DE
 

Privacy Policy

Privacy Policy for the Website in Accordance with the GDPR

  1. Name and Address of the Data Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation ("GDPR") and applicable national data protection laws, as well as other data protection regulations, is:

BZ.COMM GmbH 

Represented by Managing Director Sven Meyer

Hanauer Landstrasse 136

60314 Frankfurt am Main 

Germany

Phone: 069 256 28 880

Email: datenschutz@bz-comm.de

Website: https://www.bz-comm.de/

  1. Name and address of the Data Protection Officer

Our Data Protection Officer is:

Clio Sterkel 

Gutleutstr. 16a

60329 Frankfurt am Main 

Germany

Phone: 069 256 28 880

Email: datenschutz@bz-comm.de

  1. General Information on Data Processing

Scope of Personal Data Processing

We collect and use your personal data as a user of our website and the services offered thereon only to the extent necessary to provide a functional website as well as our content and services. The collection and use of your personal data generally takes place only with your consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by law. 

Legal basis for the processing of personal data

To the extent that we obtain your consent for the processing of personal data, Article 6(1)(a) of the GDPR serves as the legal basis.

When processing personal data necessary to fulfill a contract with you, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations necessary to implement pre-contractual measures.

To the extent that the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.

In the event that vital interests of you or another natural person necessitate the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party, and your interests, fundamental rights, and freedoms do not override our aforementioned interest, Article 6(1)(f) of the GDPR serves as the legal basis for the processing. 

Data Erasure and Retention Period

Your personal data will be deleted as soon as the purpose of the data processing no longer applies. If there are legitimate grounds within the meaning of Article 17(3) of the GDPR that preclude deletion, such as statutory storage or retention obligations, the processing of this data will be restricted. In this case, the data will be deleted when the reason for further storage no longer applies, i.e., when the legally prescribed retention period expires. An exception applies only if further storage of the data is necessary for the conclusion or performance of a contract.

  1. Provision of the Website and Creation of Log Files

Every time you visit our website, our system collects and processes data and information from the computer you are using. 

The following data is collected in this process:

  • Information about the browser type and version used
  • The operating system of your computer
  • Your computer’s IP address
  • Date and time of access
  • The URL of the website from which you accessed our website

This data is stored in our system’s log files. 

The processing of your computer’s IP address and the other aforementioned data by our system is strictly necessary to enable the website to be delivered to your computer. For this purpose, the user’s IP address must be stored for the duration of the session. The legal basis for this data processing to deliver the website is Art. 6(1)(b) GDPR, provided you are registered on our website. Otherwise, the legal basis is Article 6(1)(f) of the GDPR, whereby our legitimate interest is the provision of our website and enabling the use of our online services. 

The aforementioned data stored in log files also serves to optimize the website and ensure the security of our IT systems. The data is not evaluated for marketing purposes in this context. Our legitimate interest in this data processing of the data stored in log files also lies in the optimization of the website and the assurance of the security of our IT systems. The legal basis for this data processing is accordingly Article 6(1)(f) of the GDPR.

When data is stored in log files, personal data is generally deleted after no more than seven days. Storage beyond this period is possible. In this case, your computer’s IP addresses are deleted, anonymized, or aggregated so that they can no longer be linked to you. 

  1. Data Protection During the Application Process

We collect and process your personal data when you apply for a position with us for the purpose of conducting the application process. This is particularly the case when you submit the relevant application documents to us electronically, for example via email or through a web form on our website. If we enter into an employment contract with you, the personal data you have submitted will be stored and processed for the purpose of carrying out and managing the employment relationship in compliance with legal regulations. If no employment contract is concluded with you, the application documents will be deleted four months after notification of the rejection decision, provided that no other legitimate interests on our part preclude deletion, for the protection of which further processing of your data is necessary. Other legitimate interests in this sense may include, for example, proving compliance with legal requirements in proceedings under the General Equal Treatment Act (AGG). 

The collection and processing of data in connection with your application for a vacant position with us is carried out in accordance with Art. 88 GDPR in conjunction with § 26(1) sentence 1 BDSG. The same applies to the processing of your data for the purposes of establishing and managing an employment relationship. If we require your personal data after the conclusion of the application process to safeguard our legitimate interests—such as to prevent claims arising from the AGG—and therefore continue to store it, this is done in accordance with Art. 6(1)(f) GDPR.

