1. Data privacy at a glance
General information
Protecting your personal data is especially important to us. We take all necessary measures to ensure that your data is protected in the best possible way. The following notes provide a simple overview of what happens to your personal data when you visit our website.
Personal data, according to Article 4 (1) of the General Data Protection Regulation (GDPR), includes all information relating to an identified or identifiable natural person, such as your name, address, or email address.
In addition, when you visit our website, data about your user behavior may be collected through cookies or similar tracking technologies. This data may be shared with third parties (e.g., social networks such as Facebook) when you interact with corresponding functions on our site.
For more detailed information about how we handle your data, please refer to the full privacy policy below.
2. Data collection on our website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. Their contact details can be found in the imprint or in this privacy policy.
How do we collect your data?
Some data is collected when you provide it to us, for example through a contact form.
Other data is collected automatically when you visit the website. This data includes primarily technical information (e.g., browser type, operating system, or time of page access) and is collected automatically as soon as you access our site.
What do we use your data for?
Part of the data is collected to ensure the website functions properly. Other data may be used to analyze user behavior.
What are your rights regarding your data?
You have the right to receive free information about the origin, recipients, and purpose of your stored personal data at any time. You also have the right to request the correction, blocking, or deletion of this data.
You can contact us at any time at the address given in the imprint for this purpose, as well as for any other questions about data protection.
Furthermore, you have the right to file a complaint with the competent supervisory authority.
Under certain circumstances, you also have the right to request the restriction of processing of your personal data (see “Right to restriction of processing”).
3. Controller
BaF Brothers and Friends GmbH
Dornierstraße 20
48477 Hörstel
Represented by the managing director:
3. Data Protection Officer
Sascha Conrad
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
4. Data protection officer required by law
We have appointed a data protection officer for our company.
René Floitgraf
Frankenstrasse 34
52223 Stolberg
CompliPro GmbH
Telefon: +49 2402 9245980
E‑Mail: rf@complipro.de
5. General notes and mandatory information
Web Hosting
Our website is hosted by an external service provider.
Hosting provider: [Please insert your hosting provider here, e.g., Hetzner Online GmbH, Strato AG, IONOS SE, etc.]
The hosting provider provides the technical infrastructure necessary for operating this website. In doing so, server log files and technical connection data are processed.
The processing takes place on the basis of Art. 6 (1)(f) GDPR, based on our legitimate interest in the secure and reliable operation of our website.
A data processing agreement pursuant to Art. 28 GDPR has been concluded with the provider.
Data protection
As the operator of this website, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
Legal basis for data processing
Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)
If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (1) GDPR).
If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of GDPR violations, data subjects have the right to lodge a complaint with a supervisory authority.
The competent authority for our company is:
State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW)
Kavalleriestraße 2–4
40213 Düsseldorf
Website: https://www.ldi.nrw.de
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information, blocking, erasure and rectification
You have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time within the framework of the applicable legal provisions. You can contact us at any time at the address given in the legal notice if you have any further questions on the subject of personal data.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:
If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
If you have lodged an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data – apart from its storage – may only be used with your consent or for the assertion, exercise or defense of legal claims.
General Retention Period
We store personal data only for as long as necessary for the respective processing purpose or as required by statutory retention periods.
After the purpose ceases to apply or these periods expire, the data is deleted or anonymized, unless legal obligations require otherwise.
Objection to advertising e-mails
We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
Disclosure of data to third parties
We only pass your personal data on to third parties if:
- You have expressly consented to the transfer of the data (cf. Art. 6(1)(a) GDPR).
- The transfer of the data is necessary for the performance of a contract (cf. Art. 6(1)(b) GDPR).
- The transfer of the data is necessary for compliance with legal obligations (cf. Art. 6(1)(c) GDPR).
- Vital interests of you or other persons need to be protected (cf. Art. 6(1)(d) GDPR).
- The transfer of the data is of legitimate interest to our company or to third parties, and your interests, rights, and freedoms do not outweigh this (cf. Art. 6(1)(f) GDPR).
Additionally, we may use service providers who are involved in the provision of our website or other services. In these cases, it may be necessary for these service providers to gain access to your personal data in the course of their work. We have concluded data processing agreements with these service providers in accordance with Art. 28 GDPR to meet data protection requirements and ensure the protection of your data.
