Data protection
You can print or save this document by using the regular functions of your web services program (= browser: usually "File" -> "Save as"). You can also download this document in PDF and archive it by clicking here. To open the PDF file, you will need the free Adobe Reader software (available from www.adobe.com) or similar programs able to read PDF files.
Data protection at www.betzold-educational.com
Data protection is a matter of trust, and your trust is important to us. Data processing by Arnulf Betzold GmbH, represented by its managing directors Ulrich Betzold, Tina Betzold and Markus Merz (hereinafter also referred to as "we" or "us") as the controller within the meaning of Art. 4(7) of the GDPR is based on statutory provisions.
Your information
With this privacy policy, we inform visitors and customers entering into contracts on our website of the collection, processing and use of data when visiting, registering and entering into contracts as well as the right to object, right to withdraw your consent and other rights you have as a data subject regarding the processing and use of your data.
The following linked headings are intended to allow you to access the required information quickly.
- What we do with your personal data
- What are personal data?
- Use of data for the performance of a contract and for internal organisation
- Data storage, registration, customer account
- Contact
- Use of data for marketing purposes
- Erasure and blocking
- Data collection when visiting our website
- Technical information and cookies
- What are cookies and what are they used for?
- Use of profiling
- How do we protect your personal data
- Credit check
- Internal credit check
- Legal basis
- Your rights
- Right to confirmation and right of access
- Right to rectification
- Right to object
- Right to withdraw your consent
- Right to erasure (right to be forgotten)
- Conditions for erasure
- Further right to be forgotten
- Exceptions to erasure
- Right to restriction of processing
- Right to data portability
- Asserting your rights
I. What we do with your personal data?
1. What are personal data?
Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). Identifiability does not necessarily require mentioning the data subject by name. Indirect identifiability is sufficient, e.g. by reference to an identification number, location data, an online identifier or to one or more specific factors. This means this is about your identity. This includes your name, but also your telephone number, your address and other data you transmit to us.
Many legal grounds for our data processing can be found in the European General Data Protection Regulation (GDPR). In the following, we refer to relevant provisions as the legal basis for our processing.
2. Use of data for the performance of a contract and for internal organisation
- Steps prior to entering into, and performance of, a contract
If you contact us with an enquiry or enter into a contract with us, we will require and process certain data – such as the details of an intended order or an order placed with us, your address, email address and payment details – for checks prior to entering into a contract, performance of the contract and processing any subsequent warranty or guarantee claims (for the legal basis see point (b) of Art. 6(1) of the GDPR). In the course of processing your order and payment, the service providers used by us (e.g. delivery companies, payment services providers) will receive the data concerning your person and/or your order as required. We also perform credit checks (see section IV below). Without such appropriate and correct information, we cannot accept your order or cannot offer you certain modes of payment.
In addition, we are required by commercial and tax law to archive data from completed transactions for the duration of the statutory retention periods. The legal basis for such use of your data is point (c) of Art. 6(1) of the GDPR.
- Processing in the context of company organisation
Furthermore, data are used for defending legal rights and for the pursuit of claims to safeguard our legal interests (point (f) of Art. 6(1) of the GDPR), in compliance with our legal obligations (such as evidence for the revenue authorities) on the basis of point (c) of Art. 6(1) of the GDPR, and within our legitimate interest in a lawful and efficient organisation of our business (including the transfer of data to persons bound to professional secrecy, such as tax advisers or solicitors; point (f) of Art. 6(1) of the GDPR) and/or by transferring data to intermediate service providers contractually obliged pursuant to Art. 28 of the GDPR to comply with statutory data protection provisions. In organising our business, we will process your data on our IT systems and, where necessary, transmit data concerning customers, interested parties, suppliers and personnel to authorities such as the revenue administration, in compliance with our legal obligations, and to advisers (tax advisers, solicitors, auditors) in accordance with our legitimate interest in a lawful and economical company organisation. The legal basis is points (c) and (f) of Art. 6(1) of the GDPR.
In this context, we analyse data concerning all company and business transactions for the purposes of company management and market analysis. Unless a specific purpose necessitates otherwise, the data will largely be analysed in an anonymised or at least pseudonymised form and will only be made available to third parties in a summary form dissociated from individual persons. The legal basis is points (c) and (f) of Art. 6(1) of the GDPR.
