Skip to main content

Data Privacy

The protection of personal data and the responsible handling of information that you entrust to us are important and special concerns for us. AMF-Bruns GmbH & Co KG (AMF-Bruns) only processes personal data in accordance with the statutory regulations, in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). This data protection declaration applies to the AMF-Bruns Fördertechnik area including the sub-website www.amf-foerderanlagen.de and the landing website www.amf-bruns.de/intro/. The data protection declaration for the AMF-Bruns Mobility division can be found on the AMF-Bruns Mobility sub-website  and the data protection declaration for our Academy website.

With this data protection declaration, we inform you about how, on what legal basis, to what extent and for what purposes we process personal data in the case of

  • the general use of our website (see section 2.),
  • the further processing of data on the website amf-forderanlagen.de (see section 3).
  • visiting our Facebook fan page and Instagram profile (Insights) (see section 4),
  • the use of our presence in social networks (LinkedIn) (see section 5),
  • the conclusion of contracts with us (see section 6),
  • visiting our premises (video surveillance) (see section 7),
  • the visit to the business and production sites (visitor process) (see section 8),
  • the application for a job (see section 9),
  • the usual establishment of contact in the course of business (e.g. trade fair) (see section 10),
  • the sending of advertising and information flyers (see section 11).

We will also inform you about the recipients of your personal data within the EEA (see section 12) and in third countries (see section 13), the deletion of your personal data and corresponding retention periods (see section 14), your rights as a Data Subject (see section 15) and whether or not automated decision-making is used (see section 16).

1. Controller and Data Protection Officer

Controller: AMF-Bruns GmbH & Co KG, Hauptstraße 101, 26689 Apen; info@amf-bruns.de

Data protection officer: PLANIT // LEGAL Rechtsanwaltsgesellschaft mbH, Jungfernstieg 1, 20095 Hamburg; mail@planit.legal

2. General use of our websites

For the use of the website www.amf-bruns.de (AMF-Bruns landing page) and the website of AMF-Bruns Fördertechnik www.amf-forderanlagen.de, the processing of personal data to the extent described in section 2 is necessary to enable your use (usage data). In addition, we process personal data for other purposes as described below. Information on data processing that additionally applies to the website www.amf-forderanlagen.de can be found under point 3. In the following, we have provided general information on the legal basis, the purposes and, where applicable, legitimate interests and the necessity of processing your personal data.

We have implemented SSL or TLS encryption on our websites (recognisable by the “https://” in the address line and the lock symbol) in order to protect your personal data transmitted to us via our websites from unauthorised access by third parties.

a) Data processing when you visit our websites
When you visit our website, we collect personal data to enable you to use it (usage data). This includes your IP address and data about the beginning, end and subject of your use of the website as well as, if applicable, data for identification purposes (e.g. your login data if you log into a secure area). In addition, this includes technical data transmitted by your browser, such as browser type / browser version, the previously visited website (referrer URL), monitor resolution, operating system, device information (e.g. device type), etc., if applicable. We process this data in our legitimate interest (Art. 6 (1) (f) GDPR) for the purpose of providing this website and designing it to meet your needs. If you would like detailed information on the balance of interests, please contact one of the persons mentioned under point 1.

b) Contact form
We process your personal data when you use our contact form. If you contact us using the contact form provided, your details will be stored so that they can be used to process and respond to your enquiry. We would like to point out that data transmission on the Internet can have security gaps. Complete protection of data against access by third parties is not possible. The legal basis for this data processing is – depending on the subject of your enquiry – the permissibility of processing in the context of initiating a contract, a contract or our legitimate interest in providing a contact form for general enquiries (Art. 6(1)(b) or (f) GDPR). You are neither obliged to contact us via the contact form nor to provide personal data. If you do not provide your personal data, we may not be able to process your request. Otherwise, there will be no consequences for you. If you would like detailed information on the balance of interests, please contact one of the addresses mentioned under point 1.