It may also occur that personal data is transferred to third parties located outside the EU or the European Economic Area (so-called third countries). In such cases, we ensure that the transfer complies with the requirements of the GDPR, e.g., through the conclusion of standard contractual clauses or other appropriate safeguards.
We take all legally required data protection measures to ensure the secure and reliable processing of your data, such as through technical and organizational security measures (e.g., encryption).
6. data collection on our website
Consent Management Tool (Moove GDPR Cookie Compliance)
We use the consent management tool “Moove GDPR Cookie Compliance” to obtain your consent for storing certain cookies on your device and to document this consent in a GDPR-compliant manner.
The processing is carried out based on Art. 6 (1)(c) GDPR to fulfill our legal obligation to document user consent.
You can change or withdraw your consent at any time via the “Cookie Settings” link at the bottom of the website.
Analysis tools and tools from third-party providers
When you visit our website, your surfing behavior may be statistically evaluated. This is mainly done using cookies and so-called analysis programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You can find detailed information on this in the following privacy policy.
You can object to this analysis. We will inform you about the objection options in this privacy policy.
hCaptcha
We use the hCaptcha service on this website (provider: Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA) to protect our web forms from automated access and spam.
hCaptcha analyzes the behavior of website visitors based on various characteristics (e.g., mouse movements, screen resolution, IP address) to determine whether an action is being performed by a human or an automated program. The analysis starts automatically when a user interacts with a form that includes hCaptcha.
Data processing is carried out on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting the website from abusive automated crawling and spam.
For more information, please refer to the hCaptcha Privacy Policy and Terms of Service.
Cookies
Essential Cookies
Our website uses essential cookies that are necessary for the basic functionality of the site. These cookies do not store any personal data and therefore do not require consent.Name | Provider | Purpose | Storage Duration |
---|---|---|---|
pll_language | bafwoman.com | Stores the language selected by the user and ensures that the website is displayed in the correct language. | 1 year |
wpEmojiSettingsSupports | bafwoman.com | Checks whether the browser can correctly display emojis. | Session |
ep_user_id | bafwoman.com | Used to uniquely identify the user for session and security purposes. Does not contain personal data. | 1 year |
ep_session_id | bafwoman.com | Used to maintain an active user session and ensure that requests within a session are properly assigned. | Session |
moove_gdpr_popup | bafwoman.com | Stores the user’s consent status regarding the use of cookies to prevent the cookie consent banner from being shown repeatedly. | 1 year |
Server log files
The provider of the sites automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
This data is collected for technical purposes, such as troubleshooting, optimizing our website, and for security (e.g., defense against attacks). The collection of this data is based on Art. 6(1)(f) GDPR, as the website operator has a legitimate interest in the technically flawless display and optimization of the website.
This data will not be merged with other data sources. The data is generally stored for a period of 7 to 30 days and then deleted or anonymized.
IP addresses: If the storage of IP addresses occurs, they will be anonymized, if technically possible and reasonable, in order to ensure data protection.
Google web fonts and Adobe TypeKit fonts
This site uses so-called web fonts provided by Google and Adobe for the uniform display of fonts. The Google Fonts and Adobe TypeKit fonts are installed locally. There is no connection to Google or Adobe servers.
Contact Form and Email Communication
If you contact us via the contact form or email, the information you provide, including your contact details, will be stored for the purpose of processing your inquiry and for any follow-up questions.
We do not share this information without your consent.
The processing is based on Art. 6 (1)(b) GDPR (performance of a contract or pre-contractual measures) or Art. 6 (1)(f) GDPR (legitimate interest in responding to your inquiry).
Your data will be deleted once the purpose for storage no longer applies, unless legal retention obligations require otherwise.
6. changes to the data protection provisions
This privacy policy is currently valid and has the status of February 2025.
To ensure the best possible protection of your data in the future, we reserve the right to adjust this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. In the case of significant changes, we will actively inform you. For your next visit, the new privacy policy will apply. Therefore, we recommend that you regularly review our information and notices regarding data processing.
Status: October 2025