Data Protection Information
1. Scope of application
These duties to provide information apply to the processing of personal data by us as the controller with regard to visits to our webpages at www.crifbuergel.de
CRIF Bürgel GmbH,
Radlkoferstraße 2, 81373 Munich
Legally independent and responsible partners of CRIF Bürgel GmbH
- CRIF Bürgel Wirtschaftsinformationen Aachen Dammers & Bittner GmbH, address for the website at https://www.crifbuergel.de/de/standorte/aachen
- BÜRGEL Wirtschaftsinformationen Georg Leimeister, address for the website at https://www.crifbuergel.de/de/standorte/aschaffenburg
- CRIFBÜRGEL Hannover Bielefeld GmbH & Co. KG, address for the website at https://www.crifbuergel.de/de/standorte/bielefeld
- "CRIF Bürgel-Chemnitz" Richter GmbH & Co. KG, address for the website at https://www.crifbuergel.de/de/standorte/chemnitz
- CRIF Bürgel Coburg GmbH, address for the website at https://www.crifbuergel.de/de/standorte/coburg
- BÜRGEL DRESDEN SCHARF GMBH, address for the website at https://www.crifbuergel.de/de/standorte/dresden
- Bürgel Wirtschaftsinformationen Duisburg Inh. Marko Freche e.K., address for the website at https://www.crifbuergel.de/de/standorte/duisburg
- BÜRGEL ESSEN Schaltmann GmbH & Co. KG; address for the website at https://www.crifbuergel.de/de/standorte/essen
- CRIF Bürgel Frankfurt (Oder) GmbH; address for the website at https://www.crifbuergel.de/de/standorte/frankfurt-oder
- CRIFBÜRGEL Regina Walzel-Loos & Ralph Krödel GbR; address for the website at https://www.crifbuergel.de/de/standorte/gera
- Wanke KG. Handels- und Wirtschaftsinformationsdienst, Inkassobüro; address for the website at https://www.crifbuergel.de/de/standorte/giessen
- CRIF Bürgel Grünzig GmbH & Co. KG; address for the website at https://www.crifbuergel.de/de/standorte/halle
- CRIF Bürgel Iserlohn Jürgen Vogt e.K.; address for the website at https://www.crifbuergel.de/de/standorte/iserlohn
- Martin Kirch KG; address for the website at https://www.crifbuergel.de/de/standorte/kaiserslautern
- Bürgel Kassel Kilian & Wojacek GbR; address for the website at https://www.crifbuergel.de/de/standorte/kassel
- Bernd Wefelscheid Bürgel Rheinland; address for the website at https://www.crifbuergel.de/de/standorte/koblenz
- CRIF Bürgel-Niederrhein GmbH & Co. KG, address for the website at https://www.crifbuergel.de/de/standorte/krefeld-neuss
- CRIF BÜRGEL Potsdam GmbH; address for the website at https://www.crifbuergel.de/de/standorte/potsdam
- CRIF Bürgel Ressmann GmbH & Co. KG; address for the website at https://www.crifbuergel.de/de/standorte/reutlingen
- CRIF Bürgel Saar Yvonne Böhm e.K.; address for the website at https://www.crifbuergel.de/de/standorte/saarland
- Elmar Dömer Inh. Claudia Dömer e.K. Bürgel Siegen; address for the website at https://www.crifbuergel.de/de/standorte/siegen
- Dr. Linde & Co. KG BÜRGEL Suhl; address for the website at https://www.crifbuergel.de/de/standorte/suhl
- CRIF Bürgel Ressmann Ulm e.K.; address for the website at https://www.crifbuergel.de/de/standorte/ulm
- Buck KG; address for the website at https://www.crifbuergel.de/de/standorte/wuerzburg
2. Name and contact details of the company data protection officer
The company data protection officer of CRIF Bürgel GmbH can be contacted at the above address, FAO Data Protection department or by email to firstname.lastname@example.org.
3. Purposes of data processing, legal bases, retention period
When you visit our website, we collect, process and use personal data to the extent permitted by law or necessary for processing or if you have given your consent for this.
a) Visiting our website
When you visit our homepage, the web server of our website automatically processes information every time you visit it. The following data is recorded during this:
The name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type along with version, the operating system of the user, referrer URL (the site previously visited), IP address and the requesting provider. This data is only used for statistical evaluations for the purpose of running, securing and optimising the offering.
