1. Personal data
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data subject
Data subject is any identified or identifiable natural person whose personal data are processed by the controller (our company).
Processing is any operation or set of operations, performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
9. Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
5. Legal basis of processing
Article 6 (1) lit. a GDPR serves as a legal basis for our company for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are party, such as processing operations necessary for the supply of goods or any other service or consideration, the processing is based on Article 6 (1) (b) GDPR. The same applies to processing operations necessary for the conducting pre-contractual measures, for example in case of inquiries about our products or services.
If our company is subject to a legal obligation obligating us to process personal data, for example to fulfil tax obligations, such processing is based on Art. 6 (1) (c) GDPR.
In rare cases, the processing of personal data might be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company was injured and his name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. The processing would then be based on Article 6 (1) (d) GDPR.
Finally, processing operations could be based on Article 6(1) (f) GDPR. Processing operations which are not covered by any of the above legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. According to the view of the European legislator a legitimate interest can be assumed if you are a customer of our company (Recital 47 sentence 2 GDPR).
6. Transmission of data to third parties
For some services and information on our website (e.g. online application or newsletter registration) we need to receive personal data from you, such as your name, address, or e-mail address.
We collect such data only if they are necessary for processing your request. Your enquiries and the data and information contained therein will be forwarded internally to employees of our company or companies commissioned by us (e.g. trading partners) who will support us in processing your request.
Since BOGE is a globally active company, it may be necessary to forward your personal data to local subsidiaries or sales partners, whose registered office may also be located outside the European Economic Area, in order to better process your request.
We only pass on your personal data to third parties if either:
1. you have granted your express consent in accordance with Art. 6 (1) (a) GDPR
2. disclosure is permissible under Art. 6 (1) (f) GDPR in order to safeguard our legitimate interests and there is no reason to assume that you have an overriding interest in not disclosing your data,
3. in the event that there is a legal obligation for disclosure under Article 6 (1) (c) GDPR, and
4. this is legally permissible and, in accordance with Art. 6 (1) (b) GDPR, necessary for the processing of contractual relationships with you.
Prior to transfer your personal data to countries outside the European Union and the EEA, we ensure an adequate level of data protection in the country concerned (e.g. by entering into EU Standard Contract Clauses).
In order to obtain a copy of the respectively applicable regulations please contact us using the contact details given in Sections 2 and 3.
7.1 SSL/TLS Encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can identify an encrypted connection by the fact that the address line of your browser contains "https://" instead of "http://" and by the lock symbol in your browser line.
We use this technology to protect the information you provide.
7.2 Data collection when visiting the website
When using our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser sends to our server (in so-called "server log files"). Our website collects a number of general data and information every time you or an automated system access a page. This general data and information is stored in the server log files. The following can be recorded
1. used browser types and versions,
2. the operating system used by the accessing system,
3. the website from which an accessing system reaches our website (so-called referrer),
4. the sub-websites, which are accessed via an accessing system on our website
5. the date and time of access to the website,
6. an Internet Protocol (IP) address,
7. the Internet service provider of the accessing system.
When using this general data and information, we do not draw any conclusions about your person. This information is rather required to
1. to deliver the contents of our website correctly
2. to ensure the permanent operability of our IT systems and the technology of our website and
3. to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack.
This collected data and information is evaluated by us with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us. The data of the server log files are stored separately from all personal data provided by a data subject.
The legal basis for the data processing is Art. 6 (1) (f) GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection.
8.1 General information about cookies
Information is stored in the cookie, which results in each case in connection with the specifically used terminal device. This does not mean, however, that we obtain direct knowledge of your identity.
In addition, we also use temporary cookies, which are stored on your end device for a certain fixed period of time, to optimise user-friendliness. If you visit our site again in order to use our services, it will be automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
The data processed by cookies, which are required for the proper functioning of the website, are necessary to safeguard our legitimate interests and those of third parties in accordance with Art. 6 (1) (f) GDPR.
