Tel.+49 (0)40 / 644 195 360
Fax +49 (0)40/645 05 229
Registry Court Amtsgericht Hamburg
Registry Number HRB 138772
VAT Number DE302412564
Information in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR) and other data protection legislation
1./ Who is responsible for data processing (the controller) and whom can I contact?
The controller is:
Name: Benchpool GmbH
Adress: Jarrestraße 2, 22303 Hamburg,
Telephone: +49 (0)40 644195 360
2./ For what purpose do we process your data and what is the legal basis for that? / Can I refuse consent to my data being collected?
Whenever it is called by you or an automated system, our website records a number of items of general data and information. This general data and information is stored in our server’s log files. The following can be recorded: The types of browser used and their versions, the operating system used by the system accessing our website, the website from which a system accesses our website, the subpages accessed by a system on our website, the date and time our website was accessed, an Internet Pro-tocol address (IP address), the Internet service provider of the system accessing our website, and other similar data and information that helps repel threats in the event that our IT systems are attacked. We do not use this general data and information to identify the data subject. This information is required instead to deliver our website’s content correctly, to optimize our website’s content and advertising for it, to ensure that our IT systems and our website’s technology keep running properly, and to pro-vide the information required to prosecute any cyberattacks that occur to the law-enforcement authorities. This data and information, which is collected anonymously, is therefore analyzed by us statistically, as well as with the objective of increasing data protection and data security at our company and so ultimately ensuring an ideal level of protection for the personal data we process (Article 6 (1) point (f) GDPR). The anonymous data in the server log files is stored separately from all personal data provided by a data subject.
We use the personal data (e.g. name, address, e-mail address, telephone and fax number, nationality, gender, company name, identification data, tax ID, information on legal representation) provided to us voluntarily to carry out contracts or the steps prior to entering into a contract. This is on the basis of the related consent given in Article 6 (1) point (a) GDPR.
You can also use our treatment form to send us data concerning your health that is of importance to your treatment (description of your symptoms, medical history) be-fore you visit our surgery. “Data concerning health” as defined by Article 9 GDPR means personal data related to the physical or mental health of a natural person, in-cluding the provision of health care services, which reveal information about his or her health status. If you wish to enroll for the seminars we offer, we need your name and a means of contacting you (telephone, e-mail); this data will be deleted after the seminar. We then process this data in accordance with statutory requirements (such as under the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the General Data Protection Regulation (GDPR). Which personal data transmitted to the controller depends on our questions or your autonomous decision as to what information you wish to provide us with. We process the data required to perform a contract or steps prior to entering into a contract (such as replying to questions you have about a product or service) (Article 6 (1) point (b) GDPR). If you do not provide the personal data, we cannot fulfill our contractual obligations (such as invoicing, performance of our services, asserting claims, or correspondence with you). Neither can we answer your request. The particulars indicated by “*” in our contact form must always be provided so that we can address you in person (name) and respond to your questions (e-mail).
Which personal data is transmitted to the controller in the process will determine, based on our questions or your autonomous decision, which information you would like to provide us with.
We process the data which is necessary for the fulfilment of a contract or for the im-plementation of pre-contractual measures (e.g. to answer your questions about a product or a service) (Art. 6 (1 b) GDPR).
You have the possibility to register on our website and thus create a user profile. Af-ter registering on our website, we collect and process the following data in addition to the data automatically transmitted to us by your Internet browser. Depending on the purpose of processing, this data is marked as either mandatory or voluntary:
- Date and time of registration
- Your first names and surname
- Your title
- Your postal address
- Your E-mail address
- Your VAT ID number
- Your telephone number
- If provided voluntarily, your department
- If provided voluntarily, your website
In this context, you will also be asked to assign a password to ensure the security of your account and legitimacy when ordering.
Without the provision of personal data, we cannot fulfil our contractual obligations (e.g. invoicing, provision of our services, assertion of claims, correspondence with you).
On the basis of a weighing of interests (Article 6 (1) point (f) GDPR)
Where necessary, we process your data above and beyond actual performance of the contract to safeguard legitimate interests of ours or third parties (e.g.):
- Consultation of and data exchange with credit agencies (e.g. SCHUFA, credit insurers) to determine creditworthiness or default risks and the need for an at-tachment protection account or basic account;
- examination and optimization of processes for analyzing needs and direct ad-dressing;
- advertising or market and opinion research, insofar as you have not objected to the use of your data;
- assertion of claims and defence in the event of legal disputes;
- Address checks, identification of typing errors;
- ensuring IT security and IT operation at our company;
- Prevention and investigation of criminal offences;
- to operate our website;
- measures for building and plant security (e.g. access controls);
- measures for controlling business and further developing services and products.
