Scroll to top

Privacy Policy Personal information is a confidential matter

This Privacy Policy will explain to you the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the associated websites, functions and content as well as our external online presence, such as our social media profiles (hereinafter jointly referred to as "online offer"). With regard to the terms used, such as "personal data" or its "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Last updated: 1/1/2023

Controller

Brillux GmbH & Co. KG
Weseler Straße 401
48163 Münster
GERMANY

P.h.G. Brillux GmbH, registered office Münster, Münster District Court HR B 4272
Directors Peter König, Robert König, Ulrike Nordemann, Michael Thompson

Tel. +49 251 7188-0
Fax +49 251 7188-439
E-mail: info@brillux.de

Data Protection Officer

E-mail address: datenschutz@brillux.de

Types of data processed
  • Inventory data
  • Contact data
  • Content data
  • Usage data
  • Metadata/communication data

 

Processing of special categories of data (Art. 9 (1) GDPR)

No special categories of data are processed, unless these are entered into the processing procedure by the user, e.g. in online forms.

Categories of data subjects
  • Customers / prospective customers / suppliers
  • Visitors and users of the online offer

In the following we will also refer to data subjects jointly as "users".

Purpose of processing
  • Provision of the online offer, its content and its functions
  • Provision of contractual services, support and customer care
  • Registration for information and training events
  • Participation in sales campaigns and tenders
  • Online job applications
  • Responding to contact requests and communication with users
  • Marketing, advertising and market research

   

1. Applicable legal bases

Pursuant to Art. 13 GDPR, we will inform you of the legal basis of our data processing. If the legal basis is not mentioned in the Privacy Policy, the following applies: The legal basis for obtaining consent is Art. 6 (1) a and Art. 7 GDPR, the legal basis for processing for the performance of our services and fulfillment of contractual measures as well as responding to requests is Art. 6 (1) b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 (1) c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 (1) f GDPR. In the event that the vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 (1) d GDPR is the legal basis.    

2. Amendments and updates to the Privacy Policy

We ask that you regularly keep yourself informed about the content of our Privacy Policy. We will adapt the Privacy Policy as soon as this becomes necessary due to changes to the data processing carried out by us. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.    

3. Security measures

  1. Pursuant to Art. 32 GDPR, taking into account the state of the art, implementation costs and the nature, scope, context and purpose of processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, we will take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. These measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, but also the access, input, transfer, safeguarding of availability, and separation. Furthermore, we have established procedures to ensure an exercising of the rights of data subjects, the erasure of data and a reaction to the endangerment of data. In addition, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).
  2. The security measures include in particular the encrypted transfer of data between your browser and our server.
     

4. Cooperation with processors and third parties

  1. Where we disclose, transfer or otherwise grant access to data to other persons and companies (processors or third parties) within the scope of our processing, this only takes place on the basis of legal permission (e.g. if data transfer to third parties, such as a payment service provider, is required for contract fulfillment pursuant to Art. 6 (1) b GDPR), where you have given your consent, where a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
  2. Where we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.
     

5. Transfers to third countries

Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure/transfer of data to third parties, this will only take place in order to fulfill our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process the data or have the data processed in a third country if the special requirements laid down in Art. 44 et seq. GDPR are met. This means that processing is carried out on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
 

6. Rights of the data subject

  1. You have the right to request confirmation as to whether the data concerned are being processed and to request information about these data as well as further information and a copy of the data pursuant to Art. 15 GDPR.
  2. Pursuant to Art. 16 GDPR, you have the right to request the completion of your data or the rectification of incorrect data.
  3. Pursuant to Art. 17 GDPR, you have the right to request that the data concerned are erased immediately or, alternatively, pursuant to Art. 18 GDPR, to request a restriction on the processing of the data.
  4. You have the right to request to receive the data that you have provided to us, pursuant to Art. 20 GDPR, and to request that it be transferred to other controllers.
  5. Furthermore, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
     

7. Right of withdrawal

You have the right to withdraw consent that you have granted pursuant to Art. 7 (3) GDPR with future effect.
 

8. Right to object

You may object to the future processing of your data pursuant to Art. 21 GDPR at any time. The objection may be lodged in particular against processing for direct advertising purposes.
 

9. Cookies and right to object in the event of direct advertising

We use temporary and permanent cookies, in other words small files that are stored on the user’s devices (for an explanation of the term and function, please see the last section of this Privacy Policy). In part, cookies are used for security purposes or are necessary for the operation of our online offer (e.g. to display the website) or to store the user’s decision when confirming the cookie banner. In addition, we or our technology partners use cookies to measure reach and for marketing purposes, about which users are informed in the Privacy Policy. A general objection to the use of cookies for online marketing purposes may be lodged for a large number of services, in particular in the case of tracking, via the US site aboutads.info/choices/ or the EU site youronlinechoices.com/. Furthermore, the storage of cookies can be deactivated in the browser settings. Please note that it may not be possible to use all functions of this online offer if you choose to do this.

