Biregs GmbH & Co.KG

Privacy policy

1) Introduction and Contact Details of the Controller

1.1
We are pleased that you are visiting our website and thank you for your interest. The following information explains how we handle your personal data when you use our website. Personal data refers to any data that can be used to personally identify you.

1.2
The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Biregs GmbH & Co. KG, Am Geiersberg 14, 61267 Neu-Ansbach, Germany,
Tel.: +49 6081 9858884,
Fax: Biregs GmbH & Co. KG,
Email: info@biregs.com.

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1
When you use our website for purely informational purposes, i.e. when you do not register or otherwise transmit information to us, we collect only the data that your browser transmits to our server (so-called server log files). When you access our website, we collect the following data, which are technically necessary for us to display the website to you:

  • The website visited

  • Date and time of access

  • Amount of data sent in bytes

  • Source/referrer from which you reached the page

  • Browser used

  • Operating system used

  • IP address used (if applicable, in anonymised form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

2.2
For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the character string “https://” and the padlock symbol in your browser’s address bar.

3) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies—small text files stored on your device. Some cookies are automatically deleted after you close your browser (session cookies), while others remain on your device for a longer period and allow your browser settings to be saved (persistent cookies). The duration of storage can be found in your browser’s cookie settings.

If personal data are processed by individual cookies implemented by us, such processing is carried out either in accordance with Art. 6(1)(b) GDPR for the performance of a contract, pursuant to Art. 6(1)(a) GDPR if consent has been given, or pursuant to Art. 6(1)(f) GDPR to protect our legitimate interest in ensuring optimal website functionality and a user-friendly experience.

You can configure your browser to inform you when cookies are set and decide individually whether to accept them, or exclude acceptance for specific cases or in general.

Please note that disabling cookies may restrict the functionality of our website.

4) Contacting Us

When you contact us (e.g. via contact form or email), personal data are collected. The specific data collected via a contact form are evident from the form itself. These data are stored and used solely for the purpose of responding to your inquiry or for establishing contact and the associated technical administration.

The legal basis for processing these data is our legitimate interest in responding to your inquiry pursuant to Art. 6(1)(f) GDPR. If your inquiry is aimed at concluding a contract, Art. 6(1)(b) GDPR also serves as the legal basis. Your data will be deleted once your request has been fully processed, provided that no statutory retention obligations apply.

5) Registration on the Portal or Forum

You can register on our website by providing personal data. The personal data to be processed for registration result from the respective input form. We use a double opt-in process, meaning your registration is only completed once you confirm your registration via a confirmation email sent to you for this purpose by clicking the link contained therein. If confirmation is not received within 24 hours, your registration will be automatically deleted from our database. Providing the above information is mandatory; all other data can be entered voluntarily.

When using our portal, we store your data required for contract fulfilment (including payment data, if applicable) until you permanently delete your account. Voluntarily provided data are stored for the duration of your use of the portal unless you delete them earlier. All data can be managed and changed in your secure customer area. The legal basis is Art. 6(1)(f) GDPR.

We also store any user-generated content (e.g. public posts, guestbook entries) to operate the website. We have a legitimate interest in providing the website along with the full user-generated content. The legal basis is Art. 6(1)(f) GDPR.
If you delete your account, your public statements (especially in forums) remain visible to all readers, but your account will no longer be accessible. All other data will be deleted.

6) Use of Customer Data for Direct Advertising

6.1 Sending Email Newsletters to Existing Customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers by email for similar goods or services from our range. For this, we do not need separate consent under Section 7(3) of the German Act Against Unfair Competition (UWG). Processing is based solely on our legitimate interest in personalised direct advertising under Art. 6(1)(f) GDPR.
If you initially objected to this use of your email address, we will not send such emails.

You may object to the use of your email address for advertising purposes at any time with future effect by notifying the controller mentioned above. You will only incur transmission costs according to basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will cease immediately.

6.2 CleverReach

Our email newsletters are sent via: CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany.

Based on our legitimate interest in efficient and user-friendly newsletter marketing, we forward the data you provide during newsletter registration to this provider in accordance with Art. 6(1)(f) GDPR, so that they can handle the mailing on our behalf.

With your explicit consent (Art. 6(1)(a) GDPR), CleverReach may perform statistical evaluations of newsletter campaigns using web beacons or tracking pixels embedded in the emails to measure open rates and interactions. Device data (e.g. access time, IP address, browser type, operating system) are also collected but not merged with other databases.

You may withdraw your consent to newsletter tracking at any time with future effect.
We have concluded a data processing agreement with CleverReach that protects our website visitors’ data and prohibits disclosure to third parties.

