BabEng Privacy Statement
We (BabEng GmbH) welcome you on our website and thank you for your interest in our company. BabEng GmbH is committed to protecting and respecting your privacy by ensuring the obligations under the General Data Protection (GDPR) are met. This privacy statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.babeng.com (our Site) you consent to our Privacy Statement and agree to the practices described in this statement.
If you still have questions or concerns about your personal information and how it is used, please feel free to contact us (see contact details below).
I. NAME AND CONTACT DETAILS OF THE CONTROLLER ACCORDING TO GDPR ARTICLE 4 (7)
| Company: | BabEng GmbH |
| Address: | Einsiedelstr. 28, 23554 Lübeck |
| Telephone: | +49 451 – 486 678 – 90 |
| Email: | contact@babeng.com |
| Website: | www.babeng.com |
Data Protection Officer
For any other queries about this privacy statement or how we process your personal data you can contact our Data Protection Officer by email: privacy@tunnelsoft.com or by post: see address above.
II. OUR GENERAL CONCEPT OF DATA PROCESSING
1. The data we collect from you
We only process personal data, which is necessary for the functionality of our website including its content and performance. We process personal data with your consent.
There is an exception in cases that make obtaining your consent impossible but the law allows us to use your personal data.
We treat your personal data with total confidentiality and comply with all relevant data protection laws. Your privacy is extremely important to us. We’re committed to protecting any personal information you’ve given us against unauthorised or unlawful processing and by implying the latest safety standards.
As a privately owned and operated German company we are fully committed to comply with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
We have implemented appropriate technical and organisational measures to ensure that we and our external service providers adhere to the principles of data protection as set out in the GDPR.
Definitions
The legislature demands that personal data is processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’) as laid out in the GDPR Article (5)(1)(a). To ensure that you understand the legal definitions, we have listed the definitions that we use in our Privacy Statement here:
Personal Data
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Subject
‘data subject’ is any identfied or identifiable natural person, whose personal data is processed by the controller responsible for this task.
Processing
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of Processing
‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
Filing System
‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
Controller
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Recipient
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Third Party
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Legal basis for processing data
The processing of personal data is only permitted if a legal basis for processing the data exists. Processing shall be lawful only if and to the extent that at least one of the following applies: GDPR Article (6)(1)(a-f):
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
3. Data storage duration and deletion of personal data
We retain Personal Data for the period needed to fulfill the purposes for which Personal Data was collected and as otherwise required or permitted by applicable law, such as in relation to our record retention obligations. BabEng GmbH recognises the right to erasure, also known as the right to be forgotten, laid down in the GDPR Article (17). Individuals should contact the Data Protection Officer with requests for the deletion or removal of personal data. These will be acted on provided there is no compelling reason for continued processing and that the exemptions set out in the GDPR do not apply. These exemptions include where the personal data is processed for the exercise or defence of legal claims and to comply with a legal obligation for the performance of a public interest task or exercise of official authority.
III. USING OUR WEBSITE AND THE CREATION OF LOG FILES
1. The data we collect from you
(1) In the following we inform you about the personal data that we collect when you visit our website. Personal data can be your name, address, email, user behaviour.
(2) When you contact us by email or through our contact form, we collect your submitted personal data (possibly your company name, your name and email) to give you a reply. We do not keep personal data for longer than necessary or the processing of data is restricted, if there are legal data retention obligations.
2. Description of the personal data we obtain from you
If you use our website for mere informational use, that is, you have not provided us with personal data such as through contacting us directly by email, phone, in writing or by using our contact form, we will only collect the personal data, which the browser you are using transfers to us.
In common with most websites, this site automatically logs certain information about every request made of it.
The use of your personal information (see below for more details) is necessary for the legitimate interests of BabEng GmbH in operating and improving its websites, analysing their use and ensuring their security. Our websites collect very little personal information and we use it in ways that are compatible with your individual rights and freedoms.
In order to be able to view our website, we need to collect the following information that is technically required to display our website and to ensure the stability and security of our system.
