Privacy statement

Responsible Party

‍The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

Linck Holzverarbeitungstechnik GmbH

Appenweierer Straße 46

77704 Oberkirch

Link to the Legal Notice: https://www.linck.com/de/

‍

Data Protection Officer

‍You can reach our Data Protection Officer at:

Bugl & Kollegen GmbHAlexander BuglEifelstraße 5593057 RegensburgGermany

Phone: –Email: kontakt@buglundkollegen.de

‍

Hosting and Server Log Files

‍The hosting services we use (services for operating and providing the website) serve to provide the following: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we use for the purpose of operating this online offering.

In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, prospective customers, and visitors to this online offering, based on our legitimate interests in the efficient and secure provision of this online offering pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

‍

Contact

‍You have the option of contacting us by email, phone, contact form, or letter, which may involve the processing of personal data. We process your data to handle and respond to your inquiry. We will not share your data with third parties without your consent.

The legal basis for processing is our legitimate interest in effectively handling your inquiry pursuant to Art. 6(1)(f) GDPR.

When you contact us by email, we store your email address and the information contained in the email. In the case of the contact form, in addition to the information you enter, your IP address is also recorded in pseudonymized form. When contact is made by letter, your return address and the content of the letter are stored. When contact is made by phone, we collect personal data depending on the individual case.

We store your data until you request deletion or until the purpose of processing (handling your inquiry) has been fulfilled.

‍

Rights of Data Subjects

‍As a data subject, you have the following rights under the EU General Data Protection Regulation (GDPR):

Right of Access (Art. 15 GDPR)

‍You have the right to request information about what personal data is stored about you, for what purpose it is processed, from which recipients it was received or to whom it is disclosed, and how long it is stored.

Right to Rectification (Art. 16 GDPR

‍You may request the immediate correction of inaccurate or the completion of incomplete personal data.

Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR)

‍Under certain conditions, you may request the deletion of your personal data, e.g. if it is no longer necessary for the purposes for which it was collected, or if you have withdrawn your consent.

Right to Restriction of Processing (Art. 18 GDPR)

‍You have the right to request the restriction of the processing of your personal data, for example if you contest the accuracy of the data or the processing is unlawful but you request restriction rather than deletion.

Right to Data Portability (Art. 20 GDPR)

‍You may request that the personal data you have provided to us be transmitted to you in a structured, commonly used, and machine-readable format — or that we transfer this data directly to another controller.

Right to Object (Art. 21 GDPR)

‍You have the right to object at any time to the processing of your personal data, provided the processing is based on our legitimate interests or on a task carried out in the public interest. In the event of a justified objection, we will cease processing unless there are compelling legitimate grounds for the processing.

Withdrawal of Consent (Art. 7 GDPR)

‍If you have given us your consent, you may withdraw it at any time without giving reasons, with effect for the future.

Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

‍Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your habitual residence, your place of work, or the place of the alleged infringement.

‍

Categories of Recipients

‍In the course of our business activities, we work with various external parties. Personal data is only shared with these recipients where this is necessary to fulfill contractual obligations, we are legally required to do so (e.g. tax authorities), a legitimate interest exists within the meaning of Art. 6(1)(f) GDPR, you have given your consent pursuant to Art. 6(1)(a) GDPR, or another legal basis permits the transfer.

Where we engage service providers as processors, personal data is shared solely on the basis of a valid data processing agreement. In cases of joint controllership, an agreement on joint processing is concluded in accordance with Art. 26 GDPR.

Further information about the recipients used can be found in the course of this privacy policy, or you may contact us using the contact details provided above.

‍

Transfer of Data to Third Countries

‍Personal data is only transferred to countries outside the European Union (EU) or the European Economic Area (EEA) where this is necessary or legally permissible, you have given us your express consent, or it occurs within the context of data processing.

Where service providers in a third country are engaged, we require them, through appropriate safeguards — generally the EU Standard Contractual Clauses — to comply with the level of data protection applicable in the EU. Where an adequacy decision by the European Commission exists, we base the transfer on this. Further information is available via the contact details provided above.

‍

Duration of Storage

‍When you use our website for purely informational purposes, we store your personal data only for the duration of your visit. Upon leaving the website, this data is automatically deleted.

When you actively use the website, e.g. to contact us, we initially store your personal data for the duration of processing your inquiry. Beyond this, we retain the data for as long as necessary to assert or defend potential legal claims. The standard limitation period is 12 to 36 months, but may in individual cases be up to 30 years.

After the limitation period expires, your data will be deleted unless a statutory retention obligation applies. Such obligations arise in particular from the German Commercial Code (§§ 238, 257(4) HGB) or the Fiscal Code (§ 147(3), (4) AO) and are generally between two and ten years.

‍

Processing in the Context of a Business Relationship

‍We may process the personal data of our customers, prospective customers, suppliers, vendors, and partners for communication, planning, execution of the contractual relationship, marketing, administration, and security purposes.

