What data do we collect from you?
- Upon visiting and using this website: access data (the time and date of your visit, the IP address, browser type and operating system you used, the pages you accessed and the page from which you navigated to this website), device data and location data (geographic data)
- Personal and contact data (registration, contact form)
How do we collect your data?
- Cookies, plug-ins, tracking
- User input
For what purposes do we use your data?
- To provide our products and services
- To analyse how visitors use our website
- For legal transactions
- For customer information purposes
We also use your data for
- Advertising and promotion
- Information sharing with third parties (for the provision of our products and services)
What data can only be processed subject to your consent and for what purpose can it be processed?
Name, gender, date of birth, address, contact details (email addresses, phone numbers), shopping basket, order and delivery data, payment data.
What are your rights?
- Information and access
Ask our contact person
WFB Wirtschaftsförderung Bremen GmbH
Phone: 0151 58 38 93 83
1. General information
2. Definition of terms
3. Contact person
4. Data protection information pursuant to Articles 13 and 14 EU GDPR
6. Collection of general data and information
7. Legal basis for data processing
8. Use of automated decision-making
9. Rights of data subject
10. Protection of data in applications and during the application process
1 General information ↑ top
We are delighted that you are interested in our company. Data protection is very important to the management of Bremeninvest. The website pages of Bremeninvest can generally be used without providing any personal data. However, if a person wishes to access particular services of our company through our website, we may need to process personal data. If personal data needs to be processed and no statutory basis for this processing activity exists, we will generally ask the data subject to consent to the processing.
In its capacity as the controller of the processing and the operator of the website and its pages, Bremeninvest has implemented a variety of technical and organisational measures to ensure that personal data processed through our website is protected as seamlessly as possible. However, internet-based data transmission always involves a certain vulnerability and we are thus unable to offer any absolute guarantee in relation to the protection of data. Data subjects are therefore free to provide their personal data to us by other means of communication, for example over the phone.
2 Definition of terms ↑ top
2.1 Personal data ↑ top
Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.2 Data subject
A data subject is any identified or identifiable natural person whose personal data is being processed by the controller.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.4 Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future during the statutory retention periods. This means that data will still be stored, but can only be used for certain processing purposes, such as audits by the tax authorities.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
2.7 Controller in charge of the data processing
The controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
2.8 Joint controllers
Where several companies jointly process personal data and define the purposes and means of their data processing for joint tasks or projects, these companies may be considered ‘joint controllers’ within the meaning of Article 26 GDPR and may therefore establish joint data protection rules and joint measures to safeguard the rights of data subjects.
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
2.11 Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3 Contact person ↑ top
The controller as defined in the General Data Protection Regulation, and the entity responsible within the meaning of other data protection legislation and provisions in relation to privacy that apply in the member states of the European Union, is:
3.1 Name and address of the data protection officer
The data protection officer of the controller is:
WFB Wirtschaftsförderung Bremen GmbH
Tel.: 0151 58 38 93 83
Data subjects can contact our data protection officer directly with any questions or suggestions they may have in relation to data protection.
4 Data protection information pursuant to Articles 13 and 14 EU GDPR ↑ top
As a controller, we have taken appropriate measures to ensure that all information under Articles 13 and 14 and all notices under Articles 15 to 22 and Article 34 are communicated to the data subject of a processing activity in a precise, transparent, understandable and easily accessible way using clear and simple language.
You can view this information or request a copy of it either by contacting your assigned representative at our company directly, sending an email to email@example.com, or downloading the information from our website.
5 Cookies ↑ top
If you visit the Bremeninvest website and your browser settings are configured to accept cookies, we will assume that you are interested in using the services and offers of Bremeninvest.
5.1 What are cookies?
Cookies are small text files that are stored on your computer or other end device when you visit a website. The cookie information is subsequently retransmitted from your computer upon every visit to the website that placed the cookie.
Cookies are useful because they can help us make it easier for you to use our website. They enable us to see how users navigate our website and to analyse how our website offering is being used. In the long run, this will help us improve our online offering and make our website more user-friendly.
