Privacy Policy
We are delighted you are visiting our website “www.bgz.de” (hereinafter “website”) and thank you for your interest in BGZ Gesellschaft für Zwischenlagerung mbH (hereinafter “BGZ”) and what we do.
We take data privacy in general and protection of your personal data very seriously. Your personal data are collected and processed in compliance with applicable data privacy legislation, in particular the EU General Data Protection Regulation (GDPR). The GDPR defines personal data as meaning any information relating to an identified or identifiable person.
This Privacy Policy is intended to give you a simple overview of what happens to your personal data when you visit our website, what data from your visit are recorded and the purposes they are used for, as well as the rights and options you have with regard to these data.
By using our website, you consent to your data being recorded, used and transferred in accordance with this Privacy Policy.
1. Controller
(1) The party responsible for collecting, processing and using your personal data (“controller”) on this website within the meaning of the GDPR is:
Data Protection Officer
BGZ Gesellschaft für Zwischenlagerung mbH
Frohnhauser Straße 50
45127 Essen
Germany
Phone: +49 201 2796-0
E-mail: datenschutzbeauftragter@bgz.de
Website: www.bgz.de
If you wish to object to your data being collected, processed or used by us in accordance with these data protection regulations as a whole or for individual measures, you can submit your objection to the above-named controller.
(2) You can contact the controller’s Data Protection Officer at:
Data Protection Officer
BGZ Gesellschaft für Zwischenlagerung mbH
Frohnhauser Straße 50
45127 Essen
Germany
Phone: +49 201 2796-0
E-mail: datenschutzbeauftragter@bgz.de
Website: www.bgz.de
If you have any further questions and/or suggestions or misgivings relating to the issue of data privacy, you as the data subject can get in touch with our Data Protection Officer (see above for contact details).
2. General information on use of the website
(1) Access data
Various items of personal data are collected when you use this website. Personal data are data that can be used to identify you personally. Information about your usage behaviour and your interaction with us, as well as registered data about your computer or mobile device, are recorded. We automatically collect and store information in server log files, which your browser automatically sends to us. These data include:
– The type of browser you use and its version
– The operating system you use
– The referrer URL (i.e. the page you had previously visited)
– The name and URL of the file called
– The date and time of the server request
– The Internet Protocol address (IP address)
– The amount of data transferred
These data are not combined with data from other sources. They are also not used to identify the data subject. The information from the above-mentioned data is used to optimise the content of our website and to ensure that the website and our IT systems function properly at all times. In the event of a cyberattack, the data can be used to provide law enforcement authorities with relevant information to enable prosecution.
The basis for data processing is Article 6 (1) b) GDPR, under which processing of data is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract.
(2) E-mail contact
If you contact us by e-mail or using the contact form, we will store your particulars in order to handle your enquiry and to get in touch with you if we have any follow-up questions. We store or use further personal data only if you consent to that or where that is legally permissible without separate consent.
(3) Cookies
Some of our Internet pages use cookies. Cookies do not cause any damage on your computer system and do not contain any viruses. Cookies help make our offering more user-friendly, more efficient and more secure. Cookies are small text files that are placed on your computer system and stored by your browser.
Most of the cookies we use are what are termed session cookies. They are automatically deleted when your visit is over. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser when you visit our website again.
You can make settings in your browser so that you are notified when cookies are placed and to permit cookies only on a case-by-case basis, to prevent acceptance of cookies for specific cases or in general, and to enable automatic deletion of cookies when you close the browser. If you disable cookies, the features of this website may be restricted.
Cookies required for electronic communication or to provide certain features you wish are stored on the basis of Article 6 (1) f) GDPR. The website operator has a legitimate interest in storing cookies, namely to ensure that its services are provided optimally and without technical errors. If other cookies (such as to analyse your browsing behaviour) are stored, they are dealt with separately in this Privacy Policy.
(4) BGZ newsletter
BGZ publishes articles on topical issues and projects at BGZ and on general developments about safe and responsible handling of radioactive waste and related news in its BGZ newsletter. You can subscribe to the BGZ newsletter on our website. Please refer to the input mask on our website for details of what data are required to subscribe to the BGZ newsletter.
Please note that you as the subscriber must have a valid e-mail address and must register to receive the newsletter. A double opt-in procedure is used for that. After you have first subscribed to the BGZ newsletter with your e-mail address, we are legally obligated to send you a confirmation e-mail to enable you to confirm your subscription. Once you confirm your subscription, the double opt-in procedure is completed and you are registered in the mailing list.
