Data protection
Data Privacy Statement
Data protection manager
Responsible person for the data processed in connection with this website:
Erlenhof AG
Erlenhof
9200 Gossau SG
Switzerland
Depending on the circumstances (direct communication, orders etc.) the responsibility lies with one of the following persons:
Blumer-Lehmann AG
Erlenhof
9200 Gossau
Switzerland
Phone +41 71 388 58 58
Blumer-Lehmann S.à r.l
31, Op der Heckmill
LU-6783 Grevenmacher
Luxembourg
T + 352 2880454-0
Blumer-Lehmann GmbH
Am Wäldle 3
86836 Klosterlechfeld
Germany
+49 8232 9597 870
Blumer-Lehmann GmbH
Robert-Koch-Straße 20
53501 Grafschaft
Germany
+49 2225 91130 - 0
Blumer-Lehmann GmbH
Industriestraße 4
36137 Großenlüder
Germany
T +49 160 3623069
Lehmann Holzwerk AG
Erlenhof
9200 Gossau
Switzerland
Phone +41 71 388 58 00
In case of doubt about the controllership, the request can be addressed to Blumer Lehmann (Erlenhof AG).
dataprivacy@blumer-lehmann.com
Data Protection Manager in the EU
Blumer-Lehmann S.à r.l
31, Op der Heckmill
LU-6783 Grevenmacher
Luxembourg
T + 352 2880454-0
General Information on Data Processing
Extent of Processing of Personal Data
We only ever process our users’ personal data where this is necessary to provide a properly functioning website, along with our content and services. Our users’ personal data is processed regularly and only with the users’ consent. An exception applies in cases where it is not possible to obtain the prior consent of users for de facto reasons and data processing is permitted by statutory regulations.
Data Deletion and Storage Period
The data subject’s personal data will be deleted or blocked as soon as the purpose for which it was stored ceases to apply. The data might be stored for longer if this has been stipulated by the European or national legislators within Union regulations, laws or other requirements to which the responsible party is subject. The data is also blocked or deleted if a storage period stipulated by the standards mentioned expires, unless there is a continued need to store the data in order to enter into a contract or for the performance of a contract.
Making the Website Available and Creating Log Files
Each time our website is visited, our system automatically collects the data and information from the operating system of the requesting computer. The following data enables assignment to a user and is collected at this point:
- type and version of the browser used
- user’s operating system
- user’s Internet Service Provider
- user’s IP address
- date and time of access
- websites from which the user's system accesses our Internet site
- websites accessed by the user's system through our website
The data is also stored in our system’s log files. This data is not stored together with other personal data pertaining to the user.
The IP address needs to be stored by the system in order to make the website available to the user’s computer. The user’s IP address must remain stored for the duration of the session for this purpose. In addition, the data is stored in log files, in order to ensure the functionality of the website. The data is used to optimize the website and to ensure the security of our IT systems. These purposes also include our legitimate interest in data processing. The legal basis is thus Article 6 Paragraph 1 Point f of the GDPR (EU’s General Data Protection Regulation).
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Where the data is stored in order to make the website available, this takes place when the respective session is ended. In the case of log files, the data is stored in rolling log files, with older entries being automatically deleted. The storage duration is thus dependent on the circumstances and cannot be restricted accordingly in terms of time. In general, it can be assumed that the data will be deleted after one year at the latest, although storage beyond this time is possible.
It is vital to store the data in order to make the website available, and the data must be stored in log files in order to operate the website. Users therefore have no possibility to object to processing of this personal data.
Usage of cookies
Our website uses cookies. Cookies are text files that are stored in the user’s computer system in the Internet browser or by the Internet browser. If a user visits a website, a cookie can be stored in their operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified the next time the website is visited.
Technically Necessary Cookies
The user data collected by technically necessary cookies is not used to create user profiles. The purpose of using technically necessary cookies is to make it simpler for users to use websites. Some of the functions on our website cannot be provided if we do not use cookies. For this purpose, the browser must be recognized even after a page change.
Other Cookies
We also use cookies on our website which enable us to analyse the behaviour of our users. This is because we use Google's services (see below).
Storage period, possibility of objection and removal
Cookies are stored on the user's computer. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that some functions of our website cannot be used to their full extent.
With regard to technically unnecessary cookies, we also refer you to the explanations below.
