Privacy Policy
BAUER Aktiengesellschaft takes the protection of your personal data very seriously and treats your personal data as confidential according to the statutory data protection regulations as well as this privacy policy.
In the following, we will inform you about the processing of personal data during the use of our website.
1. Information about the Controller and your rights
1.1 Contact details of Controller / Data Protection Officer
The Controller as defined in Article 4 (7) of the EU General Data Protection Regulation (GDPR) is
BAUER AG 
BAUER-Str. 1, 86529 Schrobenhausen
Phone +49 8252 97-0
Email: info@bauer.de
You can reach our data protection officer at bag-datenschutz@bauer.de or by writing to our mailing address “c/o Data Protection Officer.”
1.2. Rights of the data subject regarding the processing of personal data
You are entitled to the rights under the General Data Protection Regulation as well as the Federal Data Protection Act, in particular:
- the right to access information (section 15 of the GDPR)
- the right to rectification (section 16 of the GDPR)
- the right to erasure (section 17 of the GDPR)
- the right to restriction of processing (section 18 of the GDPR)
- the right to object against the processing (section 21 of the GDPR) and
- the right to data portability (section 20 of the GDPR).
To exercise these rights, please contact the data protection officer listed above.
Where processing of personal data is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Where we base the processing of your personal data on the weighing of interests, you may object to this processing. This is the case in particular if processing is not necessary for the performance of a contract with you, which we indicate specifically in the above description of functions. When exercising this right to object, we ask you to explain the reasons why we should not process your personal information as we have done. If your objection is justified, we will examine the situation and either stop or adjust data processing or demonstrate compelling legitimate grounds on the basis of which we will continue processing.
You also have the right to lodge a complaint with the data protection officer listed above or with a data protection supervisory authority.
2. Information about the website
2.1. Provision of the website and log files
Description and scope of data processing
During each access to our website, our web server automatically collects information from the system of the accessing computer or end device
The following data is collected in this process for example and saved in log files:
- The user’s IP address
- Browser type and version used
- Operating system of the end device
- The user’s Internet service provider
- Date and time of access
- Requesting domain
- Website from which the page is accessed
- Status and volume of data transmitted
Purpose and legal basis of processing
It is necessary for our system to temporarily store the IP address in order to deliver the website to your computer. Additional data is saved in log files in order to guarantee that the website operates and is fully functional. This data is also used to optimize the website and to ensure the security of our IT systems (e.g. detecting attacks). The legal basis for the temporary storage and use of this data is Art. 6 (1)(f) GDPR. Our interest here lies in guaranteeing the integrity, confidentiality and availability of the data that is processed through this website.
Duration of storage
The data listed above is deleted as soon as it is no longer required in order to achieve the purpose for which it was collected.In the case of data collection to provide the website, this is the case when the specific session has ended.
As a rule, log files are deleted after 30 days at most. However, storage exceeding this period is possible. In this case, the IP address will be deleted or altered so that it can no longer be attributed to the accessing client and the collected data no longer has any personal reference.
2.2. Cookies/cookie consent and similar technologies
Description and scope of processing
Our website uses cookies – small data sets that are stored on the user’s end device when visiting websites (e.g. smartphone, notebook, PC). Cookies can be placed by us as the website operator (known as first-party cookies) or by third parties (known as third-party cookies). They can help to make the website more user-friendly, for example by saving the user’s settings (e.g. cookie preferences, login status, language selection). In addition, cookies are used to collect statistics about website use or to conduct online marketing.
Other technologies such as web beacons, pixels or tags are also used to save and transmit information on the user’s end device. We explain which information and personal data are processed with which specific technologies in the privacy information for the tools listed below. However, you can also see this by opening the detailed view of the Consent Management Tools (CMT). The CMT that we use is Cookie Consent Manager CCM19. Personal data is not processed in all cases.