The following data is stored and transmitted in the cookies:
(1) Language settings
(2) Articles in a shopping cart
(3) Log-in information
For the following applications, cookies are required for technical reasons:
(1) Shopping cart in the Online Shop
(2) Adoption of language settings
(3) Registration under myBOGE
If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
Session cookies are deleted when you close your Internet browser.
For all other cookies, you have given your consent to this via our opt-in cookie banner in accordance with Art. 6 (1) (a) GDPR.
Essential cookies enable basic functions and are necessary for the proper functioning of the website.
||Saves settings in a cookie to display the website.
Statistics Cookies collect information anonymously. This information helps us to understand how our visitors use our website.
||Matomo (formerly Piwik)
||Cookie from Matomo for website analysis. Generates statistical data about how the visitor uses the website.
9. Contents of our website
9.1 Registration as user
You have the possibility to register on our website personal data. This will require personal data to be provided.
Which personal data is transmitted to us in this process is determined by the respective input form used for registration. The personal data you enter is collected and stored exclusively for internal use by us and for our own purposes. We may arrange for the transfer to one or more processors, for example a hosting service provider, who will also use the personal data exclusively for internal use attributable to us.
When you register on our website, the IP address assigned by your internet service provider (ISP), the date and time of registration are also stored. The storage of this data is carried out against the background that this is the only way to prevent the misuse of our services and, if necessary, to enable the prosecution of criminal offences committed. In this respect, the storage of this data is necessary for security of our services. As a matter of principle, this data will not be passed on to third parties, unless there is a legal obligation to do so or the passing on of the data serves criminal prosecution.
Your registration with voluntary provision of personal data also serves us to offer you content or services which, by their very nature, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from our database.
The processing of your data is carried out in the interest of a comfortable and simple use of our website. This constitutes a legitimate interest in the sense of Art. 6 (1) (f) GDPR.
9.2 Order process
All data, which are entered by you in the context of an order processing in the online shop, are stored. This includes:
• Name, first name
• own order no. (voluntary indication)
• deviating delivery address (voluntary indication)
• Customer no.
• E-mail address
Data which are absolutely necessary for delivery or order processing, are passed on to third parties.
The legal basis for the processing of the data is Article 6(1) (b) GDPR, since the processing is necessary for the performance of a contract to which the user is a party or the implementation of pre-contractual measures.
The data collected in this respect will be deleted as soon as the processing is no longer necessary. However, we have to comply with tax and commercial law retention periods.
The basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
9.3 Application management / job portal
We offer you the opportunity to apply for a job with us via our website. In case of a digital application, your applicant and application data will be collected and processed electronically by us for the purpose of handling the application procedure.
The legal basis for this processing is § 26 (1) sentence 1 Federal Data Protection Act (BDSG) in conjunction with Art. 88 (1) GDPR.
If an employment contract is entered into after the application procedure, we will store the data you provided during the application process in your personnel file for the purpose of the usual organisational and administrative process - this is, of course, in compliance with the more extensive legal obligations.
The legal basis for this processing is also § 26 (1) sentence 1 BDSG in conjunction with Art. 88 (1) GPDR.
If an application is rejected, we automatically delete the data transmitted to us six months after notification on the rejection. However, the data will not be deleted if the data requires longer storage of up to six months or until the conclusion of legal proceedings due to legal provisions, e.g. due to the obligation to provide evidence under the General Act on Equal Treatment (AGG).
The legal basis in this case is Article 6 (1) (f) GDPR and Article 24(1) No. 2 BDSG. Our legitimate interest lies in the assertion, exercise or defence of civil law claims.
If you expressly consent to a longer storage of your data, e.g. for your listing in a database of applicants or interested parties, the data will be processed further on the basis of your consent. The legal basis is then Art. 6 (1) (a) GDPR. However, you can of course withdraw your consent at any time in accordance with Art. 7 (3) GDPR with future effect by notice to us.
On our website you have the possibility to subscribe to the newsletter of our company. Which personal data is transmitted to us when ordering the newsletter is determined by the input form used for this purpose.
