Data Protection Statement of BF.agency GmbH

Name and Address of the Controller and of the Organisation’s Data Protection Officer

This data protection information applies to the data processing conducted by:

Responsible party: BF.agency GmbH, Friedrichstrasse 23a, 70174 Stuttgart, Germany

E-mail: ntrapl@os-qverxg.qr, phone: +49 (0)711 225544300, Fax: +49 (0)711 225544201

The data protection officer of BF.agency can be reached under the above address, care of Jochen Geck, or by writing to wbpura.trpx@ivinpvf.qr directly.

Collection and Storage of Personal Data and the Nature and Purpose of Their Use

a) When Visiting the Website

Every time you access our website https://www.bf-agency.de/en, the browser used by your endpoint will automatically send information to our website server. This information is temporarily saved in so-called log files. The following data will be collected without any action on your part and stored until their automated deletion:

the IP address of the accessing computer,
the date and time of the access,
the name and URL of the file retrieved,
the website from which our website is accessed (referrer URL),
the browser used and, where applicable, the operating system of your computer and
the name of your access provider.

The data listed above will be processed by us for the following purposes:

ensuring a smooth loading of the website,
ensuring convenient use of our website,
evaluating the system security and stability and
for other administrative purposes.

Lawful basis for the data processing is Art. 6, Sec. 1, Sent. 1, Lit. f, General Data Protection Regulation (GDPR). Our legitimate interest derives from the data collection purposes listed above. In no case will we use the collected data for the purpose of drawing conclusions regarding your person. In addition, we use cookies during your visit of our website as well as analytics services. For more explanations, see the Cookies and Analytic Tools sections in this Data Protection Statement.

b) Disclosure of Personal Data to Third Parties:

We will disclose your personal data to third parties only if:

you expressly consented to it pursuant to Art. 6, Sec. 1, Sent. 1, Lit. a, GDPR,
the disclosure is necessary to assert, exercise or defend legal claims pursuant to Art. 6, Sec. 1, Sent. 1, Lit. f, GDPR, and if there is no reason to assume that you have a legitimate interest in the non-disclosure of your data,
we are under a legal obligation to disclose the data pursuant to Art. 6, Sec. 1, Sent. 1, Lit. c, GDPR, and
doing so is permitted by law and necessary pursuant to Art. 6, Sec. 1, Sent. 1, Lit. b, GDPR, to fulfil our contractual relationship with you.

Cookies

Our website uses so-called cookies. These represent small files that are automatically created by your browser and stored on your endpoint (laptop, tablet, smartphone or similar) when you visit our website. Cookies will cause no damage to your endpoint, and contain no viruses, Trojans or any other malware.

The information stored in the cookie is in each case defined by the specific endpoint used. This does not mean that it enables us to learn your identity directly.

The purpose of using cookies is, on the one hand, to make your use of our services a more pleasant experience for you. We employ so-called session cookies to identify those of our website pages that you already visited. Cookies of this type will be automatically deleted after you leave our website.
In addition, we use temporary cookies, again to optimise user-friendliness, which are stored on your endpoint for a specified period of time.

Whenever you return to our website to use our services, it will automatically recognise that you previously visited us and will know which entries and settings you chose, thus making it unnecessary for you to enter them again.

We also use cookies to monitor the use of our website statistically, as well as for the purpose of optimising our service offer to you (see Analytic Tools section below). Cookies of this type enable us to recognise you automatically as a returning user the next time you visit our website. Each of these cookies is deleted after a predefined period of time.

The data processed by cookies are processed based on your consent pursuant to Art. 6, Sec. 1, Sent. 1, Lit. a, GDPR, for said purposes.
Most browsers accept cookies automatically. However, you have the option to configure your browser in a way that prevents the storage of cookies or notifies you whenever a cookie is about to be created. Please note that fully disabling cookies may prevent you from using the full range of our website functions.

Analytic Tools

a) Tracking Tools

The tracking measures listed below and used by us are carried out on the basis of your consent pursuant to Art. 6, Sec. 1, Sent. 1, Lit. a, GDPR. The purpose of using these tracking measures is to ensure a needs-based design and to continuously optimise our website. We also record the use of our website statistically and analyse it for the purpose of optimising our website. You may revoke your consent at any time with effect to the future. For details on the data processing purposes and data categories, see the respective tracking tools.

Google Analytics

Assuming your consent, we use Google Analytics, a web analysis service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”) on the basis of Art. 6, Sec. 1, Lit. a, GDPR. To this end, pseudonymised user profiles are created and cookies (see Cookies section) are placed. The information about your use of the website that the cookie generates, such as:

browser type/version,
operating system used,
referrer URL (the website previously visited),
host name of the accessing computer (IP address),
timer of the server request,

is transmitted to Google servers and stored there.

