What data do we collect from you?
How do we collect your data?
For what purposes do we use your data?
We also use your data for
What data can only be processed subject to your consent and for what purpose can it be processed?
Name, gender, date of birth, address, contact details (email addresses, phone numbers), shopping basket, order and delivery data, payment data.
What are your rights?
Ask our contact person
3G Business Datenschutz GmbH
Tel.: +49 (0)162 1007 910
We are delighted that you are interested in our company. Data protection is very important to the management of Bremeninvest. The website pages of Bremeninvest can generally be used without providing any personal data. However, if a person wishes to access particular services of our company through our website, we may need to process personal data. If personal data needs to be processed and no statutory basis for this processing activity exists, we will generally ask the data subject to consent to the processing.
In its capacity as the controller of the processing and the operator of the website and its pages, Bremeninvest has implemented a variety of technical and organisational measures to ensure that personal data processed through our website is protected as seamlessly as possible. However, internet-based data transmission always involves a certain vulnerability and we are thus unable to offer any absolute guarantee in relation to the protection of data. Data subjects are therefore free to provide their personal data to us by other means of communication, for example over the phone.
Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A data subject is any identified or identifiable natural person whose personal data is being processed by the controller.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future during the statutory retention periods. This means that data will still be stored, but can only be used for certain processing purposes, such as audits by the tax authorities.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
The controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Where several companies jointly process personal data and define the purposes and means of their data processing for joint tasks or projects, these companies may be considered ‘joint controllers’ within the meaning of Article 26 GDPR and may therefore establish joint data protection rules and joint measures to safeguard the rights of data subjects.
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
The controller as defined in the General Data Protection Regulation, and the entity responsible within the meaning of other data protection legislation and provisions in relation to privacy that apply in the member states of the European Union, is:
The data protection officer of the controller is:
3G Business Datenschutz GmbH
Tel.: +49 (0)162 1007 910
Data subjects can contact our data protection officer directly with any questions or suggestions they may have in relation to data protection.
As a controller, we have taken appropriate measures to ensure that all information under Articles 13 and 14 and all notices under Articles 15 to 22 and Article 34 are communicated to the data subject of a processing activity in a precise, transparent, understandable and easily accessible way using clear and simple language.
You can view this information or request a copy of it either by contacting your assigned representative at our company directly, sending an email to email@example.com, or downloading the information from our website.
If you visit the Bremeninvest website and your browser settings are configured to accept cookies, we will assume that you are interested in using the services and offers of Bremeninvest.
Cookies are small text files that are stored on your computer or other end device when you visit a website. The cookie information is subsequently retransmitted from your computer upon every visit to the website that placed the cookie.
Cookies are useful because they can help us make it easier for you to use our website. They enable us to see how users navigate our website and to analyse how our website offering is being used. In the long run, this will help us improve our online offering and make our website more user-friendly.
When you visit the website of Bremeninvest, you accept the use and storage of cookies. Most web browsers save cookies automatically. You can of course also view our website without accepting cookies.
Bremeninvest does not analyse any of your online movements, if you have:
The steps for disabling the storing of cookies and enabling the Do Not Track function differ from browser to browser. You should usually be able to find instructions in the help section of your web browser.
Bremeninvest generally uses two types of cookies:
These are temporary cookies that are stored on your hard drive only for the duration of your visit to our website and will be deleted automatically when the browser is closed.
Bremeninvest uses session cookies to make sure that the user identification during visits to the Bremeninvest customer website section is uninterrupted, which ensures seamless functionality.
Using the customer section of the Bremeninvest website therefore requires the browser settings to be configured in such a way that session cookies are accepted.
Cookies with a longer run time
Cookies with a longer run time are used exclusively for website usage analysis and help us improve the performance of our website.
In order to be able to analyse the browsing behaviour of our users, Bremeninvest uses the Google Analytics tool. It is not possible for us to infer the identity of individual persons from this data. This data will not be combined with other data sources.
If you do not want Bremeninvest to store and analyse and information about your browsing behaviour, you are free to object to this at any time (opt-out).
If you choose not to accept cookies, an opt-out cookie will be deposited in your browser. This opt-out cookie does not contain any information and its sole purpose is to enable our website to recognise that you have opted out.
At this stage, you can decide whether you want to accept a unique web analysis cookie being stored in your browser in order to enable the website operator to collect and analyse a variety of statistical data.
If you decide against accepting this, you need to click on the following link in order to store the opt-out cookie in your browser.
Your visit to this website is currently being processed by Google Analytics. Please click here if you do not wish your visit to be processed.