2. Supplementary data processing when visiting our website
When you visit our website www.amf-forderanlagen.de, we process personal data about you in addition to the purposes set out in section 2 as set out below.

a) Accesses and storage on your terminal device (“Cookies”)
We use tracking technologies on our website that enable us or our contractual partners or service providers to collect data relating to the use of our website. These tracking technologies are usually referred to as cookies, which is why we also use this term in the following. However, the following also applies accordingly to other tracking technologies or file formats, such as local storage, pixels, beacons or tags. Cookies are text files that are saved to the browser on your end device. User-related pseudonymous data can be stored for these files. This data can then be read out in turn. When you visit our website www.amf-forderanlagen.de for the first time, we display a so-called cookie consent banner to inform you about the tracking technologies we use and to give you the choice of which optional cookies you would like to agree to. You can change your choice at any time in the Privacy Preference Centre on our website (see (iv) below).

i. Technically necessary cookies
In certain cases, the storage of information on your terminal device or the access to information already stored on your terminal device is absolutely necessary so that we can provide you with our website for use (“Necessary Cookies”). In these cases, access to your terminal device takes place on the basis of section 25(2)(2) TTDSG. Insofar as this information has a personal reference and is further processed by us in our IT systems, the legal basis for this data processing is our legitimate interest in providing our website and ensuring data security, Art. 6(1)(f) GDPR.

ii. Cookies requiring consent
We only use technically non-essential cookies with your consent. We use the following categories of consent-requiring cookies:

  • Performance cookies: These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answer questions about which pages are most popular, which are least used and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our website.
  • Functional cookies: These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third parties whose services we use on our sites. If you do not allow these cookies, some or all of these services may not work properly.
  • Cookies for marketing purposes: These cookies may be set through our website by our advertising partners. They may be used by these companies to profile your interests and track relevant ads to you on other websites. They do not directly store personal data but are based on a unique identification of your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

You can find more information about the file names, storage duration, provider and category of the respective cookie in the cookie settings of the cookie consent banner or the data protection preference centre of the respective website.

By clicking on the respective button (e.g. “Accept all cookies” or “Confirm selection”) in the cookie consent banner or the data protection preference centre, you consent both to the storage and reading of information in these optional cookies (section 25(1) TTDSG) via our respective website and to the further processing of any personal data read out (Art. 6(1)(a) GDPR).

iii. Consent to third country transfer
We also use cookies from third-party providers on www.amf-forderanlagen.de that are based in third countries outside the European Union (EU) and the European Economic Area (EEA) or use servers in such third countries. The level of data protection in such third countries is regularly not comparable with that of the EU. This applies in particular to the US, where data may be accessed by the surveillance authorities without any reason and, if you are not a citizen of the US, you currently have only very limited legal remedies against any access to your data. Such government access may not be effectively prevented even by additional agreements between us and the relevant third party provider. While the EU Commission and the US government announced a “Trans-Atlantic Data Privacy Framework” in March 2022 as a new mechanism for US data transfers, which is intended to provide EU citizens with additional remedies, this framework is not expected to be implemented until the end of 2022. Therefore, in our Cookie Consent Banner or the Privacy Preference Centre on our website, we also obtain your consent to such a third country data transfer (Art. 49(1)(a) of the GDPR).

Therefore, when deciding which cookies you wish to consent to, please bear in mind that by consenting to the setting of the relevant cookies you are also consenting to any associated transfer of your personal data to insecure third countries.

You can find out which third-party providers and cookies this concerns in detail in the cookie settings of the cookie consent banner or the data protection preference centre of the respective website.

iv. Withdrawal of your consents
You can withdraw your consent given in the cookie consent banner at any time for the future (Art. 7(3) GDPR). To do this, call up the Data Protection Preference Centre on our website. You can access the Data Protection Preference Centre by clicking on the “Cookie Settings” link in the bottom left-hand corner of our website. In the Privacy Preference Centre, you have the option of withdrawing and re-giving consent that you have already given by deselecting the relevant cookies. However, you can also select additional cookies there and declare further consents to us in this respect.

Your selection of optional cookies will in turn be stored in your browser as a cookie from our cookie content management provider Borlabs GmbH, Rübenkamp 32, 22305 Hamburg.

b) Use of Google services
We use several services of the US provider Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US) on www.amf-forderanlagen.de. If you consent to the setting of the corresponding cookies by Google in our Cookie Consent Banner or the Privacy Preference Centre on our website, Google will collect certain personal data from you. This is done by storing cookies for your browser with a pseudonymous user ID assigned by Google. The data collected by Google Analytics is also stored on Google servers in the US. We have activated the “IP anonymisation” function on our website. This means that your IP address will be shortened by Google within member states of the EU or the EEA before being transmitted to the US. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. The IP address transmitted in the context of the use of the Google services listed below will not be merged with other Google data. Nevertheless, when making your decision you should take into account that the protective measures taken by Google, at least in the opinion of various European data protection authorities, should not be sufficient to effectively prevent possible access by the US authorities to your usage data. The legal basis for the use of Google services is your consent pursuant to Art. 6 (1) a GDPR, Section 25 (1) TTDSG. (see point 2.b.ii.).