Data Transmission to the United States:
The data collected by Google Analytics may be transmitted to the United States. The United States are considered a third country without an adequate level of data protection within the meaning of the GDPR. There is a risk that US authorities access your data without you having any effective legal protection to prevent it. We concluded the Standard Contractual Clauses (SCCs) with Google to ensure an adequate level of data protection.

IP Anonymisation:
Your IP address is truncated before being transmitted to Google (IP masking) so that it cannot be directly linked to any specific person.

Objection and Revocation of Your Consent:
You may retract your granted consent with effect for the future at any time by visiting your cookie settings [here] and disabling Google Analytics. Alternatively, you can keep Google Analytics from collecting data by downloading and installing the following browser add-on: https://tools.google.com/dlpage/gaoptout?hl=en.

More details on the privacy policy of Google Analytics:
For more information on the data processing done by Google, check out the Google Analytics help section (https://support.google.com/analytics/answer/6004245) and Google’s privacy policy (https://policies.google.com/privacy?hl=en).

Google Adwords Conversion Tracking

This website uses Google Ads Conversion Tracking, a service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Ads Conversion Tracking helps us to measure the effectiveness of our advertisements, provided you previously consented to the use of tracking. Legal basis for the data processing is your consent pursuant to Art. 6, Sec. 1, Lit. a, GDPR.

If you access our website via a Google ad, Google Ads will store a cookie on your endpoint. The cookie will be valid for 30 days and won’t be used for personal identification purposes. If you visit certain pages of our website within this period, both Google and us will recognise that you clicked on an ad and were redirected to our website.

Each Google Ads customer receives their own cookie, which means that websites cannot be tracked across multiple customers. The information collected via the cookie is used to compile conversion statistics. In the process, we only learn the total number of users who clicked on a given advert – no personal information.

Data Transmission to the United States
Your data may be transmitted to the United States. Please note that the United States are considered a third country without an adequate level of data protection within the meaning of the GDPR. There is a risk that US authorities access your data without you having any effective legal protection to prevent it. We have negotiated the Standard Contractual Clauses (SCCs) with Google to ensure an adequate level of data protection.

Revoking Your Consent
You may revoke your granted consent with effect for the future at any time by visiting your cookie settings and disabling Google Ads Conversion Tracking. Alternatively, you can block the storage of cookies in your browser settings.

Concrete CMS

Our website uses Concrete CMS as content management system for the website contents and user accounts. Only the personal data of registered users (e.g. administrators or editors) are processed in this context. Concrete CMS does not process the personal data of external website visitors. User data are processed on the legal basis of Art. 6, Sec. 1, Lit. b, GDPR, to fulfil contractual or administrative obligations within the scope of the website’s administration.

Hetzner

Our website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Hosting the website involves the processing of technical data that are necessary for operating and delivering the website (e.g. server log files). This concerns exclusively data that are generated for registered users whenever the CMS is used. Hetzner does not process the personal data of purely external website users. Data processing by Hetzner is based exclusively on a third-party processing agreement pursuant to Art. 28, GDPR.

More Details on the Privacy Policy of Google Analytics
For more details on the processing done by Google and about your setting options, see Google’s privacy policy: https://policies.google.com/privacy?hl=en.

b) Social Media und Tools

LinkedIn

Our website contains embedded links to the LinkedIn platform. The platform is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Whenever you visit one of our pages that includes a LinkedIn function, a direct connection between your browser and LinkedIn servers may be established. LinkedIn may collect your IP address and other technical data in the process. If you happen to be logged into your LinkedIn account and click on a LinkedIn button, LinkedIn can associate your visit to our website with your user account.

Legal Basis for Processing
The legal basis for using the LinkedIn link is our legitimate interest to attain the widest possible visibility in social media (Art. 6, Sec. 1, Lit. f, GDPR). If you granted your consent via a corresponding notice (e.g. a cookie banner), processing is based on Art. 6, Sec. 1, Lit. a, GDPR. You may revoke your consent at any time with effect for the future.

Data Transmission to the United States
LinkedIn may process its data in the United States. Please note that the United States are considered a third country without an adequate data protection level within the meaning of the GDPR. There is a risk that US authorities may access your data without you having any effective legal protection to prevent it. The data are transmitted on the basis of the Standard Contractual Clauses (SCCs) of the EU Commission. For details, go to: https://www.linkedin.com/help/linkedin/answer/62538.