Processing of the data is necessary to safeguard our legitimate interests (in accord-ance with Article 6 (1) point (f) GDPR) and is justified on account of our overriding interests. We use your data to market our services only if you have first consented to that (Article 6 (1) point (a) GDPR) and have not withdrawn your consent. We cannot send you any direct marketing without using this data. We use your data for direct marketing of our services only if you have first consented to that (Article 6 (1) point (a) GDPR) and have not withdrawn your consent. We also select the communications channels used for marketing (such as post, e-mail) so as to ensure that they cause you the least possible inconvenience.
On our website we operate an online store. If you wish to order goods from our online store, you can do so via your customer account (see section 2.1).
We create an internal account receivable in our processing system for each order or assign your order to an existing account receivable. In this account we store your basic data necessary for the contract processing:
- Contact data (surname, first name, title)
- Postal address
- E-mail address
- VAT ID number
- Your telephone number
- If provided voluntarily, your department
- If provided voluntarily, your website
We do not store any payment information (e.g. credit card number, bank details, ac-count number) during the payment process. If you register or have already registered, the information stored in your customer ac-count will be linked.
We process the aforementioned data in accordance with Art. 6 (1 a) and (1b) GDPR. Without the data we cannot conclude and/or process a contract with you.
3./ Who uses the data?
The personal data is used solely by the persons and departments involved in han-dling the contract; these are employees of our company. Seven (7) persons have ac-cess to “Data concerning health” as defined by Article 9 GDPR.
The processors we engage (Article 28 GDPR, basis for that: Article 6 (1) points (a) and (b) GDPR) may receive data for such purposes (hosting companies, telephone service providers). These processors are companies in industries like IT services, logistics, printing services, telecommunications, debt collection, advice and consulting, and sales and marketing. We store the data we receive on our firm’s own servers, but part-ly also on servers of specialized service providers within Germany. Depending on the payment method selected by you (EC card, cash, by invoice), we process certain de-tails (in particular the payment amount) to the relevant payment service provider. The respective service provider processes the transmitted data and collects your data on its own responsibility.
4./ For how long is your data stored?
Where necessary, we process and store your personal data only for the period of time it is needed or which is authorized by European Directives or Regulations or other laws or provisions of another legislator to which the controller is subject. As part of that, we are subject to various retention and documentation obligations, among other things pursuant to the General Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG), and the German Money Laundering Act (GwG). Section 147 of the German Fiscal Code (AO), for example, stipulates a retention peri-od of ten years.
If you have consented to processing of your personal data (Article 6 (1) point (a) GDPR), we erase your data as soon as possible after you withdraw your consent and there is no other legal grounds for processing the data.
If the purpose for which the data is stored no longer applies or the storage period prescribed by European Directives or Regulations or another competent legislator expires, the personal data is routinely blocked or erased in accordance with the statutory provisions, if it is no longer required or necessary.
5./ Is automated processing used?
We do not take any decisions within the meaning of Article 22 GDPR, which is based solely on automated processing, including profiling, and/or which produces legal effects concerning you or similarly significantly affects you.
You have the right to lodge a complaint with a supervisory authority, in particular in the country in which you are currently residing, where your place of work is located or at the place of the alleged infringement if you consider that the processing of per-sonal data concerning you infringes the GDPR.
The competent supervisory authority for Hamburg is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Straße 22, 20495 Hamburg
Tel.: (040) 4 28 54 – 40 40
E-Fax: (040) 4 279 – 11811
8./ Data protection as part of applications and in the application process
We collect and process personal data from job applicants so as to handle the applica-tion process (Article 6 (1) points (a) and (b) GDPR). The data may also be processed electronically. That is the case in particular when applicants send their application documents to the controller electronically, such as by e-mail or using a form on the website. We cannot handle an application if we do not collect the data. If you con-clude an employment contract with us, the data provided is stored for use as part of the employment relationship in compliance with statutory provisions. If an employ-ment contract is not concluded with an applicant, the application documents are au-tomatically erased two (2) months after a decision to reject the applicant is communi-cated, unless the controller has other legitimate interests for not erasing it. Another legitimate interest here is, for example, the requirement to furnish proof in the event of legal action under the German General Act on Equal Treatment (AGG). Ohne die Erhebung der Daten können wir die Bewerbung nicht bearbeiten.
