The BDA attaches great importance to the protection of personal data. The collection, processing and use of data by the BDA is based on the European Data Protection Regulation and the laws on data protection and data security of the Federal Republic of Germany. This data protection declaration provides you with information on how the BDA handles information that is collected during your visit to the BDA website.
I. Information on the person responsible for data protection
For the internet pages of the BDA, the responsible party within the meaning of the General Data Protection Regulation (DSGVO) and other national data protection laws as well as other data protection regulations is the
Confederation of German Employers' Associations
Breite Str. 29
it is legally represented by its Management Board. For further information, please refer to the imprint.
[borlabs-cookie type="btn-cookie-preference" title="Datenschutzeinstellungen"/]
II General information on data processing on the BDA website
II.1 Scope of the data protection declaration
This data protection declaration applies to the processing of personal data in connection with the BDA website.
- According to Art. 4 No. 1 GDPR, "personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to that person.
- According to Article 4(2) of the GDPR, "processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
II.2 Purposes and legal basis for the processing of personal data
Personal data is processed on the BDA website only to the extent that this is necessary for the provision of a functioning website, for the presentation of the respective content or for the provision of certain services or offers. The processing of personal data takes place either on the basis of a legal basis or a user-related consent.
Insofar as the processing of personal data is based on consent, this is based on Art. 6 (1) lit. a DSGVO. Where the processing of personal data is necessary for the performance of a contract to which the user is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. Insofar as processing of personal data is necessary for compliance with a legal obligation to which BDA is subject, Art. 6 (1) lit. c DSGVO shall apply as The processing may also be necessary for the performance of a task carried out in the public interest (Art. 6 (1) lit. e DSGVO). Further legal bases may also result from special statutory or other legal regulations, which will be referred to in the respective individual case.
II.3 Data deletion and storage period
The personal data of users of the BDA website will be deleted or blocked as soon as and insofar as the respective purpose of the storage no longer applies and there is no archiving obligation. Deletion also takes place when a storage period, as provided for by the European or national legislator in Union regulations, laws or other provisions to which the BDA is subject, expires, unless there is a need for further storage of the data for the conclusion or performance of a contract. Insofar as this is provided for in the aforementioned regulations, data may also be stored beyond this period.
II.4 Data security
BDA takes precautions to protect your personal data from loss, destruction, falsification, manipulation and unauthorised access.
To this end, we use technical security measures as far as necessary and are guided by the current state of the art.
III. specific information on data processing on the internet pages of the BDA
Each time you call up an internet page of the BDA, the BDA automatically records the IP address of the computer system of the respective calling computer for the duration of the session. In addition, we process your personal data if you provide it via the BDA website. When processing your personal data, we particularly take into account the data protection principles of necessity, purpose limitation, data minimization, legality, accuracy and integrity.
III.1 Use of active components and cookies
In some cases, cookies are set on the BDA website, e.g. for the identification of user sessions, for ordering brochures in the shopping basket and also to make the internet pages user-friendly. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user calls up an Internet site, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
In the cookies used by the BDA, only a session ID is stored to identify the user session (session cookie). These session cookies are automatically deleted at the end of your visit when you close your browser.
The storage of these cookies can be switched off at any time by the setting in the Internet browser used, this can also be done automatically.
However, some elements of our Internet pages require that the calling Internet browser can be identified even after a page change. If cookies are deactivated for the BDA website, it may no longer be possible to use all the functions of the BDA website.
[borlabs-cookie type="btn-cookie-preference" title="Datenschutzeinstellungen"/]
III.2 Use of the website analysis tool
We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software sets a cookie on the user's computer (for cookies, see above). If individual pages of our website are called up, the following data are stored:
(1) Two bytes of the IP address of the user's calling system
(2) The website called up
(3) The website from which the user accessed the website called up (referrer)
(4) The subpages called up from the website called up
(5) The time spent on the website
(6) The frequency of calling up the website
The software runs exclusively on the servers of our website. A storage of the personal data of the users only takes place there. The data is not passed on to third parties.