The legal basis for the collection of data via log files is article 6 para. 1 clause 1 letter b GDPR (for the fulfilment of the contract for the use of the homepage) and article 6 para. 1 clause 1 letter c GDPR (for the security of data processing). Furthermore, we have a legitimate interest within the meaning of article 6 para. 1 clause 1 letter f GDPR to continually improve and optimise the offering on our homepage in the interests of the users.
The data collected and stored via server log files is deleted after 7 days at the latest or - in the case of IP addresses - made anonymous by truncation.
You can subscribe to our free newsletter on our website. To subscribe to the newsletter, simply enter your email address. You also have the option to enter your name and address. The actual registration takes place via a "double opt-in procedure". This means that after registration you will receive another email with a confirmation link. This validation is necessary to verify your email address.
The legal basis for sending the email is article 6 paragraph 1 letter a GDPR (consent).
You can unsubscribe from our newsletter at any time. You will find a link to unsubscribe at the end of each newsletter. Deregistration is also seen as revocation of your consent. In this case, the data you have provided will be deleted.
c) Use of our online contact form
For further information about our services, please contact us via our online contact form. Your data will be stored in our Customer Relationship Management system ("CRM system") and forwarded internally for further processing. All personal data with which you provide us in connection with this contact request will be used only for the purposes of responding to your enquiry or making contact with you, and for the associated technical administration.
The legal basis for data processing is article 6 para. 1 clause 1 letter a GDPR (consent) or article 6 paragraph 1 clause 1 letter b GDPR (implementation of pre-contractual measures).
The enquiries will be deleted after two years at the latest. Legal retention periods shall be observed accordingly.
d.) Order for address determination
4. Disclosure to third parties, processors, categories of recipients
a) Third parties
The transmission of your personal data to third parties, i.e. natural or legal persons other than the data subject, the controller, the data processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or the processor, only takes place for the purposes listed below:
- You have given your express and voluntary consent under article 6 para. 1 letter a GDPR to do so
- According to article 6 para. 1 clause 1 letter b GDPR, the disclosure is necessary for the processing of contractual relationships with you, e.g. to suppliers or recipients of goods or services named by you.
- There is a legal obligation to pass on data in accordance with article 6 para. 1 clause 1 letter c GDPR, e.g. to financial or criminal prosecution authorities.
- The disclosure is required under article 6 para. 1 clause 1 letter f GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data; such disclosure may take place to government institutions and law enforcement authorities, for example, in the event of attacks on our IT systems.
We have commissioned the following processors in connection with the offering of our websites and related services pursuant to article 28 GDPR:
Our newsletter is sent by the dispatch service Newsletter2Go GmbH, Köpenicker Strasse 126, 10179 Berlin as a processor under article 28 GDPR. The data protection provisions of Newsletter2Go can be viewed at https://www.newsletter2go.de/datenschutz/.
Our websites are hosted by pop-interactive GmbH, Wendenstraße 408, 20537 Hamburg as processor under art. 28 GDPR. The data protection provisions of pop-interactive GmbH can be viewed at https://www.pop-i.de/datenschutz
Our websites are also operated and administered by blueRobin. Brand Marketing Communications GmbH Virchowstraße 65b, 22767 Hamburg. The data protection provisions of blueRobin. Brand Marketing Communications GmbH can be viewed at https://www.blue-robin.de/de/datenschutz
We remain the controller for data protection even if processors are involved. We do not intend to transfer your personal data to a third country.
Cookies are used, among other things, for the purposes of enabling certain functions of the websites and for managing the session on a technical level. We use so-called session cookies to recognise that you have already visited individual webpages of our website within a session and to enable session control, e.g. to save form entries or shopping baskets during the session. Session cookies are deleted at the latest when you close your web browser.
In addition, we use temporary cookies that are stored in the web browser of your end device for a defined period of time to optimise and guarantee user-friendliness. If you visit our site again, it is automatically recognised that you have already visited our web pages and which settings you have stored so you do not need to deal with these again.
Furthermore, we use tracking cookies to statistically record the use of our website and to evaluate it for the purpose of optimising and advertising our offering. These cookies enable us to automatically recognise your end device the next time you visit our site and to localise it to a certain extent via IP addresses. These cookies are also automatically deleted after a defined time, at the latest after 365 days. More details can be found in the following chapter on web analysis.
The cookies necessary for the functioning of the website, the cookies for session control and the session cookies are processed in accordance with article 6 para. 1 clause 1 letter b GDPR (contract fulfilment). Data processing by means of cookies to optimise the websites and to ensure user-friendliness is carried out in accordance with article 6 para. 1 clause 1 letter f GDPR (legitimate interest) and for advertising purposes and web analysis of tracking cookies in accordance with article 6 para. 1 sentence 1 letter a GDPR (consent).
