Data Protection Policy

§ 1 Information on the collection of personal data

(1) General information

Thank you for your interest in our website. Protecting your personal data upon your visit to our website is a particularly high priority for the management of Bernhard Müller Betonsteinwerk GmbH. We have set out the following information to give you an overview of how your personal data is processed by us and your rights under data protection legislation. Personal data is any data that can be related to you personally, for example, your name, address, e-mail addresses, and user behavior.

Where a data subject wishes to use particular services offered by our company via our website, such as our contact form, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for the processing, we generally obtain the consent of the data subject. Data is processed at all times in compliance with the European General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations that apply to Bernhard Müller Betonsteinwerk GmbH.

As the data controller, Bernhard Müller Betonsteinwerk GmbH has implemented technical and organizational measures to ensure that your personal data processed on this website is protected to the greatest possible extent against loss, destruction, access, alteration, or dissemination by unauthorized persons. This also includes securely transmitting your personal data in encrypted form. We use the TSL (Transport Layer Secu

However, it is impossible to guarantee complete protection due to fundamental security vulnerabilities in web-based data transmission.

(2) Controller

The controller pursuant to Art. 4 (7) of the European General Data Protection Regulation (GDPR) and the applicable country-specific data protection regulations is:

Bernhard Müller Betonsteinwerk GmbH
Gewerbegebiet Heid
Ambros-Nehren-Straße 7
D-77855 Achern
Tel.: +49 (7841) 20 4 – 0
Fax: +49 (7841) 20 4 – 121

You can write to our Data Protection Officer at the above postal address c/o Data Privacy Officer, or you can send an e-mail to:

(3) General information on data processing

We collect and use the personal data of our users only where this is necessary to provide a functional website, to display our content, and to provide services. The personal data of our users is collected and used only with the consent of the user. This does not apply to cases where it is not possible to obtain prior consent for practical reasons and where the processing of the data is permitted under statutory regulations.

The following legal bases apply to the processing of your personal data:

  • Processing on the basis of consent (Art. 6 (1) a) GDPR)
  • Processing for the purpose of performing a contract to which the data subject is party. This also applies to processing that is necessary to take steps prior to entering into a contract (Art. 6 (1) b) GDPR)
  • Processing that is necessary for compliance with a legal obligation to which our company is subject (Art. 6 (1) c) GDPR)
  • Processing in the event that the vital interests of the data subject or another natural person render the processing of personal data necessary (Art. 6 (1) d) GDPR)
  • Processing that is necessary to protect the legitimate interests of our company or a third party, except where these interests are overridden by the interests, fundamental rights, and freedoms of the data subject (Art. 6 (1) f) GDPR). Legitimate interests may include, in particular:
    • Correctly displaying the content of our website
    • Statistical analyses for the purpose of monitoring and optimizing our website
    • Providing law enforcement authorities with the information required for criminal prosecution in the event of a cyberattack
    • Responding to requests and providing services and/or information intended for you
    • Processing and transmitting personal data for internal or administrative purposes
    • Preventing and investigating cases of fraud and criminal offenses
    • Ensuring the permanent operational reliability of our IT systems and the technology used on our website with a view to strengthening data protection and data security within our company

§ 2 Your rights

(1) My rights as a data subject

You can request information on the data stored on you (Art. 15 GDPR) using the above contact details. Additionally, you can request rectification where we have stored inaccurate data relating to you (Art. 16 GDPR). Under certain conditions, you can also request the erasure of your data (Art. 17 GDPR) or exercise your right to object (Art. 21 GDPR). You also have the right to restrict the processing of your personal data (Art. 18 GDPR) and the right to receive the data that you have provided (Art. 20 GDPR). The restrictions under Articles 34 and 35 GDPR apply to the right of access and the right to erasure.

If you believe that the processing of your personal data contravenes the requirements if the General Data Protection Regulation, you have the right to contact your respective regulatory authority for data protection (Article 77 GDPR in conjunction with s. 19 BDSG). For Baden-Württemberg, this is the State Agency for Data Protection and Information Freedom (Landesbeauftragte für den Datenschutz und die Informationsfreiheit), Königstrasse 10 a, 70173 Stuttgart.