Processing of personal data occurs when the information can be attributed to a user (e.g. by the full IP address, unique cookie IDs, MAC address or attribution to an account in which the user is logged in). You can change your browser settings so that you will be informed when cookies are set, only allow cookies on a case-by-case basis, accept cookies for specific cases or prevent them as a rule, or activate the automatic deletion of cookies when your browser is closed. Deactivation of cookies can lead to functional restrictions on this website.
Purpose and legal basis of processing
As a rule, we differentiate between (technically) required and optional (not required) cookies. Technically required cookies are necessary in order to provide you with our website or the functions and services that you wish to access on our website, and to ensure the security of the website. The legal basis is Section 25 (2) of the TDDDG on the one hand, and insofar as personal data is processed, Art. 6 (1)(c) and (f) GDPR. We explain which legal requirements and legitimate interests are relevant here in the privacy information for the tools listed below.
Not required cookies include those cookies which track the behavior of website visitors for the purpose of analysis and marketing. These cookies are only used with your consent in accordance with Section 25 (1) of the TDDDG, and insofar as personal data is processed, Art. 6 (1)(a) GDPR. We obtain your consent using a CMT or in connection with accessing the specific website function. In order to save your cookies preference, the CMT saves a permanent and technically required cookie. You can withdraw your consent at any time by accessing the CMT again (cookie symbol).
Duration of storage
The duration of storage (known as cookie lifetime) depends on the type and purpose of the cookie. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (known as session cookies). Other cookies remain on your computer and enable us to identify your computer the next time you visit (known as permanent cookies).
In addition, you have the option of deleting cookies yourself or automatically using your browser settings.
2.3. Contact form
Description scope of processing
If you contact us via an online form or by e-mail, we will store the information you have provided in order to respond to your inquiry and ask any follow-up questions.
Intended purpose and legal basis of processing
The legal basis is Article 6 (1) Sentence 1 (a) GDPR, unless establishing contact is justified for the performance of a contract in accordance with the legal basis of Article 6 (1) Sentence 1 (b) GDPR.
Duration of storage
We will erase the data collected for this purpose once its storage is no longer required, or restrict processing if we are required by law to retain the data.
2.4. Newsletter
Description scope of processing
If you would like to regularly receive the newsletter offered on our website and other informational materials, we need you to provide an email address as well as information allowing us to confirm that you are the owner of the email address provided and consent to the receipt of the newsletter. For this purpose, we use the double opt-in process for which you receive a confirmation email and then have to click on the confirmation link in the email.
You can provide additional information on registration, for example if you would like to be addressed personally or if you would like to be informed particularly about events near you. In this regard, we refer to optional information that can be entered in forms.
When mailing the newsletter, individual tracking of the open and click rate is carried out.
In this context, the IP address and technical information from the accessing system are transmitted to the server. In this way, the system registers that an email was opened (open rate tracking).
The links in the newsletter include recipient detection along with the actual URL (“Internet address”).
In this way, the system records which links were clicked by a user at what time (link tracking). This information is attributed to the individual newsletter recipients and saved in profiles. These profiles may contain additional information, e.g. regarding the company sector or sample products that are used at the recipient’s company.
Purpose and legal basis of processingage
We collect this data in order to measure the reach of the newsletter and specific contents. Individual data collection also enables us to better understand the interests of different user groups and adapt our marketing initiatives to user groups or individual users, for example adapting newsletter content to the recipients’ interests or for interest-based online marketing (known as behavioral targeting).
Open rate and link tracking, as well as saving measurement results in recipient profiles and further processing, is carried out on the basis of consent in accordance with Art. 6 (1)(a) GDPR. Separate revocation of performance measurement is not possible, in this case the newsletter subscription needs to be canceled or revoked. In this case, the saved profile information will be deleted. You can revoke your consent to newsletter mailing at any time by unsubscribing from the newsletter using the link at the end of the email.
Logging and documentation of consent, the opt-in process and any objection if relevant occurs as part of the legal obligation to provide evidence in accordance with Art. 6 (1)(c) GDPR.
Duration of storage
The personal data mentioned above will remain stored as long as you would like to receive the newsletter and do not revoke your consent. Data that can no longer be attributed to an identifiable person are considered to be anonymized and can be stored for longer periods.