The following links show how to adjust the settings of the most commonly used browsers: Chrome Firefox Internet Explorer Safari
6. Web analysis
We use the web analysis service etracker, which is operated by etracker GmbH ("etracker") in Germany. This service collects and stores data for marketing and optimisation purposes. Usage profiles under a pseudonym can be created from this data. Cookies can be used to do this. Etracker's cookies do not contain any information that enables a user to be personally identified. More information can be found at www.etracker.com/de/datenschutz.html. Data collection and storage can be objected to at any time at www.etracker.de/privacy?et=ET_PARAMETER with effect for the future.
b) Google Analytics
We use the web analysis service Google Analytics, which is provided by Google Inc. ("Google") in the USA.
This service collects and stores data for marketing and optimisation purposes. Usage profiles under a pseudonym can be created from this data. Cookies can be used to do this. Information generated by the cookie about your use of the homepage is usually transmitted to and stored on a Google server in the USA. We have activated IP anonymisation on our homepage, i.e. Google will shorten your IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases shall the full IP address be transferred to a Google server in the USA and truncated there. Based on our order, Google will use this information to evaluate your use of the offering, to compile reports on website activities and to provide the website operator with further services associated with website and Internet use. The IP address provided by your browser as part of Google Analytics will not be combined with other data from Google.
We wish to point out that, on this offering, Google Analytics has been extended with the code "gat._anonymizeIp();" in order to ensure the anonymous collection of IP addresses (IP masking).
You can also find more information on this at www.google.com/intl/de/analytics/privacyoverview.html. You can prevent Google from collecting data generated by the cookie and relating to your use of the offering (including your IP address) and processing this data by downloading and installing the browser plug-in available at the following link.
7. Google AdWords
We use the online advertising program Google AdWords, which was developed by Google Inc. ("Google") in the USA, and in the context of this, conversion tracking.
Cookies can be used to do this. The cookie for conversion tracking is set when a user clicks on an ad placed by Google. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of our website when the cookie has not yet expired, we and Google can detect that the user clicked on the ad and proceeded to this website. Each Google AdWords customer has a different cookie. Thus, cookies cannot be tracked using the website of an Adwords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted into conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to identify users personally. Users who do not wish to participate in tracking can easily disable the cookie of Google conversion tracking on their web browser under user settings. These users will not be included in the conversion tracking statistics.
For more information, see http://www.google.com/intl/de/policies/privacy.
8. Plug-ins and social media
This offering uses a plug-in from the social network Facebook (1601 South California Avenue, Palo Alto, CA 94304, USA). You can recognise this by the "like" button and the Facebook logo.
For more information on Facebook plug-ins, visit http://developers.facebook.com/docs/plugins/
When you visit this website, the plug-in establishes a connection between the Facebook server and your browser. In doing so, Facebook is informed that the IP address you used was used to visit this website. You can link content from this website to your Facebook profile if you are logged into your Facebook account and click the "like" button. Facebook will then associate your visit to this site with your account. Only Facebook has knowledge of the content of the data transmitted as well as how it is used.
This offering uses a plug-in from the service Twitter. This service is provided by Twitter Inc. (1355 Market St, Suite 900, San Francisco, CA 94103, USA). Through the use of Twitter and the "re-tweet" function, the web pages which you visit will be linked to your Twitter account and made known to other users. In the process, data will also be transferred to Twitter. The provider has no knowledge of the content of the transmitted data and its use by Twitter.
You can find more information on this at http://twitter.com/privacy
Your privacy preferences on Twitter can be modified in your account settings at http://twitter.com/account/settings.
Our site uses functions that are offered by the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.
Each time one of our pages containing XING features is accessed, your browser establishes a direct connection to the XING servers. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored nor is usage behaviour evaluated.
Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages containing LinkedIn features is accessed, your browser establishes a connection to the LinkedIn servers. LinkedIn is informed that you have visited our websites from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. We would like to point out that, as the provider of these web pages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn.
The LinkedIn plug-in is used on the basis of art. 6 para. 1 letter f GDPR. The website operator has a justified interest in the widest possible visibility on social media.
Our website uses plug-ins from the YouTube site, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plug-in, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you're logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
9. Rights of the data subject
You have the right:
- to request information about your personal data processed by us in accordance with article 15 GDPR. In particular, you may obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period as far as possible, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if this has not been collected from you, and requires the existence of automated decision-making including profiling and, where appropriate, meaningful information about its detail.