(2) Objection to/withdrawal of consent to the processing of your data

If you have given your consent to the processing of your data, you can withdraw this consent at any time. Withdrawing your consent affects the lawfulness of the processing of your personal data after you have notified us of the withdrawal.

Insofar as we have based the processing of your personal data on the balance of interests, you can object to the processing. This is the case where, in particular, processing is not necessary to perform a contract with you, as we have outlined in the following description of the respective functions. If you choose to exercise your right to object, please state the reasons why we should not process your personal data as we have been doing so far. If your objection is justified, we will examine the situation and will either stop processing your data, or adapt the manner in which we do so, or state our compelling legitimate reasons for continuing to process your data.

(3) Who has access to my data?

Unless otherwise provided for in the detailed descriptions of our services, those units within our company that need your data to fulfill our contractual and statutory obligations will have access to it. We will only disclose information relating to you where statutory duties to provide information require us to do so, where you have given your consent and/or where the disclosure is legitimate under another legal basis.

Where we engage the services of contracted service providers for specific functions of our website, these providers are carefully selected and commissioned by us, are bound by our instructions and monitored on a regular basis.

(4) How long is my data stored?

Unless otherwise provided for in the detailed descriptions of our services, we process and store your personal data as long as is necessary to fulfill our contractual and statutory obligations.

Your personal data is periodically deleted or blocked where it is no longer required to fulfill contractual or statutory obligations, you have exercised your right to erasure, all reciprocal claims have been settled, and no other statutory retention obligations or legal bases for storing the data exist.

§ 3 Collection of personal data when you visit our website

(1) Use of server log files

Each time a data subject or an automated system accesses our website, a series of general data and information is collected in log files. This includes an Internet protocol address (IP address), the browser types and versions used, the website from which the accessing system accesses our website (so-called referrer), the sub-pages on our website accessed by the accessing system, date and time of the access to our website, and other similar data and information for risk prevention purposes in case of attacks on our IT systems.

The legal basis for the temporary storage of data and log files is Art. 6 (1) f) GDPR in connection with the aforementioned legitimate interests.

Temporary storage of the IP address by the system is necessary to ensure that the website is transmitted to the user’s computer. In this case, the user’s IP address must be stored for the duration of the session.

Data is stored in log files to ensure that the website functions properly. The data also helps us to optimize the website and ensure the security of our IT systems. This also forms the basis for our legitimate interest in the data processing pursuant to Art. 6 (1) f) GDPR. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Where data is collected to provide the website, this is the case when the respective session has ended. The collection of data for the provision of the website and the storage of data in log files is necessary to operate the website. The log files may also be inspected where, on the basis of specific indications, there is legitimate reason to suspect illegal use or a specific attack on our website. Here, our legitimate interest in the processing lies in identifying and prosecuting the individuals behind such attacks or illegal use.

(2) Use of cookies

Cookies are small text files that are assigned to your browser and stored on your hard drive, and by means of which specific information is transmitted to the body setting the cookie (in this case, us). Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make the website more user-friendly and more efficient as a whole.
Our website currently uses no cookies.

(3) Data protection conditions on the deployment and use of Web Fonts

This page uses so-called Web Fonts, which are provided by Google, for the uniform representation of fonts. When accessing a page, your browser loads the required Web Fonts to your browser cache in order to display texts and fonts correctly.

To this end, the browser connection used by you must connect to the servers of Google. As a result of this, Google learns that our website was accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive representation of our online offers. This represents a justified interest as defined in Art. 6 (1) f) GDPR.

If your browser does not support Web Fonts, a standard font is used by your computer.

More information about Google Web Fonts is available at and in Google’s data protection declaration:

More information about Font Awesome is available at and

§ 4 Other functions and services of our website

Besides the purely informational use of our website, we also offer various services which you can use if interested. You will generally be asked to provide further personal data in this case, which we will use to provide the respective service. The above data processing principles apply to the personal data provided.

(1) Using the contact options

You can contact us using the e-mail address provided. In such cases, we store the personal data of the user that is transmitted in the e-mail. The data is used solely for the ongoing dialogue with you and will not be shared with third parties. We have a legitimate interest in processing the personal data transmitted in an e-mail under Art. 6 (1) f) GDPR.

