DISCLAIMER

Bjelic & Barth GmbH (hereinafter referred to as “Provider”) assumes no liability for the topicality, correctness, completeness, or quality of the information provided. Liability claims against the Provider relating to material or immaterial damage caused by the use or non-use of the information provided or by the use of incorrect or incomplete information are excluded, unless there is evidence of willful intent or gross negligence on the part of the Provider. All offers are non-binding and subject to change. The Provider expressly reserves the right to change, supplement, or delete individual pages or the entire offer without prior notice, or to discontinue publication temporarily or permanently.

REFERENCES AND LINKS

In the case of direct or indirect references to external websites (“hyperlinks”) that are beyond the Provider’s area of responsibility, a liability obligation would only come into effect if the Provider was aware of the content and it was technically possible and reasonable for them to prevent its use in the event of illegal content. The Provider hereby expressly declares that, at the time the links were created, no illegal content was discernible on the pages to be linked. The Provider has no influence whatsoever on the current and future design, content, or authorship of the linked pages. Therefore, it hereby expressly distances itself from all content on all linked pages that have been changed since the link was created. This statement applies to all links and references set within its own website, as well as to external entries in guest books, discussion forums, and mailing lists set up by the Provider. The provider of the page to which reference was made is solely liable for illegal, incorrect, or incomplete content and, in particular, for damage arising from the use or non-use of such information, and not the party who merely refers to the respective publication via links.

COPYRIGHT AND TRADEMARK LAW

The Provider endeavors to observe the copyrights of the graphics, audio and video files, and texts used in all publications, to use content it has created itself, or to make use of license-free materials. All brands and trademarks mentioned within the website and possibly protected by third parties are subject without restriction to the provisions of the applicable trademark law and the ownership rights of the respective owners. The mere mention of a trademark does not imply that it is not protected by the rights of third parties. The copyright for content created and published by the Provider remains solely with the Provider. The reproduction or use of such graphics, audio or video files, and texts in other electronic or printed publications is not permitted without the express prior consent of the Provider.

DATA PROTECTION

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “Data”) within the framework of our online offer and the associated websites, functions, and content, including external online presences, such as our social media profiles (hereinafter collectively referred to as “Online Offer”). With regard to the terms used, such as “Processing” or “Controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller
Bjelic und Barth GmbH
Strängenweg 28
D-73550 Waldstetten
E-mail address: info@bjelic-barth.com

Managing Directors:
Prof. Dr. Aleksandar Bjelić,
Heiko Barth

Data Protection Officer: Heiko Barth

TYPES OF DATA PROCESSED

Inventory data (e.g., names, addresses)
Contact data (e.g., email, telephone numbers)
Content data (e.g., text input, photographs, videos)
Usage data (e.g., websites visited, interest in content, access times)
Meta/communication data (e.g., device information, IP addresses)

CATEGORIES OF DATA SUBJECTS

This applies to visitors and users of our online offer (hereinafter collectively referred to as “Users”).

PURPOSE OF PROCESSING

• Provision of the online offer as well as its functions and content
• Answering contact requests and communication with users
• Implementation of security measures
• Analysis of reach and implementation of marketing measures

TERMS USED

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); a natural person is considered identifiable if they can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.

• Processing: Any operation or series of operations relating to personal data, whether or not carried out with the aid of automated procedures. The term is broad and covers almost every form of handling data.
• Pseudonymization: The processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is protected by technical and organizational measures to ensure that it cannot be attributed to an identified or identifiable person.
• Profiling: Any type of automated processing of personal data in which this data is used to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
• Controller: The natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
• Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

RELEVANT LEGAL BASES
In accordance with Art. 13 GDPR, we inform you about the legal bases of our data processing. Unless a specific legal basis is mentioned in this privacy policy, the following regulations apply:

• The obtaining of consent is based on Art. 6 para. 1 lit. a and Art. 7 GDPR.
• The processing for the provision of our services, for the implementation of contractual measures, or for the answering of inquiries is based on Art. 6 para. 1 lit. b GDPR.
• The processing to fulfill legal obligations takes place in accordance with Art. 6 para. 1 lit. c GDPR.
• The processing to protect the legitimate interests of the Provider is based on Art. 6 para. 1 lit. f GDPR.
• If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

SECURITY MEASURES
In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the probability of occurrence and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data, for example by controlling physical access to data, access options, input and transmission, ensuring availability, and separation. In addition, we have implemented procedures that ensure the exercise of data subject rights, the deletion of data, and the response to data threats. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software, and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).

COOPERATION WITH PROCESSORS AND THIRD PARTIES
If, as part of our data processing, we disclose information to other persons or companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this is only done on a legal basis. This may be the case, for example, if a data transfer to third parties, such as payment service providers, is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the performance of a contract, you have given your consent, a legal obligation provides for this, or this is necessary to protect our legitimate interests (e.g., when using agents, web hosts, etc.).