  1. Product Information, Newsletters, and Event Invitations

If you provide us with your email address as part of a contractual relationship, we may use it to send you newsletters, press releases, and information about our own or similar goods or services. If you do not wish to receive such information, you may object to its transmission at any time in writing or by email. This objection is free of charge for you, with the exception of standard transmission fees. In every piece of information we send you and in every newsletter, you are given the opportunity to decline to receive further information and to submit a corresponding objection. The processing of your personal data for the purpose of sending product-related promotional newsletters is based on Article 6(1)(f) of the GDPR, whereby our legitimate interest is the promotion of our own similar products and services within the context of an ongoing customer relationship with you. Your legitimate interests are sufficiently safeguarded in accordance with Section 7(3) of the German Unfair Competition Act (UWG).

Furthermore, your contact information (including your email address) will be used to send you newsletters, press releases, and invitations if you consent to this. These declarations of consent to receive newsletters are obtained through a so-called double opt-in procedure, i.e., after signing up, you will receive an email at the email address you provided asking you to confirm your registration. This confirmation is necessary to ensure that no one can register using someone else’s email address. Only after you have confirmed your registration will we send you the newsletters, press releases, or invitations to which you have consented. Subscriptions to newsletters, press releases, or invitations are logged to provide evidence of the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Likewise, the data, including any changes, is stored and logged on the newsletter distribution platform we use, “MailChimp.” The aforementioned data processing for the purpose of sending newsletters is based on your consent (Art. 6(1)(a) GDPR).

The newsletters are sent via the “MailChimp” service, a newsletter distribution platform operated by the U.S. provider The Rocket Science Group LLC d/b/a MailChimp, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter: “MailChimp”). For this purpose, your email address and other personal data described in this privacy policy and required for sending the newsletter are transmitted to MailChimp and stored on MailChimp’s servers in the USA. MailChimp uses this information to send and analyze the newsletters on our behalf.  

We strictly adhere to the provisions of the GDPR, including the requirements regarding reliability and IT and data security. MailChimp also strictly adheres to these requirements. MailChimp is certified under the “EU-US Privacy Shield,” a US-EU data protection agreement based on an adequacy decision by the European Commission, and thereby commits to complying with EU data protection regulations. Furthermore, we have entered into a data processing agreement with MailChimp, in which MailChimp reaffirms its commitment to protecting your personal data and processing it on our behalf only in accordance with the relevant data protection regulations, and in particular not to disclose it to third parties. The transfer of data to MailChimp is based on Articles 28 and 45 of the GDPR. 

You may object to receiving the newsletter, press releases, or invitations at any time and may revoke any consent you may have given at any time with future effect. For this purpose, each newsletter, press release, or invitation contains a corresponding unsubscribe link that you can click to unsubscribe from the newsletter. 

Newsletter Tracking 

The newsletters contain so-called web beacons. A web beacon is a miniature graphic embedded in emails sent in HTML format to enable log file recording and analysis. This allows for a statistical evaluation of the success or failure of newsletter marketing campaigns. The embedded web beacon makes it possible to determine whether and when you opened the newsletter and which links in the email you clicked on. 

We store and analyze such personal data collected via the tracking pixels contained in the newsletters to optimize newsletter distribution and tailor the content of future newsletters even better to your interests and preferences. This personal data is not shared with third parties. You can object to this tracking at any time by clicking the separate link provided in each email or by informing us via another contact method. The information is stored for as long as you remain subscribed to the newsletter. After you unsubscribe, we store the data purely for statistical and anonymous purposes.

The above data processing is based on Art. 6(1)(f) of the GDPR. Our legitimate interest is the continuous improvement of our newsletters based on user-friendliness and user interests.

  1. Registration for the Purpose of Contract Performance

On our website, we offer users the option to register by providing personal data as part of special promotions or features of our website. In doing so, the data you provide, as well as other personal data related to the registration, is transmitted to us and stored for the purpose of carrying out the specific promotions for which the registration is made. In particular, the following data is collected during registration:

  • The user’s IP address
  • Date and time of registration
  • First name
  • Last name
  • Company
  • Position
  • Email
  • Address
  • Phone number

The legal basis for processing the data during registration is Article 6(1)(b) of the GDPR.

User registration is necessary for the performance of a contract with the user or for the implementation of pre-contractual measures.

Continuing obligations require the storage of personal data for the duration of the contract. In addition, warranty periods must be observed, as well as the storage of data for tax purposes. The specific retention periods that must be observed in this context cannot be determined on a blanket basis but must be determined on a case-by-case basis for the respective contracts and contracting parties.