10. Erasure of data

  1. The data we process will be erased or the processing of such data will be restricted pursuant to Art. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, the data stored by us will be erased as soon as it is no longer required for its intended purpose and the erasure does not conflict with any statutory storage obligations. Where data are not erased because they are required for other, legally permissible purposes, the processing of such data will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial law or tax law reasons.
  2. In accordance with statutory requirements, the data are stored for 6 years pursuant to Section 257 Para. 1 German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years pursuant to Section 147 Para. 1 German Tax Code (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).
     

11. Personal area "My Brillux", online shop and advertising material shop

  1. Users can optionally create a user account for the protected area "My Brillux", where registered business customers can order products and customized advertising material as well as view all orders of the past twelve months and download copies of their invoices. Access to the Brillux Learning World is also enabled via your MyBrillux account. There is an option in Learning World with which you can add a profile picture and record your learning progress transaction data in online courses, as well as store your seminar history. During the registration process, users will be informed of the required information. User accounts are not public and cannot be indexed by search engines. The collection of user data is based on Art. 6 para. 1 p. 1 lit. b GDPR. If users have canceled their user account, their user account data will be erased, provided that storage of such is not required for commercial law or tax law reasons pursuant to Art. 6 (1) c GDPR. It is up to users to save their data before the end of the contract if they have terminated the contract. We are entitled to irretrievably erase all user data stored during the term of the contract.
  2. For the creation of customized advertising material, the print data created in the advertising material editor, including any information contained therein (e.g. company name, address, contact details, company logo), will be passed on to a print shop commissioned by us for printing and dispatch. We have concluded an order data processing contract with all print shops to ensure that they also comply with the current data protection guidelines.
  3. When users register and log in again, and when they use our online services, we store the IP address and the time of the respective user action. Storage is on the basis of both our legitimate interests and the user’s legitimate interest in protection against misuse and other unauthorized use. Data are not passed on to third parties unless this is necessary for us to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 (1) c GDPR.

12. Events

Photographs and/or video recordings will be taken, as part of events organized by Brillux GmbH & Co. KG and its subsidiaries. In some cases, you may be shown and appear as a recognizable attendee of the event.

Data is processed on the basis of Art. 6, para. 1. p. 1 lit. f of GDPR. Brillux GmbH & Co. KG and its subsidiaries therefore pursue their interest in publishing images and videos of the event for PR purposes, in print images as well as on their homepages and social media channels (among others, Facebook and Instagram).

If we use service providers to process data for us, we have taken care to ensure that these also comply with the applicable data protection regulations.

If you do not wish to be shown on a photo and/or video, we ask that you please inform us of this when entering the event.

As a person affected by this, you have the right to access, rectify, delete or limit the processing of your data. For further information, please contact our Data Protection Officer at datenschutz@brillux.de.

Please note that any online publication also constitutes a risk that images or recordings will be distributed further without our involvement and knowledge, and thus can no longer can be deleted. Furthermore, improper use by Internet users or search engines cannot be prevented. Please also note that images on printed material that has already been produced can no longer be removed.

13. Contacting us

  1. When users contact us (using the contact form or e-mail), the user’s information is processed in order to process and execute the contact request pursuant to Art. 6 (1) b) GDPR.
  2. We erase the requests if they are no longer required. We may store requests from customers who have a customer account permanently and for erasure refer to the information in the customer account. In the event of statutory archiving obligations, erasure will take place after such obligations expire (end of storage obligation under commercial law (6 years) and tax law (10 years)).
     

14. Collection of access data and log files

  1. On the basis of our legitimate interests as defined by Art. 6 (1) f GDPR, we collect data about each case of access to the server on which this service is located (so-called server log files). Access data include the name of the accessed website, file, date and time of access, the data volume transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
  2. Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then erased. Data whose further storage is required for evidence purposes are excluded from erasure until the case in question has been conclusively resolved.
     

15. Online presence in social media

  1. We maintain an online presence within social networks and platforms to communicate with customers, potential customers and users active there and to inform them there about our services. When accessing the networks and platforms, the terms and conditions and the data processing guidelines of the respective operators apply.
  2. Unless otherwise stated in our Privacy Policy, we process users’ data if they communicate with us within social networks and platforms, e.g. submit contributions to our online presence or send us messages.
     

