I. Responsible authority for collecting, processing and use of your personal data
The responsible authority within the meaning of data protection law is:
represented by the personally liable partner (general partner) BASS Verwaltungsgesellschaft mbH,
itself represented by the managing directors Takashi Gamano, Oliver Schunter and Martin Zeller
You can contact our company data protection officer at the following address:
Data protection officer
Phone: +49 7932 892-0
II. General information about the collection, processing and use of your data
1. What sources and data do we use?
We process personal data that we obtain from our clients in the context of our business relationship. We also process – insofar as necessary to provide our service – personal data that we obtain from publicly accessible sources, (e. g. debt registers, commercial and association registers, press, internet) or that is legitimately transferred to us by other third parties.
Relevant data is personal information (e. g. name, address and other contact details, date and place of birth, and nationality), identification data (e. g. ID card details), and authentication data (e. g. sample signature). Furthermore, this can also be order data, data from the fulfillment of our contractual obligations, documentation data and other data similar to the categories mentioned.
2. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and the data protection law of the Federal Republic of Germany (BDSG)
a. for fulfillment of contractual obligations (Art. 6 para. 1b of the GDPR)
Data is processed in order to provide business services in the context of carrying out our contracts with our clients or to carry out pre-contractual measures that occur as part of a request. The purposes of data processing are primarily in compliance with the specific product or service. Data is processed in order
- to identify you as our customer,
- to provide appropriate service,
- to correspond with you,
- to invoice.
For further data processing details, please see the relevant contractual documents and General Conditions.
b. in the context of balancing interests (Art. 6 para. 1f of the GDPR)
Where required, we process your data beyond the actual fulfillment of the contract for the purposes of the legitimate interests pursued by us or a third party. Examples:
- Marketing or market and opinion research, unless you have objected to the use of your data,
- Asserting legal claims and defense in legal disputes,
- Guarantee of IT security and IT operation,
- Prevention and clarification of crimes,
- Measures for building and site security (e. g. access controls)
- Measures for ensuring the right of owner of premises to keep out trespassers, measures for business management and further development of services and products, risk control in our company.
c. as a result of your consent (Art. 6 para. 1a of the GDPR)
As long as you have granted us consent to process your personal data for certain purposes, this processing is legal on the basis of your consent. Consent given can be withdrawn at any time. This also applies to withdrawing declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Withdrawal of consent does not affect the legality of data processed prior to withdrawal.
d. due to statutory provisions (Art. 6 para. 1c of the GDPR) or in the public interest (Art. 6 para. 1e of the GDPR)
Furthermore, as a bank, we are subject to various legal obligations, meaning statutory requirements (e. g. tax laws). Purposes of processing include fulfilling control and reporting obligations under fiscal laws, and measuring and managing risks within our company.
3. Who receives my data?
Within the company, every unit that requires your data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents appointed by us can also receive access to data for the purposes given. These are companies in the categories of IT services, logistics, printing services, telecommunications, collection, advice and consulting, and sales and marketing.
We may pass on information about you only if legal provisions demand it or if you have given your consent. Under these requirements, recipients of personal data can be, for example:
- Public entities and institutions,
- Other credit and financial service institutions or comparable institutions to which we transfer your personal data in order to carry out a business relationship with you,
- Service providers that we appoint in agreements for commissioned data processing.
Other recipients of data can be any units for which you have given us your consent to transfer data or for which you have released us from confidentiality by means of a declaration or consent or for which we are authorized to transfer data based on balance of interests.
4. Will data be transferred to a third country or an international organization?
Data transfer to units in states outside the EU (known as third countries) takes place so long as
- it is necessary for the purpose of carrying out your orders,
- it is required by law (e. g. reporting obligations under fiscal law), or
- you have granted us your consent.
Furthermore, data transfer to units in third countries can be effected in the following cases:
- If necessary, in individual cases, your data may be transferred to IT service providers in the USA or another third country to guarantee IT operations of our company in compliance with the European data protection regulations.
- In case of your consent or due to legal and regulatory requirements to combat money laundering, terrorism financing and other criminal acts or based on balance of interest in compliance with the European data protection regulations.
5. For how long will my data be stored?
We will process and store your personal data for as long as it is necessary in order to fulfill our contractual and statutory obligations. It should be noted here that our business relationship is a long term obligation, which is set up on the basis of periods of years.
If the data is no longer required in order to fulfill contractual or statutory obligations, it is deleted, unless its further processing is required – for a limited time – for the following purposes:
- Fulfilling obligations to preserve records according to commercial and tax law: German Commercial Code (HGB), German Fiscal Code (AO). The time periods prescribed for the retention of records are usually between six and ten years.
- Preservation of evidence within the framework of statutory limitation periods. According to the §§ 195 ff of the German Civil Code (BGB) these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
6. What data privacy rights do I have?
You have the following rights:
- According to Article 7 (3) GDPR you have the right to withdraw your consent at any time. This means that we are not allowed to continue data processing which was based on your previous consent,
- According to Article 15 you have the right to obtain information on how we process your personal data. In particular, you have the right to get access to the purpose of processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure, restriction of processing or to object processing, the right to lodge a complaint with a supervisory authority, where the personal data are not collected from the data subject, any available information as to their source, the existence of automated decision-making, including profiling and meaningful information about its processing details.