Where the purpose of the e-mail contact is to conclude a contract, Art. 6 (1) b) GDPR applies additionally to steps taken prior to entering into a contract and, where applicable, for subsequent processing in order to perform a contract.

We only store personal data that is processed by us within the context of a general request sent in an e-mail until such time as our dialogue has ended. The dialogue is deemed to have ended when it can be seen from the circumstances that the issue in question has been conclusively resolved.

If you contact us by e-mail, you can, of course, also object at any time to the storage of your personal data. In such cases, we will not be able to continue the dialogue with you.

(2) Collection and use of personal data in the course of a job application procedure

Ensuring the highest possible level of protection for your personal data in the application process is important to us. All personal data that is collected and processed by us as part of an application is protected against unauthorized access and manipulation by technical and organizational measures.

We process personal data of applicants such as name, contact details, CV, nationality, work permit etc. for selection and appointment purposes with the objective of filling posts in the company during application of interested parties.

The legal grounds for processing of your personal data constitute justification, appointment and termination of contractual relationships pursuant to Art. 6 (1) b), compliance with legal obligations pursuant to Art. 6 (1) c) and also your consent expressed by voluntary submission of data not necessarily needed for the purpose (e.g. hobbies in the CV).

Additionally, data is processed on the basis of our legitimate interests pursuant to Art. 6 (1) f) GDPR:

  • To optimize our application processes
  • To ensure observance of compliance regulations, industry standards, and contractual obligations
  • To establish, exercise, or defend legal claims, and
  • To prevent damage to and/or liability on the part of our company by adopting appropriate measures

Your data is deleted once it is no longer needed for the purpose for which it was collected; it will, however, be retained for as long as is necessary to defend legal claims or against accusations under the General Equal Treatment Act (AGG). This is usually 6 months. Particularly interesting applicants to whom we are unable to offer a position at that point in time are asked to provide separate consent so that their data can be retained for a longer period (usually one year). Where accounting-related processing takes place, for example the reimbursement of travel expenses, the data required for this is deleted in accordance with the statutory retention periods, which are usually 6 or 10 years.

If the application is successful and we are able to offer you a contract of employment within our company, we will transfer the data collected during the application process to our personnel files.

§ 5 Use of social media

We currently use the following social media plug-ins: YouTube. We use the so-called two-click solution for these plug-ins. This means that when you visit our website, no personal data is initially sent to the plug-in providers. You can recognize the plug-in provider by the marking in the box around its initial letter or its logo. You can use the button to communicate directly with the plug-in provider. The plug-in provider is only notified that you have accessed the respective page of our website if you click on the marked field and thereby activate it. The data specified in Section III of this policy is also transmitted. In the case of Facebook, according to the provider in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data relating to you is transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA). As the plug-in provider collects data particularly through the use of cookies, we recommend that you delete all cookies in your browser’s security settings before clicking the grayed-out box.

We have no influence on the data collected or the manner in which it is processed, nor are we aware of the full scope of the data collection, the purposes of the processing or the storage periods. We also have no information about the deletion of the collected data by the plug-in provider.

The plug-in provider stores the collected data relating to you in the form of user profiles and uses these for the purpose of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even if users are not logged in) in order to display appropriate ads and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; however, you must contact the respective plug-in provider to exercise this right. We use this plug-in to enable you to interact with the social media networks and other users so that we can improve our online presence and make the content more interesting for you as the user. The legal basis for the use of plug-ins is Art. 6 (1) f) GDPR.

The data is transmitted regardless of whether or not you have an account with the plug-in provider and are logged into it. If you are logged into the plug-in provider, the data relating to you collected by us is directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you routinely log out after using any social media network, and in particular before activating the button, as this prevents the plug-in provider from linking this data to your profile.
Further information on the purpose and scope of the data collection and processing by the plug-in provider can be found in the providers’ privacy policies listed below. These policies also contain further information on your rights in this context and the settings to protect your privacy.

Addresses of the respective plug-in providers and URLs where you can find their privacy policies:

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;; further information about the data collection:, sowie Facebook has submitted to the EU-US Privacy Shield,

Data Protection Policy