PRIVACY POLICY

Type of Data Collected

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer and stores this in our system's log files. This data is not stored together with other personal data of the user. The following data are collected in order to make the website available and create log files:

• your IP address
• the type of browser as well as the version and language
• your operating system
• your internet service provider
• the date and time of access
• the time zone difference to Greenwich Mean Time (GMT)
• the content of your request (concrete site)
• the access status/http status code
• the data volume transferred
• the website your request comes from

Purpose of Collecting Data

Temporarily storing the IP address through the system is necessary in order to deliver the website to the user's computer. The IP address of the user must be stored for the duration of the session. Log files are stored in order to ensure the functionality of the website. In addition, these data allow us to optimise the website and ensure the security of our information technology systems. We do not analyse the data for marketing purposes.

Duration of Storage

The log file data are automatically deleted after seven days.

Session Cookies

In addition to the aforementioned data, a session cookie will be saved on your computer when using our website. A small text file is saved to your hard drive allocated to the browser used and certain information – in this case the fact whether JavaScript is activated or not – circulates to us. The session cookie is automatically deleted when you close your browser. Cookies cannot run programs or transmit viruses to your computer.

You can configure your browser settings to suit your wishes and, for example, refuse the use of cookies. In this case it is possible that parts of the website will not be correctly displayed or are not usable.

Hosting (Strato)

We host our website with Strato. The provider is Strato AG, headquartered at Otto-Ostrowski-Str. 7 in 10249 Berlin (Germany). When you visit our website, Strato collects various log files including your IP address. For further information, please refer to Strato's privacy policy: https://www.strato.de/datenschutz/.

Webfonts (Monotype)

We use web fonts for the uniform display of fonts, which are provided by Monotype GmbH (fonts.com) with headquarters at Spichernstr. 2 in 10777 Berlin (Germany) in cooperation with its parent company Monotype Imaging Holdings Inc. with headquarters at 600 Unicorn Park Drive in Woburn, Massachusetts 01801, USA.

When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Monotype's servers. This informs Monotype that our website has been accessed via your IP address. If your browser does not support web fonts, a standard font will be used by your computer.

FFurther information on these web fonts can be found at https://www.fonts.com/info/legal, in the privacy policy of fonts.com at https://www.fonts.com/info/legal/privacy/ and in the privacy policy of Monotype GmbH at https://www.monotype.com/legal/privacy-policy/.

Web Analysis (Matomo Cloud)

We use the open source web analytics service Matomo. With the help of Matomo, we are able to collect and analyse data about the use of our website by visitors. This enables us to find out, among other things, which page views were made when and from which region they came. We also collect various log files (e.g. browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks and length of time on the page).

When analysing with Matomo, we use IP anonymisation. In this process, your IP address is shortened and the last bytes are anonymised before storage and analysis, so that it can no longer be clearly assigned to you.

We have configured Matomo so that it does not save any cookies in your browser.

Matomo Cloud is hosted by InnoCraft Ltd. located at 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. For more information, please visit https://matomo.org/matomo-cloud-privacy-policy/.

Legal Basis

The legal basis for the use of data in these clauses (log file data, session cookie, web fonts and web analysis) is point (f) of Article 6 (1) GDPR. Our justifiable interests are to make the use of our website without errors and to optimise our content based on the analysis of visitor behaviour.

Type of Data Collected

It is possible to contact us through the contact forms and email addresses provided on our website. In this case, the personal data shared in the contact form or email will be saved. This refers to your name, contact information (e.g. company, address, telephone number and email address) and any other data that is shared in the email.

Purpose of Collecting Data

We use this date in order to respond to your enquiry or questions and to ensure communication with you, to initiate contracts with you or your company and to fulfill our precontractual duties. If a contract is signed between you or your company and the bcc, we will save or keep your data in order to fulfill the contract and for invoicing purposes.

Legal Basis

The legal bases for the use of data in these clauses are point (b) and (f) of Article 6 (1) GDPR. Our interest in this case is to be able to respond to your enquiry / message.

Duration of Storage

We store your data until you request that we delete the data, you revoke your consent, the purpose of data storage is no longer relevant, or we limit the data processing in case statutory storage obligations apply.

Type of Data Collected

We will store personal data such as your first and last name and business contact details (e.g. the company you work for, address, telephone number and email address) in the context of business acquisition or a business relationship. Storing further data (e.g. contact details of other colleagues, contact persons, or decision-makers) may be necessary in the course of fulfilling the contract. This also includes data or documents (e.g. emails, business letters, production plans and schedules) which may in turn contain isolated personal data. Providing this data may be necessary in order to close or fulfil the contract.