Deleting all cookies from your hard drive will also delete the opt-out cookie. In this case, the opt-out procedure will need to be carried out again.
If you use several browsers or other end devices, you will need to complete the opt-out procedure for each individual browser on each device used to access the Bremeninvest website. We are not able to identify whether different website visits were made by the same person, end device or browser.
The Bremeninvest website collects a set of general data and information upon every website access by a data subject or automated system. This general data and information is stored in the server log files. It may include (1) the browser type and version used to open the website, (2) the operating system used by the accessing system, (3) the website from which the accessing system navigated to our website (the ‘referrer’), (4) the sub-pages of our website that were visited by the accessing system, (5) the date and time of the website access, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other comparable data and information that can be used to protect and defend our IT systems against attacks.
Bremeninvest does not trace this general data and information back to the data subject. The actual purpose of collecting this information is (1) to be able to render our website content correctly, (2) to optimise our website content and advertisements based on this information, (3) to ensure the long-term operability of our IT systems and our website technology and (4) to be able to provide criminal authorities with all information of relevance to the prosecution in the event of a cyber attack. This data and information is collected anonymously and is evaluated by Bremeninvest for statistical purposes and in order to increase data protection and data security in our company with the ultimate goal of ensuring an optimum level of protection for the personal data processed by us. The anonymous data in the server log files is stored separately from any personal data provided by a data subject.
On the website of WFB Wirtschaftsförderung Bremen GmbH, users are given the opportunity to subscribe to the newsletter of our company. Which personal data are transmitted to the data controller when the newsletter is ordered results from the input mask used for this purpose.
The WFB Wirtschaftsförderung Bremen GmbH informs its customers and business partners at regular intervals by way of a newsletter about offers of the company. The newsletter of our company can only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by an affected person for the first time for newsletter mailing using the double-opt-in procedure. This confirmation email is used to check whether the owner of the e-mail address as the person concerned authorized the receipt of the newsletter.
When subscribing to the newsletter, we also store the IP address of the computer system used by the person concerned at the time of registration, as well as the date and time of registration, as assigned by the Internet Service Provider (ISP). The collection of this data is necessary in order to understand the (possible) misuse of an affected person's e-mail address at a later date and therefore serves as legal safeguards for the controller.
The personal data collected in the context of registering for the newsletter will be used exclusively to send our newsletter. Subscribers to the newsletter may also be notified by e-mail if this is necessary for the operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter or technical changes. There will be no transfer of the personal data collected as part of the newsletter service to third parties. Subscription to our newsletter may be terminated by the person concerned at any time. The consent to the storage of personal data that the data subject has given us for the newsletter dispatch can be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in each newsletter. It is also possible to unsubscribe from the newsletter at any time, directly on the controller's website, or to inform the controller in a different way.
The controller will process and store the personal data of data subjects only for the period of time that is required to achieve the purpose of the data storage, or in compliance with any laws or other provisions applicable to the controller that were implemented by EU legislators or by another competent legislator.
If the purpose for the data storage ceases to exist or if a data retention period determined by EU legislators or by another competent legislator expires, personal data is routinely blocked or erased in accordance with statutory provisions.
Article 6 (1) a GDPR provides the legal basis for our company’s processing activities for which we obtain the consent of the data subject for a particular processing purpose. If personal data needs to be processed to perform duties under a contract to which the data subject is a party, as for example in the case of processing activities required to deliver goods, perform a service or provide a consideration, such processing activities are based on Article 6 (1) b GDPR. The same applies for processing activities required to perform steps prior to entering into a contract, e.g. in relation to enquiries about our products or services. Where our company needs to process personal data to comply with legal obligations such as tax requirements, such processing activities are based on Article 6 (1) c GDPR. In rare cases, personal data may need to be processed to protect the vital interests of the data subject or of another natural person. This might, for example, be the case if a person visiting our company premises sustains an injury and the person’s name, age, health insurance details or other vital information need to be provided to a doctor, a hospital, or another third party. Such processing activities would be based on Article 6 (1) d GDPR. Last but not least, processing activities may also be based on Article 6 (1) f GDPR. This provision forms the legal basis for processing activities that are not covered by any of the above legal bases, provided that the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing activities are permitted, in particular, because European legislators have expressly provided for them. The legislators were of the opinion that a legitimate interest could be assumed to exist where the data subject is a client of the controller (recital 47 sentence 2 GDPR).
Where personal data is processed on the basis of Article 6 (1) f GDPR, our legitimate interest is to conduct our business activities for the benefit of our employees and shareholders.