If third parties are commissioned with the processing of personal data on the basis of a so-called “data processing agreement”, this is done in accordance with Art. 28 GDPR.

TRANSFERS TO THIRD COUNTRIES
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs as part of the use of third-party services or the disclosure or transfer of data to third parties, this only occurs if it is necessary to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation, or to protect our legitimate interests.

Subject to legal or contractual permissions, data is only processed in a third country if the special requirements of Art. 44 ff. GDPR are met. This means, for example, that the processing is based on special guarantees, such as the officially recognized determination of a level of data protection corresponding to that of the EU (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual regulations (so-called “standard contractual clauses”).

RIGHTS OF DATA SUBJECTS
You have the right to request confirmation as to whether personal data relating to you is being processed, as well as the right to information about this data, additional information, and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to request the completion of your personal data or the correction of incorrect data.

In accordance with Art. 17 GDPR, you can request the immediate deletion of your data. Alternatively, in accordance with Art. 18 GDPR, you have the right to demand the restriction of the processing of your data.

In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us and to request its transmission to other controllers.

Furthermore, in accordance with Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.

RIGHT OF REVOCATION
You have the right to revoke granted consent in accordance with Art. 7 para. 3 GDPR at any time with effect for the future.

RIGHT OF OBJECTION
You can object to the future processing of your personal data at any time in accordance with Art. 21 GDPR. The objection can be lodged in particular against processing for direct marketing purposes.

COOKIES AND RIGHT OF OBJECTION TO DIRECT ADVERTISING
“Cookies” are small files that are stored on the user’s devices. Various information can be stored in these cookies. Cookies are mainly used to store information about a user or the device on which the cookie is stored during or after a visit to an online offer.

Temporary cookies, so-called “session cookies” or “transient cookies”, are deleted as soon as a user leaves the online offer and closes the browser. Such cookies can be used, for example, to store the content of a shopping cart in an online shop or the login status.

“Permanent” or “persistent” cookies remain stored even after the browser is closed. For example, the login status can be retained for recurring visits over several days. Likewise, user interests can be stored in such cookies, which are used for reach measurement or marketing purposes.

“Third-party cookies” come from providers other than the operator of the online offer, while cookies from the provider itself are referred to as “first-party cookies.”

We use both temporary and permanent cookies and provide information about this in our privacy policy.

If users do not want cookies to be stored on their device, they can deactivate the corresponding function in the settings of their browser. Cookies that have already been saved can also be deleted via the browser settings. Please note that deactivating cookies may lead to restrictions in the use of this online offer.

DELETION OF DATA
The data processed by us will be deleted or restricted in its processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated otherwise in this privacy policy, data will be deleted as soon as it is no longer required for the respective purpose and there are no legal storage obligations. If data is still required for other legally permissible purposes, processing will be restricted. This means that the data is blocked and not used for other purposes, for example for data that must be retained for commercial or tax law reasons.

CONTACTING US
When contacting us (e.g., via contact form, email, telephone, or social media), the data provided by users is processed in accordance with Art. 6 para. 1 lit. b GDPR (within the framework of contractual or pre-contractual relationships) or Art. 6 para. 1 lit. f GDPR (for other inquiries) for the processing and handling of the inquiry. The data can be stored in a customer relationship management system (“CRM system”) or a comparable organizational structure for inquiries.

We delete the inquiries as soon as they are no longer required. The necessity is checked every two years; in addition, the statutory retention obligations apply.

HOSTING AND EMAIL DISPATCH
The hosting services used by us serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security measures, and technical maintenance services that are necessary for the operation of this online offer.

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, interested parties, and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of the online offer in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

COLLECTION OF ACCESS DATA AND LOG FILES
We or our hosting provider collect data on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR on every access to the server on which this online offer is operated (so-called server log files). The access data collected includes: name of the accessed website or file, date and time of access, amount of data transferred, status message on the retrieval, browser type and version, user’s operating system, referrer URL (previously visited page), IP address, and requesting provider.

The log file information is stored for a maximum of 7 days for security reasons, such as to investigate misuse or fraudulent activities, and then deleted. Data whose longer retention is required for evidentiary purposes is excluded until the final clarification of the respective incident.

ONLINE PRESENCES IN SOCIAL MEDIA
We maintain online presences in social networks and on platforms in order to communicate with customers, interested parties, and users active there and to inform them about our services. When visiting these networks and platforms, the respective terms and conditions and data protection guidelines of their operators apply.

Unless otherwise stated in this privacy policy, we process the data of users when they interact with us via the social networks and platforms, for example by posting contributions on our presences or sending us messages.

LEGAL EFFECTIVENESS OF THIS DISCLAIMER
This disclaimer is to be regarded as an integral part of the website from which reference was made to this page. Should individual parts or formulations of this text not, no longer, or not fully comply with the applicable legal situation, the validity and content of the remaining provisions shall remain unaffected.