We, BRLO GmbH, collect certain data from our visitors and customers to the extent necessary. In the following privacy policy, you will learn what we do with your data, so-called personal data, and why we do it. We will also tell you how we protect your data, when the data is deleted and what rights you have thanks to data protection.
Responsible for this website is
BRLO GmbH
Schöneberger Straße 16
10963 Berlin
+49 30 555 77 606
info(at)brlo.de
You can also reach our data protection officer or another contact relevant to data protection via these contact details. Please contact us at any time if you have specific questions about your data, its deletion or your rights.
You can contact us at any time if you have questions about your data protection rights or wish to exercise your rights below:
Our offer contains links to external websites of third parties, on whose contents we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. If we become aware of any infringements of the law, we will remove such links immediately.
If you merely want to browse our website, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website, first and foremost:
As a protective measure in favour of your privacy, we delete or anonymise the IP address after your visit to our website. This means that the other technical data can no longer be traced back to you and are only used for anonymous, statistical purposes to optimise our website. The purpose of the temporary storage of the data is, on the one hand, the technical necessity for establishing the connection and, on the other hand, the correct, error-free presentation of our website. The IP address and the technical data already mentioned are necessary to display the website, to prevent display problems for visitors and to correct error messages. The legal basis is the so-called legitimate interest, which has been examined in the context of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 (1) lit. f DSGVO.
You have the option of contacting us via our contact form. You can provide us with the following data:
As a protective measure, contact is established - just like the visit to the rest of the website - via an encrypted connection. After the successful contact and completed contact request, your data will be deleted immediately. The sole purpose of the requested data is to contact you or communicate with you, which is why the data is only used for this purpose. The legal basis is the so-called legitimate interest, which has been examined in order to pursue the purpose and within the framework of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 Para. 1 lit. f DSGVO.
If you wish to place an order for our products, we will only request the data from you that is necessary for the order and payment processing. This data is treated confidentially and is only processed by us, the payment provider and the shipping service provider. At least the following data is required for this:
Insofar as this is necessary for the delivery of your order, we will pass on your data to a shipping company. Depending on your selection, we will pass on the necessary payment data to the respective credit institution or a payment service provider to process your payment. In some cases, you can create an account with the payment service provider yourself or register with an existing account. In the aforementioned cases, the data protection declarations of the service providers apply in each case.
As a protective measure , the transmission of the data you enter - just like the visit to the rest of the website - takes place via an encrypted connection. In addition, we apply the principle of data minimisation and only collect the data that is actually required. Your data will be stored for as long as is necessary to process your order or until you request the deletion of the data. However, invoice-relevant data is subject to legal retention periods and can be stored for up to ten years. The purpose of the requested data is order and payment processing in order to provide you with the desired product. The legal basis is the mutual fulfilment of the contract in accordance with the European data protection requirements from Art. 6 para. 1 lit. b DSGVO.
You also have the option of registering on our website and then logging in with a user account at any time. To register with us, the following data is required:
As a protective measure , the transmission of the data you enter - just like the visit to the rest of the website - takes place via an encrypted connection. In addition, we apply the principle of data minimisation and only collect the data that is actually required. Your data will be stored for as long as is necessary to process your order or until you request the deletion of the data. However, invoice-relevant data is subject to legal retention periods and can be stored for up to ten years. The purpose of the requested data is order and payment processing in order to provide you with the desired product. The legal basis is the mutual fulfilment of the contract in accordance with the European data protection requirements from Art. 6 para. 1 lit. b DSGVO.
As a protective measure, the transmission of the data you enter - just like the visit to the rest of the website - takes place via an encrypted connection. After successful confirmation, your data will be stored until you decide to delete individual data or the entire user account. The purpose of the requested data is to create a user account for the use of extended functions on the website. Registration is voluntary and can be revoked or the user data deleted at any time. The legal basis is your consent in accordance with the European data protection requirements from Art. 6 para. 1 lit. a DSGVO.
If you are interested in news about our company or our product, you can subscribe to our newsletter. You will then receive an e-mail in which you must click on a link to confirm receipt of the newsletter. We will then store your e-mail address until you unsubscribe from the newsletter. To do this, you will find a corresponding unsubscribe link in every e-mail of our newsletter. The newsletter is delivered by a specialised service provider.
As a protective measure, we request the so-called "double opt-in" to ensure that the e-mail address entered actually belongs to you. Furthermore, we have concluded a data protection contract (order processing) with the commissioned service provider. You also have the option of unsubscribing from the newsletter at any time and thus deleting your e-mail address from the service provider's database. The purpose of data collection is to send the newsletter to your personal e-mail address in order to comply with your request for news about our company or our products. The legal basis is your consent in accordance with the European data protection requirements of Art. 6 para. 1 lit. a GDPR.
If you apply to us online or otherwise respond to one of our job advertisements, we collect and process the personal applicant data for the purpose of processing the application procedure. The processing is primarily carried out electronically. This is particularly the case if an applicant submits relevant application documents to us electronically, for example by e-mail or via a web form located on the website. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be deleted six months after notification of the rejection decision - this retention period is justified by any obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG). If an applicant has given his/her consent, applications may also be kept for longer than six months.
We also use a recruiting and applicant management software called "coveto", which is provided by the service provider coveto ATS GmbH, Zeppelinstraße 9, 63667 Nidda, Germany. This software helps us to place job advertisements and manage applications centrally. For this purpose, we have concluded an order processing agreement to ensure that coveto only processes the personal data of our applicants in accordance with our instructions. Further information on data protection at coveto can be found in the service provider's data protection statement: https://www.coveto.de/datenschutz
The legal basis is the establishment and implementation of the employment relationship in accordance with § 26 BDSG. If the employment relationship does not materialise, the data will be deleted as stated above.
Our website partly uses so-called cookies and a cookie banner in which you can freely choose whether you accept these cookies and third-party providers. Cookies are small text files that are usually stored in a folder of your browser. Cookies contain information about the current or last visit to the website:
If cookies do not contain a precise expiry date, they are only temporarily stored and automatically deleted as soon as you close your browser or restart the terminal device. Cookies with an expiry date remain stored even if you close your browser or restart the terminal device. Such cookies are only removed on the specified date or when you delete them manually.
We use the following three types of cookies on our website:
You can configure, block and delete cookies in your browser settings. If you delete all cookies from our website, some functions of the website may not be displayed correctly.Helpful information and instructions for the most common browsers are provided by the Federal Office for Information Security:
https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html
Depending on how you use our website, we share your information with the following recipients who are essential to providing our service and communicating with you:
We only share data that is necessary for the performance of the mutual contract or if you have given us your consent, for example in the context of our newsletter or cookie banner. If no contract exists yet, we share the data in certain cases in the context of legitimate interests. This is the case, for example, if you only want to visit our website or contact us. When you visit our website, it is in the interest of both parties to provide access to the offer and to communicate with each other.
We have also entered into contract processing agreements with all external recipients to comply with European law requirements. Depending on your location, some of the above service providers - if specified - will also transfer your data to the United States. The European Court of Justice has ruled that the United States does not have an equivalent level of data protection to the EU and authorities may be able to access data without due process. Additional safeguards are therefore required to ensure a sufficient level of data protection. To meet this requirement, we have concluded additional contracts for commissioned processing called standard contractual clauses. In addition, we check each service provider together with our data protection officer and ensure that additional security measures are available, such as strong encryption of the data.
Status of the data protection declaration: November 2021