Details of the cookies used
Third Party Services (Plugins)
Google Analytics
We use the service Google Analytics on our website. This is a service provided by the US company Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, resp., for European users, the Irish company Google Limited Ireland, Gordon House, Barrow Street, Dublin 4, Ireland. We have concluded a data processing agreement with Google.
Google Analytics is a web analysis service. Web analysis is the measurement, collection, analysis and reporting of data on visitors' behaviour on websites. A web analysis service collects data, among other things, from which website a data subject came to another website (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed.
The service uses cookies (see above). On this website, the Google Analytics’ IP anonymization is activated. This shortens Google's IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before it is transmitted to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
The information created by Google Analytics is usually transmitted to a Google server in the USA, where it is stored. Google uses this information on our behalf to evaluate the use of the website, compile reports on website activities and to provide services associated with the use of the website and the use of the Internet for us. The IP address transmitted by the browser in Google Analytics is not merged with other data from Google.
This data processing therefore takes place on the basis of our legitimate interest in analysing user behaviour in order to optimise both our website and our advertising. The legal basis is therefore Art. 6 para. 1 lit. f GDPR.
You can prevent cookies from being stored by making a corresponding setting in the browser software you use, but you might then not be able to use all of the functions of this website to the full extent. In addition to the changes in browser settings, you can also use a browser plug-in to object to the processing of data. This plugin is available at https://tools.google.com/dlpage/gaoptout.
Please refer to the Google’s data privacy statement for details on data processing by Google and your possibilities to object: https://policies.google.com/privacy?gl=de
Google Maps
On our website, we also use the service “Google Maps” by Google to display our location and to create directions. When a website with an integrated Google Maps component is visited, a connection is established to a Google server that might be located in the USA. This enables Google to determine the website from which the request has been sent and the IP address to which the directions must be transmitted. In addition, Google stores a cookie on the end device via the Internet browser. You can find more detailed information in the terms of use for Google Maps at https://www.google.com/intl/de_de/help/terms_maps.html as well as in Google’s data privacy statement at https://policies.google.com/privacy?hl=de.
The use of Google Maps is based on our legitimate interest in optimizing the functionality of our website and in finding the locations given on our website more easily. The legal basis is thus Article 6 Para 1 lit. f of the GDPR.
jQuery / Google Hosted Libraries
This website uses the free JavaScript library "jQuery" to display various elements. This library is provided by Google using its service Google Hosted Libraries. When you visit a page, the user's browser connects to Google's servers, which tells Google that the data subject is visiting our website.
The use of Google Hosted Libraries is in the interest of an appealing presentation and a short loading time of our website. In addition, by using Google Hosted Services we make sure that we always use a patched version of jQuery, which increases security. Those are our legitimate interests for this data processing based on Art. 6 Para. 1 lit. f GDPR.
Further information on Google Hosted Libraries can be found at https://developers.google.com/speed/libraries/ and in Google's privacy policy at https://www.google.com/policies/privacy/.
Services provided by Facebook
We use services of the social network Facebook. Facebook.com is a service provided by Facebook, Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the person responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Whenever the user accesses a subpage of this website, on which a Facebook component (Facebook plug-in) has been integrated, his Internet browser automatically downloads a representation of the corresponding Facebook component from Facebook. Thus, Facebook obtains information about which specific subpage of our website is visited by the data subject.
If the data subject is logged into Facebook at the same time, Facebook can assign this data to the respective Facebook account of the data subject. If the data subject interacts with one of the Facebook plugins (e.g. clicking on the "Like" button), Facebook also assigns this information to the personal Facebook user account of the data subject.
This data processing is based on our legitimate interest in linking our Facebook presence and content to our website. The legal basis is therefore Art. 6 Para. 1 lit. f GDPR.
Facebook's published privacy policy, which is available at https://de-de.facebook.com/about/privacy/, discloses the collection, processing and use of personal data by Facebook. It also explains what settings Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.
YouTube
We use YouTube on our website. This is a video portal operated by YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA. YouTube is a subsidiary of the aforementioned Google LLC.
We integrate videos from YouTube directly on our website. Normally, when you visit a page with embedded YouTube videos, your IP address is sent to YouTube and cookies are installed on your computer. However, we have integrated our YouTube videos using the so-called "Advanced Privacy Mode". As a result, YouTube does not store any information about visitors unless they play the video. Furthermore, this should prevent Google’s service "Doubleclick", which YouTube automatically connects to in case a webpage with an embedded YouTube video is accessed, from evaluating personal data (as specified in Google's privacy policy).