When deciding whether you wish to consent to our use of Google cookies, please note that by consenting to the setting of the relevant cookies you are also consenting to any associated transfer of your personal data to the US.

You can access Google’s privacy policy here.

i. In particular Google Analytics
If you consent to the setting of the Google Analytics cookie in our cookie consent banner or the privacy preference centre on our website, Google will collect data relating to your use of our website. This enables Google to assign data relating to usage behaviour on our website to this respective pseudonymous user. We have commissioned Google to use this information to evaluate the usage behaviour of the website, to compile reports on website activities and to provide us with further services related to website and internet usage.

ii. In particular Google Ads, Google Ads Remarketing
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when you enter certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). We can evaluate this data quantitatively by analysing, for example, which search terms have led to the display of our advertisements and how many advertisements have led to corresponding clicks.

With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups in order to subsequently track them with interest-based advertising in the Google advertising network (remarketing or retargeting). Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google’s cross-device functions. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be tracked on another of your end devices (e.g. tablet or PC). If you have a Google account, you can object to personalised advertising at the following link – here.

iii. Google Conversion Tracking
With the help of Google conversion tracking through the Google Tag Manager, Google and we can recognise whether users have carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

iv. Google Maps
Our use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website.

c) Use of a content delivery network (Cloudflare)
We use the service “Cloudflare”. The provider is Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, US (hereinafter “Cloudflare”). Cloudflare offers a globally distributed content delivery network with DNS. This technically routes the transfer of information between your browser and our website via Cloudflare’s network. This enables Cloudflare to analyse traffic between your browser and our website and act as a filter between our servers and potentially malicious traffic from the internet. In doing so, Cloudflare may also use cookies or other technologies to recognise internet users, but these are used solely for the purpose described here. The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 (1) (f) GDPR), as well as on your consent pursuant to Art. 6 (1) (a) GDPR, § 25 (1) TTDSG with regard to the cookies set. Data transfer to the US is based on the Standard Contractual Clauses of the EU Commission. Details can be found here. Further information on the topic of security and data protection at Cloudflare can be found here.

d) Google reCAPTCHA
We also use the captcha technology “reCaptcha v3” from Google. The subsidiary company Google Ireland Limited (Gordon House, Barrow Street Dubling 4, Ireland) is responsible for all Google services in Europe. The use of reCaptcha v3 makes it possible to distinguish whether data entries on our websites were made by a human or automatically created by programs. To do this, Google analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website and runs completely in the background. For the analysis, Google evaluates various information from which a personal reference to the respective website visitor can be established (IP address, the behaviour of the website visitor, information about the operating system, browser and length of stay, display instructions and scripts, the input behaviour of the website visitor and mouse movements). The data collected during the analysis is also transmitted to Google servers located in the US and stored there.

The data processing is carried out on the basis of Art. 6(1)(f) GDPR, as we have a legitimate interest in protecting our websites from abusive and automated spying as well as SPAM.

For more information on Google reCaptcha v3 and Google’s privacy policy, please see the following links: Privacy policies and About reCAPTCHA.

d) LinkedIn Insight Tag
This website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

With the help of the LinkedIn Insight Tag, we receive information about the visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyse the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. Furthermore, we can use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take any other action (conversion measurement). Conversion measurement can also be done across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting feature that allows us to track targeted off-site advertising to visitors to our website, although according to LinkedIn, there is no identification of the ad recipient. LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the US and use it in the context of its own advertising measures. For details, please refer to LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

The legal basis is Art. 6(1)(a) GDPR and section 25 TTDSG. The consent can be withdrawed at any time.

Data transfer to the US is based on the Standard Contractual Clauses of the EU Commission. Details can be found here and here.

