DE | EN

Data Protection

Your data are surely protected

A. Privacy protection policy according to the GDPR

I. Name and address of the data controller

Bagel Verlag GmbH
Grafenberger Allee 82
40237 Düsseldorf
Deutschland

Tel. +49 211 9682-218
E-Mail: info@bagel.de
Website: www.bagel.de

is the data controller as defined in the EU General Data Protection Regulation (DSGVO) and the national data privacy laws.

II. Name and address of the data protection officer

The data protection officer of the data controller is:
AGOR AG
Hanauer Landstr. 151-153
60314 Frankfurt am Main
Phone: +49 (0) 69 – 9494 32 410
Email: info@agor-ag.com
Website: www.agor-ag.com

III. General information about data processing

  1. The extent to which personal data is processed

    We collect and use the personal data of users of our homepage only to the extent that this is necessary for keeping our website, contents and services functioning properly.
    Basically, we collect and use our users’ personal data only after they give their consent. An exception to this principle applies in cases where processing the data by statutory provisions is permitted or when obtaining prior consent for actual reasons is not possible.

  2. Legal basis for processing personal data

    The legal basis for processing personal data is basically based on:

    • Art. 6 Section 1 lit. a GDPR upon obtaining the consent of the data subject.
    • Art. 6 Section 1 lit. b GDPR for processing operations that serve to fulfill a contract to which the data subject is a party. Included here are processing operations that are necessary to carry out pre-contractual measures.
    • Art. 6 Section 1 lit. c GDPR for processing required to fulfill a legal obligation.
    • Art. 6 Section 1 lit. d GDPR, if vital interests of the data subject or another natural person require the processing of personal data.
    • Art. 6 Section 1 lit. f GDPR, if the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest.
  3. Data erasure and storage duration

    The personal data of users will be deleted or blocked as soon as the purpose of the storage is no longer applicable. Additional storage may be provided for by European or national legislators through EU regulations, laws or other regulations to which the data controller is subject. Blocking or deleting the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for additional storage of the data for concluding a contract or fulfilling the contract.

  4. Data transfers to third countries (outside of the EU)

    The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible when your personal data is being processed. Within some exceptions we may process personal data outside the EU through third-party services. This may only be the case where the special requirements in accordance with Art. 44 et. seq. GDPR are fully met. This means that the processing of your data may then only take place when the third country has been declared to ensure an adequate level of protection by the European Commission or if the European Standard Contractual Clauses have been signed.

IV. Use of our website, general information

  1. Description and scope of data processing

    Every time our website is accessed, our system automatically collects data and in-formation from the user’s computer system. The following information is collected:
    (1) Information about the browser type and version used
    (2) The user’s operating system
    (3) The user’s Internet service provider
    (4) The user’s IP address
    (5) Date and time of access
    (6) Websites the user’s system accesses to get to our website
    (7) Websites that the user’s system invokes by accessing our website
    The described data are stored in the log files of our system. This data is not stored together with any other personal user data.

  2. Purpose and legal basis for data processing

    Our system must temporarily store user IP addresses to allow us to deliver our website to the user’s computer.
    To do this, the user’s IP address must be stored for the duration of the session.
    Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. This data is not evaluated for marketing purposes in this context.
    The legal basis for the temporary storage of data and log files is Art. 6 Section 1 lit. f GDPR.
    Collecting your personal data to ensure our web presence and storing this data in log files is essential for operating our website. A contradictory possibility of the user therefore does not exist.

  3. Duration of storage

    Your data will be deleted as soon as they are no longer necessary for achieving the purpose of the inquiry. Your data will be deleted when the session ends if your data has been collected to ensure the site’s availability.
    If your data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible, whereby in this case, the IP addresses of the users are deleted or alienated. This means that it is then no longer possible to assign the client who has accessed our website.

V. General information about the use of cookies

We use cookies on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If you display a webside; this is how a cookie can be stored on your operating system. This cookie contains a characteristic string that allows the browser to be clearly when the website is accessed again.