5.2 Cookies and their use by Bremeninvest
When you visit the website of Bremeninvest, you accept the use and storage of cookies. Most web browsers save cookies automatically. You can of course also view our website without accepting cookies.
Bremeninvest does not analyse any of your online movements, if you have:
- not accepted cookies
- enabled the Do Not Track function
- enabled the opt-out function (see ‘Manage cookies’)
The steps for disabling the storing of cookies and enabling the Do Not Track function differ from browser to browser. You should usually be able to find instructions in the help section of your web browser.
5.3 Types of cookies used by Bremeninvest
Bremeninvest generally uses two types of cookies:
These are temporary cookies that are stored on your hard drive only for the duration of your visit to our website and will be deleted automatically when the browser is closed.
Bremeninvest uses session cookies to make sure that the user identification during visits to the Bremeninvest customer website section is uninterrupted, which ensures seamless functionality.
Using the customer section of the Bremeninvest website therefore requires the browser settings to be configured in such a way that session cookies are accepted.
Cookies with a longer run time
Cookies with a longer run time are used exclusively for website usage analysis and help us improve the performance of our website.
In order to be able to analyse the browsing behaviour of our users, Bremeninvest uses the Matomo tool. It is not possible for us to infer the identity of individual persons from this data. This data will not be combined with other data sources.
5.4 Manage cookies (opt-out)
If you do not want Bremeninvest to store and analyse and information about your browsing behaviour, you are free to object to this at any time (opt-out).
If you choose not to accept cookies, an opt-out cookie will be deposited in your browser. This opt-out cookie does not contain any information and its sole purpose is to enable our website to recognise that you have opted out.
At this stage, you can decide whether you want to accept a unique web analysis cookie being stored in your browser in order to enable the website operator to collect and analyse a variety of statistical data.
5.5 Information on the opt-out cookie
Deleting all cookies from your hard drive will also delete the opt-out cookie. In this case, the opt-out procedure will need to be carried out again.
If you use several browsers or other end devices, you will need to complete the opt-out procedure for each individual browser on each device used to access the Bremeninvest website. We are not able to identify whether different website visits were made by the same person, end device or browser.
6 Collection of general data and information ↑ top
The Bremeninvest website collects a set of general data and information upon every website access by a data subject or automated system. This general data and information is stored in the server log files. It may include (1) the browser type and version used to open the website, (2) the operating system used by the accessing system, (3) the website from which the accessing system navigated to our website (the ‘referrer’), (4) the sub-pages of our website that were visited by the accessing system, (5) the date and time of the website access, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other comparable data and information that can be used to protect and defend our IT systems against attacks.
Bremeninvest does not trace this general data and information back to the data subject. The actual purpose of collecting this information is (1) to be able to render our website content correctly, (2) to optimise our website content and advertisements based on this information, (3) to ensure the long-term operability of our IT systems and our website technology and (4) to be able to provide criminal authorities with all information of relevance to the prosecution in the event of a cyber attack. This data and information is collected anonymously and is evaluated by Bremeninvest for statistical purposes and in order to increase data protection and data security in our company with the ultimate goal of ensuring an optimum level of protection for the personal data processed by us. The anonymous data in the server log files is stored separately from any personal data provided by a data subject.
6.1 Ways to contact us through our website
In keeping with statutory requirements, the website of Bremeninvest includes information on how to contact our company quickly by electronic means and how to communicate with us directly. This includes an email address. If a data subject contacts the controller by email or via an online contact form, the personal data submitted by the data subject will be stored automatically. Such personal data submitted voluntarily by the data subject to the controller will be stored for processing purposes or to establish contact with the data subject. This personal data will not be passed on to third parties.
6.2 Routine erasure and blocking of personal data
The controller will process and store the personal data of data subjects only for the period of time that is required to achieve the purpose of the data storage, or in compliance with any laws or other provisions applicable to the controller that were implemented by EU legislators or by another competent legislator.
If the purpose for the data storage ceases to exist or if a data retention period determined by EU legislators or by another competent legislator expires, personal data is routinely blocked or erased in accordance with statutory provisions.
