Data protection declaration

 

Data protection is a particularly high priority for the Bachner Foundation (hereinafter: “we”, “us”). We consider it our primary task to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access. We therefore apply the utmost care and state-of-the-art security standards to ensure maximum protection of your personal data.
With the following privacy policy, we would like to inform you about how we process your personal data in accordance with the European General Data Protection Regulation (GDPR). The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and on our website https://bachner.de (hereinafter referred to as the “website”),

1. Responsible party

The controller responsible for data processing on this website is

Stiftung Familie Bachner gGmbH
Am Hang 2
D 84048 Mainburg
Managing Directors: Sabine and Johann Bachner
Tax number: 132/147/00039
E-Mail: datenschutz@bachner.de

2. Definition of terms

This data protection declaration is based on the terms used in the GDPR. To simplify matters, we would like to explain some important terms in this context:

  • Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
  • Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

    • Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

    3. Data for the provision of the website and the creation of log files

    If you use this website for purely informational purposes without otherwise transmitting data to us, we collect technically necessary data via server log files, which are automatically transmitted to our server, including

    • Identity (identd)
    • User name (if page is password-protected)
    • User agent (browser type and browser version)
    • Langauge and version of the browser software

    The temporary storage of the data is necessary for the course of a website visit in order to be able to display our website to you. This processing is technically necessary to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is therefore Art. 6 para. 1 sentence 1 lit. f GDPR in order to guarantee the provision, security and stability of our website.
    The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. When providing the website, this is the case when the respective session has ended. The log files are stored directly for a maximum of 7 days and are only accessible to administrators. After that, they are only available indirectly via the reconstruction of backup tapes and are permanently deleted after a maximum of four weeks.

    For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from the server provider Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (web host). We have concluded an order processing contract with the web host. This is a contract prescribed by data protection law, which guarantees that the web host will only process your personal data in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other suitable guarantees with the data recipients within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021.

    4. Transfer of personal data

    As part of our processing of personal data, personal data may be transferred to other recipients or disclosed to them. The recipients of this personal data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your personal data that serve to protect your personal data.

    5. Deletion of data

    The personal data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other permissions cease to apply (e.g. if the purpose of processing this personal data no longer applies or it is not required for the purpose). If the personal data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted to these purposes. This means that the personal data is blocked and not processed for other purposes. This applies, for example, to personal data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person.

    Our data protection information also contains further information on the storage and deletion of personal data, which take priority for the respective processing operations.

    6. Your rights as a data subject

    As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR. If you wish to exercise any of your rights, please contact us via the contact addresses given above or our data protection officer.

    7. Right to object

    You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

    8. Right to information

    You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and access to this personal data as well as further information and a copy of the personal data in accordance with legal requirements.

    9. Right to rectification

    In accordance with the legal requirements, you have the right to request the completion of personal data concerning you or the correction of incorrect personal data concerning you.

    10. Right to erasure and restriction of processing

    You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.

    11. Restriction of processing

    You have the right to demand that we restrict processing if one of the legal requirements is met.

    12. Right to data portability

    You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to request its transmission to another controller in accordance with the legal requirements.

    13. Right to withdraw consent

    You have the right to withdraw your consent at any time.

    14. Complaint to the supervisory authority

    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

    15. Note on data transfer to the USA

    Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

    16. Data collection on this website

    Cookies

    Our Internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

    In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

    Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

    Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the cookies in question are stored exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.

    You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

    If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy policy and, if necessary, request your consent.

    Server log files

    The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

    • browser type and browser version
    • operating system used
    • referrer URL
    • host name of the accessing computer
    • time of the server request
    • IP address

    This data is not merged with other data sources.

    This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – the server log files must be recorded for this purpose.

    17. Request by e-mail, telephone or fax

    If you contact us by e-mail, telephone or fax, we will store and process your inquiry, including all personal data (name, inquiry), for the purpose of processing your request. We will not pass on this data without your consent.

    This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

    The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

    18. Google Tag Manager

    We use Google Tag Manager to control the use of code snippets (“tags”), such as tracking code on our website. In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager enables us to quickly and easily exchange code on our website via a web interface without having to intervene in the source code.