- According Article 16 GDPR the rectification of inaccurate personal data or the completion of incomplete personal data without undue delay,
- According to 17 GDPR the erasure of your personal data unless the processing is necessary for exercising the right to freedom of speech and to information, for compliance with legal obligation, in order to protect the vital interests or for the performance of a task carried out in the public interest or in the exercise of official authority, for the purposes of the legitimate interests,
- According to Article 18 GDPR to obtain restriction of processing if the accuracy of the personal data is contested, if the processing is unlawful and you oppose the erasure of the personal data and we no longer need the data but are required by yourself for the establishment, exercise or defense of legal claims or if you have objected to processing pursuant to Article 21 GDPR,
- According to Article 20 GDPR to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format and to have your data to be transmitted to another controller,
- According to Article 77 GDPR to lodge a complaint with a supervisory authority. For this purpose you can refer to the supervisory authority of your habitual residence, place of work or place of alleged infringement.
Information on your right to object according to 21 GDPR
Individual right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) of Article 6 (1) GDPR (processing for the performance of a task carried out in the public interest) and based on point (f) of Article (1) GDPR (processing based on balancing of interests).
If you object, we will no longer process your data unless we can prove legitimate reasons for processing which are incompatible with your interests, rights and freedoms or unless processing serves for the establishment, exercise of defense of legal claim.
Right to object to the processing of data for purposes of direct marketing
In some individual cases we process your personal data to carry out direct marketing. You have the right at all time to file an objection against the use of your personal data for the purpose of such marketing if it is related to such direct marketing.
If you object to the processing for the purpose of direct marketing, we will not process your personal data for this purpose anymore.
Recipient of an objection
The objection can be submitted without any formal requirements with the subject “Objection” with your name, your address and your date of birth and should be addressed to:
III. Data processing on our website
We, the Company BASS GmbH, take the protection of personal data very seriously. Accordingly, we have undertaken in the design of our website to comply with the legal requirements of the EU General Data Protection Regulation (GDPR), for the protection of personal data and data security. Below we inform you about the nature, scope and purpose of the collection and use of personal data. You can use this content at any time on our website.
1. Data Usage
We do not collect personal data from you via our Website unless you provide them on a voluntary basis (e. g. for an inquiry or for commercial transactions, such as an order) or the collection of personal data is allowed by relevant German laws on data privacy. So that we can provide the services you request, we do need your name, address and contact details. These data are only collected and used to the extent neces-sary for the fulfillment of the service or contract. Therefore it may be necessary to pass your personal data to companies, which we use to provide the service, e. g. transportation companies. There is no transfer of data to recipients in third countries.
2. Purposes of processing
- You have given us your explicit consent,
- The processing is required to carry out a contract with you,
- The processing is necessary for compliance with legal obligation
- The processing is required to safeguard legitimate interests and there are no reasonable grounds to suspect that you have an overriding and legitimate private interest in non-disclosure of your data to third parties.
Every visit to our website access data is stored in a log file on the server of our provider. This record consists of your IP address, date and time of the request, the name of the file, the file name that was requested from the file, the amount of data transferred and the access status, a description of browser and operating system, as well as the name of your Internet service provider. This information is collected for technical reasons. An analysis is made for statistical purposes only and without personal references.
4. Security of your personal data
The company BASS GmbH is always ready to take technical and organizational measures in line with § 32 GDPR to protect your personal data. Our employees are bound therefore to confidentiality and privacy. The company BASS GmbH further secures your personal data from unauthorized access, use or disclosure, and ensures that the personally identifiable information you provide on computer servers in a controlled and secure environment, protected from unauthorized access publication prevents located. To protect your data in case of transmission, we use encryption methods that correspond to current state of the art (e. g. SSL) via HTTPS.
Please note in conclusion that in communication over the Internet (e. g., via e-mail) complete confidentiality and data security is not guaranteed. So we recommend that you send confidential information by post.
We save cookies on your hard drive. These include a unique number that has no meaning outside of our site. The cookies are automatically deleted after your visit. The cookies are required, for example to secure language settings. You have the right and the possibility to set your browser to refuse our cookies. In this case, however, the functionality of our web site may be limited.
When you sign up for our newsletter, we use your email address to send you the newsletter. You can unsubscribe at any time of the reference. Any other use of your e-mail address will not occur. When you open the newsletter or click on a link in it, it is logged through our web server (date, time, e-mail address). This is used for internal statistical purposes. This data will not be linked to individual user profiles.
7. Google Analytics (web analysis/web tracking)
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", text files that are stored on your computer, to analyze the use of the website. The information generated by the cookie about your use of this site are usually transmitted to a Google server in the USA and stored there. Through the IP anonymization on this website, your IP address from Google will be truncated within Member States of the European Union or other parties to the Agreement on the European Economic Area before. Only in exceptional cases the full IP address is sent to a Google server in the USA where it is shortened. On behalf of the site owner Google will use this information to evaluate your use of the website, compiling reports on website activity together and to provide other use of the website and internet related services with respect to the website owner. In the context of Google Analytics provided by your browser, your IP address will not be merged with other data from Google.
8. Contact form
When contacting us via e-mail or contact form, you consent to the processing of your data for communication purposes. Therefore we need a valid e-mail address. It serves to assign your inquiry and the subsequent processing. Further information are voluntary. All information given by you are used for corresponding purposes only.
9. Google Maps
For detailed instructions to manage your personal data relating to Google products, please click here.
On many of our web pages we embed YouTube videos. Operator of this plugin is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a web page with the YouTube plugin, a connection to the YouTube servers will be established. In this process the YouTube-server is told which websites you are currently visiting. If you are logged in with your YouTube account, YouTube can trace your web-browsing behavior to you personally. To prevent this, you need to log off from your YouTube account.