The duration for which personal data will be stored is determined by the applicable statutory retention period. At the end of the prescribed retention period, standard procedure is to erase the data, provided it is no longer required for the performance of a contract or to take steps prior to entering into a contract.
We would like to clarify for you that in certain cases, the provision of personal data is required by law (e.g. tax laws) or contractual stipulations (e.g. information on the counterparty to an agreement). To form a contract, it may be necessary for a data subject to make personal data available to us that we will subsequently need to process. A data subject may, for example, be required to provide us with certain personal data if a contract is to be concluded between our company and the data subject. A failure to provide this personal data would make the conclusion of a contract with the data subject impossible. Before providing personal data, the data subject must contact our data protection officer. Based on the specifics of the individual case, our data protection officer will inform the data subject whether the provision of personal data is required by law or contract or is necessary to conclude a contract, whether the data subject is under any obligation to provide the personal data, and what the consequences of a failure to provide such personal data would be.
As a responsible business, we do not use automated decision-making processes or profiling.
The GDPR grants every data subject the right to be informed about the collection and use of their personal data. If a data subject wants to exercise this right to obtain information, the data subject may contact our data protection officer or any other employee of the controller at any time.
The GDPR grants every data subject the right to access the personal data that is being stored and processed and to obtain a copy of this information from the controller free of charge. It furthermore grants every data subject the right to obtain information about:
The data subject also has the right to obtain information as to whether their personal data was transferred to a third country or an international organisation. Where personal data is transferred to a third country or to an international organisation, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wants to exercise this right to obtain such information, he or she may contact our data protection officer or any other employee of the controller at any time.
The GDPR grants every data subject the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, they may contact our data protection officer or any other employee of the controller at any time.
The GDPR grants every data subject the right to demand that their personal data be erased without undue delay if one of the following reasons applies and if the processing is not required:
If one of the aforementioned reasons applies and a data subject wishes to arrange for the erasure of the personal data that Bremeninvest holds about the data subject, he or she may contact our data protection officer or any other employee of the controller at any time. The data protection officer or other employee of Bremeninvest will ensure that the erasure request is executed without undue delay.
If the personal data has been published by Bremeninvest and if our company – in its capacity as the controller – is obliged to erase the personal data pursuant to Article 17 (1) GDPR, Bremeninvest will take appropriate measures, including technical measures, to inform other controllers in charge of processing the published personal data that the data subject has submitted a request for these controllers to erase any links to its personal data or copies or replicas of its personal data, unless the data is required for processing purposes; Bremeninvest will take account of available technological means and implementation costs when determining what measures are appropriate in this context. The data protection officer or other employee of Bremeninvest will initiate the necessary steps on a case-by-case basis.
The GDPR grants every data subject the right to restrict the processing of their personal data where one of the following applies:
If one of the aforementioned conditions applies and a data subject wishes to request a restriction of the processing of their personal data held by Bremeninvest, the data subject may contact our data protection officer or any other employee of the controller at any time. The data protection officer or other employee of Bremeninvest will initiate the restriction of processing accordingly.
The GDPR grants every data subject the right to receive the personal data they have provided to a controller, in a structured, commonly used and machine-readable format. The data subject also has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Article 6 (1) a GDPR or Article 9 (2) a GDPR or on a contract pursuant to Article 6 (1) b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising his or her right to data portability pursuant to Article 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another where technically feasible and provided the rights and freedoms of others are not adversely affected.
If a data subject wants to exercise this right to data portability, they may contact the data protection officer of Bremeninvest or any other employee of the company at any time.
The GDPR grants every data subject the right to object at any time, on grounds relating to their own particular situation, to processing of their personal data which is based on Article 6 (1) e or f GDPR. This also applies to profiling based on those provisions.
In the event of an objection, Bremeninvest will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject, or if the processing is for the establishment, exercise or defence of legal claims.
Where personal data is processed by Bremeninvest for direct marketing purposes, the data subject shall have the right to object at any time to processing of their personal data for such marketing. This includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing by Bremeninvest for direct marketing purposes, Bremeninvest will no longer be process personal data for such purposes.
Where personal data is processed by Bremeninvest for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
If a data subject wishes to exercise this right to object, he or she may approach the data protection officer of Bremeninvest directly or contact any other employee of the company. In relation to the use of information society services, the data subject may, at its free discretion, exercise its right to object by means of automated processes based on technical specifications, notwithstanding the provisions of Directive 2002/58/EC.
The GDPR grants every data subject the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless this decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.