The double opt-in procedure reduces the risk of e-mail addresses being misused and thus protects you from being sent unsolicited data (also known as “spam”). In addition, this procedure is the only way to ensure that the e-mail address stated on the subscription form has actually been entered by its legitimate owner and that he or she, as the data subject, has authorised BGZ to send the newsletter. In order to ensure and, if necessary, to be able to prove that, the date and time of registration and the IP address of the IT system used are stored for that in addition to your e-mail address.
Data subjects can cancel their subscription to the BGZ newsletter at any time. The link contained in every newsletter or on the website can be used for that, or else notification to that effect can be sent to BGZ.
(5) Plug-ins, tools and YouTube
a) Google Web Fonts
This site uses web fonts provided by Google to ensure consistent fonts are displayed. When a page is called, your browser loads the required web fonts in your browser cache so that texts and fonts are displayed correctly.
To enable that, the browser you use must establish a connection with Google’s servers. As a result, Google is notified that our website has been called from your IP address. Google Web Fonts are used to make the presentation of our online offerings consistent and more appealing. That is a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
If your browser does not support Web Fonts, a default font from your computer is used.
You can find more information on Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s Privacy Policy at: https://policies.google.com/privacy?hl=en-GB.
b) Google Maps
This site uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Your IP address must be stored so that the features of Google Maps can be used. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on transfer of the data.
Google Maps is used to make the presentation of our online offerings more appealing and so that the places specified on the website are easy to find. That is a legitimate interest within the meaning of Article 6 (1) f) GDPR.
You can find more information on how user data is handled in Google’s Privacy Policy:Datenschutzerklärung von Google: https://policies.google.com/privacy?hl=en-GB.
(6) Lawfulness and period of storage
The legal basis for data processing in accordance with the above sections is Article 6 (1) f) GDPR. It states that processing is lawful if “processing is necessary to safeguard the legitimate interests pursued by the controller or by a third party.” The interests of BGZ are in particular to ensure its website’s operation and security, to analyse the way in which visitors use the website and to simplify use of this website.
Unless specifically stated, we process and store your personal data only for as long as is required and/or necessary to fulfil the purposes pursued and/or for as long as provided for under the European Union’s Directives and Regulations or Germany’s national laws and regulations.
If the purpose for which the data are stored no longer applies or a storage period prescribed by European Directives or Regulations or another competent legislature expires, we will routinely block or erase your personal data in accordance with the statutory stipulations.
3. Your rights as a data subject
You have various rights in relation to your personal data under the applicable data privacy laws, regulations and directives. If you wish to exercise these rights, please send a request to this effect by e-mail or by regular mail, clearly identifying yourself, to the address specified in Section 1.
The following provides you with an overview of your rights:
(1) Right to obtain confirmation and access
Under Article 15 (1) GDPR, you have the right to demand confirmation as to whether personal data concerning you are being processed. If they are being processed, you have the right, free of charge, to obtain information from us about what personal data concerning you is stored, along with a copy of these data. You have a right pursuant to Article 15 (1) GDPR to the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) the source of the data where the personal data are not collected from you;
h) the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
i) Where personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
(2) Right to rectification
Under Article 16 GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
(3) Right to erasure (“right to be forgotten”)
Under Article 17 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) you withdraw consent on which the processing is based according to point a) of Article 6 (1) GDPR, or point a) of Article 9 (2) GDPR, and where there is no other legal ground for the processing;
c) you object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR;
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
Where we have made your personal data public and are obliged pursuant to Article 17 (1) GDPR to erase them, we will – taking account of available technologies and the cost of implementation – undertake reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to your personal data. The same applies to any copy or replication of the personal data.
(4) Right to restriction of processing
Under Article 18 GDPR, you have the right to obtain from us restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
d) you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of our company override your legitimate grounds.
(5) Right to data portability
Under Article 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where:
a) the processing is based on consent pursuant to point a) of Article 6 (1) GDPR or point a) of Article 9 (2) GDPR or on a contract pursuant to point b) of Article 6 (1) GDPR; and
b) the processing is carried out by automated means.
In exercising your right to data portability pursuant to Article 20 (1) GDPR, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
(6) Right to object
Under Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to lawful processing of personal data concerning you which is based on point e) or f) of Article 6 (1) GDPR, including profiling based on those provisions. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, you, on grounds relating to your particular situation, have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
(7) Automated decision-making, including profiling
Under Article 22 (1) GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Article 22 (2) GDPR states that the above does not apply if the decision
a) is necessary for entering into, or performance of, a contract between you and us;
b) is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
c) is based on your explicit consent.
We do not perform automated decision-making based on personal data.
(8) Right to withdraw consent under data protection law
You have the right to withdraw consent you have given to our processing your personal data at any time.