We use cookies to make our homepage more user friendly. Some elements of our website require that the browser be identified even after a page break.

The following data is stored and transmitted:

(1) Language settings, Items in a shopping cart, log-in information

The legal basis for processing personal data using cookies is defined in Article 6 Section 1 lit. f GDPR. The purpose for using technically required cookies is to simplify the use of our website.

We would like to point out that some functions on our website can only be offered if cookies are enabled. This applies to the following applications:

(1) Adopting language settings, Shopping cart, remembering search terms

We do not use user data collected by technically required cookies to create user profiles.

Cookies are stored on the user’s computer, which transmits them to our page. As a user, you therefore have control over the use of cookies. You can restrict or disa-ble transmission of cookies by making changes to your Internet browser settings. Here you can also delete cookies that have been stored. Please note that you may not be able to use all the features on our website if you deactivate cookies.

Borlabs Cookie:

This website uses a Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie preferences.

Borlabs Cookie does not collect any personal data.

The borlabs-cookie cookie stores the consent you have given when you entered the website. If you wish to revoke these consents, simply delete the cookie from your browser. If you re-enter/reload the website, you will be asked again for your cookie consent.

Check or change your Cookie-Settings here.

See Section VIII for more information about non-essential cookies.

VI. Your rights/rights of the data subject

According to the EU General Data Protection Regulation, as an affected party you have the following rights:

  1. The right to receive information

    As the data controller, you have the right to receive information from us regarding processing personal data involving you.
    In addition, you may request information about the following:
    (1) The purpose of the data processing
    (2) The categories of personal data that are processed
    (3) The recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed
    (4) The planned duration of the storage of your personal data or, if specific information is not available, the criteria for determining the duration of storage
    (5) The existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the data controller or concerned, or a right to object to such processing
    (6) The existence of a right of appeal to a supervisory authority
    (7) All available information on the source of the data if the personal data are not collected from the data subject
    (8) The existence of automated decision-making, including profiling according to Art. 22 Section 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and the intended effects of such processing on the data subject.
    Finally, you also have the right to request information about whether your personal information is being transferred to a third country or to an international organization. In this case, you can obtain information about the appropriate guarantees in accordance with Art. 46 GDPR regarding such transfer.
    You can claim your right to information under: info@bagel.de

  2. The right to rectification

    If we process your personal data incorrectly or in an incomplete manner, then you have a right for it to be corrected/completed. The correction will be made immediately.

  3. Right to restriction

    The right to limit the processing of your personal data may be asserted in the following cases:
    (1) The accuracy of the personal data is contested for a period of time, enabling the data controller to verify the accuracy of the personal data.
    (2) The processing is unlawful and deleting the personal data is rejected, whereby the restriction of the use of personal data is required.
    (3) The data controller no longer needs the personal data for purposes of processing, but the data subject needs them to assert, exercise or defend legal claims, or
    (4) The data subject filed an objection to the processing pursuant to Art. 21 Section 1 GDPR and it is not yet clear whether the legitimate reasons of the data controller outweighed those of the data subject.
    If processing personal data concerning you has been restricted, such data—viewed separately from your data storage—may be stored only with your consent or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or important public interest of the Union or of a Member State.
    If there is a processing restriction in accordance with the principles outlined, you will be informed by us before the restriction is lifted.

  4. The right to delete

    You can request that your personal data be deleted immediately if you can show the following reasons: The data controller is obligated to delete this data immediately. These reasons include:
    (1) Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
    (2) The processing is based on a consent according to Art. 6 Section 1 lit. a or Art. 9 Section 2 lit. a GDPR protected and you revoke the consent. Another condition is that there is no other legal basis for the processing.
    (3) You object to the processing (Art. 21 Section 1 GDPR) and there are no legitimate reasons for the processing. Another possibility is that you have a protest against the processing pursuant to Art. 21 Section 2 GDPR.
    (4) The processing of your personal data is unlawful.
    (5) Deleting personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the data controller is subject.
    (6) The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 Section 1 GDPR.
    If we have made personal data concerning you public and we are obligated to delete them according to Art. 17 Section 1 of the GDPR, then we shall take appropriate measures, while also taking the available technology, implementation costs and the available technology into account, to inform data controllers who process the personal data that you, as the data subject, have requested the deletion of all links to such personal data or of copies or replications of such personal data.
    We would like to point out that the right to delete does not exist to the extent that processing is required:
    (1) to exercise the right to freedom of expression and information
    (2) to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or to exercise the official authority conferred on the controller
    (3) for reasons of public interest in the field of public health pursuant to Art. 9 Section 2 lit. h and i and Art. 9 (3) GDPR
    (4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Section 1 GDPR, to the extent that the law referred to in Section (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
    (5) to assert, exercise or defend legal claims.