– IP address
– Date and time stamp of the user attempt
– Time zone difference to Greenwich Mean Time (GMT)
– Content (the requested page)
– HTTP status code of the request
– The number of data bytes sent in response
– Referral source / Website the user comes from
– Browser type and language
– Operating system
– Internet Service Provider (ISP) of the user
The data is stored in the log files of our system. The data stored in the log files are used to produce usage statistics to improve system stability and functionality. We do not store these data together with other personal data of the user.
3. Lawful basis for processing the data
We adhere to the principle as laid out in the GDPR Article (6)(1)(f).
4. Why we use the data we obtain from you
Your IP address is stored by our system to make the website available on your device therefore your IP address has to be stored for the duration of your session.
The data stored in log files is necessary for us to run our website and its essential functions. Furthermore, we use the data to optimize our website and to ensure the safety of our integrated information technology. We do not evaluate the data for marketing purposes.
We collect personal data to offer the services that you have requested. Because of that we have a legitimate interest in obtaining the data as laid out in GDPR Article (6)(1)(f).
5. For how long will we keep your personal data
We keep personal data for the period needed to fulfil the purposes for which the personal data was collected and as otherwise required or permitted by applicable law. The personal data which was obtained while you visited our website is erased when your session ends.
Data which is stored in log files, will be deleted after 7 days at the latest. The data may be stored for a longer period. In this case the IP address of the user will be deleted or anonymized so that the data can no longer be attributed to the client.
6. Your rights to object and request erasure of your personal data
It’s necessary to obtain data to access our website and store data into log files to run our website and ensure its security. Consequently, you don’t have the option to object.
IV. USE OF COOKIES
1. Description of the personal data we obtain from you
(1) In addition to the personal data mentioned above, we use cookies for our website. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. Our cookies do not run programs or deliver viruses to your computer. One of the primary purposes of cookies is to provide a convenient feature to save you time. We use cookies to improve your online experience.
(2) Cookies can be classified as either ‘session’ or ‘persistent’ cookies:
– Session / Transient Cookies (see a.)
– Persistent Cookies (see b.)
a. Session cookies are placed on your browser when you access a website and last for as long as you keep your browser open. They expire when you close your browser.
These cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
b. Persistent cookies remain on your device for the period of time specified in the cookie or until you manually delete them from your browser. You can delete a persistent cookie in the privacy and security settings of your browser.
2. Lawful basis for processing the data
We use the strictly necessary cookies compliant to the data protection regulation as laid out in the GDPR Article (6)(1)(f).
If analytical cookies are used, they are placed with your consent as laid out in the data protection regulation GDPR Article (6)(1)(a).
3. How we process the data we obtain from you
We use strictly necessary cookies to store a unique identifier to manage and identify the user as unique to other users currently viewing the website in order to provide a consistent and accurate service to the user. Some features may not function properly or be available to you without using these cookies. The strictly necessary cookies will not be used to gather information for creating user profiles.
We use the following cookies for this website:
babeng.de
-
Name: PHPSESSID Category: Strictly necessary Type: Session Domain: www.babeng.com Purpose: This is a general purpose identifier used to maintain user session variables. Cookies named PHPSESSID only contain a reference to a session stored on the web server. No information is stored in the user's browser and this cookie can only be used by the current web site. No personal information is stored in this cookie. Expires: Expires when the user’s browser window or the browser is closed. -
Name: dlh_googlemaps Category: Necessary Type: Permanent Domain: www.babeng.com Purpose: After having given your consent to load Google Maps, this cookie is used to remember that Google Maps is shown without asking for consent every time you navigate to this page of the website. Expires: Expires after the period of time specified in the cookie or until you manually delete it from your browser. -
Name: JSSESSIONID Category: Strictly necessary Type: Session Domain: www.tunnelsoft.com Purpose: This is a cookie in Java EE web application which is used to identify a session. Indicates that you are actively using the site. Expires: Expires when the user’s browser window or the browser is closed. -
Name: COOKIE_SUPPORT Category: Strictly necessary Type: Permanent Domain: www.tunnelsoft.com Purpose: This cookie saves if your browser supports cookies. Expires: Expires after the period of time specified in the cookie or until you manually delete it from your browser. -
Name: GUEST_LANGUAGE_ID Category: Necessary Type: Permanent Domain: www.tunnelsoft.com Purpose: This cookie indicates your language preference. No user-specific information is evaluated. Expires: Expires after the period of time specified in the cookie or until you manually delete it from your browser.