2.5. Use of web analysis via Matomo
Description and scope of processing
On our website, we use the software “Matomo”, a service from the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo is a web analysis software that is compliant with data protection requirements. We use Matomo with the extension “AnonymizeIP”. As a result, IP addresses are only further processed in truncated form, ruling out the possibility of direct personal identification.
The following information is collected in this context:
- The user’s IP address, truncated by the last two bytes (anonymized)
- The specific page accessed and time of access
- The page from which the user was forwarded to our website (referrer)
- The browser used as well as which plugins, which operating system and which screen resolution, as well as the duration of the website visit
- The pages that were called up from the specific page accessed
- Duration of website visit
- Frequency of website visits
 The user’s region
 
We have concluded a contract data processing agreement with the provider InnoCraft Ltd., which means that they are only allowed to process the collected data based on our instructions and for the purposes we have specified.
 
Purpose and legal basis of processing
Web analysis using Matomo enables us to collect statistical data about how our website is used. By analyzing the collected data, we are able to compile information about the use of individual components on our website. This helps us to make our website more user-friendly and improve its content. These purposes also include our legitimate interest in data processing in accordance with Art. 6 (1)(f) GDPR. Anonymizing IP addresses provides adequate consideration of the user’s interest in protecting personal data.
 
Custom settings regarding Matomo tracking
3. Information about online marketing and social media
3.1. Online marketing (Google Ads, Display & Video 360, Campaign 360)
Description and scope of processing
In the context of marketing campaigns and to display our advertisements in the display network, we use services from the Google Marketing platform. These services also use cookies and related technologies. In particular, a cookie is placed that contains a randomly generated user ID which makes it possible to recognize the user across different websites within the display network, Google search and other Google services (e.g. Gmail, YouTube) across various domains. This is known as 3rd party tracking. The user behavior on our website and interactions with advertisements (see Google Analytics 4 and Google Ads Conversion) are attributed to this user ID. Between Google DV360, Google Campaign, Google Ads and Google Analytics there is a technical connection. As a result, previously collected data can flow between the tools.
Apart from activities on our website, Google also processes information concerning your usage behavior in the Google ad network and provides this to us. During data collection, the following types of personal data may be used:
- Online identifiers (including cookie IDs)
- IP addresses and device identifiers
- Location data
- Identifiers assigned by us
If we manage our ad campaigns using these services, Google is the contract processor. Furthermore, Google collects and uses personal data as an independent Controller within the advertising network. In this context, user or interest profiles may be compiled. We would like to inform you that for users who are registered with Google and have logged into an account, Google is able to link their visit to this website with the registered data. Google will use this data to enable other advertisers to display targeted advertising for users who match these profiles. The user ID generated to identify advertising is unique for each advertiser, however, which means that no personal data can be forwarded to third parties in this context.
Insofar as Google also processes data outside the EU/EEA, this data transfer occurs on the basis of the EU standard contractual clauses and certification under the adequacy resolution EU-US Data Privacy Framework (see above Google Analytics 4).
You can find more information about the processing of personal data and the use of cookies in connection with Google Marketing products at: https://policies.google.com/technologies/partner-sites
Purpose and legal basis of data processing
The purpose of data processing is to optimize and personalize our ads in order to display relevant ads to users and prevent a user from seeing the same ads repeatedly. To this end, online marketing methods are employed which position the ads automatically and in real time (real time bidding) on websites or apps in order to address the right target group specifically (programmatic advertising). In addition, with the employed tools we are able to measure the effectiveness of our advertising initiatives and manage them better.
Google Ads Remarketing is a remarketing or retargeting service. This service analyzes the user’s interactions on our website, in particular which services the user showed interest in, in order to display targeted ads on other pages even after visiting our website. For this purpose, Google saves and reads marketing cookies in the browsers of users who visit specific Google services or websites in the Google Display network. This cookie records this user’s visits.