The legal basis for processing the data provided is our legitimate interest pursuant to Art. 6(1)(f) GDPR and the performance of a contract pursuant to Art. 6(1)(b) GDPR.

In the context of the business relationship, we process, among other things, contact information, billing and payment data, further information necessary in a project or contractual relationship, or information voluntarily provided to us.

‍

Social Media Profiles

‍We maintain online profiles on the following social networks (hereinafter "social media") to communicate with customers, prospective customers, and the public, and to draw attention to our services:

• Instagram (Meta Platforms, Inc.)
• Facebook (Meta Platforms, Inc.)
• X (formerly Twitter; X Corp.)
• LinkedIn (LinkedIn Ireland Unlimited Company)
• Xing (New Work SE)

For the scope and purpose of data processing, please refer to the respective privacy policies of the networks:

• Instagram: https://privacycenter.instagram.com/policy
• Facebook: https://www.facebook.com/privacy/policy/
• X (Twitter): https://x.com/de/privacy
• LinkedIn: https://de.linkedin.com/legal/privacy-policy
• Xing: https://privacy.xing.com/de/datenschutzerklaerung

Processing is carried out on the basis of Art. 6(1)(f) GDPR, as we have a legitimate interest in modern public relations. Where consent is required, processing is based on Art. 6(1)(a) GDPR.

If you transmit additional data to the services (e.g. personal messages), your consent is generally required for this. Please note that we have no influence over data processing by social media providers. For questions or to exercise your data subject rights (e.g. access, deletion), please contact the relevant platform operator directly.

You may subscribe to or unsubscribe from our social media profiles at any time. If you do not want social media operators to collect data about your visit to our profiles, please use the deactivation options (e.g. logging out, ad tracker blocking) in your user account or install appropriate browser add-ons.

‍

Job Applications

‍If you apply for a position with us, your personal data will be processed. The legal basis for processing is Art. 6(1)(b) GDPR in connection with the carrying out of pre-contractual measures. If your data is required after the conclusion of the application process to defend against legal claims, processing is based on our legitimate interest in fulfilling a duty of proof pursuant to Art. 6(1)(f) GDPR, for example in connection with the Equal Treatment Act.

We process the data you submit as part of your application that we need to assess your suitability for the relevant position.

The purposes of processing are the management of your application, assessment of your suitability for the open position, and contacting you in connection with your application or possible alternative positions.

We delete your data after six months. If you have consented to being included in our applicant pool, we delete it after two years. If your application leads to an employment relationship, we store your data for the duration of your employment with us.

‍

Newsletter Subscription

‍You have the option of signing up for our email newsletter, through which we inform you about our company's offerings.

The legal basis for sending the newsletter is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future, for example by using the "unsubscribe" link in every newsletter email or by contacting the party responsible for data processing.

Upon registration, we may send you a double opt-in email to verify your email address. In addition to the data entered in the registration form, we also process your IP address and the time of registration.

The sole purpose of data processing is the sending of our newsletter.

Data stored in connection with the newsletter will be retained until you unsubscribe. Data we have stored for other purposes is not affected by this.

If you provided us with your email address when purchasing goods or services, we reserve the right to send you regular information about similar goods or services to those already purchased by email, unless you have objected. Data processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG.

‍

Amazon CloudFront

‍We use the service "Amazon CloudFront" on our website to efficiently deliver content and improve website performance. The provider is Amazon EU S.à r.l. ("Amazon"), 38 avenue John F. Kennedy, L-1855 Luxembourg.

The legal basis for using Amazon CloudFront is our legitimate interest pursuant to Art. 6(1)(f) GDPR in optimizing the performance and loading speed of our website content and improving the user experience.

Data processed by Amazon CloudFront includes your IP address, location, time of visit, device information, information about interaction with the website, and cookies may be set to optimize content delivery.

The purpose of data processing is the efficient delivery and optimization of website content via a global Content Delivery Network (CDN).

It cannot be ruled out that personal data is transferred to insecure third countries (USA), where a lower level of data protection than in the EU exists. We have concluded a data processing agreement (DPA) with Amazon, which ensures that personal data is only processed according to our instructions and in compliance with the GDPR. Amazon is certified under the EU-US Data Privacy Framework, which governs the secure processing of EU citizens' data in the USA.

Further information about Amazon CloudFront's privacy policy: https://aws.amazon.com/compliance/data-privacy-faq/

‍

bunny.net CDN

‍We use the service "bunny.net CDN" on our website to efficiently deliver content and optimize website performance. The provider is BunnyWay d.o.o. ("BunnyWay"), Dunajska c. 165, 1000 Ljubljana, Slovenia.

The legal basis for using bunny.net CDN is our legitimate interest pursuant to Art. 6(1)(f) GDPR in optimizing the loading speed, reliability, and general performance of our website.