6.3 Postal Advertising

Based on our legitimate interest in personalised direct marketing, we reserve the right to store your first and last name, postal address, and — if provided — your title, academic degree, year of birth, and professional or business designation in accordance with Art. 6(1)(f) GDPR, and to use them for sending interesting offers and information about our products by postal mail.
You can object to this use of your data at any time.

7) Site Functionalities

7.1 Vimeo

This website uses plugins to display videos from Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, NY 10001, USA.

When you visit a page containing such a plugin, your browser connects directly to the provider’s servers. Certain information, including your IP address, is transmitted.

When video playback is started, Vimeo uses cookies to collect information on user behaviour, generate playback statistics, and prevent abuse.

If you are logged into your Vimeo account while visiting our site, your actions are linked to your account. To prevent this, log out before activating playback.

All processing — especially setting cookies for reading device information — takes place only with your explicit consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time via the cookie consent tool.
For data transfers to the USA, Vimeo complies with the EU–US Data Privacy Framework, ensuring EU-level data protection.

7.2 YouTube

This website uses plugins to display videos from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Data may also be transmitted to Google LLC, USA.

When accessing a page containing such a plugin, your browser connects directly to Google’s servers. Certain information, including your IP address, is transmitted.

When video playback is started, Google uses cookies to gather user behaviour data, generate playback statistics, and prevent misuse.
If you are logged into a Google account, your interactions are linked to it. Log out before playing a video if you wish to avoid this.

All processing and cookie use occur only with your consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time via the cookie tool.
Google also participates in the EU–US Data Privacy Framework, ensuring compliance with EU data protection standards.

7.3 hCaptcha

We use the CAPTCHA service hCaptcha, provided by Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA, to verify that input is made by a human rather than automated scripts.
The provider collects the IP address, browser and system type, date, and duration of visit and transmits them for analysis to its servers.

Legal basis: our legitimate interest in preventing misuse and spam (Art. 6(1)(f) GDPR).
We have a data processing agreement with hCaptcha ensuring data protection and prohibiting unauthorised transfer.
For U.S. transfers, hCaptcha relies on EU Standard Contractual Clauses.

7.4 Google Customer Reviews

We participate in Google Customer Reviews, operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
With your consent (Art. 6(1)(a) GDPR), we transmit your email to Google after purchase so that you may rate your shopping experience. Ratings are aggregated and displayed in our Google Customer Reviews badge and Merchant Center.
Data may also be transferred to Google LLC servers in the USA.
You may withdraw your consent at any time.
Google participates in the EU–US Data Privacy Framework.
Further information: https://business.safety.google/privacy/

7.5 GoToMeeting

We use GoToMeeting, operated by LogMeIn Ireland Limited, Bloodstone Building Block C, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland, for online meetings and webinars.
Data may also be transferred to U.S. servers.
Depending on participation, GoToMeeting processes login details (name, email, phone, password), session data (topic, IP, device info), and audio/video content.

Legal bases:

  • Art. 6(1)(b) GDPR – contractual necessity,

  • Art. 6(1)(a) GDPR – consent (which may be withdrawn anytime),

  • Art. 6(1)(f) GDPR – legitimate interest in efficient communication.

A processing agreement with the provider ensures data protection; transfers to the USA rely on EU Standard Contractual Clauses.

8) Tools and Other Services

Lexware Office
We use the cloud-based accounting software provided by Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany.
The provider processes invoices and bank transactions to automate accounting.
If personal data are processed, this is based on our legitimate interest in efficient business management (Art. 6(1)(f) GDPR).

9) Rights of the Data Subject

9.1
Under applicable data protection law, you have the following rights vis-à-vis the controller regarding the processing of your personal data:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to notification (Art. 19 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to withdraw consent (Art. 7(3) GDPR)

  • Right to lodge a complaint (Art. 77 GDPR)

9.2 Right to Object

If we process your personal data on the basis of our overriding legitimate interest (Art. 6(1)(f) GDPR), you have the right to object at any time for reasons arising from your particular situation.
If you exercise this right, we will cease processing unless we can demonstrate compelling legitimate grounds overriding your interests, rights, and freedoms, or if processing serves to assert, exercise, or defend legal claims.

If we process your data for direct marketing purposes, you may object at any time; upon objection, processing for such purposes will cease immediately.

10) Duration of Storage of Personal Data

The storage duration of personal data depends on the legal basis, purpose of processing, and applicable statutory retention periods (e.g. commercial and tax law).

Data processed on the basis of consent (Art. 6(1)(a) GDPR) are retained until consent is withdrawn.
Data subject to statutory retention under Art. 6(1)(b) GDPR are deleted after expiry of those periods unless still required.
Data processed under Art. 6(1)(f) GDPR are retained until you exercise your right to object, unless overriding reasons justify continued processing.
Data used for direct marketing are stored until you object.

Unless otherwise specified, personal data will be deleted once they are no longer necessary for the purposes for which they were collected.