If the decision is (1) necessary for entering into, or performance of, a contract between the data subject and a data controller or (2) based on the data subject’s explicit consent, Bremeninvest will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to exercise their rights in relation to automated decision-making, they may contact our data protection officer or any other employee of the controller at any time.
The GDPR grants every data subject the right to withdraw consent to the processing of their personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, they may contact our data protection officer or any other employee of the controller at any time.
The controller collects and processes personal data of applicants for the purposes of conducting the application procedure. Data may be processed using electronic methods. This applies in particular where applicants submit their application documents to the controller electronically, e.g. by email or through an online form provided on a website. If the controller and the applicant enter into an employment contract, the data submitted with the application will be stored, in accordance with statutory requirements, for the purposes of carrying out administrative tasks in relation to the employment relationship. If the controller and the applicant do not conclude an employment contract, the application documents will automatically be deleted two months after the applicant was informed that the application was unsuccessful, unless the data erasure conflicts with other legitimate interests of the controller. Other legitimate interests within the meaning of this provision include, but are not limited to, the requirement to furnish evidence in proceedings under the German General Equal Treatment Act (AGG).
The controller has integrated Google Analytics (anonymisation feature applied) as a component on this website. Google Analytics is a web analysis service. Web analysis refers to the collecting, aggregating and analysing of information on the behaviour of website visitors. A web analysis service collects data on the website from which a data subject navigates to the current website (the ‘referrer’), which sub-pages of the current website are accessed, and/or how often and for how long these sub-pages are accessed. Web analysis is primarily used to optimise websites and to analyse the costs and benefits of online advertising.
The Google Analytics component is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the code element ‘_gat._anonymizeIp’ for its web analysis activities through Google Analytics. The application of this code element means that the IP address of the internet access point used by a data subject is shortened and anonymised when our website is accessed from a location in a member state of the European Union or another signatory state to the agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse visitor flows on our website. The data and information collected is used by Google, among other purposes, to analyse traffic on our website, to prepare online reports for us that illustrate the activity on our website pages, and to provide further services in relation to the use of our website.
Google Analytics sets a cookie in the IT system of the data subject. Further details on the nature of cookies are provided in the corresponding section above. Setting cookies enables Google to analyse how visitors use our website. Every time an individual page of the controller’s website that is equipped with the Google Analytics component is accessed, the web browser of the data subject’s IT system is automatically prompted by Google Analytics to submit data for web analysis purposes. As part of this process, Google obtains knowledge of personal data such as the IP address of the data subject and this data is used by Google, among other purposes, to track the origin of visits and clicks and to calculate commission based on this information.
Cookies are used to store personal data such as the time and point of access and the frequency of visits to our website by the data subject. A transmission of this personal data, including the IP address of the data subject’s internet access point, to Google in the United States is triggered by each individual web page visit. The personal data is stored by Google in the United States. Google may pass on personal data collected by means of this method to third parties. The data subject can prevent our website from setting cookies by adjusting the internet browser settings as described above and can thereby object to the placement of cookies on a permanent basis. Configuring the internet browser settings in this way also prevents Google from placing a cookie on the data subject’s IT system. In addition, any cookies that have already been set by Google Analytics can be deleted at any time through the web browser or other software programs.
The controller has integrated components of YouTube on this website. YouTube is an online video platform that enables video content publishers to make video clips available online for free and offers other users the possibility to view, rate and comment on these video contents for free. YouTube allows users to publish a wide range of content. Videos available on this platform therefore range from entire films and TV shows to music videos and trailers as well as videos produced by individual users.
YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Every time an individual page of the controller’s website with an embedded YouTube component (YouTube video) is accessed, the web browser of the data subject’s IT system is automatically prompted by the embedded YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/intl/en-GB/yt/about/. As part of the aforementioned process, YouTube and Google obtain information on which specific sub-page of our website the data subject is accessing.
If the data subject is logged into YouTube at the same time, YouTube can recognise the specific sub-page visited on our website every time the data subject accesses a sub-page that contains an embedded YouTube video. This information is collected by YouTube and Google and allocated to the relevant YouTube account of the data subject.
YouTube and Google are notified by the YouTube component about the data subject visiting our website whenever the data subject is logged into YouTube whilst accessing our website; this happens regardless of whether or not the data subject clicks on a YouTube video. If data subjects do not wish this information to be provided to YouTube and Google, they can prevent this data from being transmitted to these recipients by logging out of their YouTube account before visiting our website.
This site uses the mapping service Google Maps via an API.
Provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.