Data processed by bunny.net CDN includes your IP address, the requested URL, date and time of access, browser and device information, and cookies may be set to optimize content delivery.

The purpose of data processing is the efficient delivery and optimization of website content via a global CDN.

According to bunny.net's privacy policy, logs are stored by default for a period of 3 days.

Further information: https://bunny.net/privacy/

‍

Cookiefirst

‍We use the service "Cookiefirst" on our website to manage cookie consent and ensure compliance with data protection regulations. The provider is Digital Data Solutions B.V. ("DDS"), Keizersgracht 62-64, 1015 CS Amsterdam, Netherlands.

Data processed by Cookiefirst includes your IP address, browser information, device information, consent settings, date and time of consent, visited URL, and cookies are set in your browser.

The purpose of data processing is the management of user consent for cookies and the recording of consent settings.

Further information: https://cookiefirst.com/legal/privacy-policy/

‍

OpenStreetMap

‍We use the service "OpenStreetMap" on our website to display interactive maps. The provider is the OpenStreetMap Foundation ("OSMF"), St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.

The legal basis for using OpenStreetMap is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.

Data processed by OpenStreetMap includes your IP address, browser and device information, date and time of access, and may include location data; OpenStreetMap does not set cookies.

The purpose of data processing is the display of interactive maps and geographic information for users.

Further information: https://wiki.osmfoundation.org/wiki/Privacy_PolicyCookie information: https://wiki.osmfoundation.org/wiki/Privacy_Policy#Cookies

‍

jsDelivr

‍We use the service "jsDelivr" on our website to provide and optimize static content such as JavaScript libraries and CSS files. The provider is Volentio JSD Limited ("Volentio"), Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB, United Kingdom.

The legal basis for using jsDelivr is our legitimate interest pursuant to Art. 6(1)(f) GDPR in ensuring the fast and reliable delivery of website resources and improving website performance and user experience.

Data processed by jsDelivr includes your IP address, browser type, operating system, and request details such as time and requested content; jsDelivr does not set cookies.

The purpose of data processing is the efficient delivery of website resources such as JavaScript libraries via a CDN.

Further information: https://www.jsdelivr.com/terms/privacy-policy

‍

Webflow

‍We use the service "Webflow" on our website to design, build, and host our web pages. The provider is Webflow, Inc. ("Webflow"), 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA.

The legal basis for using Webflow is our legitimate interest pursuant to Art. 6(1)(f) GDPR in providing an appealing and user-friendly website through the use of modern web design and hosting services.

Data processed by Webflow includes your IP address, device and browser information, usage data such as pages visited and actions taken, and may include cookies for functionality and analytics purposes.

The purpose of data processing is the provision of website creation, hosting, and content management services, including the storage and management of website data and user interactions.

It cannot be ruled out that personal data is transferred to insecure third countries (USA), where a lower level of data protection than in the EU exists. Webflow is certified under the EU-US Data Privacy Framework, which governs the secure processing of EU citizens' data in the USA. We have concluded a data processing agreement (DPA) with Webflow, which ensures that personal data is only processed according to our instructions and in compliance with the GDPR.

Further information: https://webflow.com/legal/privacyCookie information: https://webflow.com/legal/cookie-policy

‍

decareto Privacy Widget

‍We use the service "decareto Privacy Widget" on our website to create and manage our privacy notices. The provider is decareto GmbH, Mittelweg 144, 20148 Hamburg, Germany ("decareto"). In the course of providing its services, decareto uses the Content Delivery Network bunny.net from subcontractor BunnyWay d.o.o. (Slovenia) to deliver content reliably and quickly.

The legal basis for using the decareto Privacy Widget is the fulfillment of a legal obligation pursuant to Art. 6(1)(c) GDPR.

The legal basis for using bunny.net is decareto's legitimate interest in the error-free delivery of privacy notices. Data processed by the decareto Privacy Widget and bunny.net includes your IP address and browser information. The services do not set cookies. Data is not stored in log files.

The purpose of data processing is the reliable provision of our privacy notices.

Further information: https://decareto.com/privacy/

‍

BKP Compliant Whistleblower Portal

‍We use the service "BKP Compliant Whistleblower Portal" on our website to provide a secure reporting channel for whistleblowers to report compliance violations. The provider is BKP Compliant GmbH ("BKP Compliant"), Heilig-Geist-Gasse 398, 84028 Landshut, Germany.

The legal basis for using BKP Compliant is the fulfillment of a legal obligation pursuant to Art. 6(1)(c) GDPR.

Data processed by the BKP Compliant Whistleblower Portal includes information provided in whistleblower reports, contact details where provided, technical metadata such as IP address and time of submission, and may include cookies for session management.

The purpose of data processing is the secure and confidential receipt of reports of compliance violations, as well as the management and investigation of these reports.

Further information: https://www.hinweisgeberschutzportal.de/datenschutz

‍