Revoking Your Consent & Additional Information
If you do not want LinkedIn to associate your visit to our website with your LinkedIn account, please log out of your LinkedIn account first. Alternatively, you can prevent the storage of cookies by adjusting your browser settings accordingly. For more information on the privacy policy of LinkedIn, go to: https://www.linkedin.com/legal/privacy-policy.

XING
The website features an integrated XING button. When accessing the website, your browser will briefly connect to servers of XING SE (Dammtorstrasse 30, 20354 Hamburg, Germany) in order to enable the XING features (e.g. displaying the counter score).
According to XING, no personal data are stored in the process, especially no IP addresses. Nor will your use pattern be analysed via cookies or other tracking technologies in connection with the XING button.

Legal Basis
The legal basis for using the XING button is our legitimate interest to attain the widest possible visibility in social media (Art. 6, Sec. 1, Lit. f, GDPR).

Further Information
For the latest privacy notice of XING and the plugins used, go to: https://privacy.xing.com/de/datenschutzerklaerung.

Microsoft Teams
We use Microsoft Teams to host online meetings, conference calls, video conferences and webinars. Microsoft Teams is provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Data Processing & Privacy
Whenever you use Microsoft Teams, various personal data will be processed, including e.g. name, email address, IP address, communication content and technical connection data. For details on its data processing policy, please see the privacy statement of Microsoft: https://privacy.microsoft.com/en-us/privacystatement

Data Transmission to Third Countries
Microsoft processes some of its data in the United States. Since the United States are considered a third country without an adequate level of data protection, there is a risk that US authorities may access your data without you having any effective legal protection to prevent it.
However, the legal basis for the data transmission are the EU Commission’s Standard Contractual Clauses (SCCs) and additional security measures by Microsoft itself. For further information, go to: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA

Data Processing Agreement (DPA)
We have concluded a data processing agreement (DPA) with Microsoft in accordance with Art. 28, GDPR. The DPA ensures that Microsoft Teams is operated in accordance with our instructions and in compliance with European data protection regulations.
We fully implement the strict requirements of Germany’s data protection authorities in this context.

Data Subject Rights
You have the right:

to demand information about your personal data processed by us pursuant to Art. 15, GDPR. In particular, you may demand information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to object, the origin of your data if these were not collected by us, as well as the existence of automated decision making, including profiling and, where applicable, meaningful information on the details thereof;
to demand, pursuant to Art. 16, GDPR, the prompt correction of inaccurate or incomplete personal data stored by us;
to demand, pursuant to Art. 17, GDPR, the deletion of your personal data stored by us unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
to demand, pursuant to Art. 18, GDPR, the restriction of the processing of your personal data if the accuracy of the data is disputed by you, if the processing is unlawful but you object to their deletion, or if we no longer need the data but you require them to assert, exercise or defend legal claims, or if you have lodged an objection to such data processing pursuant to Art. 21, GDPR;
to demand, pursuant to Art. 20, GDPR, to have your personal data that you provided to us disclosed to you in a structured, common and machine-readable format or to request their transfer to another responsible party;
to revoke at any time, pursuant to Art. 7, Sec. 3, GDPR, the consent you once granted to us. As a result, we will be unable to keep processing the data subject to the revoked consent; and
to complain to a regulator pursuant to Art. 77, GDPR. The best way to do so is normally to contact the regulator responsible for your habitual place of residence or workplace, or the regulator responsible for our principal place of business.

Right to Object

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6, Sec. 1, Sent. 1, Lit. f, GDPR, you have the right, pursuant to Art. 21, GDPR, to object to the processing of your personal data if you can cite valid reasons arising from your particular circumstances or if you object to direct marketing. In the latter case, you have a general right to object, and we will comply with your requests without requiring a statement detailing your special circumstances.

All you need to do to exercise your right of revocation or objection is to send an e-mail to vasb@os-qverxg.qr stating your objection.

Data Security

When you visit our website, we use the standard SSL (Secure Socket Layer) procedure in combination with the highest encryption level that your browser supports. Normally, the process uses 256-bit encryption. In case your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether a given page of our website is transmitted in encrypted form by the closed display of the key or padlock symbol in the lower status bar of your browser.

Other than that, we use adequate technical and organisational security measures to protect your data against accidental or wilful manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological advances.

Currency of and Amendments to this Data Protection Statement
This document represents our currently effective Data Protection Statement as of June 2025.

Further development of our website and of offers communicated via the same, or changing legal or official requirements, may necessitate revisions of this Data Protection Statement from time to time. For the latest Data Protection Statement, as amended, go to our website at https://www.bf-agency.de/en/privacy-policy any time.