4. For how long will we keep your Personal Data / Your rights to object and request erasure of your Personal Data
Cookies are stored on your computer from which they are transmitted to us. Therefore, you have complete control over the use of cookies. You may at any time restrict, disable or delete the cookies by adjusting your web browser settings. However, if you to this then, you may not be able to access some parts of the website, and some features may not function properly or be available to you.
V. CONTACT FORM AND CONTACT BY EMAIL
1. Description of the personal data we obtain from you
We offer a contact form on our website, which can be used to communicate with us via electronic means. If you use this type of communication, you provide us with personal information by filling in our form, i.e.:
- Company Name
- Name
- Message
You are asked for consent and referred to this Privacy Statement before submitting the message so that we can process the data.
You can also contact as by email (see contact details above).
In this case, we store the personal data that are transferred to us with your email. We do not share the data with unrelated third parties. We process the data solely to communicate with you.
2. Lawful basis for processing the data
If we have your consent we process these data as laid out in the data protection regulation GDPR Article (6)(1)(a).
If you contact us by email we process the data that you provide us with as laid out in the GDPR Article (6)(1)(f).
If the subject of your email communication is necessary for the performance of a contract with you or to take steps preparatory to such a contract, GDPR Article (6)(1)(b) sets out the legal basis for processing the data, in addition.
3. How we process the data we obtain from you
We solely process personal data that you provide us with by filling in the form to communicate with you.
If you contact as by email it is our legitimate interest to process the data. We might process other personal data that are obtained while you submit your email. These data help us to prevent misuse of the contact form and to safeguard our information technology.
4. For how long will we keep your personal data
We will keep your personal data only for as long as necessary to fulfil the purposes for which we are processing your personal data unless the law permits or requires longer. The personal data that we obtain when you communicate with us by using our form or by email, is deleted the moment our communication with you comes to an end. We assume the end of the communication when the relevant issue has been clarified.
5. Your rights to object and request erasure of your personal data
You can object to the processing of your personal data if applicable. If you contact us by email, you can object to processing your personal data at any time. In this case the conversation cannot be continued.
If you wish to exercise any of your rights in relation to your personal data, please send your request to privacy@tunnelsoft.com. We will consider and act upon any request in accordance with applicable data protection laws. If you wish to withdraw your consent to store your data, email us at privacy@tunnelsoft.com. All the personal data that was obtained from you during the course of our conversation will be deleted in accordance to the applicable law.
VI. USING GOOGLE MAPS ON OUR WEBSITE
1. Description of the personal data we obtain from you
We use Google Maps on our website so that you can comfortably use the services of the interactive map.
When you activate the map on our website, Google will receive the information that you viewed the map on our website. In addition to this information, the data, which our website logs automatically when you visit our website, will also be transferred. The data will be obtained by Google irrespective of whether you have a Google account that you are logged into while visiting our website or not. If you are logged into your Google account the data will be linked to your account. If you do not want Google to create a link between your Google profile and your visited websites, log out before you activate the map on our website. Google stores the date for creating user profiles that are used for advertising, market research and to design their website to people’s needs. This kind of evaluation is used especially (even for users that are not logged in) for offering a better adjusted advertising to the user’s demand and to inform other users of the social networks about their activities on our website. You have the right to object to creating user profiles. If that is the case, please send your request to Google.
2. Lawful basis for processing the data
We use Google Maps to show you the route to our office and to make route planning easy for you.
We base the use of Google Maps on:
– GDPR Article (6)(1)(a): The data is obtained after the user gives us his consent. The user clicks on the map to activate it and is referred to this Privacy Statement and Google’s Privacy Policy as well as their Terms of Service.
