Page

When you visit our Facebook page, Facebook (Meta) collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more information on this under the following link: https://facebook.com/help/pages/insights.

It is not possible for us to draw conclusions about individual users based on the statistical information transmitted. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We only collect your data via our fan page in order to make it available for communication and interaction with us. This collection generally includes your name, message content, comment content and the profile information you provide "publicly".

The processing of your personal data for the above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 para. 1 f) GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis for processing extends to Art. 6 para. 1 a), Art. 7 GDPR.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to have full access to your data. As a result, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, request for deletion, objection, etc.). The assertion of corresponding rights is therefore most effectively carried out directly against the respective provider.

Together with Facebook, we are responsible for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.

The primary responsibility for the processing of Insights data lies with Facebook in accordance with the GDPR and Facebook fulfills all obligations under the GDPR with regard to the processing of Insights data, Meta Platforms Ireland Ltd. provides the essence of the Page Insights Supplement to the data subjects.

We do not make any decisions regarding the processing of Insights data and the storage duration of cookies on user end devices.

Further information can be found directly on Facebook (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

Instagram-Page

When you visit our Instagram page, Instagram (Meta) collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides more information on this under the following link (Note: clicking on the following link will take you to the website of the social network Facebook, also part of the Meta Group. However, the information provided via the link applies equally to the social network Instagram): https://facebook.com/help/pages/insights.

It is not possible for us to draw conclusions about individual users by means of the statistical information transmitted. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access options to your data are limited. Only the provider of the social network is authorized to have full access to your data. As a result, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, request for deletion, objection, etc.). The assertion of corresponding rights is therefore most effectively carried out directly against the respective provider.

We are jointly responsible with Instagram for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.

The primary responsibility for the processing of Insights data lies with Instagram in accordance with the GDPR and Instagram fulfills all obligations under the GDPR with regard to the processing of Insights data, Meta Platforms Ireland Ltd. provides the essentials of the Page Insights Supplement to the data subjects.

We do not make any decisions regarding the processing of Insights data and the storage duration of cookies on user end devices.

Further information can be found directly at Instagram (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

For more information, including the exact scope and purposes of the processing of your personal data, the storage period/deletion and guidelines on the use of cookies and similar technologies in the context of registration and use, please refer to Instagram's privacy policy/cookie policy (note: clicking on the following link will take you to the website of the social network Facebook):
https://help.instagram.com/519522125107875/?helpref=uf_share
This information can also be viewed in the help section of the Instagram website via the following link:
https://help.instagram.com/581066165581870

LinkedIn-Page

LinkedIn is a social network of LinkedIn Inc. based in Sunnyvale, California, USA, which enables the creation of private and professional profiles of natural persons and company profiles. Users can maintain their existing contacts and make new ones within the social network. Companies and other organizations can create profiles where photos and other company information can be uploaded to present themselves as employers and recruit employees. Other LinkedIn users have access to this information and can write their own articles and share this content with others. The focus of the network is on professional exchange on specialist topics with people who have the same professional interests.

When using or visiting the network, LinkedIn automatically collects data from users or visitors, such as user name, job title and IP address. This is done with the help of various tracking technologies. LinkedIn provides users with information, offers and recommendations based on the data collected in this way, among other things.

We only collect your data via our company profile in order to make it available for communication and interaction with us. This collection generally includes your name, message content, comment content and the profile information you provide "publicly".

The processing of your personal data for the above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 para. 1 f GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis for processing extends to Art. 6 para. 1 a, Art. 7 GDPR.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access options to your data are limited. Only the provider of the social network is authorized to have full access to your data. As a result, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, request for deletion, objection, etc.). The most effective way to assert such rights is therefore to contact the respective provider directly.

We are jointly responsible with LinkedIn for the personal content of our company profile. Data subject rights can be asserted with LinkedIn Inc. as well as with us.

We do not make any decisions regarding the data collected on the LinkedIn site using tracking technologies.

You can find more information about LinkedIn at: https://about.linkedin.com.
Further information on data protection at LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.

Further information on storage duration/deletion and guidelines on the use of cookies and similar technologies in the context of registration and use at LinkedIn can be found at https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy

XING-Page

XING is a social network of XING SE based in Hamburg, Germany, which enables the creation of private and professional profiles. Users can maintain their existing contacts and make new ones. Companies can create profiles on which photos and other company information can be uploaded. Other XING users have access to this information and can write their own articles and share this content with others.

The focus is on professional exchange on specialist topics with people who have the same professional interests. In addition, XING is often used by companies and other organizations to recruit employees and present themselves as an interesting employer.

You can find more information about XING at https://corporate.xing.com/de/unternehmen/

Further information on data protection at XING can be found at: https://privacy.xing.com/de/datenschutzerklaerung.
We do not collect or process any personal data via our XING company page.

etracker

Type and scope of processing
We use etracker from etracker GmbH, Erste Brunnenstraße 1 20459 Hamburg Germany, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, subpages visited and the length of stay of visitors.
etracker uses cookies and other browser technologies to evaluate user behaviour and recognize users.

This information is used, among other things, to compile reports on website activity.

Purpose and legal basis
The use of etracker is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by etracker GmbH. Further information can be found in the privacy policy for etracker: https://www.etracker.com/datenschutz/.