The software is set in such a way that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the calling computer is no longer possible.
The legal basis for the processing of the users' personal data is Art. 6 (1) lit. f DSGVO.
The processing of the users' personal data enables us to analyse the surfing behaviour of our users and to deliver usage statistics to institutions that obtain our content as part of an IP-based campus licence. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes are also our legitimate interest in processing the data according to Art. 6 para. 1 lit. f DSGVO.
The data will be deleted as soon as it is no longer required for our recording purposes or after the end of the subscription.
For more information on the privacy settings of the Matomo software, please see the following link: https://matomo.org/docs/privacy/.
[borlabs-cookie type="btn-cookie-preference" title="Datenschutzeinstellungen"/]
III.3 Use of social media icons and internet links
When using social media icons from Facebook, Twitter, YouTube, etc. on BDA websites, your personal data is not automatically passed on. In order to avoid automatic data transfer to the social media providers, the integration of these offers on the BDA's Internet pages is based on an Internet link. The use of active social media plugins does not take place for data protection reasons.
The BDA is active on the social networks Twitter, Facebook and YouTube. Our social media presences are part of our public relations work. Our aim is to inform target groups and to exchange ideas with you.
Personal data of the visitors of our social media pages are processed for the editorial task fulfilment in the social networks.
We would like to point out that the processing of the data is based on Article 6 (1) f) DSGVO. Processing of the personal data you have provided is necessary for the purpose of processing your request.
In addition, we expressly draw attention to the fact that the services store the data of their users (e.g. personal information, IP address, etc.) in accordance with their data usage policies and use it for business purposes. We are joint controllers with the social networks for the processing of their personal data. Nevertheless, BDA has no influence on the data collection and its further use by the social networks. Thus, there is no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on.
All of our social media providers are certified under the EU-US Privacy Shield and viewable by any individual, so there is a legally adequate level of protection for personal data, e.g.:
- Facebook, Inc. (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active)
- Twitter Inc (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
III.4 Use of RSS
An RSS feed is a form of the classic newsletter that you can read either with your browser or with a special program (RSS reader). If we offer an RSS feed, we will use it to inform you about current events. The address of the RSS feed we offer is: https://arbeitgeber.de/feed.
If personal data is collected in the course of registering for an RSS feed, it will be processed solely for the purpose of implementing the RSS and deleted as soon as the purpose is no longer pursued, i.e. either as a result of your unsubscribing or the discontinuation of the RSS.
III.5 Logging and creation of log files
For the monitoring of the function and operational monitoring, relevant access data is stored for each access to all centrally hosted websites. The Internet server of the BDA is operated by itself.
According to the access protocol used, the log data record contains information with the following content:
- IP address of the requesting computer
- Date and time of the request
- Access method/function requested by the requesting computer
- input values transmitted by the requesting computer (file name, etc.)
- Access status of the web server (file transferred, file not found, command not executed, etc.)
- Name of the requested file
- URL from which the file was requested/the desired function was initiated
- Browser type information
- Operating system of the user
- Internet pages from which the user's system accesses the BDA website
- Internet pages that are accessed via the BDA's Internet pages
Purpose of logging:
The stored data is used for the purpose of identifying and tracking unauthorised access attempts and accesses, for maintaining the functionality of the Internet site on the Internet server and - in anonymised form - for optimising the Internet offering. Temporary storage of the IP address is also necessary to enable delivery of the BDA website to your computer. For this purpose, the IP address must also remain stored for the duration of the session. A storage together with other personal data of the BDA does not take place.
The logged data is stored for a maximum of seven days and then deleted. Longer storage may take place in individual cases if a security-relevant breach has been identified. Independently of this, storage beyond this period is possible. In this case, your IP address will be deleted or alienated by the BDA, so that an assignment of the calling client is no longer possible.