    Among other things, we process the following personal data through the Google Tag Manager

    • IP address
    • Device data, such as operating system, browser version, screen resolution

    The legal basis for the use of Google Tag Manager is your voluntary and revocable consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by making the corresponding changes or adjustments in your cookie settings.

    Personal data will be anonymized by Google after 9 months, unless there is a legal obligation to retain it.

    The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link
    https://www.dataprivacyframework.gov/s/participant-search

    https://www.dataprivacyframework.gov/s/participant-search

    Further information and the data protection provisions can be found in Google’s privacy policy at: https://policies.google.com/?hl=deGoogle Analytics

    19. Google Analytics

    Our website uses functions of the web analysis service Google Analytics from Google LLC (1600 Amphitheatre Parkway, Mountain View, California 94043, USA; (Google)). In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). With the help of Google Analytics, we analyze your user behavior in order to make decisions regarding product and marketing optimization based on the results. Through Google Analytics, we process the following personal data, among others

    • Time of the request
    • IP addresses
    • Online identifier
    • Device identifiers
    • Technical characteristics of users (e.g. browser type and version, device type, operating system)
    • Measurement of user behavior (e.g. views of individual pages / content, views of content from different areas, session duration / dwell time, bounce rate)
    • Use of individual functionalities of the website (e.g. search queries, downloads)
    • eCommerce activity (e.g. products purchased, sales)
    • Referral URL (the previously visited page)

    The legal basis for the use of Google Analytics is your voluntary and revocable consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by making the appropriate changes or adjustments in your cookie settings.

    Personal data will be anonymized by Google 14 months after your last activity, unless there is a legal obligation to retain it.

    The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link
    https://www.dataprivacyframework.gov/s/participant-search

    https://www.dataprivacyframework.gov/s/participant-search

    Further information and the data protection provisions can be found in Google’s privacy policy at: https://policies.google.com/?hl=de.

    20. IP anonymization

    We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

    21. Browser Plugin

    You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

    You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

    22. Order processing

    We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

    23. Plugins and tools

    Google Web Fonts

    This site uses so-called web fonts provided by Google for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

    For this purpose, the browser you are using must connect to Google’s servers. This gives Google knowledge that this website has been accessed via your IP address. The use of Google WebFonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

    If your browser does not support web fonts, a standard font will be used by your computer.

    Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

    Font Awesome

    This site uses Font Awesome for the uniform display of fonts and symbols. The provider is Fonticons, Inc, 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.

    When you call up a page, your browser loads the required fonts into your browser cache in order to display texts, fonts and symbols correctly. For this purpose, the browser you are using must connect to Font Awesome’s servers. This gives Font Awesome knowledge that this website has been accessed via your IP address. The use of Font Awesome is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the uniform presentation of the typeface on our website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

    If your browser does not support Font Awesome, a standard font will be used by your computer.

    Further information about Font Awesome can be found in Font Awesome’s privacy policy at: https://fontawesome.com/privacy.

    Wordfence

    We have integrated Wordfence on this website. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter referred to as Wordfence).

    Wordfence serves to protect our website from unwanted access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with the accesses made on our website and block them if necessary.

    The use of Wordfence is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyberattacks. If a corresponding consent has been requested, the processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

    Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.wordfence.com/help/general-data-protection-regulation/.

    24. Audio and video conferencing

    Data processing

    We use online conferencing tools, among others, to communicate with our customers. The individual tools we use are listed below. If you communicate with us by video or audio conference via the internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

    The conferencing tools collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “context information” in connection with the communication process (metadata).

    Furthermore, the provider of the tool processes all technical data that is required to process the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

    If content is exchanged, uploaded or made available in any other way within the tool, this is also stored on the tool provider’s servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.

    Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conference tools can be found in the privacy policies of the tools used, which we have listed below this text.

    Purpose and legal basis

    The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 sentence 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used based on this consent; consent can be withdrawn at any time with effect for the future.

    Storage duration

    The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.

    We have no influence on the storage period of your data that is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

    Conference tools used

    We use the following conferencing tools:

    Zoom

    We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom’s privacy policy: https://zoom.us/de-de/privacy.html.

    Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://zoom.us/de-de/privacy.html.

    Changing and updating the privacy policy

    We will amend the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
    If we further develop our website and our offers or if legal or official requirements change, it may be necessary to amend this data protection notice.

    Status: May 2025