Kingdom of Bahrain (مملكة البحري
Kingdom of Bahrain (مملكة البحري
COOKIE OVERVIEW
This website uses cookies so we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful. You can adjust your preferences below.
More information about our Cookie Policy.
ESSENTIAL COOKIES
Essential Cookies are enabled at all times so that we can save your preferences for cookie settings. These cookies do not collect any personal or sensitive information or IP addresses. Furthermore, the information they store is not sent to any 3rd parties.
TRACKING COOKIES
This website uses third party cookies such as Google Analytics to collect anonymous information, for example the number of visitors to the site, and the most popular pages. Keeping this cookie enabled helps us to improve our website.
This English language version of our Privacy Policy is provided for your convenience. The original German version available on our German website Formatio.de shall take precedence in the event of any differences between it and the below translation.
We, formatio Einrichtungen GmbH & Co. KG (hereinafter: "the company", "we" or "us"), take the protection of your personal data seriously and would like to inform you about data protection in our company.
With the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR"), additional obligations have been imposed on us within the framework of our data protection responsibility to ensure the protection of personal data of the person affected by processing (hereinafter also referred to as "customer", "user", "you", "your" or "data subject").
Insofar as we decide either alone or jointly with others on the purposes and means of data processing, this primarily includes the obligation to inform you transparently about the type, scope, purpose, duration, and legal basis of the processing (cf. Articles 13 and 14 GDPR). With this declaration (hereinafter: "data protection notice"), we inform you about how your personal data is processed by us.
Our data protection notice is structured modularly. It consists of a general part for any processing of personal data and processing situations that apply every time a website is accessed (A. General) and a special part, whose content only relates to the specified processing situation with the designation of the respective offer or product, in particular the visit to websites elaborated here (B. Visit to Websites).
To find the parts relevant to you, please refer to the following overview of the subdivision of the data protection notice:
| Part | Description | This part is for you… |
| Part A | General | …always relevant. |
| Part B | Website and Social Media Presences | …relevant if you use our German internet offer including our appearances on social media. |
These data protection notices are based on the definitions of terms provided by Art. 4 of the GDPR:
- "Personal data" (Art. 4 No. 1 GDPR) refers to any information relating to an identified or identifiable natural person ("data subject"). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or information about their physical, physiological, genetic, mental, economic, cultural, or social identity. Identifiability can also be provided by a link between such information or other additional knowledge. The creation, form, or embodiment of the information is not decisive (even photos, video, or audio recordings may contain personal data).
- "Processing" (Art. 4 No. 2 GDPR) is any operation or set of operations which is performed on personal data, whether or not by automated means (i.e., technology-assisted). This includes, in particular, collection (i.e., acquisition), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data, whether or not by automated means.
- "Controller" (Art. 4 No. 7 GDPR) is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- "Third party" (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process personal data; this includes other legal entities affiliated with the controller.
- "Processor" (Art. 4 No. 8 GDPR) means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, in particular according to its instructions (e.g., IT service providers). In terms of data protection law, a processor is particularly not a third party.
- "Consent" (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
The controller responsible for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR is:
formatio Einrichtungen GmbH & Co. KG
Alkenbrede 7
32657 Lemgo
Further information about our company can be found in the imprint on our website under Imprint.
Our operational data protection officer is available to answer all your questions about data protection with us. You can contact him/her at:
formatio Einrichtungen GmbH & Co. KG
Management
Data Protection Officer
Alkenbrede 7
32657 Lemgo
By law, processing of personal data is generally prohibited, and is only permitted when falling under one of the following justifications:
- Art. 6 (1) (a) GDPR ("Consent"): When the data subject has voluntarily, informed, and unambiguously indicated, by a statement or by another clear affirmative action, that he or she agrees to the processing of the personal data concerning him or her for one or more specific purposes;
- Art. 6 (1) (b) GDPR: When processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Art. 6 (1) (c) GDPR: When processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., a legal retention obligation);
- Art. 6 (1) (d) GDPR: When processing is necessary to protect the vital interests of the data subject or of another natural person;
- Art. 6 (1) (e) GDPR: When processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
- Art. 6 (1) (f) GDPR ("Legitimate interests"): When processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection
The storage of information on the end user's device or access to information already stored on the end user's device is only permissible if covered by one of the following justifications:
- § 25 (1) TTDSG: If the end user has consented on the basis of clear and comprehensive information. Consent must be given in accordance with Art. 6 (1) (a) GDPR;
- § 25 (2) No. 1 TTDSG: If the sole purpose is the transmission of a message via a public telecommunications network; or
- § 25 (2) No. 2 TTDSG: If storage or access is absolutely necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user.
