This privacy notice outlines how we process personal data on this website, including when providing the services offered here.
To learn more about how we process your personal data, please contact us through any of the channels listed below.
1. General information
Bohemia Cristal Handelsgesellschaft mbH
95100 Selb, Germany
Phone: +49 9287 86-0
Person responsible for website content:
Yvonne Stäudel, Head of Marketing
Person responsible for data protection:
Bohemia Cristal Handelsgesellschaft mbH
Gerhard Schuh and Jana Motkova
External data protection officers:
BM Digital Consulting GmbH
95028 Hof, Germany
Phone: +49 171 3027921
Gerhard Schuh and Jana Motkova
Phone: +49 928786-0
2. Purposes and legal basis for processing personal data
Unless otherwise specified, the legal basis for processing your data is founded on Art. 6(1)(a) of the General Data Protection Regulation (GDPR). This permits us to process any data that are required so that we can fulfil any task incumbent on us.
3. Duration of storage of personal data
Your data will only be stored for as long as they are required until the task has been fulfilled – where applicable, taking the statutory retention periods into consideration.
4. Rights of the data subject
To the extent that we process your personal data, you have the following rights as the data subject:
- Should your personal data be subject to processing, you have the right to obtain information concerning what personal data have been stored (Art. 15 GDPR).
- Should the personal data be incorrect, you have the right to have such data rectified (Art. 16 GDPR).
- Where the legal conditions are fulfilled, you may require that the processed data be erased or their use restricted (Art. 17, 18 GDPR).
- Should you have consented to your data being processed or should a contract permitting the processing of your data exist and the data be processed using automated processes, you may have the right, where applicable, to have the data transmitted to another controller (data portability) (Art. 20 GDPR).
- Should you have consented to your data being processed and the processing of such data be founded on your consent, you may withdraw your consent at any time with future effect. The lawfulness of your consent to have your personal data processed until such time as your withdrawal is received will not be affected. Where reasons specific to your personal situation apply, you have the right to object to your data being processed in cases where such processing occurs on the basis of Art. 6(1)(e) GDPR (Art. 21(1)(1) GDPR).
5. Forwarding of data to the USA
Some of the tools our website incorporates are owned by companies based in the USA. Where such tools are active, your personal data may be forwarded to the US-based servers held and run by the corresponding companies. You are hereby informed that the USA is not considered a secure third country within the meaning of the EU’s data protection law. US-based companies are obliged to release personal data to security agencies without you, the data subject, having any legal recourse in a court of law. As a result, it cannot be excluded that authorities in the United States (e.g. intelligence agencies) will process, analyse and permanently store data relating to you for surveillance purposes where such data are located on servers in the United States. We have no influence over such data processing activities.
6. How to withdraw your consent to data being processed
Many data processing procedures may only be performed with your express consent. You may, at any time, withdraw any consent that you have provided. The lawful nature of the data processing performed until receipt of your withdrawal of consent will remain unaffected. Right to object to your data being collected and, in specific cases, also to:
a) Direct advertising (Art. 21 GDPR)
Should data be processed on the basis of Art. 6(1)(e) or (f) GDPR, you have the right, at any time – on grounds arising from your particular situation – to object to your personal data being processed; this also applies to any form of profiling based on the aforementioned provisions. The legal basis on which any processing of data is founded is outlined in this Privacy Notice. In the event that you object, we will cease processing your personal data unless we can prove that compelling, legitimate interests exist that override your interests, rights and freedoms or that the processing of your data serves to assert, exercise or defend legal claims (Right to object pursuant to Art. 21(1) GDPR).
Should your personal data be processed in order to conduct direct advertising, you have the right, at any time, to object to such personal data being processed for the purpose of such advertising; this also applies in the case of profiling to the extent that this occurs in connection with such direct advertising. In the event that you object, your personal data will subsequently cease to be used for the purpose of direct advertising (Right to object pursuant to Art. 21(2) GDPR).
b) Right to lodge a complaint with a supervisory authority
You furthermore have the right to lodge a complaint with the Bavarian Data Protection Authority (BayLDA). The authority can be contacted as follows:
Bayrisches Landesamt für Datenschutzaufsicht (BayLDA)
91522 Ansbach, Germany
Phone: +49 981 180093-0
Fax: +49 981 180093-800
7. Further information
To learn more about how we process your personal data, please contact us through any of the channels listed above (at the beginning of this privacy notice).