Evaluation of the logging:
The evaluation of the log data is carried out by BDA in compliance with the provisions of data protection law.
As far as the data for the provision of the website and the storage of the data in the log files are absolutely necessary for the operation of the website, there is no possibility for you to object.
III.6 Contact form and e-mail use
You can contact the BDA electronically via the BDA website. To do so, please use the contact form provided on the respective website or the e-mail address mentioned on the website.
a) Use of a contact form
If you use the option of a contact form, the data entered in the respective input mask will be transmitted to BDA and stored. As a rule, this involves the surname, first name and an e-mail address. Please refer to the respective contact form for the specific details. Mandatory data, without which the request cannot be processed, are marked as such in the contact form. For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration.
At the time of sending the message, the following data will also be stored in addition to the data provided by you:
On the application server:
- Referer (URL from which the form was called)
- E-mail address of the user specified in the form
- Recipient e-mail address of the form
The personal data processed during the registration process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
In the context of using a contact form, you will be informed about the data collected in each case and your respective rights.
For forms, we use "Google reCAPTCHA" (hereinafter "reCAPTCHA"). The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
The purpose of reCAPTCHA is to check whether the data entry is made by a person or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. The analysis starts automatically as soon as the website visitor enters the corresponding form page. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.
The data processing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web content from abusive automated spying and from SPAM.
b) Use of an e-mail address
In addition to the contact form, it is also possible to send an e-mail to a BDA e-mail address provided for use on the respective website. If you send us an e-mail, your e-mail address and the other data you provide will only be used for correspondence with you and stored for as long as is necessary for this purpose, unless a further legal basis justifies further processing.
Please note that the use of an unencrypted e-mail is fundamentally insecure, i.e. it can possibly be read, altered or intercepted by third parties during transmission. Please take this into account when sending us information by e-mail.
So that we can also send you messages worthy of protection, please also provide us with your postal address when making enquiries. Otherwise, there is a possibility that no information can be provided.
Please note that in the case of an e-mail inquiry, we cannot verify your identity and do not know who is hiding behind the e-mail address. A legally secure communication by a simple unsigned e-mail is not guaranteed, even if it is encrypted.
At BDA, we sometimes use filters against unwanted advertising (so-called spam filters), which can also incorrectly classify e-mails as unwanted advertising in individual cases and delete them. E-mails that may contain harmful programs, e.g. viruses, are automatically deleted.
III.7 Collection of further personal data, e.g. newsletter dispatch, blog posts, comment function, webshop
The BDA website offers the possibility to enter personal data. Your data will not be encrypted in transit, unless the specific offers refer to this separately.
If personal data is collected for a newsletter mailing, it will only be processed for the purpose of sending the newsletter. The respective newsletter can be cancelled at any time. To do so, please use the unsubscribe function. Your data will then be deleted immediately. You will receive further information in the context of the respective newsletter order.
In our blog we publish diary entries of individual employees of the BDA. Public comments can be made on these entries. For this purpose, the name given and the IP address are also stored. The comments are not checked before publication; however, they can be deleted by us if they are grossly offensive or contain illegal content.
If you use the comment function in our blogs, we collect data about the name or a pseudonym, the e-mail address, if necessary your web address and the IP address of the commenter. This data is stored together with the comment. By submitting a comment, you agree to this use of data.
If you order information material via our webshop, you must provide the details we require for dispatch (first name, surname, address and e-mail), all other details are voluntary. We need the e-mail address to be able to clarify any queries quickly and easily. We do not ask for bank account details, as the mailings are made free of charge as part of our charitable mission. This information is used to generate an e-mail to our library, which processes the work orders. The data is kept in the content database for one month and then automatically deleted. Emails and hard copies made in connection with the processing of the order are routinely deleted or securely destroyed no later than the end of the following month.