  5. Right to information

    If you have asserted the right to rectify, delete or restrict the processing, we are obligated to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or is associated with a disproportionate amount of effort. You also have the right to be informed about these recipients.

  6. Right to data portability

    According to the GDPR, you also have the right to obtain the personal data provided to us and to receive it in a structured, understandable and machine-readable format. Furthermore, you have the right to transfer this data to another data controller without hindrance by the data controller for providing the personal data, provided that

    • the processing is based on consent as defined in Art. 6 Section 1 lit. a GDPR or Art. 9 Section 2 lit. a GDPR or on a contract acc. Art. 6 Section 1 lit. b GDPR
    • and the processing is done using automated procedures.

    Finally, where technically feasible and without harm to the freedoms and rights of others and as part of exercising the right of data transferability, you have the right to obtain that personal data related to you that has been transmitted directly from one controller to another.
    The right to data portability does not apply to processing that personal data necessary for performing a task in the public interest or for exercising the official authority that has been delegated to the data controller.

  7. Right to revoke the declaration of consent to data protection

    You have the right to revoke your data protection declaration at any time. Please note that revoking consent does not affect the lawfulness of the processing carried out based on the consent until the revocation goes into effect.

  8. Right to objection

    Furthermore, for reasons based on your particular situation, you have the right at any time to file an objection to the processing of personal data relating to you, as it is defined in Art. 6 Section 1 lit. e or f GDPR. The right of objection also applies to profiling based on these provisions.
    The data controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and liberties, or the processing is for enforcing, exercising or defending legal claims.
    If the personal data related to you are processed for advertising purposes, then you have the right to object at any time to your personal data being processed for such advertising. This also applies to profiling, as far as it is associated with such direct marketing. Your personal data will no longer be processed for direct marketing purposes if you object to your data being used for such purposes.
    You also have the option of discussing the use of information society services (despite Directive 2002/58/EC).
    Exercise your right to object by using automated procedures that use technical specifications.

  9. Automated decision on an individual basis, including profiling

    Under the EU General Data Protection Regulation, you remain entitled not to be subjected to a decision based solely on automated processing – including profiling – which would have legal effect or would affect you in a similar manner. An exception to this principle, however, is when the decision
    (1) is required for concluding or fulfilling a contract between you and the data controller,
    (2) and is permissible based on Union or Member State legislation to which the controller is subject, and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
    (3) is with your express consent.
    If the processing is carried out in accordance with the cases mentioned in Section 1 and 3, then the data controller shall take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests. This includes at least the right to obtain the intervention of a person on the part of the data controller to state his own position and to contest the decision.
    The ruling under (1) – (3) may not be based on special categories of personal data pursuant to Art. 9 Section 1 GDPR, unless Art. 9 Section 2 lit. a or g and reasonable measures have been taken to protect the rights and freedoms and your legitimate interests.

  10. Right to complain to a supervisory authority

    Finally, if you believe that the processing of personal data concerning you is contrary to the GDPR, you have the right to complain to a supervisory authority, in the Member State of its place of residence, employment or the location of the alleged infringement.