- Outsourced IT and hosting
We may make use of IT software and hosting services from external service providers in the course of providing services and fulfilling your requests and our contractual obligations, on the basis of our legitimate interest in the efficient and secure management of the company and performance of the contract. In this context, your data concerning your interests, requests, orders and visits and/or your use of our services will also be processed via the services of such providers.
Where legally required and not already covered by provisions on professional secrecy, we have made contractual provisions with external processors to ensure our access and the secure and confidential treatment of your data.
The legal basis is point (f) of Art. 6(1) in connection with Art. 28 of the GDPR (entering into a processing contract).
3. Data storage, registration, customer account
Your specific order data are stored by us but cannot be viewed and/or accessed.
The online shop is only available to business customers, who in placing an order act in exercise of their trade, business or profession. You must register with us and provide evidence of your being a business customer in order to gain access to the shop.
After successful registration, you can log in with the email address provided by you and the password chosen by you. By registering, you will also gain access to the data stored by us concerning your person and your orders.
Besides authorisation, we will also use your email address for notifications of important changes in connection with your registration.
If you wish to terminate your access, please contact [email protected].
Please note that after termination your data will continued to be stored by us and used for the stated purposes (such as processing orders, but also for marketing information).
4. Contact
If you contact us by any of the ways provided for this purpose (e.g. by email or by using the contact form), we will save and store your name and contact details as well as your query. Your data will be used to process your query and to communicate with you. We will use your email address to be able to reply to you by email (legal basis: points (a) and (b) of Art. 6(1) of the GDPR). If you have a query about a specific order or if there is something you want us to do for you personally, we will need your real name. For any other queries, you may also use a pseudonym. After your query has been definitively resolved and where there are no other retention obligations, your data will be erased.
5. Use of data for marketing purposes
We are interested in maintaining customer relations with you, alert you to new product groups and services provided by us, acquire new customers, reactivate former customers and to provide our customers with information and offers. For the purposes of these legitimate interests, we will process your data on the basis of point (f) of Art. 6(1) of the GDPR (also via service providers) in order to provide you with information and personalised offers from us and to improve our information and offers. We may also arrange to obtain your separate consent outside the scope of this document; in such cases, our use of your data will be based on point (a) of Art. 6(1) of the GDPR.
Please refer to the following list of advertising measures for further information on our data processing in this context.
On the basis of the aforementioned statutory provision, we will make the following uses of your data without asking for your consent separately:
- Advertising by post
We will use your first name and surname, your address and – where we have obtained such additional information from you – your title, academic degree, your date of birth and your job title or industry or business description to send you offers and information about our company and our services and products by post if we expect that such information is of interest to you.
Consent-based uses
The following uses of your data shall only be made if we have obtained your consent outside the scope of this policy.
Point (a) of Art. 6(1) of the GDPR is the legal basis for any processing by our company for which we obtain your consent for a specific purpose of processing.
(Your acceptance of this notice does not yet constitute your consent to the relevant use of your data for marketing purposes.)
- Contact by telephone for order requests
Commercially, we will use your telephone number in cases of presumed consent in order to provide relevant information about our offers and promotions if we can assume an interest in such things.
- Advertising by email with separate consent
If you have separately registered for our newsletter, your email address and, as the case may be, further personal data freely provided by you when registering (e.g. your name, to allow us to properly address you) will be used for our own marketing purposes and, as the case may be, for offers from our advertising partners contained in the newsletter.
We will make a statistical analysis of when such an email is accessed and, as the case may be, which information provided is met with interest and to what extent (e.g. when you click on a link). This analysis is for the purpose of improving our delivery times and optimising the content of our offers and marketing information.
6. Erasure and blocking
Your personal data will be stored until the stated purposes have been achieved and/or for as long as we have a legitimate interest in storing them.
Thereafter, they will be erased, unless agreed with you otherwise or unless there are statutory archiving obligations (e.g. on the basis of commercial or tax law). In case of statutory archiving, the data will be blocked against any other access. On expiry of the statutory retention periods, these documents will be erased and destroyed in accordance with data protection law in the course of regular measures.