The Google Campaign Manager tool is used to place ads that are relevant for users in order to improve campaign performance reports or prevent a user from seeing the same ads repeatedly.
With Google Display & Video 360 (DV360), data is processed regarding your behavior on our websites for marketing processes and to deliver personalized advertising messages. In addition, we learn more about advertising target groups from the data collected on our website as well as data concerning third-party providers and Google, and we can generate combined target groups from different data sets. With DV360 we can also trace where and how our ads were displayed. We process this data to form user groups with comparable behaviors, to generate marketing lists and to display user-based advertising.
The required cookies and related technologies for this purpose are only used on our website and the associated processing of your personal data only occurs if you have granted us your consent in the cookie settings. The legal basis is Section 25 (1) TDDDG and Art. 6 (1)(a) GDPR.
You also have the option to object and adjust the display of personalized marketing through Google’s ad settings here or to restrict them using the deactivation page of the Network Advertising Initiative.
Duration of storage
Cookies that save interactions such as website visits have a validity of 90 days as a rule. Advertising cookies (NID, IDE, ANID) that control and measure the display of ads have a validity of 13 months.
Apart from revoking them via the Consent Management Tool, you already have the option of deleting cookies yourself or automatically using your browser settings.
3.2. Online marketing (Meta and LinkedIn)
Description and scope of processing
In the area of online marketing, we work together with the following providers: Meta and LinkedIn. These activities particularly include marketing ad spaces or displaying advertising content and other content based on the potential interests of users, as well as measuring the effectiveness of such activities. For this purpose, we use the following services:
Meta-Pixel
Purpose and legal basis of processing
For the purpose of conversion tracking, we use the Meta Pixel on our website from the provider Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland (hereinafter referred to as “Meta”).
The Meta Pixel is a JavaScript code excerpt that allows us and Meta to understand and trace the activities of users on our website. The Meta Pixel is activated as soon as users activate specific contents on our website (known as event data).
As the operator of the website, we are unable to draw any conclusions about the identity of users. However, it is possible that Facebook will establish a connection to the specific user profile on Facebook and use the data for its own purposes. We are unable to influence this use.
Legal basis: The use of the Meta Pixel occurs on the basis of your consent in accordance with Art. 6 (1)(a) GDPR.
The recipient is Meta Platforms Ireland Limited.
In order to process personal information for the purpose of providing analysis and campaign reports, Meta acts on our behalf as a contract processor in accordance with Art. 28 GDPR.
Furthermore information about how Meta processes personal data can be found in Meta’s Privacy Policy, accessible at: 
https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0. 
LinkedIn Insight-Tag
Purpose and legal basis of processing
For the purpose of conversion tracking and retargeting, we use the LinkedIn Insight Tag from the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
The LinkedIn Insight Tag is a JavaScript code excerpt that allows us to understand and trace the activities of users on our website. The LinkedIn Insight Tag triggers the placement of tracking cookies and makes it possible to collect the following data: URL, referrer URL, IP address (truncated or hashed), device and browser properties (user agent) as well as time stamp.
LinkedIn does not share any personal data with us, but instead only offers reports and notifications about the demographics of our website target group and the performance of our ads. In this context, we receive information about criteria such as the industry, job description, company size, career level and location.
If you are a LinkedIn member, you will be shown targeted ads as part of retargeting based on the data collected by LinkedIn.
Legal basis: The use of the LinkedIn Insight Tag occurs on the basis of your consent in accordance with Art. 6 (1)(a) GDPR.
Duration of storage
Duration of storage: The direct identification of members is removed by LinkedIn within seven days in order to pseudonymize the data. The remaining pseudonymized data is then erased within 180 days.
Recipient:
- LinkedIn Ireland Unlimited Company, Ireland
- LinkedIn Corporation and other affiliated companies of LinkedIn, USA (certified under the Data Privacy Framework)
LinkedIn acts on our behalf as a contract processor in accordance with Art. 28 GDPR.