When you click on a YouTube video, your IP address is transmitted to YouTube and YouTube obtains information that you viewed the video, the date and time it was played, and the website on which the video was embedded. If the data subject is logged in to YouTube when starting a YouTube video, YouTube will assign the connection information to the data subject’s YouTube account. To prevent this, the data subject you must either log out of YouTube before starting a video on our site or make the appropriate settings in your YouTube account.
YouTube permanently stores cookies on your device via your browser. You can prevent cookies from being stored by making a corresponding setting in the browser software you use.
This data processing is necessary to be able to display YouTube videos on our website within your browser. The legal basis is therefore Art. 6 Para. 1 lit. f GDPR and our legitimate interest in in improving the quality of our website.
Further information about the collection and use of data as well as the data subject’s rights and protection options can be found at https://policies.google.com/privacy
Newsletter
You can subscribe to a free newsletter on our website. The data from the input screen is transmitted to us when you apply for the newsletter. In addition to the e-mail address, the IP address of the computer to be called up, as well as the date and time of registration are collected.
The data required is entered via a service provided by the Swiss company Mayoris AG, Suurstoffi 16, 6343 Rotkreuz, with whom we have concluded a contract for order data processing. Using Mayori, we also collect data, specific to the user, on whether and when our newsletter has been opened and whether the links it contains have been clicked (performance measurement by means of opening and click rates).
You can find more detailed information on data processing by Mayoris at https://www.mayoris.com/data-privacy/.
The user’s e-mail address is collected in order to deliver the newsletter. The data entered in conjunction with the performance measurement is used to further optimize our content in the future.
For the presented processing of data, your consent is obtained during the dispatch process, and you are referred to this data privacy statement. The legal basis is thus Article 6 Paragraph 1 Point a of the GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user’s e-mail address is therefore stored as long as the subscription to the newsletter is active. The user concerned can cancel the subscription to the newsletter at any time. Each newsletter contains a corresponding link for this purpose.
Contact Form and Contact by Email
Our website provides forms enabling you to contact us by electronic means. If you take advantage of this option, the data entered in the input screen is transmitted to us and stored. This data is:
- First name and last name
- Address (Street, ZIP code, City, Country)
- E-mail address
- Phone number
- Individual message
- Event-specific data (application etc.)
To process the data, your consent is obtained during the transmission process, and you are referred to this data privacy statement.
Alternatively, you can make contact using the e-mail address provided. In this case, your personal data transmitted to us in the e-mail is stored.
We only process personal data from the input screen in order to process establishing contact. If you contact us via e-mail, this also constitutes the required legitimate interest pursued in processing the data. The other personal data processed during the transmission procedure is used to prevent the contact form from being misused and to ensure that our IT systems are secure. Depending on the circumstances, data processing is based on the consent of the user, the implementation of pre-contractual measures, the performance of a contract and/or to safeguard our legitimate interests. The legal basis for data processing is accordingly Article 6 Paragraph 1 Points a, b and/or f of the GDPR.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. With regard to the personal data from the input screen of the contact form and the data that has been sent by e-mail, this is the case once the respective conversation has ended with the user. The conversation is considered ended once it has been established from the circumstances that the matter in question has been fully clarified.
Users can revoke their consent to the processing of their personal data at any time. If a user contacts us via e-mail, they can object to the storage of their personal data at any time. The conversation may not be continued in such cases. All personal data that has been stored during contact is then deleted, unless it needs to be stored in order to comply with contractual or legal obligations.
Rights of the Data Subject
If your personal data is processed, you are the person concerned and you have the following rights against the responsible party:
- Right to confirm whether the data concerning you should be processed, right to information on the processed data, right to further information on data processing as well as right to copies of the data (Article 15 of the GDPR);
- Right to correct and complete incorrect or incomplete data (Article 16 of the GDPR);
- Right to immediate deletion of data concerning you, or, if further processing is necessary, to restriction of processing (Articles 17 and 18 of the GDPR);
- Right to receipt of data concerning you and provided by you and to transmit this data to other providers/responsible parties (Article 20 of the GDPR);
- Right to receive the personal data concerning you that you have provided to the responsible party in a structured, current and machine-readable format.