10./ Use of Google Analytics
11./ Google Maps
12./ Google AdWords
13./ Google Web Fonts
We have integrated the internet service "Google Fonts" on our website to display fonts. This service is provided by Google (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA - hereinafter "Google"). For the integration, it is technically necessary to process your IP address so that the content can be sent to your brows-er. Therefore your IP address will be transmitted to Google. The data is processed to protect our legitimate interest in the optimization and economic operation of our website (Art. 6 (1 f) GDPR). You can find further information and the Google data protection declaration at: www.google.de/policies/privacy/. Google is certified under the Privacy-Shield-Agreement and thus offers an adequate level of data protection according to Art. 45 GDPR. You can find further information on this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
14./ Social Networks
We link within our website to the following social networks:
After clicking on the corresponding logo (links) you will be redirected to the website of the respective provider. After the redirection, user information is transferred to the respective provider. The data protection regulations of the providers of these web-sites can be viewed there directly. We have no influence on this.
We use SSL and TLS encryption to protect the transmission of confidential data. You can tell that a connection is encrypted by the fact that “https://” is displayed in your browser’s address bar. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the upper status bar of your browser and by the fact that "https://" appears in the address line of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, de-struction or unauthorized access by third parties. Our security measures are continu-ously improved in line with technological developments.
17./ Google TagManager
18./ Google reCAPTCHA
19./ Google Analytics Remarketing
GDPR - General Data Protection Regulation
BDSG - German Federal Data Protection
TMG - German Telemedia Act
GwG - German Money Laundering Act
HGB - General Commercial Code
KWG - German Banking Act
AO - German Fiscal Code
BGB - German Civil Code
UWG - German Act Against Unfair Competition
2. What are Cookies?
A cookie is a simple small file that is sent with the pages of an Internet address and can be stored by the web browser on the PC or other device. The information stored in it may be sent to our servers or the servers of relevant third parties during subsequent visits.
3. What are Scripts?
A script is a part of the program code with which our website functions properly and interactively. This code is executed on our server or on your device.
When you visit our website for the first time, we will show you a pop-up with an ex-planation about cookies. As soon as you click on "Save settings", you give us your consent to use all categories of cookies and plug-ins of your choice, as described in this cookie declaration. Functional cookies are automatically preset. You can, but do not have to allow the other cookies.
Cookies can also be managed via the browser settings. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for each browser under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Cookies are used (for example) supportively:
- When saving products that you have placed in the shopping cart or added to the wish list;
- During an order, so that you do not have to enter this data again;
- When saving preferences, such as language or location;
- During optimisation of integrated video ads;
- When collecting the browser settings from you in order to dispaly our website optimally on your screen, or
- In the detection of misuse of our website and services (e.g. through multiple registrations).
The following contents can be logged:
- Name of the retrieved file
- Date and time of the retrieval
- Transferred data volume
- Message about successful retrieval
- Web browser
- Requesting domain
The use is made to protect our legitimate interest in the optimization and economic operation of our website (Art. 6 (1 f) GDPR) or because you have consented to the use (Art. 6 (1 a) GDPR). Most of the cookies used are deleted from the hard drive at the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable us to recognize your computer during your next visit (so-called long-term cookies). These cookies are used to greet you with your user name and make it unnecessary to re-enter your password or fill out forms with your data for subsequent orders. It is not permitted for external third parties to collect, process or use personal data via our website using cookies. You can set your browser to inform you when cookies are set. You can then decide on a case-by-case basis whether or not to accept cookies, or you can generally exclude the acceptance of cookies. If cookies are not accepted, the functionality of our website, in particular our internet store, may be limited.
5.1 Technical or functional cookies
Some cookies ensure that parts of our website function correctly and that your user preferences remain known. By placing functional cookies, we make it easier for you to visit our website. In this way, you will not have to repeatedly enter the same information when you visit our website.
5.2 Analysis cookies
Your permission is required to create statistics.
5.3 Advertising Cookies
We do not use advertising cookies on this website.
6. Placed cookies
We use the following cookies:
6.1 Google Analytics
We use Google Analytics for website statistics.
Name; Retention; Function
_ga; 2 years; Store the unique User-ID
_gid; 1 tag; Counts and tracks page views
_gat; 1 min; Filter requests from bots
6.2 Google Fonts
We use Google Fonts to display web fonts.
Name; Retention; Function
tcb_google_fonts; ; Google Fonts - loading fonts
Google Fonts API; Nothing; Request the user IP address
6.3 Google Analytics Dashboard for WP
We use Google Analytics Dashboard for WP for website statistics.
Name; Retention; Function
gadwp_wg_default_metric; 1 month; Counts and tracks page views
gadwp_wg_default_dimension; 1 year;
statistics (anonymous); ;
gadwp_wg_default_swmetric; 1 year;
6.4 Cookie Notice
We use Cookie Notice to manage cookie consent.
Name; Retention; Function
consent_status; 3 months; Store cookie consent settings
6.5 LinkedIn Tag Manager
LinkedIn members can control the use of their personal information for promotional purposes in their account settings.
7. Further information
Copyright 2020, Benchpool GmbH