You can find more information about how LinkedIn processes your data at: 
https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com and https://www.linkedin.com/help/lms/answer/a427661/linkedin-insight-tag-haufig-gestellte-fragen?lang=de.
You can change the settings for displayed advertisements here: https://www.linkedin.com/mypreferences/d/categories/ads
You can deactivate LinkedIn Retargeting here: 
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Leadgenerierung on LinkedIn (Lead Gen Forms)
Description and scope of processing
We use the Lead Gen Forms service from the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. If you click on our LinkedIn company page or the form embedded in our ad campaign, the data stored in your LinkedIn profile will be auto-filled. In the next step, you can decide whether you would like to submit this form to us.
Purpose and legal basis of processing
We use these forms for the purpose of recruiting. When you submit a form, we process the following data as a rule:
- Personal information and contact data: First and last name, email address, URL of LinkedIn profile, phone number, city, country/region
- Professional data: Qualification (training, degrees), employer (company name, size, industry) and profession (name of profession, areas of activity, career level)
Legal basis: The processing of personal data from the Lead Gen Forms occurs on the basis of your consent in accordance with Art. 6 (1)(a) GDPR.
Recipient:
- LinkedIn Ireland Unlimited Company, Ireland
- LinkedIn Corporation and other affiliated companies of LinkedIn, USA (certified under the Data Privacy Framework)
3.3. Social media
Description and scope of processing
We support communication on social media and provide corresponding social media links on our website (YouTube, Meta, Xing, LinkedIn).
Zweck und Rechtsgrundlage der Verarbeitung
Purpose and legal basis of processing
We operate these pages as communication and informational channels to offer information about our services. The legal basis for data processing is Art. 6 (1)(f) GDPR.
If you visit our social media pages, no personal data will initially be forwarded to the social media provider as a rule. You can recognize the social media provider from the text in the box above its first letter or by the logo. We allow you to access the provider’s website via the stored link. If you access those websites, you will leave our website and your data will processed by those providers according to their data protection regulations. You can find more information about the purpose and scope of data collection and its processing by the specific social media providers in the privacy policies published on their websites. These privacy policies also provide further information about your rights and configuration options for the protection of your privacy.
When you visit our social media pages, the relevant provider will save your IP address along with other information that is available on your PC in the form of cookies. This information is used to provide us, as operator of the specific social media pages, with statistical information about the use of the pages. The generated visitor statistics are exclusively transmitted to us by the provider in anonymized form. We use this statistical data to make our posts and activities on our social media pages more attractive for users. The data collected about you in this context is processed by the specific social media provider and may be transferred to countries outside the European Union. Please refer to the Privacy Policy of the relevant provider.
If you communicate with us via social media, we also process your personal data. In this regard, we are joint controllers along with the specific social media provider for the collection of data concerning visitors to our specific social media page.
4. Information about ordering publications 
Description and scope of processing
When you order our company publications either by filling out the online form or by sending an e-mail, the personal data you provide (name, address, other contact details, publications ordered) is processed within the framework of our corporate communications in order to send you information about the BAUER Group, especially about the Group’s products, services and events.
Purpose and legal basis of processing
This processing is conducted either on the basis of an order received from you in accordance with Article 6 (1) Sentence 1 (b) GDPR or insofar as you have consented to the processing of personal data in accordance with Article 6 (1) Sentence 1 (a) GDPR. If consent is not required, processing occurs on the basis of our legitimate interest in direct marketing, if and insofar as this is legally permitted, for example advertising to existing customers.
Within our company, access to your personal data will only be granted to those parties who require the data in order to send company publications. These include recipients in the following categories: shipping service providers, IT services, logistics, telecommunications and processors. Transfer of data to locations in countries outside the EU or the EEA (third countries) takes place only if your delivery address is located in a third country.
Duration of storage
We only store your data for as long as this is necessary in order to provide our services to you. After this period, the data will be erased unless other statutory obligations require further retention of the data, in particular retention periods under trade law and tax law (up to 10 years) or if the controller has a legitimate interest in this regard. You can withdraw your order or your consent to the receipt of publications at any time and cancel your subscription by sending an e-mail to public.relations@bauer.de.