8. SSL and/or TLS encyption
For security reasons and to safeguard the transmission of confidential content, such as orders or enquiries that you send us as the operator of the website, this website uses SSL and/or TLS encryption.
Encrypted connections are discernible through a change in the address bar in your browser – from “http://” to “https://”, and the padlock icon displayed in your browser address bar.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
9. Information particular to this website
a) External web hosting
Our web server is operated by the ProComp GmbH company. The personal data transmitted during your visit to our website are therefore processed by ProComp GmbH on our behalf.
Name of third-party processor: ProComp GmbH
Postal address: Industriealle 1, 95615 Marktredwitz, Germany
The personal data collected on this website are stored on the web hoster’s servers. This may include IP addresses, contact enquiries, metadata, data used for communication, contract-related data, contact details, names, website access and other data generated via a website.
The web hoster’s services are employed to enable us to fulfil contracts with our potential and existing clients (Art. 6(1)(b) GDPR) and to ensure the swift, secure and efficient provision of our online services through a professional provider (Art. 6(1)(f) GDPR).
Our web hoster will only process your data within the bounds of what is necessary for the web hoster to perform its service obligations and will abide by our instructions as far as such data are concerned.
To ensure that data are processed in compliance with the data protection regulations, we have concluded a third-party processing agreement with our web hoster.
b) Data logging
Whenever you access this or other websites, data are transmitted to the web server via your browser. The following data are recorded during the time that your internet browser communicates with our web server:
- Date and time of the request
- The page requesting the file
- The web browser used
These data are erased when the connection is closed.
a) Session cookie (technical cookie - essential)
When you access this website, technical cookies (small files) are stored on your device and remain active throughout your visit to the website. These are known as session cookies. These cookies are used only during your visit to our website and only the current browser session ID is stored. The cookie is removed when the browser session is closed. No IP addresses are stored.
b) Contailor cookie (technical cookie – essential)
This cookie enables administrators/authors to log in to the Admin portal to perform editing tasks. The following personal data are collected:
- Username (encrypted)
- Password (in accordance with an established password policy) (encrypted)
- Last login
The data are saved for three (3) months following the initial log-in. The three-monthly cycle recommences as soon as the user in question logs in to the platform.
c) Cookie consent through Usercentrics
This website uses Usercentric’s cookie consent technology to obtain your consent to certain cookies being stored on your end device or for certain technologies to be employed, and to document your consent in compliance with the data protection regulations.
This technology is provided by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany; website: https://usercentrics.com/de/ (hereinafter referred to as “Usercentrics”).
When you enter our website, the following personal data are forwarded to Usercentrics:
- Your consent and/or revocation of your consent
- Your IP address
- Information concerning your browser
- Information concerning your end device
- The date/time you visited the website
Usercentrics furthermore stores a cookie on your browser linking you to all forms of issued and/or withdrawn consent. Data recorded here are stored until you ask us to erase them, until you erase the Usercentrics cookie yourself, or until the purpose for which the data were stored ceases to exist. Mandatory legal obligations to retain data will remain unaffected. Usercentrics is used in order to obtain the forms of consent prescribed by law for using certain technologies. The legal basis for doing so is founded on Art. 6(1)(1)(c) GDPR.
Third-party processing agreement
We have concluded an agreement with Usercentrics governing the processing of data by a third party. This form of contract is prescribed by the data protection regulations and ensures that Usercentrics only processes personal data belonging to our website users in accordance with our instructions and in compliance with the GDPR.
11. Analysis of user behaviour (web tracking systems; web audience measurement)
No user behaviour is analysed using so-called web tracking systems.
12. Use of plug-ins
a) Google Maps
This website uses the Google Maps service. It is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Using the Google Maps features requires your IP address to be stored. This information is typically forwarded to a Google server based in the USA and stored there. As the website provider, we have no influence over the transmission of such data.
Google Maps is used in the interest of presenting our range of online services as attractively as possible and enabling locations shown by us on the website to be found without difficulty. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where your consent has been obtained as required, data will be processed solely on the basis of Art. 6(1)(a) GDPR; you may withdraw your consent at any time. Data are transmitted to the USA on the basis of the EU Commission’s standard contractual clauses..
Further details can be found here:
We use the YouTube.com platform to post our videos and make them publicly available. YouTube is a service offered by a third party with which we are not affiliated, namely YouTube LLC.
Some of our web pages incorporate links or shortcuts to services offered by YouTube. As a general rule, we are not responsible for the content presented on any linked websites. Should you click on a link to YouTube, please note that YouTube stores user-related data (e.g. personal details, IP addresses) in accordance with its own data processing policies and uses such data for business purposes.