IV. Your data protection rights as a data subject
Within the scope of the BDA's website, personal data is processed to the extent described above. In this respect, you are a data subject within the meaning of the DSGVO, and you are entitled to the following rights vis-à-vis the BDA:
IV.1 Right toinformation
You can request information from the BDA as to whether personal data relating to you is being processed by us.
If there is such processing, you may request information from the BDA about the following:
- the purposes for which the personal data are processed;
- the categories of personal data which are processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for the determination of the storage duration;
- the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of processing by the data controller or data processors or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority; the data protection supervisory authority directly responsible for the BDA is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin;
- any available information on the origin of the data if the personal data is not collected from you;
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
- You have the right to request information on whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
The right to information is subject to legal restrictions and does not apply absolutely, but finds its limit in particular in the following cases:
- In the case of a large amount of stored information relating to the data subject, the controller may require that it be specified to which information or processing operations the request for information specifically relates.
- Manifestly unfounded or excessive requests, or frequent repetitions, may result in rejection or liability for costs.
- The provision of information must not prejudice the rights of the controller(s) or of other persons (in this respect, professional secrets, business secrets, data relating to other persons are excluded).
IV.2 Right to rectification
You have a right to rectification and/or completion vis-à-vis BDA, insofar as the personal data processed concerning you are inaccurate or incomplete. BDA will carry out the rectification without delay.
IV.3 Right to restrict processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
- if you contest the accuracy of the personal data concerning you for a period enabling the controller or controllers to verify the accuracy of the personal data;
- the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise or defence of legal claims, or
- if you have objected to the processing pursuant to Art. 21 (1) DSGVO and it is not yet clear whether the legitimate grounds of the controller(s) override your grounds.
If the processing of personal data concerning you has been restricted, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the processing has been restricted in accordance with the above conditions, you will be informed by BDA before the restriction is lifted.
IV.4 Right to erasure
a) Obligation to erase
You can demand that BDA immediately erases the personal data concerning you. BDA is obliged to delete this data immediately if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a DSGVO and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.
- The personal data concerning you have been processed unlawfully.
- The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
The right to erasure does not exist insofar as the processing is necessary
- to exercise the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing under Union or Member State law to which the BDA is subject, or for the performance of a task carried out in the public interest;
- for the assertion, exercise or defence of legal claims.
IV.5 Right to information
If you have asserted the right to rectification, erasure or restriction of processing against BDA, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right against BDA to be informed about these recipients.
IV.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to BDA in a structured, common and machine-readable format. You also have the right to transfer this data to a data controller or another data controller without hindrance from BDA, provided that
- the processing is based on consent pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO or on a contract pursuant to Art. 6 (1) b DSGVO and
- the processing is carried out with the aid of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from the BDA to another controller or another person responsible, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest.
IV.7 Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO.
BDA will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the assertion, exercise or defence of legal claims.
IV.8 Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time with effect for the future, whereby the revocation does not affect the lawfulness of the data processing carried out on the basis of the consent until the revocation. The revocation must always be declared to the office within the BDA that obtained the consent.
IV.9 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data relating to you infringes the GDPR. The data protection supervisory authority directly responsible for the BDA is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin. The supervisory authority to which the complaint has been submitted will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
If you believe that the processing of personal data concerning you violates the GDPR, we ask that you first contact the contact person responsible for the content of the website, as named in the imprint, and/or the BDA's company data protection officer, as this will enable a prompt review and, if necessary, remedy in your interest. It is our aim and claim to clarify all arising data protection questions directly and to solve possible data protection problems.
V. Status, changes and validity of the data protection declaration of the BDA
This general data protection declaration is valid as of 11/2020. We reserve the right to regularly update this data protection declaration in order to take into account the current legal requirements and technical changes as well as to implement our services and offers in a data protection compliant manner. The current version applies to your visit to the BDA website.
You can also contact the supervisory authority with a complaint. Responsible for us is:
Berlin Commissioner for Data Protection and Freedom of Information