You can object to the analysis of usage behaviour and targeted advertising by LinkedIn here. Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website with your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

f) LinkedIn Lead Gen Forms
As part of our online marketing activities, we use so-called Lead Gen Forms on LinkedIn. Lead Gen Forms are advertisements that enable the integration of contact forms in sponsored content. Lead Gen Forms are particularly important for us in the B2B area. By using these Lead Gen Forms, we can offer prospective customers a function with which they can provide their e-mail address or other user information. We use this functionality to be able to address interested parties in a more targeted manner. The legal basis for the processing of your personal data entered via the form is Art. 6(1)(f) GDPR. We have a legitimate interest in processing the data you have entered in order to process and respond to your enquiry accordingly. If you are a member of the LinkedIn platform, LinkedIn can assign the call of the above-mentioned contents and functions to the profiles of the users there.

Further information on data protection and LinkedIn’s Lead Gen Ads can be found here and here respectively.

You have the option to prevent this in the future if you set an opt-out cookie.

After the purpose has been achieved, we delete the data you have submitted via Lead Gen Forms unless we are legally obliged to retain it for a longer period of time or we still need your personal data for the performance or settlement of an existing contractual relationship or for verification purposes. In such cases, we will delete the relevant data after the statutory retention period has expired or as soon as we no longer need the data to implement or process an existing contractual relationship or for verification purposes.

g) Google Fonts & Font Awesome (local hosting)

We use fonts from Google (Google Fonts) and Fonticons Inc. (Font Awesome) on website for the uniform display of fonts. The fonts of both providers are hosted locally by us. When you access our website, there is therefore no connection to Google and Fonticons servers in the US.

Further information on Google Fonts can be found here and in Google’s privacy policy.

For more information on Font Awesome, please see the Font Awesome privacy policy.

4. Visit our Facebook fan page and Instagram profile (Insights)
When you visit or interact with our Facebook fan page or Instagram profile, your personal data (e.g. “Like” information) is processed as described in this section.

a) Joint Controllership
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland provides us with statistics and insights that help us understand the usage of our fan page or Instagram profile (“Page Insights”). In this case, Meta and AMF-Bruns are jointly responsible for the data processing (“Joint Controllers”). Instagram and Facebook are services of Meta. The following information applies to both our Facebook fan page and our Instagram profile.

b) Legal basis, purpose and necessity of the processing of your personal data
The legal basis for the processing of your personal data is Art. 6 (1) f GDPR. We use information that you provide to us via your Facebook profile or by visiting our fan page via your browser to provide the functionalities of our fan page. This may include checking the reach of our posts, defining our audience more accurately, tailoring ads to our audience and shaping our Facebook Fan Page to the actual interests of our visitors. This includes:

  • Age
  • Gender
  • Location

We process this data in our legitimate interest to maintain the functions of our fan page, to check our reach and to design and track our fan page according to your interests. If you would like detailed information on the balance of interests, please contact one of the addresses listed under point 1.

c) Further Information on our Joint Controllership with Meta
In order to transparently and explicitly define the responsibilities for compliance with the obligations under the GDPR
between AMF-Bruns and Meta, we have entered into an agreement with Meta stating that Meta is primarily responsible for data processing when you visit our Fanpage. In particular, Meta is responsible when you exercise your rights under Art. 12 and 13 GDPR, Art. 15 to 22 GDPR, and for compliance with the obligations in Art. 32 to 34 GDPR.

You can also address your request regarding data processing in connection with our Fanpage to us at any time or exercise your rights vis-à-vis the address mentioned in section 1 (for more information on your rights, see section 15). To the extent necessary to carry out your request or exercise your rights, we will forward your matter to Meta.

For more information about Page Insight data and exercising your rights, please see Meta’s information: here. For more information on the determination of responsibilities within the Joint Controllers in terms of Art. 26 GDPR, please see the agreement with Facebook: Link.

Data transfer to the US is based on the Standard Contractual Clauses of the EU Commission. Details can be found here and here.

You can also deactivate the “Custom Audiences” remarketing function in the ad settings section here. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: here.

For more information about the setting of cookies when visiting our Fanpage, please see Meta’s Cookie Policy.

For more information about protecting your privacy at Meta, please see Meta’s Privacy Policy.

You can find further information on data protection at Instagram here.