We do not use your data for profiling or any other automated decision-making nor for analysis.

In order to fulfil an event contract concluded with you, we provide you with the rooms, spaces and items specified in the event contract for the purpose of holding events and provide event-related services through our own employees and contracted partners. In order to fulfil the contractually agreed business objectives, the personal data you provide to us will also be processed in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). You are obliged to inform all parties whose data is transmitted to us in the course of planning and organising the event about the purposes specified in the General Terms and Conditions for Events (GTCE) or below.

Purpose of Collecting Data

Your data is collected for the purpose of closing the contract. This includes answering your precontractual questions and fulfilling the contract including the necessary communication with you for this.

We also reserve the right to use your data for our own marketing purposes.

Legal Basis

The legal basis for the use of your data is generally point (b) of Article 6 (1) GDPR, and to the extent that precontractual measures must be taken not based on your request, also point (f) of Article 6 (1) GDPR. In this case our justifiable interest is to make you an offer or make negotiations regarding our services.

Transfer of Data

In order to provide their services, our partners for event-related services receive the personal data you provide to us, insofar as this is necessary for the execution of the contract or corresponds to our legitimate interests in accordance with point (f) of Article 6 (1) GDPR. In addition, we use your data for mutual information and communication before, during and after an event as well as for event-related offers. 

The personal data may also be passed on to the responsible bodies/authorities, in particular to the police, the fire department and the emergency medical service, in order to coordinate the respective security concept for the event.

Duration of Storage

We process and store all personal data that we receive from you for as long as is necessary for the fulfilment of contractual and legal obligations. In compliance with tax and commercial law regulations, we generally delete this data after ten years at the latest assuming the business relationship is not continued.

Type of Data Collected

We offer various positions on our website and other platforms and look forward to your application. If you apply electronically, i.e. by email or via our online form, we will collect and process your personal data for the purpose of handling the application process and implementing precontractual measures. By submitting an application on our jobs page, you express your interest in taking up employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your application.

In particular, the following data will be collected: first and last name, telephone number and email address. You also have the option of uploading informative documents such as a cover letter, your CV and references. These may contain further personal data such as your address, your gender, your date of birth, your place of birth etc.

Purpose of Data Collected

Personal data is stored exclusively for the purpose of filling the advertised position for which you have applied. Only authorised employees from the HR department or employees involved in the application process have access to your data.

Legal Basis

The legal basis for the processing is § 26 Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) in connection with Article 88 GDPR.

Duration of Storage

Your data will be stored for a period of 180 days after the end of the application process and then automatically deleted or anonymised, as long as deleting or anonymising the data does not conflict with other justified interests. A justified interest in this case would be, for example, the burden of proof in a procedure according to the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG).

We are then obliged to delete or anonymise your data. In this case, the data will only be available to us as so-called metadata without direct personal reference for statistical analyses (e.g. number of applications per period).

In addition, we reserve the right to store your data for inclusion in our talent pool for 180 days after the end of the application process in order to identify any other interesting positions for you. If we wish to keep your data in our talent pool for longer than 180 days, we will ask for your written consent to do so.

If you receive an offer of employment with us during the application process and accept it, we will store the personal data collected during the application process for at least the duration of the employment contract.

Transfer of Data

The data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio SE & Co. KG (https://www.personio.de/impressum/), which offers a personnel administration and applicant management software. In this context, Personio is our processor in accordance with Article 28 GDPR. The basis for the processing is a data processing agreement between us as the responsible party and Personio.

Type of Data Collected

We use video surveillance on the property and in the building of the bcc GmbH. In the recording area of the installed cameras, we store the image of the persons who enter the property or the building as well as other identifiers such as clothing and belongings carried by the persons.

Purpose of Data Collected

Video surveillance is carried out for the purpose of safeguarding house rights, prevention of and clarification of criminal offences as well as preservation of evidence and protection of the building, property as well as employees and guests.

Legal Basis

The legal basis for the processing is point (f) of Article 6 (1) GDPR.

Transfer of Data

In the event of suspicion of criminal offences, we may pass on the data to law enforcement agencies. Otherwise, the data will only be disclosed if there is a legal basis for the disclosure. This may be the case, in particular, if the police or other security authorities become active in the context of so-called danger prevention and demand access to the video surveillance data.

Duration of Storage

The storage period of the video recordings is a maximum of six days, unless longer storage is necessary for the purpose of stated legitimate interests. Deletion will only take place after the purpose for processing has ended. If incidents are relevant for an investigation or legal proceedings, they will be stored for the duration of the proceedings or in accordance with statutory retention periods.