Privacy Policy

deutsche Version / German version

General note and mandatory information

Designation of the responsible body

The responsible body for the data processing by our website, server and apps is:

BavarTec UG (haftungsbeschränkt)
Robin Richtsfeld
Kapellenweg 10 D
94575 Windorf

The responsible body, alone or in concert with others, decides on the purposes and means of processing personal data (e.g. names, contact information, etc.).

Withdrawal of your consent to data processing

Only with your explicit consent are some processes of data processing possible. A withdrawal of your already given consent is possible at any time. For the withdrawal, an informal message by e-mail is sufficient. The lawfulness of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

Right to complain to the competent supervisory authority

As the person concerned, in the event of a breach of data protection law, you have a right of appeal to the competent supervisory authority. Responsible supervisory authority regarding data protection questions is the Bavarian State Commissioner for Data Protection. The following link provides a list of privacy officers and their contact details: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html (German language).

Right to data portability

You have the right to have data, that we automatically process on the basis of your consent or in fulfillment of a contract, handed over to you or to third parties. The provision is made in a machine-readable format. If you require the direct transfer of your data to another person in charge, this will only be done to the extent technically feasible.

Right to access, rectification, restriction, erasure

You have the right at any time within the scope of the applicable legal provisions to be provided free of charge with information about your stored personal data, the origin of the data, their recipients and the purpose of the data processing and, if applicable, a right of rectification, restriction of processing, objection to processing, or deletion of this data. In this regard and also to further questions on the subject of personal data, you can always contact us via the contact options listed in the imprint.

Provision of personal data

The provision of personal data may be a statutory requirement, which we explicitly point out in individual cases.

The provision of personal data is a contractual requirement, where we explicitly point this out at the conclusion of the contract.

The provision of personal data is a requirement, necessary to enter into a contract, where its processing is explicitly based on Art. 6 para. 1 lit. b GDPR. In this case, the failure to provide such data may result in the contract not being concluded.

In all other cases, you are not obliged to provide personal data.

Automated decision-making

Automated decision-making, including profiling, according to Art. 22 para. 1 and 4 GDPR, does not take place.

SSL/TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as the operator, our website, server and apps use an SSL/TLS encryption. Thus data, that you transmit to us with them, is not readable for others. In the browser, you will recognize an encrypted connection by the "https://" address bar and by the lock icon in the browser bar.

Data Protection Officer

We have appointed a data protection officer:

Robin Richtsfeld
Kapellenweg 10 D
94575 Windorf

Email: bavartec+gdpr (at) gmail.com

Server Log Files

In server log files, the website provider automatically collects and stores information that your browser automatically sends to us. These are:

There occurs no merge of this data with other data sources. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the fulfillment of a contract or precontractual measures.

Data transmission at the conclusion of the contract for the sale and shipping of goods

Personal data will only be transmitted to third parties if there is a need to in the context of contract execution. Third parties may be, for example, payment service providers or logistics companies. Any further transmission of the data will not take place or only if you have explicitly consented to it.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the fulfillment of a contract or precontractual measures.

Data submitted at the conclusion of the ordering process will remain with us until you request its erasure, withdraw your consent to its storage, or we cease to be in need of its storage. Mandatory legal provisions - especially retention periods - remain unaffected.

Contact form

Data submitted via the contact form will be stored, including your contact details, to process your request or to be available for follow-up questions. A disclosure of this data will not take place without your consent.

The processing of the data entered into the contact form takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. A withdrawal of your already given consent is possible at any time. For the withdrawal, an informal message by e-mail is sufficient. The lawfulness of the data processing operations carried out until the withdrawal remains unaffected by the withdrawal.

Data submitted via the contact form will remain with us until you request us to erase it, you withdraw your consent to its storage or we no longer need to retain your data. Mandatory legal provisions - especially retention periods - remain unaffected.

MQTT server

For some of our products, we offer you the option of creating personal access data for our MQTT server during setup. If necessary, you can use this server to provide device, sensor, configuration data and the like. sync between our apps and devices.

The processing of synchronized data takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR, as part of the deployment of our MQTT server. Your username and, if applicable, the device ID are pseudonyms, i.e. without the use of additional information, they do not identify any natural person.

Incoming MQTT messages are immediately forwarded to your linked devices. Messages that have the "retain" bit set are stored until they are replaced by newer ones, or possibly until the server is restarted. This prevents the event of one of your devices missing a message. Messages without retain bit are discarded immediately after forwarding.

Contract Processing

The provision of our MQTT server takes place in data centers of the AWS (Germany) region Frankfurt. In order to fully comply with legal data protection requirements, we have concluded a contract processing agreement with AWS.

Google reCAPTCHA

Our website uses features of the CAPTCHA service Google reCAPTCHA. The service provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. A CAPTCHA is used to determine whether inputs are human. This serves as security against the malicious use of so-called bots.

reCAPTCHA analyzes and evaluates the behavior of visitors based on various data (e.g. IP address, keystrokes, mouse movements). The analysis begins when you enter the page and runs in the background. The analysis data is forwarded to Google.

The Google reCAPTCHA service is used on the basis of Art. 6 para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in protection against malicious automated interaction by bots and spam software. For details about the handling of user data, please refer to the YouTube Privacy Policy at: policies.google.com/privacy.

YouTube

For the integration and presentation of video content, our website uses plugins from YouTube. Provider of the video portal is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit a page with an integrated YouTube plug-in, it will connect to YouTube's servers. YouTube gets to know which of our sites you've visited. YouTube may associate your browsing behavior directly with your personal profile should you be logged into your YouTube account. By logging out in advance, you have the option to prevent this.

The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest with the meaning of Art. 6 para. 1 lit. f GDPR. For details about the handling of user data, please refer to the YouTube Privacy Policy at: policies.google.com/privacy.

Cookies

Our website uses cookies. These are small text files that your web browser stores on your device. Cookies help us make our offer more user-friendly, effective and secure.

Some cookies are "session cookies". Such cookies will be deleted automatically after the end of your browser session. On the other hand, other cookies remain on your device until you delete them yourself. Such cookies help us to recognize you upon return to our website.

Using a modern web browser, you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured to automatically delete cookies when the application is closed. The deactivation of cookies may result in limited functionality of our website.

The setting of cookies, which are necessary for the performance of electronic communication processes or the provision of certain functions desired by you (e.g. shopping cart), takes place on the basis of Art. 6 para. f GDPR. As the operator of this Website we have a legitimate interest in the storage of cookies for the technically flawless and smooth delivery of our services. If other cookies are set (for example, for analysis functions), they will be included in this Privacy Policy treated separately.

PayPal

Our website allows payment via PayPal. The provider of the payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you pay with PayPal, your payment information will be transmitted to PayPal.

The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing to fulfill a contract). A withdrawal of your already given consent is possible at any time. Past data processing operations remain in effect on withdrawal.