5. LinkedIn
We maintain an online presence within the social network “LinkedIn” in order to communicate with the users active there or to offer information about us there.

For a detailed presentation of the respective forms of processing by LinkedIn and the options for objection, we refer to the data protection declarations and information provided by LinkedIn as the operator of the network. In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with LinkedIn as the provider, as only the provider has access to the users’ data and can take appropriate measures and provide information directly. If you still need help, then you can contact us.

The service provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn). You can find LinkedIn’s privacy policy here. Information on the Privacy Shield (guaranteeing the level of data protection when processing data in the US) can be found here; opt-out options can be found here.

The legal basis for processing your personal data is the legitimate interest in offering an online presence in a social network with corresponding functionalities in order to communicate with users active there or to be able to offer information there, Art. 6(1)(f) GDPR. If you would like detailed information on the balancing of interests, please contact one of the persons named in point 1.

6. Conclusion and execution of contracts
In order to conclude or execute contracts with you (purchase contract), we process personal data relating to you. The legal basis for this is Art. 6(1)(b) GDPR. We process your personal data to establish and implement the contractual relationship with you. This requires the provision of your personal data. You are not obliged to provide your personal data, but if you do not provide it, the establishment and implementation of the contractual relationship is not possible. Otherwise, there will be no consequences for you.

7. Visit to our premises (video surveillance)
If you visit our premises, we monitor the outdoor area and the car park partly by means of video systems. These areas are marked with the following pictogram:

The legal basis for this data processing is Art. 6(1)(f) GDPR and section 4(1)(2)(3) BDSG. The purpose pursued by us is the prevention, detection and clarification of criminal offences, the safeguarding of house rights and the performance of traffic safety obligations. Our legitimate interest within the meaning of Art. 6(1)(f) GDPR is the protection of our property and the property and physical integrity of all visitors and employees. If you would like detailed information on the balancing of interests, please contact one of the persons named under point 1.

8. Visit to the business premises and production sites (visitor process)
If you visit our business or production sites as a guest, we process the following data: Name, first name, employer, date of visit. The legal basis for this is Art. 6(1)(f) GDPR. The purpose pursued by us is the prevention, detection and clarification of criminal offences, the safeguarding of house rights and the performance of traffic safety obligations. Our legitimate interest within the meaning of Art. 6(1)(f) GDPR is the protection of our property and the property and physical integrity of all visitors and employees. If you would like detailed information on the balancing of interests, please contact one of the persons named in point 1.

9. Applying for a job
We process your personal data within the application process. The legal basis for this is section 26(1)(8)(2) BDSG or section 26(2)(8)(2) BDSG or Art. 6(1)(b) GDPR. The data processing is carried out in the context of initiating an employment relationship with you. We process your personal data for the purpose of contacting you and assessing your suitability for the position for which you are applying. It is not possible to apply to AMF-Bruns without providing personal data. You are neither obliged to apply to AMF-Bruns nor to provide personal data. If you do not provide us with personal data, we may not be able to consider your application. Otherwise there will be no consequences for you.

10. Ordinary contact in the course of business (e.g. trade fair)
This paragraph describes those circumstances that result in the processing of personal data that are customary in the ordinary course of business.

These are primarily such cases as the spontaneous exchange of contact data at trade fairs, events, business lunches or other official activities, e.g. through the exchange of business cards or also the initial contact by AMF-Bruns or by you with business content, e.g. through entry in a contact form. We also process your personal data if you contact us via other communication channels (e-mail or similar).

The legal basis is Art. 6(1)(b) or (f) GDPR – depending on the object of providing your personal data or contacting you.

Purpose and necessity of the processing of personal data
We collect the following categories of personal data on the occasion of your or our contact: contact data, such as your name, address, e-mail or telephone number, data on your company, such as address, e-mail, business field, job description, title, data on your input/request, such as content, time of request, means of communication. This data is processed for filing in our contact databases in the course of business activities, such as e-mail programmes, telephone directories, card indexes, etc. for the purpose of resuming contact and/or processing your request and further handling.

Our legitimate interest is to contact you for the purpose of initiating business, reestablishing contact and/or dealing with your request and further processing, as well as for general communication with you.

If you would like detailed information on the balance of interests, please contact one of the addresses listed under point 1.