(9) Right to lodge a complaint with a supervisory author
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful.
4. Data protection as part of applications and/or in the application process
BGZ collects and processes the personal data of applicants for the purpose of handling the application process. The data may also be processed electronically. That is the case in particular if an applicant submits the relevant application documents to us electronically, for example by e-mail. If we subsequently conclude an employment contract with the applicant, the data provided are stored for use as part of the employment relationship in compliance with statutory stipulations. If we do not conclude an employment contract with the applicant and/or do not conclude any other written agreement with regard to further retention of the data the applicant has submitted, the application documents are erased six months after a decision to reject the applicant is communicated, unless we have other legitimate interests for not erasing them. Another legitimate interest here is, for example, the requirement to furnish proof in the event of legal action under the German General Act on Equal Treatment (AGG).
5. Photography and filming at events held by BGZ
For the purposes of public relations and documentation, BGZ reserves the right to take photographs and/or make film recordings of speakers, participants and guests as part of events organised by BGZ or events at which BGZ acts as co-organiser, and to process and disseminate them. Such photos and recordings may be used for the company website, analogue/digital publications, newsletters and internal presentations. Furthermore, BGZ reserves the right to pass them on to media representatives.
BGZ will usually make explicit reference to the above in the invitations or when participants register for the event, as well as at the event’s venue itself.
The legal basis for that is Article 6 (1) point f) of the General Data Protection Regulation (GDPR). BGZ has a legitimate interest in reporting on its events and informing the public about its related activities. The legitimate interests and rights of the data subjects are always taken into account as part of that. Photographs and film recordings will only be published without consent if and insofar as they are group photos or overviews and not specific portrait or close-up shots of individual persons and children.
Please refer to Section 3 above for information on your further rights.
6. Video surveillance
Insofar as BGZ conducts video surveillance of properties (which are indicated as being monitored), this is done for a specific purpose:
– to safeguard and enforce domiciliary rights;
– to avert threats (theft/damage to property/vandalism);
– to protect against disruption/other acts by third parties;
– to support the security service in its tasks; and/or
– to preserve evidence in the form of recordings
Video data are usually erased after three days unless there has been an event-related incident.
The collected video data collected will be assigned to a person only in the event of a violation of domiciliary rights and/or another event-related incident so as to enable any criminal conduct to be investigated successfully.
Recordings are only handed over by BGZ at the request of the police authorities or the public prosecutor’s office or by court order.
BGZ uses external service providers whose employees have access to video data to supervise the video surveillance system. In addition, BGZ occasionally uses external service providers to maintain the video surveillance system; in this regard, access to the video surveillance system or to video recordings that have not yet been erased cannot be ruled out. Video data are not divulged to external service providers.
7. Data security
We have taken extensive technical and organisational precautions to ensure the security and protection of your data to the extent permitted by the applicable data protection regulations. We use SSL (Secure Socket Layer) or TLS (Transport Layer Security) encryption for that purpose and as a special means of protecting the transmission of confidential content, such as enquiries you send to us. SSL and TLS encryption is a protocol that transmits data on the Internet via an encrypted connection. As a user, you can recognise an encrypted connection by the fact that the address line of your browser changes from “http://” to “https://” and a small padlock icon is displayed in your browser bar (in different places).
We point out that, despite all the security measures taken, there may be security gaps when data is transferred on the Internet (e.g. in communication by e-mail) and that it is not possible to fully protect data against being accessed by third parties.
Furthermore, we cannot guarantee that our offering will be available at certain times; disruptions, interruptions or outages cannot be ruled out. The servers we use are backed up carefully on a regular basis.
8. Automated decision-making
Automated decision-making on the basis of the personal data we collect is not performed.
9. Disclosure of data to third parties; no transfer of data to non-EU countries
In general, we only use your personal data within our company.
If and insofar as we engage third parties to fulfil contracts, these third parties only receive personal data to the extent necessary for transmission of the service.
In the event that we outsource certain data processing services to third parties under a data processing arrangement, we contractually obligate the contractor acting as the processor to use personal data only in accordance with the requirements of the applicable data protection legislation and to ensure that the rights of data subjects are protected.
With the exception of the cases explicitly mentioned in this Privacy Policy, data are not transferred to bodies or persons outside the EU, nor is that planned.
The data usage regulations specified in this Privacy Polic
The data usage regulations specified in this Privacy Policy may be amended to reflect the further development of the Internet and of our offering or pursuant to changes in legislation and/or court rulings. We will announce such amendments on this site in good time. You should visit this site regularly to keep informed about the current status of our data usage regulations.