YouTube may additionally store various cookies on your end device or use comparable recognition technology (e.g. device fingerprinting). These tools enable YouTube to collect information on its website visitors. The information in question may, for example, be used to collect statistics on video clips, to improve the user experience, and to prevent fraudulent practices.
By being logged in to your YouTube account, you enable YouTube to attribute your Internet surfing behaviour directly to your personal profile. You can prevent this from occurring by logging out of your YouTube account.
YouTube is used in the interest of presenting our range of online services as attractively as possible. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where your consent has been obtained as required, data will be processed solely on the basis of Art. 6(1)(a) GDPR; you may withdraw your consent at any time.
Users are actively required to furnish their consent before a connection is established to YouTube. You can withdraw your consent at any time.
The following data are transmitted to third-party providers:
- IP address
- Date and time of the request
- Time zone difference: local time to Greenwich Mean Time (GMT)
- Content of the request (specific web page)
- Response status/HTTP response status code
- Transmitted data volume (in bytes)
- Website sending the request (link)
- Browser used
- Operating system, including its interface
- Browser software language and version
As soon as you click on an embedded video to start watching and actively confirm your consent, YouTube stores a corresponding cookie on your device. These cookies can be disabled by making corresponding adjustments to the browser settings and add-ons.
Address and link to the third-party's privacy notice:
Google/YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland - Datenschutzerklärung: https://policies.google.com/privacy
13. Collection of other data
a) Contact form
Should you provide personal or business-related data through our website (e-mail addresses, names, postal addresses, etc.), these data will only be used to convey the requested information or for the purposes specified in the form. In the course of this process, your data will be encrypted using SSL software when transmitted to the mail server and protected from being viewed by third parties. The subsequent e-mail is transmitted unencrypted (see Clause 14) The data are not forwarded to third parties. The user is wholly at liberty to decide whether to use the services and service features offered there.
Last name (compulsory)
Street line 1 (optional)
E-Mail address (compulsory)
Phone number (compulsory)
b) Audioconferencing and videoconferening
Among other things, we use online conferencing tools to communicate with our clients. The specific tools that we use are listed below. Should you communicate with us using an online videoconferencing or audioconferencing tool, your personal data will be collected and processed by us and the provider of the corresponding conferencing tool. At the same time, conferencing tools collect all of the data that you provide/use when employing the tools (e-mail address and/or your phone number). Conferencing tools additionally process the duration of the conference, the start and end (times) of your participation in the conference, the number of participants, and miscellaneous “contextual information” related to the communications process (meta-data). The provider of the tool furthermore processes all of the technical data required in order to perform the online communications. This includes, but is not limited to, IP addresses, MAC addresses, device IDs, the device type, the type and version of the operating system used, the client version, camera type, microphone or loud speakers as well as the type of connection used. Any content exchanged, uploaded, or provided in any other shape or form within the tool will also be stored on the tool provider’s servers. Such content may include, but not be limited to, cloud recordings, chat messages, instant messages, voicemails, uploaded photos and videos; files, whiteboards and other information that is shared while using the service.
Please note that we only have limited influence over the data processing operations performed by the tools used. Our possibilities are largely governed by each provider’s corporate policy. To learn more about how data are processed by conferencing tools, please consult the privacy notice applicable to each of the employed tools, a full list of which is provided below.
Purpose and legal basis
Conferencing tools are used to communicate with prospective or existing contracting parties or to offer our clients specific services (Art. 6(1)(1)(b) GDPR). The tools are additionally employed in general to simplify and expedite communication with us and/or our company (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Where your consent has been obtained, the corresponding tools will be employed on the basis of such consent; you may withdraw your consent at any time with future effect.
The data that we directly collect through the videoconferencing and audioconferencing tools will be erased from our systems as soon as you request their erasure or withdraw your consent for data to be stored, or the purpose for which the data are collected ceases to exist. Stored cookies will remain on your end device until you erase them. Statutory data retention periods will remain unaffected. We have no influence over the length of time your data are stored by conferencing tool providers for their own purposes. For further details, please contact the conferencing tool providers directly.
We use the following conferencing tool:
We use Microsoft Teams, a tool provided by the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. To learn more about how data are processed, please consult the Microsoft Teams privacy statement:
Conclusion of a third-party processing agreement
We have concluded a third-party processing agreement with the Microsoft Teams provider and fully implement the strict requirements imposed by Germany's data protection authorities when using Microsoft Teams.