If the data is necessary for the performance of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible to the extent that no contractual or legal obligations preclude such deletion. In all cases where data processing, as described above, serves the performance of a contract, the provision of your personal data is necessary for the conclusion of the contract (see Art. 13(2)(e) GDPR). Without your personal data, we are unable to perform the contract.

  1. Contact Form and Email Contact

Our website features a contact form that can be used to contact us electronically. If you use this option, the data entered in the form will be transmitted to us and stored. 

At the time the message is sent, the following data is also stored:

  • The user’s IP address
  • Date and time of submission
  • The user’s name
  • The user’s phone number and email address

Alternatively, you may contact us via the provided email address. In this case, the personal data you submit via email will be stored. 

No data will be disclosed to third parties in this context. 

The data collected in the course of contacting us will be used exclusively for processing your request.

The legal basis for processing the data transmitted when sending an email is Art. 6(1)(f) of the GDPR. The processing of your contact request is based on our legitimate interest in processing your data. If your contact request is aimed at concluding a contract, the legal basis for the processing is Article 6(1)(b) of the GDPR.

The data collected in connection with your contact will generally be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case once the processing of your inquiry has been completed. If, due to special reasons or retention periods, deletion of the data is only possible after these periods have expired, we will restrict the processing of this personal data for further use and delete the data after the retention period has expired or the other reason no longer applies. 

  1. Google Analytics

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google").
Google Analytics uses so-called "cookies." These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie regarding your use of this website is generally transmitted to a Google server in the United States and stored there. We use the "anonymizehelp()" extension for this purpose. By activating IP anonymization on this website, your IP address is truncated by Google within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to a Google server in the United States. Google uses the information collected by Google Analytics on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide us with other services related to website and internet usage. The IP address transmitted by your browser as part of the use of Google Analytics is not merged with other Google data. 

You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link:

[http://tools.google.com/dlpage/gaoptout?hl=de]. 

You can also prevent the future use of Google Analytics, particularly when accessing our website from a mobile device browser, by clicking the following link: [Google Analytics deaktivieren]. Clicking the link will store a so-called opt-out cookie on your computer. If you delete the cookies on your computer, you will therefore need to click on this link again to continue disabling Google Analytics.

Further information on Google’s data protection practices in connection with Google Analytics can be found on Google’s websites at www.google.com/intl/de/analytics/learn/privacy.html and www.google.de/intl/de/policies/privacy.

For data transfers to the U.S., there is an adequacy decision by the European Commission (No. 2016/1250), according to which companies that meet certain criteria ensure an adequate level of protection, also known as the "EU-U.S. Privacy Shield." These companies are listed in the so-called “Privacy Shield List.” Google is among the companies listed there. Data transfers to Google in connection with Google Analytics are based on Articles 45 and 28 of the GDPR. 

We use Google Analytics to analyze the use of our website and to continuously improve our website in terms of user-friendliness. The basis for the use of Google Analytics is Art. 6(1)(f) GDPR. Our legitimate interest is the optimization and further development of our website to ensure the best possible user experience. 

Demographic Features in Google Analytics

This website uses the “demographic features” function of Google Analytics. This allows reports to be generated that contain information about the age, gender, and interests of site visitors. This data comes from interest-based advertising by Google as well as from visitor data provided by third parties. You can disable this feature at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as described above.

  1. Cookies

Our website uses cookies in several places. Cookies are small text files that are stored on your computer and saved by your browser. They help us make our website more user-friendly, effective, and secure. Cookies also allow our systems to recognize your browser and offer you specific services and convenience features. 

The session cookies used are only stored until you close your browser. 

You can prevent the use of cookies at any time by changing your browser settings, allow cookies to be set only on a case-by-case basis, and delete cookies that have already been stored. However, this may negatively affect the functionality of some parts of our website. 

We use cookies only with your consent for the purposes specified in this section (Art. 6(1)(a) GDPR).

  1. Disclosure of Personal Data

Your data will generally only be disclosed to third parties with your express consent. The only exceptions to this are transfers to our service providers or cooperation partners that we require to fulfill and process the contractual relationship with you and have accordingly commissioned (for example, payment service providers, technical service providers). Accordingly, the transfer of your data to such service providers and cooperation partners for the purpose of contract fulfillment takes place in accordance with Art. 6(1)(b) GDPR. In these cases, we and our partners strictly adhere to the requirements of the GDPR. Of course, before disclosing your personal data, we ensure that our service providers and cooperation partners have taken the necessary technical and organizational measures to guarantee an adequate level of protection. The scope of data transfer is limited to the minimum necessary. 