16. Cookies and reach measurement

  1. Cookies are information transferred from our web server or third-party web servers to the web browsers of users and stored there for later retrieval. Cookies can be small files or other types of information storage.
  2. We use "session cookies", which are only stored for the duration of your current visit to our online presence (e.g. to enable the storage of your login status or the shopping cart function and thus the use of our online offer). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage duration. These cookies cannot store any other data. Session cookies are erased when you have finished using our online offer and, for example, log out or close the browser.
  3. Users will be informed about the use of cookies in the context of pseudonymous reach measurement within this Privacy Policy.
  4. If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be erased in the system settings of the browser. The exclusion of cookies may result in functional restrictions of this online offer.
  5. You may object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative (optout.networkadvertising.org/) and also via the US website (aboutads.info/choices) or the European website (youronlinechoices.com/uk/your-ad-choices/).
     

17. Google Analytics

  1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer as defined by Art. 6 (1) f GDPR), we use Google Analytics, a web analysis service of Google LLC ("Google"). Google uses cookies. The information generated by the cookie concerning use of the online offer by the user is generally transferred to a Google server in the USA and stored there.
  2. Google is certified under the Privacy Shield Agreement and thus offers a guarantee that it will comply with European data protection law.
  3. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data.
  4. We only use Google Analytics with IP anonymization enabled. This means that the user’s IP address will be shortened by Google within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional circumstances is the full IP address transferred to a Google server in the USA and shortened there.
  5. The IP address transferred from the user’s browser is not linked to other Google data. Users may prevent the storage of cookies by adjusting their browser software. Furthermore, users may also prevent Google from collecting data generated by the cookie relating to their use of the online offer and from processing these data by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout.
  6. Further information on data use by Google, configuration and objection options can be found on Google's websites: google.com/intl/de/policies/privacy/partners ("How Google uses data when you use our partners' sites or apps"), policies.google.com/technologies/ads ("Use of data in advertising"), adssettings.google.com/authenticated ("Manage information that Google uses to show you ads").

18. Newsletter

  1. With the following information we would like to inform you about the content of our newsletter as well as the registration procedure, dispatch procedure and statistical evaluation procedure and your rights to object. By subscribing to our newsletter you agree to its receipt and to the procedure described.
  2. Content of the newsletter: We will only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter "newsletters") with the consent of the recipients or legal permission. If the content of a newsletter is specifically described within the scope of the registration for the newsletter, this is decisive for the consent of the users. In addition, our newsletters contain information about our products, offers, promotions and our company.
  3. Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can log in with unknown e-mail addresses. Newsletter registrations are logged to prove that the registration process is in compliance with legal requirements. This includes the storage of the time of registration and time of confirmation as well as the IP address. The changes to your data stored with the dispatch service provider are also logged.
  4. Dispatch service provider: The newsletter is dispatched by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, hereinafter referred to as "dispatch service provider". The privacy policy of the dispatch service provider can be found here: cleverreach.com/de/datenschutz/.
  5. Furthermore, the dispatch service provider can use these data in pseudonymous form, i.e. no assignment to a user, in accordance with its own information to optimize or improve its own services, for example to technically optimize the dispatch and display of the newsletter or for statistical purposes in order to determine which countries the recipients come from. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or pass these data on to third parties.
  6. Registration data: To subscribe to the newsletter, all you have to provide is your e-mail address. As an option, we ask you to provide a name so that we can address you by name in the newsletter.
  7. Measuring success: Newsletters contain a so-called "web beacon", which is a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. During this retrieval, technical information, such as information about the browser and your system as well as your IP address and time of retrieval, is collected initially. This information is used to technically improve the services based on the technical data or the target groups and their reading behavior using their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked on. Although this information can be assigned to the individual newsletter recipients for technical reasons, neither we nor the dispatch service provider intend to observe individual users. Rather, the evaluations enable us to recognize the reading habits of our users and to adapt our content to them or to send different content in line with our users’ interests.
  8. The dispatch of the newsletter and success measurement are carried out on the basis of recipient consent pursuant to Art. 6 (1) a, Art. 7 GDPR in conjunction with Section 7 Para. 2 No. 3 German Unfair Competition Act (UWG) or on the basis of the legal permission pursuant to Section 7 Para. 3 UWG.
  9. The logging of the registration procedure takes place on the basis of our legitimate interests pursuant to Art. 6 (1) f GDPR and serves as proof of consent to receive the newsletter.
  10. Cancellation/withdrawal: You can cancel the receipt of our newsletter at any time, i.e. withdraw your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and canceled their subscription, their personal data will be erased.
     

19. Integration of third-party services and content

  1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer as defined by Art. 6 (1) f GDPR), we use content or services from third parties within our online offers to integrate their content and services, e.g. videos or fonts (hereafter referred to as "content"). This always presupposes that the third-party providers of this content are aware of the IP address of the user, as they cannot send content to their browser without the IP address. The IP address is thus necessary to display this content. We endeavor to use only such content whose provider uses the IP address only to deliver the content. Third-party providers may also use so-called "pixel tags" (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer and may be linked to such information from other sources.   
  2. The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and, already mentioned here in part, objection options (opt-out):