14. Newsletter and postal advertising
If you wish to subscribe to the newsletter offered on our website, we require an e-mail address from you as well as certain details that permit us to verify that you are the owner of the e-mail address provided and that you consent to receiving the newsletter. No other data are collected except where voluntarily given. Your data will only be used to send you the requested information and will not be forwarded to third parties.
Data provided in the newsletter contact form are processed solely on the basis of your consent (Art. 6(1)(a) GDPR). You may, at any time, withdraw your consent to your data and e-mail address being stored and the data being used to send the newsletter, by clicking on the “Opt-out” link provided in the newsletter. The lawful nature of the data processing performed until receipt of your withdrawal of consent will remain unaffected.
Until you opt out of the newsletter, we and/or the newsletter provider will store the data needed for you to receive the newsletter and will erase the data from the newsletter distribution list once the newsletter has been cancelled. Data that we have stored for other purposes will remain unaffected.
After you have been removed from the newsletter distribution list, we and/or the newsletter provider may save your e-mail address to a blacklist to ensure that you do not receive any mail shots in future. The data on the blacklist will only be used for this purpose and will not be merged with other data. This is both in your own interest and in our interest of complying with the statutory requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage of your data on the blacklist is not limited in time. You may object to the storage of your data provided that your interests outweigh our legitimate interest.
15. Elektronic mail (e-mail)
Information that you send us unencrypted by electronic mail (e-mail) can potentially be read by third parties during its transmission. As a general rule, we also cannot verify your identity and do not know who is actually behind an e-mail address. Basic e-mails therefore do no not guarantee that the communication is legally sound. We use filters (SPAM filters) to counter unsolicited advertising. On rare occasions, these may also erroneously also automatically classify normal e-mails as unsolicited advertising and delete them. We automatically delete e-mails containing malware (“viruses”) without exception.
When sending us messages meriting protection, we recommend either using encryption and signing them to prevent unauthorised parties from accessing and falsifying them during their transmission or sending us your message by conventional post.
Please also let us know whether and how we can send encrypted e-mails in response to your communications. Should you not have any means of receiving encrypted e-mails, we ask you to inform us how you would like us to contact you to respond to your messages meriting protection.
16. Specific information on the job application procedure
Treatment of applicant data
You have the possibility of sending us your job application (e.g. by e-mail or conventional post). Below, you will find information concerning the scope of personal data that we collect, how such data are used and for what purposes. You may rest assured that your data will be collected, processed and used in compliance with the valid data protection regulations as well as all other statutory provisions, and that your data will be treated in strict confidence.
Scope and purpose of data collection
Should you forward your job application to us, we will process your personal data in this context (e.g. contact details and communications data, application documents, notes taken during job interviews, etc.) to the extent required in order to arrive at a decision on whether to employ you. The legal basis for this process under German law is founded on Section 26 of the newly revised Federal Data Protection Act [BDSG] (initiation of employment), Art. 6(1)(b) GDPR (general initiation of contract) and – to the extent that we have received your consent – Art. 6(1)(a) GDPR. You may withdraw your consent at any time. Your personal data will only be forwarded to those individuals within our company who are involved in processing your job application. Should your application be successful, the data that you have submitted will be stored in our data processing systems on the basis of Section 26 of the newly revised BDSG and Art. 6(1)(b) GDPR for the purpose of implementing the employment relationship.
Data retention periods
Should we be unable to offer you a position, you decline an offered job position or withdraw your application, we reserve the right to retain the data you have submitted to us for a period of up to three (3) months from the application process closing (rejection or withdrawal of the application). This is in keeping with our legitimate interests as defined in Art. 6(1)(f) GDPR.
The data will then be erased and any physical application documents destroyed. The above-mentioned retention period especially serves to enable evidence to be submitted in the event of a legal dispute. Where it becomes apparent that the data will be needed beyond expiry of the three-month period (e.g. in light of an imminent or impending legal dispute), the data will only be erased once the purpose for continuing to retain such data ceases to exist.
Longer data retention periods may also apply where you have provided your consent accordingly (Art. 6(1)(a) GDPR) or where legal obligations to retain such data override the erasure of such data.
Should we not make you a job offer and, by implication, you send us an unsolicited job application, the application will be rejected within five (5) days and returned. Your application will not be added to an applicant pool and no personal data will be stored.
Last revised: 30.08.2021