Disclosure to government institutions and authorities entitled to receive such information occurs only within the scope of statutory disclosure obligations or if we are required to disclose information by a court order. In this case, the disclosure of your data is required under Article 6(1)(c) of the GDPR to fulfill a legal obligation to which we are subject.

  1. No automated decision-making

We do not engage in automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR.

  1. Rights of the data subject

If personal data concerning you is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights:

You may at any time request, free of charge, written or electronic information regarding the data stored about you. In addition, you have the right to have inaccurate data corrected, as well as, where applicable, to have your personal data erased or to restrict data processing. If the basis for data processing is Article 6(1)(e) or (f) of the GDPR (pursuit of legitimate interests), you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data, provided there are grounds arising from your particular situation, or if the objection is directed against data processing for direct marketing purposes. In the latter case, you have a general right to object, which we will honor without requiring you to provide reasons arising from your particular situation (Article 21(2) of the GDPR). If you object for reasons arising from your particular situation, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims (Art. 21(1) GDPR).

To the extent that we collect personal data based on your consent, you may freely revoke your consent to the collection, processing, and use of your personal data at any time with future effect. 

Furthermore, you may request that the personal data provided to us be transmitted to you or another controller in a structured, commonly used, and machine-readable format. In addition, you may lodge a complaint with the competent supervisory authority regarding violations of data protection if you believe that our processing of your data is unlawful.

You may exercise the rights listed above by writing to BZ.COMM GmbH, Gutleutstr. 16a, 60329 Frankfurt am Main, or by email to datenschutz@bz-comm.de.

  1. Use of an AI-powered assistant

We use an AI-powered chat assistant on this website. It is designed to automatically answer your questions regarding general information about the Allee-Center Leipzig (e.g., opening hours, shops, services, directions, events).

Provider and Data Processing

The AI service is technically provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The “Gemini 2.5 Flash” model is used, which is accessed via Google’s Gemini API. A data processing relationship with Google exists in accordance with Art. 28 GDPR based on the “Google Cloud Data Processing Addendum” (CDPA, as of November 8, 2023, available at https://cloud.google.com/terms/data-processing-addendum). The cloud project used is configured as a paid service.

Processed Data

When using the chat assistant, the following data is processed:

  • the content of your inputs (prompts) as well as the AI responses
  • a technical session identifier (Session-ID)
  • Your IP address and user agent identifier (browser identification)
  • Technical usage data (AI model used, token consumption, timestamps)

Please do not enter any personal or confidential information in the chat. The assistant does not actively request such information and is not intended to handle individual, personal matters.

Retention Period

The content of your inquiries and the corresponding AI responses are stored in our system for a maximum of 90 days, along with your IP address, session ID, and user agent. After this period expires, these personal fields are automatically anonymized (by overwriting them with zero values). Only anonymous, aggregated usage and statistical data (model, token, timestamp) remain for a maximum of 24 months for the analysis of usage trends and cost control. After that, these data records are also completely deleted.

Transfer to the U.S.

Your requests are processed on Google servers in the U.S. The transfer is based on EU Standard Contractual Clauses (SCCs) in the version of Implementing Decision (EU) 2021/914 of the European Commission, which are part of the aforementioned CDPA (Appendix 3, Section 4.1 “Restricted Transfers”) and constitute “appropriate safeguards” within the meaning of Article 46(2)(c) of the GDPR.

No Training of AI Models

Since we use the service as a paid service, the content processed in the context of our requests (prompts and responses) is not used by Google for training or improving the AI models. This assurance is derived from the “Gemini API Additional Terms of Service” (https://ai.google.dev/gemini-api/terms).

Legal Basis

The legal basis for the use of the chat assistant is Article 6(1)(f) of the GDPR. Our legitimate interest lies in providing you with a modern, accessible information service and improving our services. Upon consideration, it appears that no overriding interests on your part stand in the way, as no personal data is used for profiling and you use the assistant voluntarily.

  1. Miscellaneous 

Naturally, this privacy policy applies only to the content on our website and does not cover third-party content or websites to which our site merely links. This applies, for example, to simple links to social networks such as Facebook or Twitter. The processing of your personal data via these social networks, to which we merely link, is carried out by the respective network operator, over which we have no influence. This also applies to your personal data that you provide to us via such a platform, for example by messaging our profile on the respective social network. Information regarding the handling of your personal data and its protection on these platforms can be found in the privacy policy of the respective platform.