If you have consented to the collection, processing and use of your data, we will store and use your data for an indefinite period until you withdraw your consent or until the purpose for which you have given consent no longer applies. Thereafter, your consent and processing data will be archived for the statutory limitation period (usually three years) for the purposes of defending legal claims (legal basis: point (e) of Art. 17(3) of the GDPR).
If you no longer wish to receive advertising from us, we will use your name, address and, as the case may be, email address for the purpose of blocking in appropriate lists against which we compare our advertising lists, so that you no longer receive advertising. Erasure in this context thus means that your data are first blocked on our systems, in particular for advertising and marketing activities (legal basis: point (f) of Art. 6(1) of the GDPR). Your data will continue to be processed, where necessary, for purposes other than advertising, e.g. in the context of the performance of a contract and, as the case may be, warranty, as well as for documentation under commercial and tax law (legal basis: points (b) and (c) of Art. 6(1) of the GDPR).
If, notwithstanding the possible consequence of your continuing to receive advertising in individual cases, you desire the erasure rather than blocking of your data, please let us know.
To the top
II. Data collection when visiting our website
1. Technical information and cookies
You can visit our website without providing any personal information. When you visit our websites, even if this is done via a link in a newsletter or an advertisement, certain data will still be collected and stored in so-called log files. The data thus collected – even if you visit via newsletter links or advertising links on the web – are only access data without a direct personal link, such as:
- the web page from which we are visited;
- the page requested and/or the name of a file requested;
- the type and version of your browser;
- the time and date of access;
- the operating system on which the browser is running;
- the name of your internet service provider;
- the internet address (IP address) from which access is made;
- the products and content which the visitor is interested in and the extent of such interest, such as duration, frequency, interaction with forms, navigation elements and links.
The foregoing data are not attributable to you personally and will not be merged with your personal data without your consent, unless this is necessary for the prosecution of infringements of rights or of attacks on our systems.
While your IP address is made available by our hosting provider, it will be overwritten by an "x" after 7 days and thus anonymised for data protection reasons.
In addition, by appropriate shortening of IP addresses, we have sought to ensure that an attribution to your person will be difficult or almost impossible for any partners who also collect your IP address in the provision of their services.
2. What are cookies and what are they used for?
"Cookies" are small text files transmitted to the hard drive of your computer via your web browser or other programs. They are stored locally on your computer’s hard drive and kept ready for later access. Each of these text files contains a distinctive character string by which your browser can be identified when you next visit our website.
When you access our website, you can view a comprehensive list of the cookies used by us. This is also where we request your consent to our use of these cookies and the underlying technologies.
Using the link in the footer of this website, you can review our use of cookies and what consent you have given at any time.
There you can also withdraw your consent by unticking the relevant boxes.
As soon as you untick the boxes, data processing via the relevant cookies will be stopped.
Please note that we do not have access to your browser or your hard drive. This means that the cookies remain stored on your computer after you have unticked the box; however, they no longer serve a function for our website.
In this case, we recommend that you delete the cookies manually from your computer via your browser settings.
3. Use of profiling
In law, constructing automated data collections about a person is known by the term “profiling”. According to Art. 4(4) of the GDPR, profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
We do not use profiling.
III. How do we protect your personal data?
By law, companies are required to provide an adequate level of data protection. This means, among other things, reconciling the risk to the data, the likelihood of such risk, the state of the art, and the cost. We have taken appropriate technical and organisational measures to ensure the security of your data and their processing according to statutory provisions. If you have any security concerns when inputting data or any other questions or suggestions, please contact our customer service or our data protection officer. Further contact details are listed at the end of this policy.
When you place an order or log in to your personal account, your personal data are transmitted securely by encryption. To that end, we use the SSL (Secure Socket Layer) coding system. We use technical and organisational measures to protect our website and other systems against the loss, destruction, access, modification or dissemination of your data by unauthorised persons. You should keep your login information confidential at all times and close your browser window when you have finished communicating with us, especially if you are using a shared computer.