- to request the immediate rectification of incorrect or complete personal data stored by us in accordance with article 16 GDPR;
- to request the erasure of your personal data stored by us in accordance with article 17 GDPR, if
– it is no longer needed for the purposes for which it was collected or otherwise processed,
– you withdraw your consent on which the processing referred to in article 6 para. 1 clause 1 letter a or article 9 para. 2 letter a is based and there is no other legal basis for processing,
– you object to the processing pursuant to article 21 para. 1 and there are no overriding legitimate grounds for the processing, or you object to processing for the purpose of direct marketing including related profiling pursuant to article 21 para. 2,
– the personal data has been processed unlawfully,
– the personal data must be erased for compliance with a legal obligation under European Union or Member State law to which the controller is subject.
– the personal data was collected relating to information society services provided pursuant to article 8 para. 1 GDPR (consent of a child).
The right to erasure does not exist to the extent that the processing is necessary
– to exercise the right to freedom of expression and information,
– to fulfil a legal obligation, for reasons of public interest in the field of public health or for archiving purposes in the public interest, or
– to assert, exercise or defend legal claims.
- pursuant to article 18 GDPR, the right to obtain the restriction of the processing of your personal data, insofar as
– you dispute the accuracy of the data,
– it is being processed unlawfully, but you refuse to have it erased,
– we no longer need the data, but you do need it to assert, exercise, or defend legal claims or
– you have lodged an objection to the processing pursuant to article 21 GDPR.
- to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another controller in accordance with article 20 GDPR,
- to revoke your consent provided to us at any time pursuant to article 7 para. 3 GDPR. As a consequence, we will no longer be permitted to continue the processing of data based on this consent in the future if there is no other legal basis for it and
- to lodge a complaint with a supervisory authority according to article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our headquarters.
10. Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with article 6 para 1 clause 1 letter f GDPR, you have the right to object to the processing of your personal data in accordance with article 21 GDPR if there are reasons which arise from your particular situation, or if the objection is directed against direct advertisement. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
If you would like to make use of your right of revocation or objection, you can contact us using the above contact details and send us an email, for example.
11. Data security
During the visit to our website, we use the most common SSL (Secure Socket Layer) method together with the highest level of encryption supported by your browser. Usually, this is 256-bit encryption. Whether an individual page of our website is transmitted in encrypted form can be seen from the key or lock symbol in the status bar of your web browser appearing in closed form.
In addition, we use suitable technical and organisational measures for security of data processing appropriate to the level of risk, in particular to protect your data against manipulation or unauthorised access. In doing so, we take latest technology into account. Our security measures are adapted to keep up with technological developments.
13. Severability clause
Information according to art. 14 GDPR regarding CRIF Bürgel GmbH
1. Name and contact details of the controller and the company data protection officer
CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Telephone: +49 40 89803-0
The company data protection officer of CRIF Bürgel GmbH can be contacted at the above address, FAO Data Protection department or by email to email@example.com.
2. Data processing by CRIF Bürgel GmbH
2.1 Purposes of data processing and legitimate interests pursued by CRIF Bürgel GmbH or a third party
CRIF Bürgel GmbH processes personal data in order to provide authorised recipients with information for assessing the creditworthiness of natural and legal persons. Score values are also calculated and transmitted for this purpose. It shall only make the information available if a justified interest in this has been substantiated in individual cases and processing is permissible, after consideration of all interests. The legitimate interest exists, in particular, before entering into transactions with a risk of financial default. The creditworthiness check serves to protect recipients from losses in the lending business and at the same time opens up the possibility of protecting borrowers from excessive indebtedness by providing advice. The data is also processed for fraud prevention, money laundering prevention, identity verification, address identification, customer services, direct marketing or risk management. CRIF Bürgel GmbH will provide information about any changes to the purposes of data processing in accordance with article 14 para. 4 GDPR.
2.2 Legal basis for data processing
CRIF Bürgel GmbH processes personal data on the basis of the provisions of the General Data Protection Regulation. Processing is carried out on the basis of consents and on the basis of art. 6 para. 1 letter f GDPR, insofar as the processing is necessary to safeguard the legitimate interests of the controller or a third party and does not outweigh the interests or fundamental rights and freedoms of the data subject which require that personal data be protected. The legitimate interest exists, in particular, before entering into transactions with a risk of financial default.
Consents may be revoked at any time vis-à-vis the contracting party concerned. This also applies to consents granted before the GDPR came into force. The revocation of consent does not affect the legality of the personal data processed prior to revocation.