11. Sending advertising and information flyers
We use your personal data that you have provided to us in the course of a business relationship with us to send you advertising and information flyers. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest within the meaning of Art. 6(1)(f) GDPR is to advertise our products. We process your personal data to send you product, company and event information. Our legitimate interest is to inform you about AMF-Bruns and our services and to communicate with you.

12. Transfer to recipients of personal data within the EEA
We only pass on the personal data described in this data protection declaration insofar as this is necessary for the provision of our service or is legally required in this context. Within the scope of the purposes mentioned here, personal data is forwarded to service providers who work for us and in particular support us in the provision of services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound by further contractual data protection requirements. This includes, in particular, an obligation as a Processor pursuant to Art. 28 GDPR. In particular, we share personal data with the following categories of service providers:

  • Accounting, financial institutions, tax and legal advice,
  • IT service and infrastructure/hosting,
  • IT support and maintenance,
  • Data destruction and facility services.

Furthermore, we only transfer personal data to other recipients if this is permitted by law or if you have given your prior consent. You can withdraw any consent you may have given at any time with effect for the future. We only pass on your data to state authorities within the scope of legal obligations or on the basis of an official order or court decision and only insofar as this is permitted under data protection law.

13. Transfer to recipients of personal data in countries outside the EEA
As far as necessary for our purposes, we may also transfer your data to recipients outside the EU. This is particularly the case if we have to transfer this data to recipients in countries within the scope of contract processing or due to legal regulations. Otherwise, we only transfer data to third countries if it is ensured that the recipient of the data has implemented an adequate level of data protection within the meaning of Art. 45 GDPR or suitable guarantees within the meaning of Art. 46(2) and (3) GDPR and no other interests worthy of protection speak against the transfer of data. To ensure an adequate level of protection at the recipient of the data, we use in particular the Standard Contractual Clauses of the EU Commission for the transfer of personal data to third countries (Processor to Processor; Processor to Processor transfer), unless an Adequacy Decision within the meaning of Art. 45 1) GDPR has been issued by the EU Commission. In particular, we share personal data with the following categories of service providers:

  • Web analytics,
  • Intra-group Processor and Data Transfer,
  • in addition to the categories already mentioned, further categories of service providers may exist or be added at any time.

14. Deletion
We delete your personal data as soon as they are no longer required for the aforementioned purposes of processing, in the event of an objection there are no compelling reasons worthy of protection on the part of AMF-Bruns or in the event of a revocation there is no other legal basis for the processing. In certain cases, e.g. if there is a legal obligation to retain data, your personal data will initially be blocked and deleted upon expiry of the retention period.

Video surveillance recordings are usually deleted after a period of 72 hours at the latest. In justified individual cases, in particular for criminal investigations or the preservation of evidence, recordings are kept longer and deleted after this purpose has been fulfilled.

Job-related data is kept until a decision has been made and then deleted after six months at the latest or, in the case of a successful application, transferred to your personnel file.

15. Your rights
As a Data Subject, you have the following rights:

  • a right to obtain confirmation as to whether personal data relating to you is being processed by AMF-Bruns and if so,
  • the right of access to this personal data (Art. 15 GDPR),
  • a right to rectify your inaccurate data (Art. 16 GDPR),
  • a right to erasure (Art. 17 GDPR) or
  • a right to restriction (blocking) of your data (Art. 18 GDPR).

In addition, in the event of processing based on Art. 6(1)(e) or (f) of the GDPR, you may object to the processing (Art. GDPR), for which you must provide a specific ground, except in the case of direct marketing. If you have provided this data, you can request the transfer of the data (Art. 20 GDPR). Whether and to what extent these rights exist in individual cases and under what conditions they apply is laid down by law in the designated standards. If the processing is based on consent within the meaning of Art. 6(1)(a) or Art. 9(2)(a) GDPR, you may withdraw this consent at any time for the future (Art. 7(3) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).

If you have any questions or complaints about data protection at AMF-Bruns, we recommend that you first contact our data protection officer (see the contact details under point 1.).

16. No automated decision-making in individual cases
We do not use your personal data for automated individual decision-making within the meaning of Art. 22(1) GDPR.

Changes to the data protection statement
New legal requirements, corporate decisions or technical developments may require changes to our data protection statement. The data protection statement will then be adapted accordingly. You will always find the latest version on our website.

Status: July 2023