We inform our customers and business partners at regular intervals about our offers by means of a newsletter. The newsletter of our company can only be received by you if
1. you have a valid e-mail address and
2. you have registered to receive the newsletter
For legal reasons, a confirmation e-mail will be sent to the e-mail address you entered for the first time for sending the newsletter using the double opt-in procedure. This confirmation mail is used to check whether you, as the owner of the e-mail address, have authorized the receipt of the newsletter.
When you register for the newsletter, we also save the IP address assigned by your Internet service provider (ISP) for the IT system you are using at the time of registration as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of your e-mail address at a later date and therefore serves as a legal safeguard.
The personal data collected during registration for the newsletter will be used exclusively for sending our newsletter. In addition, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or for registration, as might be the case if there are changes to the newsletter offer or if technical conditions change. The personal data collected within the scope of the newsletter service will not be passed on to third parties. The subscription to our newsletter can be cancelled by you at any time. The consent to the storage of personal data, which you have given us for the newsletter service, can be withdrawn at any time with future effect. For the purpose of withdrawing your consent, please use the corresponding link in every newsletter. Furthermore, it is also possible at any time to unsubscribe from the newsletter directly on our website or to inform us of this in another way.
The legal basis for data processing for the purpose of sending the newsletter is Art. 6 (1) (a) GDPR.
11. Our activities in social networks
To enable us to communicate with you in social networks and to inform you about our services, we are represented there with our own pages. If you visit one of our social media sites, we are jointly responsible with the provider of the respective social media platform in terms of the processing operations triggered by this, which involve personal data, in accordance with Art. 26 GDPR.
We are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective providers.
Therefore, as a precautionary measure we would like to point out that your data may also be processed outside the European Union or the European Economic Area. Any use of social networks may therefore create data protection risks for you, as it may be difficult to safeguard your rights, e.g. to access, erasure, objection, etc., and processing in social networks is often carried out directly by the providers for advertising purposes or for analysis of user behaviour, without this being able to be influenced by us. If user profiles are created by the provider, cookies are often used, or the user behaviour is directly assigned to your own member profile of the social networks (if you are logged in here).
In accordance with Art. 6 (1) (f) GDPR, the processing of personal data described above is carried out on the basis of our legitimate interest and the legitimate interest of the respective provider, in order to be able to communicate with you in a modern way or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis for processing is Art. 6 (1) (a) GDPR in conjunction with Art. 7 GDPR.
As we do not have access to the data stocks of the providers, we would like to point out that your rights (e.g. to access, rectification, erasure, etc.) are best asserted directly against the respective provider. Further information on the processing of your data in the social networks and the possibility to make use of your right of objection or revocation (so-called opt-out), we have listed below with the respective provider of social networks used by us:
(Joint-)Controller for data processing in Europe:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Opt-out and advertising settings:
(Joint-)Controller for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Opt-out and advertising settings:
(Joint-)Controller for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Information about your data:
Opt-out and advertising settings:
(Joint-)Controller for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Opt-out and advertising settings:
(Joint-)Controller for data processing in Germany:
XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany
Requests for information for XING members:
12. Web analysis
We have integrated the Matomo component of the supplier InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, on this website. Matomo is a software tool for web analysis, i.e. for the collection, compilation and evaluation of data about the behaviour of visitors to websites.
The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness as well as the cost-benefit analysis of internet advertising.
The software is operated on the server of the controller, the log files which are sensitive under data protection laws are stored exclusively on this server.
Matomo sets a cookie on your IT system. By setting the cookie, we are able to analyse the use of our website. Every time you call up one of the individual pages of this website, the internet browser on your IT system is automatically prompted by the Matomo component to transmit data to our server for the purpose of web analysis.
If individual pages of our website are called up, the following data is stored:
• The accessed website
• The time spent on the website
• Name of the provider, the browser used, plugins/add-ons installed in the browser (e.g. Flash, PDF-Reader, Shockwave, Java, Silverlight or Quicktime)
• Name of the operating system and resolution
• Name of the requesting domain
• Date and time of receipt
• Search engines used
• Name of the downloaded files
• The bounce rate
• The IP address of the accessing system of the user (anonymously shortened to two blocks, e.g. 192.168.x.x)
These processing operations are carried out only if express consent is granted in accordance with Article 6 (1) (a) GDPR.