5. Information about integration of additional services
5.1. Embedded YouTube videos
General
For the provision of videos, we use the “YouTube” video platform of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). Due to the embedding of YouTube videos, according to Google, your IP address will be transferred to Google and cookies may be set by Google.
If you are logged in to your Google account at the same time, Google can attribute the data to your member account.
If you do not wish this to occur, log out of your Google account before visiting our website. The videos are embedded in “privacy-enhanced mode,” which means that no data about you as a user is transferred to YouTube if you are not playing videos.
Personal data is not transferred until you play the videos (e.g. IP address, data and time of access as well as information about the specific page you visited on your website and the video you played). In addition, a connection is established with Google’s advertising network. If you are logged in to YouTube at the same time, Google can attribute your video view on our website to your YouTube account and use this information for the purpose of personalized marketing. If you do not want this to occur, you need to log out of your YouTube account before activating the YouTube plugin.
Apart from this, we have no influence on the transfer of data to YouTube.
For more information on the purpose and scope of data collection and processing by YouTube, please refer to YouTube's Privacy Policy. This privacy policy also provides further information about your rights and configuration options for the protection of your privacy: http://www.google.de/intl/de/policies/privacy.
To revoke your consent to the use of cookies on our website, follow the link for technically non-essential cookies under the “Cookies” section of this Privacy Policy and uncheck the box for the relevant cookies.
When you visit the website, YouTube is informed that you have opened the corresponding page on our website. In addition, the personal data that your browser sends to our server is forwarded to YouTube. This happens regardless of whether you are logged into a user account provided by YouTube or if you do not have a user account.
YouTube stores your data as usage profiles and uses this for the purposes of advertising, market research and/or targeted website design. This analysis, which also applies to anonymous users, is primarily used for placing custom ads and informing other users on the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact YouTube to exercise this right.
The legal basis for embedding YouTube videos on our website and the associated processing of personal data is your consent in accordance with Art. 6 (1)(a) GDPR. 
 
5.2. Embedded Google Maps
Description and scope of processing
We use Google Maps on this website. This enables us to display interactive maps directly on the website and allows you to easily use the map feature.
The map service is not loaded until you have agreed to cookies for marketing purposes in the cookie banner or until you have given your consent on the specific page where the map service is provided.
Purpose and legal basis of processing
The legal basis here is Article 6 (1) Sentence 1 (a) GDPR. The content is not loaded for website visitors until consent has been given; accordingly, Google will be informed that you have accessed this specific page of our website.
In addition, the personal data that your browser sends to our server is forwarded to Google. This happens regardless of whether you are logged into a user account provided by Google or if you do not have a user account. If you are logged in to Google, your data is attributed directly to your account.
If you do not want your data to be attributed to your profile on Google, you need to log out before activating the button. Google stores your data as usage profiles and uses this for the purposes of advertising, market research and/or targeted website design. This analysis, which also applies to anonymous users, is primarily used for placing custom ads and informing other users on the social network about your activities on our website.
 
You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right. For more information about the purpose and scope of data collection and processing by the plug-in provider, please refer to the provider's privacy policies.
These privacy policies also provide further information about your rights and settings options for the protection of your privacy: http://www.google.de/intl/de/policies/privacy. 
To revoke your consent to the use of the map service on our website, follow the link for technically non-essential cookies under the “Cookies” section of this Privacy Policy and uncheck the box for marketing applications with future effect.
6. Data security information
We adopt technical and organizational security measures to protect your data against unauthorized access.
In addition to securing the operating environment, we use encryption in some areas (online application, customer account, contact form).
The information you provide is then transmitted in encrypted form using the Secure Socket Layer (SSL) protocol to prevent misuse of your data by third parties. You can tell that a page is secure if the status bar of your browser has a closed padlock icon and the address line begins with “https.”
7. Information about changes to the Privacy Policy
The Controller reserves the right to amend this Privacy Policy and will announce any changes here.