2.3 Origin of data
CRIF Bürgel GmbH receives its data from its contractual partners. These are companies based in the European Economic Area or Switzerland in the fields of trade, services, leasing, energy supply, telecommunications, insurance or debt collection as well as banks, financial and payment service providers and other contractual partners who use CRIF Bürgel GmbH products for the purposes mentioned under 2.1. In addition, CRIF Bürgel GmbH processes information from generally accessible sources such as public registers and official announcements (commercial registers, debtor registers, insolvency announcements).
2.4 Categories of personal data processed
- Personal data, e.g. surname (if applicable also previous names, which will be disclosed upon separate request), first name, date of birth, place of birth, address, previous addresses
- Information on undisputed, outstanding and repeatedly dunned or titled claims and their settlement
- Evidence of improper or other fraudulent conduct such as misrepresentation of identity or creditworthiness in connection with contracts for telecommunications services or contracts with credit institutions or financial service providers (credit or investment contracts, current accounts)
- Information from public directories and official notices
- Probability values
2.5 Categories of recipients of personal data
Recipients are contractual partners of the sectors mentioned under 2.3. When data is transferred to countries outside the European Economic Area, the requirements of the European Commission apply. Further recipients may be contractors of CRIF Bürgel GmbH according to art. 28 GDPR.
2.6 Duration of data retention
CRIF Bürgel GmbH stores information about individuals for a limited time only. This period is decisively determined by necessity. The retention periods are specified in detail in a Code of Conduct of the association "Die Wirtschaftsauskunfteien e. V.", which can be viewed online at www.crifbuergel.de/de/datenschutz. Accordingly, the basic retention period for personal data is three years to the day after it has been processed. In derogation from this, for example, the following are erased:
- Data from the debtor registers of the central enforcement courts after three years to the day, but earlier than this if CRIF Bürgel GmbH substantiates erasure with the central enforcement court.
- Information on consumer/insolvency proceedings or residual debt exemption proceedings exactly three years after the end of insolvency proceedings or the granting of the residual debt exemption. Earlier erasure may also take place for individual cases stored separately.
- Information on the rejection of an insolvency application due to lack of assets, the lifting of the security measures or the rejection of the residual debt exemption after three years to the day.
- Previous addresses are stored for three years to the day, after which the necessity of ongoing storage is checked for a further three years. After that, they will be deleted to the day, unless a longer period of storage is required for identification purposes.
3. Rights of the data subject
Regarding CRIF Bürgel GmbH, every data subject has the right of access pursuant to art. 15 GDPR, the right of rectification pursuant to art. 16 GDPR, the right of erasure pursuant to art. 17 GDPR and the right of limitation of processing pursuant to art. 18 GDPR. In addition, it is possible to contact the supervisory authority responsible for CRIF Bürgel GmbH: the Bavarian State Office for Data Protection Supervision. Consents may be revoked at any time vis-à-vis the contracting party concerned.
Pursuant to art. 21 para. 1 GDPR, data processing may be objected to for reasons arising from the particular situation of the data subject. The objection can be made in any form and is to be addressed to CRIF Bürgel GmbH, Data Protection, Radlkoferstraße 2, 81373 Munich.
4. Profile development (scoring)
Before entering into transactions with an economic risk, business partners want to be able to assess as well as possible whether the payment obligations entered into can be met. By providing information and using probability values, CRIF Bürgel GmbH supports companies in making decisions and helps them to process day-to-day (commodity) credit transactions quickly.
A forecast of future events is made on the basis of the information collected and previous experience. The calculation of the probability values at CRIF Bürgel GmbH is primarily based on the information stored at CRIF Bürgel GmbH about a data subject, which is also disclosed in the information pursuant to art. 15 GDPR. Address data is also used. Based on the entries stored for a person and other data, they are assigned to statistical groups of persons who have had similar payment patterns in the past. The method used is called "logistic regression" and is a well-founded, mathematical and statistical method for predicting risk probabilities that has been tried and tested in practice for many years.
CRIF Bürgel GmbH uses the following data to calculate scores, although not every type of data is included in every individual score calculation: date of birth, gender, shopping basket value, address data and duration of residence, payment problems to date, public negative features such as non-delivery of asset information, creditors' satisfaction excluded, creditors' satisfaction not proven, collection procedure and debt collection monitoring procedure. CRIF Bürgel GmbH itself does not make any decisions; it merely supports its affiliated contractual partners by providing its information in the decision-making process. The direct business partner alone is responsible for assessing and assessing creditworthiness, as only he/she/it has access to a great deal of additional information. This also applies if he/she/it relies solely on the information and probability values from CRIF Bürgel GmbH.