13. Google WebFonts
Our website uses so-called web fonts for the uniform display of fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our website. The legal basis is Art. 6 (1) (f) GDPR.
For more information about Google Web Fonts, including how to opt-out of data use, please visit
and your Google Account, if you have one, at
14. Credit checks
To protect you and us against abusive behaviour and to safeguard against financial default risks in case of use of unsecured payment methods, your personal data (name, address, date of birth) will occasionally be transmitted to us by Creditreform Bielefeld Riegel & Unger, Sunderweg 3 in 33649 Bielefeld, Coface, Isaac-Fulda-Allee 1 in 55124 Mainz or by Euler Hermes AG, Gasstr. 27 in 22761 Hamburg as part of a credit check prior to conclusion of a contract and will be processed by us.
The legal basis for this is Art. 6 (1) (f) GDPR, our legitimate interest is to protect against abusive behaviour and to safeguard against financial default risks, which is also in your interest.
As soon as the credit reports obtained are no longer required, they are deleted. As a rule, this is the case when the entire order process has been finally processed. In this case, however, we have to observe tax and commercial law retention periods.
15. Your rights as a data subject
15.1 Right to confirmation
You have the right to ask us to confirm whether personal data concerning you is being processed.
15.2 Right to access Art. 15 GDPR
You have the right to receive information from us free of charge at any time about the personal data stored about you and a copy of this data in accordance with the statutory provisions.
15.3 Right of rectification Art. 16 GDPR
You have the right to request that incorrect personal data concerning you be corrected. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
15.4 Erasure Art. 17 GDPR
You have the right to request that the personal data concerning you is deleted without undue delay, provided that one of the reasons provided by law applies and provided that the processing or storage is not necessary.
15.5 Restriction of processing Art. 18 GDPR
You have the right to demand that we restrict processing if one of the legal requirements is met.
15.6 Data portability Art. 20 GDPR
You have the right to receive the personal data concerning you which you have provided to us in a structured, common, and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us provided that the processing is based on the consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been entrusted to us.
Furthermore, when exercising your right to data portability in accordance with Art. 20 (1) GDPR, you have the right to request that personal data be transferred directly from one controller to another, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.
15.7 Right to object Art. 21 GDPR
You have the right to object at any time, for grounds arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) (data processing in the public interest) or Art. 6 (1) (f) (data processing based on a balancing of interests) GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing which override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defence of legal claims.
In individual cases, we process personal data in order to carry out direct marketing. You can object to the processing of personal data for the purpose of such marketing at any time. This also applies to profiling, insofar as it is connected with such direct marketing. If you object to our processing for the purposes of direct marketing, we will no longer process your personal data for these purposes.
In addition, you have the right to object, on grounds arising from your particular situation, to the processing of personal data concerning you which is carried out by us for the purposes of scientific or historical research or for statistical purposes in accordance with Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
15.8 Withdrawal of consent
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
15.9 Complaint to a supervisory authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.
16. Routine storage, erasure and restriction of processing of personal data
We process and store your personal data only for the period of time required to achieve the purpose of storage or if storage is provided for by the legal provisions to which our company is subject.
If the purpose of storage ceases to exist or if a legal retention period expires, the personal data is deleted routinely and in accordance with legal requirements.
17. Further information on other data processing
As a company, we process not only personal data on our website, but also in many other processes. In order to be able to provide you as a data subject with the most detailed information possible for these processing purposes as well, we have compiled this information here for the following processing activities, thus fulfilling the legal obligations to provide information pursuant to Art. 12-14 GDPR:
• Privacy information on dealing with contacts and communication partners
• Privacy information on dealing with customers and suppliers
It may become necessary to amend this data protection declaration as a result of the further development of our websites and offers or due to changes in legal or regulatory requirements.