VII. Web analytics

  1. Use of Matomo

    This website uses the web analytics service Matomo to analyze and regularly improve the use of our website. Using these statistics, we can improve our offer and make it more interesting for you as a user. The legal basis for using Matomo is Art. 6 Section 1 p. 1 lit. f GDPR.
    Cookies are stored on your computer for this evaluation. The data controller stores the information collected exclusively on his server in Germany. You can adjust the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we would like to point out that you may not be able to use this website to its full extent. You can prevent cookies from being stored by adjusting the settings in your browser. Preventing the use of Matomo is possible by removing the following checkmark to enable the opt-out plug-in:

    Click on the button to load the content from bagelsystem.de.

    Load content

    .
    We use Matomo with extension “AnonymizeIP.” As a result, IP addresses are processed shortened so that they cannot be related to any one particular person. The IP address transmitted by Matomo from your browser will not be merged with other data that we collect.
    You can obtain information on third-parties in terms of how it affects your data privacy at: https://matomo.org/privacy-policy/

VIII. Integrating Google Maps

We use Google Maps offer on our website. This allows us to show you interactive maps right on the website and allow you to conveniently use the map feature.
By visiting the website, Google receives the information that you have accessed the corresponding subpage for our website. In addition, the information referred to in Section IV of this statement will be transmitted to Google. This is done regardless whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and/or needs-based website design. This type of an evaluation is carried out (even for users who are not logged in) for the purpose of providing appropriate advertising and to inform other users of the
social network about your activities on our website. You have a right of objection to the formation of these user profiles, and you must contact Google to exercise this right.
Please refer to the provider’s privacy policy for more information on the purpose and scope of the data collection and its processing by the plug-in provider. There you will also find further information about these rights as they relate to you and settings options for protecting your privacy. http://www.google.de/intl/de/policies/privacy.

IX. Malware Defense

In order to provide you with a secure data transmission on our website through SSL encryption and to protect our website against malicious, mass (DDoS) or other types of access that would disrupt or prevent the functionality of the website, we use the service of Cloudflare, Inc. 101 Townsend St San Francisco, CA 94107. We have signed a Data Protection Agreement (DPA) according to Art. 28 GDPR with Cloudflare. As part of the security of this web-site Cloudflare uses a cookie. This cookie is used to validate access and to detect malicious access attempts. Cloudflare collects statistical data about the visit of this website. The access data includes:
– The name of the web page accessed,
– File,
– Date and time of the request,
– transferred data volume,
– Message about successful retrieval,
– Browser type and version,
– the operating system of the user,
– Referrer URL (the previously visited page),
– IP address and the requesting provider.
Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimization of the service. Please also review to the Cloudflare privacy policy which can be found here https://www.cloudflare.com/privacypolicy/.
Legal basis for the use of Cloudflare is Art. 6 para. 1 p. 1 lit. f GDPR.
Your data will be deleted as soon as they are no longer necessary for the purpose of their storage.

X. Electronic contact

You will find a contact form on our homepage that you can use to contact us electronically. The data entered into the input mask are transmitted to us and stored. These data include:
(1) Name
(2) Telephone
(3) E-mail
The following data is also stored once the message has been sent:
(1) Date and time of registration

It is also possible to contact us via our provided email address. In this case, the user’s personal data transmitted by email will be stored.
A transfer of your data to third parties will not take place in this context; this data will be used exclusively for processing the communication record.
The legal basis for processing the data is in submitting user consent as defined in Art. 6 Section 1 lit. a GDPR. The legal basis for processing the data transmitted while sending an email is Article 6 Section 1 lit. f GDPR. If the email contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 Section 1 lit. b GDPR.
Processing personal data in this context is solely for processing the contact. In the case of contact via email, this also includes the required legitimate interest in processing the data.
If further personal data are processed during the sending process, then they serve only to prevent misuse of the contact form and to ensure the security of our information technology systems.
Your data will be deleted as soon as they are no longer necessary for achieving the purpose of the inquiry. Regarding the personal data from the input form on the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
You will have the opportunity to revoke your consent to the processing of personal data at any time. Even when contacting us by email, you can object to the storage of your personal data at any time. However, we would like to point out that in such a case, the conversation cannot continue.
All personal data stored while contacting will be deleted in this case.