IV. Credit check
1. Internal credit check
Where we provide goods or services in advance of payment, we will, on the grounds of our legitimate interest to protect ourselves against defaults in payment and to protect our customers against identity theft, check your current and previous payment behaviour and any atypical ordering behaviour (e.g. orders from different customer accounts to the same delivery address made at the same time). The credit data considered include outstanding payments, default actions, information regarding insolvency, debt counselling, deferred payment agreements in case of default of payment.
On the basis of these data, we will decide whether we can offer you the desired payment method.
2. Legal basis
The legal grounds for the checks discussed above are point (b) of Art. 6(1) of the GDPR for checking your desired method of payment and point (f) of Art. 6(1) of the GDPR on the basis of our legitimate interests stated above.
V. Your rights
As a data subject, you can assert your statutory rights.
1. Right to confirmation and right of access
Pursuant to Art. 15 of the GDPR, you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. Where we do process such data, you have a right to access to your personal data stored, free of charge. This includes the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject: any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Furthermore, the data subject has the right to be informed whether personal data have been transferred to a third country or to an international organisation. Where that is the case, the data subject further has the right to be informed of the appropriate safeguards relating to the transfer. If you have any questions concerning the collection, processing or use of your personal data, or to exercise your right of access or your other rights, please contact us using the contact details at the end of this policy.
2. Right to rectification
You have the right to obtain from the controller rectification and/or completion of any inaccurate or incomplete personal data concerning you. The controller must make such rectification without undue delay.
3. Right to object
Your right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on a balancing of interests pursuant to point (f) of Art. 6(1) of the GDPR, including profiling based on those provisions (cf. II(2) above). In that case, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You have the right to object at any time to the processing of your personal data for direct marketing purposes; the personal data will then no longer be processed for such purposes.
If you object to the identity and credit check, this may result in our being able to offer you only restricted methods of payment or in our refusing to enter into a contract.
4. Right to withdraw your consent
You have the right to withdraw any consent you may have given at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
5. Right to erasure (right to be forgotten)
a) Conditions for erasure
You have the right to obtain the erasure of personal data concerning you. Please note that the right to erasure without undue delay (Art. 17 of the GDPR) (“right to be forgotten”) only exists where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw consent on which the processing is based according to point (a) of Art. 6(1) of the GDPR, or point (a) of Art. 9(2) of the GDPR, and there is no other legal ground for the processing;
- you object to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes pursuant to Art. 21(2);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.
b) Further right to be forgotten
Where we have made the personal data concerning you public and are obliged pursuant to Art. 17(1) of the GDPR to erase the personal data, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions to erasure
In addition to the foregoing conditions, please note the following exceptions, which may justify your request of erasure being refused:
The right to erasure shall not exist to the extent that the processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9(2) as well as Art. 9(3) of the GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) of the GDPR in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
6. Right to restriction of processing
You have the right to restriction of processing if you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data, or if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead. You also have the right to restriction of processing if we no longer need the personal data, but they are required by you for the establishment, exercise or defence of legal claims. Finally, you can assert that right if you have objected to processing pursuant to Art. 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override yours.
Where processing has been restricted, such personal data shall only be processed with the your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. The possibility of continued storage remains unaffected. If processing has been restricted pursuant to the above conditions, you will be informed by us before the restriction of processing is lifted.
7. Right to data portability
You also have the right to receive the personal data provided to us by you and which we have processed on the basis of effective consent or whose processing was necessary for entering into and/or performing a valid contract, in a “structured, commonly used and machine-readable format”. You also have the right to have the personal data transmitted directly to another controller, where technically feasible.
The right only exists where the rights and freedoms of other persons are not adversely affected.
8. Asserting your rights
If you have any questions or wish to assert your rights, please contract our customer service (see contact details below).
You may also contact our data protection officer, who is responsible for handling any complaints. You can contact our data protection officer at the following email address: [email protected].
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation (GDPR).
To the top
Arnulf Betzold GmbH
Ferdinand-Porsche-Str. 6
D-73479 Ellwangen
Telefon: +49 7961 92 58 - 10
Telefax: +49 7961 92 58 - 20
E-Mail: [email protected]
www.betzold-educational.com
This privacy policy is protected by copyright. Third parties are not permitted to use it – including in extracts – for commercial purposes. Infringements will be prosecuted.
PDF Download
Download Acrobat Reader for free »»