For the processing operations we carry out, we will specify the applicable legal basis. Processing may also be based on several legal bases.
For the processing operations we carry out, we will specify the applicable legal basis. Processing may also be based on several legal bases.
We will now provide information on how long the data will be stored by us and when it will be deleted or blocked. If no explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data will generally be stored only on our servers in Germany, subject to any further transfer as provided for in A.(7) and A.(8).
However, storage may continue beyond the specified time in the event of a (potential) legal dispute with you or any other legal proceedings, or if storage is required by statutory provisions to which we, as the data controller, are subject (e.g., § 257 HGB, § 147 AO). When the legally prescribed storage period expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for it.
We employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties (e.g., TLS encryption for our website), taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing as well as the risks of a data breach (including their likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
For more information on this, please feel free to contact us. Please contact our data protection officer for this purpose (see under A.(3)).
Like almost every company, we also use external domestic and foreign service providers to process our business transactions (e.g., for IT, logistics, telecommunications, sales, and marketing). These service providers only act on our instructions and have been contractually obligated to comply with data protection regulations in accordance with Art. 28 GDPR.
If personal data is transferred by us to our subsidiaries or vice versa (e.g., for advertising purposes), this is done on the basis of existing order processing relationships.
As part of our business relationships, your personal data may be transferred or disclosed to third-party companies. These companies may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing is carried out exclusively to fulfill contractual and business obligations and to maintain your business relationship with us (legal basis is Art. 6 para. 1 lit b or lit. f each in conjunction with Art. 44 ff. GDPR). We will inform you about the specific details of the transfer at the relevant points below.
The European Commission certifies some third countries through so-called adequacy decisions, indicating a level of data protection comparable to the EEA standard (a list of these countries and a copy of the adequacy decisions can be found here: [Link to EC website]). However, in other third countries to which personal data may be transferred, there may be a lack of consistently high data protection standards due to missing legal provisions. If this is the case, we ensure that data protection is sufficiently guaranteed. This can be achieved through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data pursuant to Art. 46 para. 1, 2 lit. c GDPR (the standard contractual clauses of 2021 are available at [Link to EC website]), certificates, or recognized codes of conduct. Please contact our data protection officer (see under A.(3)) if you would like more information on this.
We do not intend to use personal data collected from you for any automated decision-making process (including profiling).
We do not make the conclusion of contracts with us contingent on you providing us with personal data beforehand. As a customer, you are not generally under any legal or contractual obligation to provide us with your personal data; however, we may be unable to provide certain offers or services fully or at all if you do not provide the necessary data. If this exceptional case arises within the framework of the products offered by us as presented below, you will be notified separately.
We may be subject to a special legal or regulatory obligation to provide lawfully processed personal data to third parties, especially public authorities (Art. 6(1) sentence 1 lit. c GDPR).
You can assert your rights as a data subject regarding your processed personal data to us at any time using the contact details provided at the beginning under A.(2). As a data subject, you have the right:
– according to Art. 15 GDPR, to request information about the personal data processed by us. In particular, you can request information about the purposes of processing, the categories of data, the recipients or categories of recipients to whom your data have been or will be disclosed, the envisaged storage period, the existence of the right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the source of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
– according to Art. 16 GDPR, to demand without undue delay the rectification of inaccurate or completion of your personal data stored by us;
– according to Art. 17 GDPR, to request the deletion of your data stored with us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
– according to Art. 18 GDPR, to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful;
– according to Art. 20 GDPR, to receive your data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transfer to another controller ("data portability");
– according to Art. 21 GDPR, to object to the processing, insofar as the processing is based on Art. 6 para. 1 sentence 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. If it is not an objection to direct marketing, we ask that you provide reasons why we should not process your data as we have been. In the event of your justified objection, we will review the situation and either cease or adapt the data processing, or demonstrate our compelling legitimate grounds for continuing the processing;
– according to Art. 7 para. 3 GDPR, to withdraw your consent once given (including before GDPR came into effect on May 25, 2018) – meaning your voluntary, informed, and unequivocal indication of your will by a statement or clear affirmative action, that you agree to the processing of the relevant personal data for one or more specific purposes – at any time to us. This means that we will no longer continue the data processing based on this consent in the future, and
– according to Art. 77 GDPR, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes GDPR. For us, this is the data protection supervisory authority: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, email: poststelle@ldi.nrw.de.