– GDPR Article (6)(1)(f): The processing of data through the use of Google Maps is based on our legitimate interest to improve the usability of our website.
3. How we process data that we obtain from you / For how long will we keep your personal data / Your rights to object and request erasure of your personal data
Further information about the scope of data collection and the processing of data by the map provider is available in the privacy policy of Google. That’s where you will also get additional information about your rights and the settings of your privacy protection: https://policies.google.com/?hl=en. Google also processes your personal data in the USA and abides by the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
VII. SERVICE PROVIDERS
We have a service provider with whom we have entered a separate contract to ensure the protection of your personal data.
Our service provider is:
Medienhelden GmbH (develop and host our sites)
Schwartauer Landstr. 102
23554 Lübeck
VIII. RIGHTS OF THE DATA SUBJECT
If personal data is processed, you have the following rights as the data subject (as referred to in the GDPR) towards the controller:
- the purposes of processing your personal data;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom your personal data have been or will be disclosed;
- the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing your personal data or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from you, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in the GDPR Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Where personal data are transferred to a third country or to an international organisation, you shall have the right to be informed of the appropriate safeguards pursuant to the GDPR Article 46 relating to the transfer.
2. Right to rectification (pursuant to the GDPR Article 16)
You have the right to obtain the rectification of inaccurate personal data without undue delay from the controller. You have the right to have incomplete personal data completed.
3. Right to restriction of processing (pursuant to the GDPR Article 18)
You have the right to obtain the restriction of processing your personal data from the controller where one of the following applies:
- you have contested the accuracy of your personal data for a period, enabling the controller to verify the accuracy of your personal data;
- the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
- the controller no longer needs your personal data for the purpose of processing, but you require them for the establishment, exercise or defence of legal claims;
- you have objected to processing your personal data pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override yours.
If you have restricted the processing of your personal data, such personal data shall - with the exception of storage - only be processed by your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained the restriction of processing your personal data according to the prerequisites mentioned above, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to erasure (pursuant to the GDPR Article 17)
4.1 Right to be forgotten
You have the right to obtain the erasure of personal data from the controller and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of the GDPR Article 9(2) as well as Article 9(3);
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with the GDPR Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing;
- for the establishment, exercise or defence of legal claims.
4.2 Personal Data disclosed to third party
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
4.3 Exceptions
The Right to Erasure does not apply, if the processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of the GDPR Article 9(2) as well as Article 9(3);
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with the GDPR Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing;
- for the establishment, exercise or defence of legal claims.
5. Notification obligation (pursuant to the GDPR Article 19)
If you have obtained the right to rectification or erasure of your personal data or restriction of processing, the controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with the GDPR Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients by the controller if you request it.
6. Right to data portability (pursuant to the GDPR Article 20)
You have the right to receive your personal data, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where:
- the processing is based on consent pursuant to point (a) of the GDPR Article 6(1) or point (a) of the GDPR Article 9(2) or on a contract pursuant to point (b) of the GDPR Article 6(1); and
- the processing is carried out by automated means.
In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The right to data portability does not apply if the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object (pursuant to the GDPR Article 21)
You have the right to object, on grounds relating to your particular situation, at any time to processing personal data concerning you which is based on point (e) or (f) of the GDPR Article 6(1), including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the right to object by automated means using technical specifications.
8. Right to withdraw your consent (pursuant to point (3) of the GDPR Article 7)
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling (pursuant to the GDPR Article 22)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
- is necessary for entering into, or performance of, a contract between you and a data controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests;
- is based on your explicit consent.
These decisions shall not be based on special categories of personal data referred to in the GDPR Article 9(1), unless point (a) or (g) of the GDPR Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority (pursuant to the GDPR Article 77 DSGVO)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes this Regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.
Changes to this Privacy Statement
We may update this Privacy Statement in accordance to the applicable law from time to time. We will always include the date of a new version so that you know when there has been a change. Last updated: March 2022
This Privacy Statement is effective as of May 25th, 2018
Last updated: March, 1st 2022