In the course of the development of data protection law as well as technological or organizational changes, our privacy notices are regularly reviewed for the need for adjustments or additions. You will be informed of changes, in particular on our German website. These privacy notices are current as of February 2024.
You can obtain information about our company and the services we offer, in particular on this website and its associated subpages (hereinafter collectively referred to as "websites"). When you visit our websites, personal data about you may be processed.
When using our websites for informational purposes, the following categories of personal data are collected, stored, and processed by us:
"Log Data": When you visit our websites, a so-called log data record (server log files) is temporarily and anonymized stored on our web server. This record includes:
- the page from which the page was requested (referrer URL)
- the name and URL of the requested page
- the date and time of the request
- the description of the type, language, and version of the web browser used
- the IP address of the requesting computer, which is shortened in such a way that personal reference is no longer possible
- the amount of data transmitted
- the operating system
- the indication of whether the call was successful (access status/HTTP status code)
- the GMT time zone difference
"Contact Form Data": When using contact forms, the data transmitted thereby is processed (e.g., gender, first and last name, address, company, email address, and the time of transmission).
In addition to purely informational use of our website, we offer the subscription to our newsletter, with which we inform you about current developments in business law and events. When you subscribe to our newsletter, the following "newsletter data" is collected, stored, and processed by us:
- the page from which the page was requested (referrer URL)
- the date and time of the request
- the description of the type of web browser used
- the IP address of the requesting computer, which is shortened in such a way that personal reference is no longer possible
- the email address
- the date and time of registration and confirmation
We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your email address and an individual ID. Links contained in the newsletter also contain this ID. The data is collected exclusively in pseudonymized form, i.e., the IDs are not linked to your other personal data, direct personal reference is excluded.
We process the above-mentioned personal data in accordance with the provisions of the GDPR, other applicable data protection regulations, and only to the extent necessary. If the processing of personal data is based on Art. 6 (1) (f) GDPR, the stated purposes also represent our legitimate interests.
The processing of log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 (1) (a) or (f) GDPR).
The processing of contact form data is carried out to process customer inquiries (legal basis is Art. 6 (1) (b) or (f) GDPR).
The processing of newsletter data is for the purpose of sending the newsletter. By subscribing to our newsletter, you consent to the processing of your personal data (legal basis is Art. 6 (1) (a) GDPR). For the registration for our newsletter, we use the so-called double opt-in procedure. This means that after registering, we will send you an email to the email address provided, asking you to confirm that you wish to receive the newsletter. The purpose of this procedure is to verify your registration and, if necessary, to clarify any misuse of your personal data. You can revoke your consent to receive the newsletter and unsubscribe at any time. You can revoke your consent by clicking on the link provided in each newsletter email, by email to [Company Email Address], or by sending a message to the contact details provided in the legal notice.
If the processing of data requires the storage of information in your terminal device or access to information already stored in your terminal device, § 25 (1), (2) TTDSG is the legal basis for this.
Your data will only be processed for as long as is necessary to achieve the processing purposes mentioned above; the legal bases specified within the scope of the processing purposes apply accordingly. Regarding the use and storage period of cookies, please refer to section A. (5).
Third parties employed by us will store your data on their system for as long as necessary in connection with the provision of services to us in accordance with the respective order.
Further information on the storage period can be found under A. (5).
The following categories of recipients, who are usually processors (see A. (7) for this), may receive access to your personal data:
- Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g., for data center services, payment processing, IT security). The legal basis for disclosure is then Art. 6 (1) (b) or (f) GDPR, unless they are processors;
- Governmental authorities/agencies, where this is necessary to fulfill a legal obligation. The legal basis for disclosure is then Art. 6 (1) (c) GDPR;
- Persons employed to carry out our business operations (e.g., auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for disclosure is then Art. 6 (1) (b) or (f) GDPR.
Regarding the assurance of an adequate level of data protection when transferring data to third countries, see A. (8).
In addition, we only pass on your personal data to third parties if you have given your express consent in accordance with Art. 6 (1) (a) GDPR.
The legal basis for cookies that are strictly necessary to provide you with the expressly requested service is § 25 (2) No. 2 TTDSG. Any use of cookies that is not strictly technically necessary for this purpose constitutes data processing that is only permitted with your express and active consent pursuant to § 25 (1) TTDSG in conjunction with Art. 6 (1) (a) GDPR. This applies in particular to the use of Performance, Advertising, Targeting, or Sharing Cookies. Furthermore, we only pass on your personal data processed by cookies to third parties if you have given express consent in accordance with Art. 6 (1) (a) GDPR.