7 Legal basis for data processing ↑ top
Article 6 (1) a GDPR provides the legal basis for our company’s processing activities for which we obtain the consent of the data subject for a particular processing purpose. If personal data needs to be processed to perform duties under a contract to which the data subject is a party, as for example in the case of processing activities required to deliver goods, perform a service or provide a consideration, such processing activities are based on Article 6 (1) b GDPR. The same applies for processing activities required to perform steps prior to entering into a contract, e.g. in relation to enquiries about our products or services. Where our company needs to process personal data to comply with legal obligations such as tax requirements, such processing activities are based on Article 6 (1) c GDPR. In rare cases, personal data may need to be processed to protect the vital interests of the data subject or of another natural person. This might, for example, be the case if a person visiting our company premises sustains an injury and the person’s name, age, health insurance details or other vital information need to be provided to a doctor, a hospital, or another third party. Such processing activities would be based on Article 6 (1) d GDPR. Last but not least, processing activities may also be based on Article 6 (1) f GDPR. This provision forms the legal basis for processing activities that are not covered by any of the above legal bases, provided that the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing activities are permitted, in particular, because European legislators have expressly provided for them. The legislators were of the opinion that a legitimate interest could be assumed to exist where the data subject is a client of the controller (recital 47 sentence 2 GDPR).
7.1 Legitimate interests in processing activities pursued by the controller or a third party
Where personal data is processed on the basis of Article 6 (1) f GDPR, our legitimate interest is to conduct our business activities for the benefit of our employees and shareholders.
7.2 Duration for which personal data is stored
The duration for which personal data will be stored is determined by the applicable statutory retention period. At the end of the prescribed retention period, standard procedure is to erase the data, provided it is no longer required for the performance of a contract or to take steps prior to entering into a contract.
7.3 Statutory or contractual requirements for the provision of personal data; data required for the formation of a contract; obligations of data subjects who provide personal data; possible consequences of a failure to provide data
We would like to clarify for you that in certain cases, the provision of personal data is required by law (e.g. tax laws) or contractual stipulations (e.g. information on the counterparty to an agreement). To form a contract, it may be necessary for a data subject to make personal data available to us that we will subsequently need to process. A data subject may, for example, be required to provide us with certain personal data if a contract is to be concluded between our company and the data subject. A failure to provide this personal data would make the conclusion of a contract with the data subject impossible. Before providing personal data, the data subject must contact our data protection officer. Based on the specifics of the individual case, our data protection officer will inform the data subject whether the provision of personal data is required by law or contract or is necessary to conclude a contract, whether the data subject is under any obligation to provide the personal data, and what the consequences of a failure to provide such personal data would be.
8 Use of automated decision-making ↑ top
As a responsible business, we do not use automated decision-making processes or profiling.
9 Rights of data subject ↑ top
9.1 Right to be informed
The GDPR grants every data subject the right to be informed about the collection and use of their personal data. If a data subject wants to exercise this right to obtain information, the data subject may contact our data protection officer or any other employee of the controller at any time.
9.2 Right of access
The GDPR grants every data subject the right to access the personal data that is being stored and processed and to obtain a copy of this information from the controller free of charge. It furthermore grants every data subject the right to obtain information about:
- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the right to lodge a complaint with a supervisory authority
- where the personal data is not collected from the data subject, any available information as to its source
- the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
The data subject also has the right to obtain information as to whether their personal data was transferred to a third country or an international organisation. Where personal data is transferred to a third country or to an international organisation, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wants to exercise this right to obtain such information, he or she may contact our data protection officer or any other employee of the controller at any time.
9.3 Right to rectification
The GDPR grants every data subject the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, they may contact our data protection officer or any other employee of the controller at any time.
9.4 Right to erasure (‘right to be forgotten’)
The GDPR grants every data subject the right to demand that their personal data be erased without undue delay if one of the following reasons applies and if the processing is not required:
- The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- The data subject withdraws the consent on which the processing is based according to Article 6 (1) a GDPR or Article 9 (2) a GDPR and there is no other lawful basis for the processing.
- The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (1) GDPR.
- The personal data has been unlawfully processed.
- The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
If one of the aforementioned reasons applies and a data subject wishes to arrange for the erasure of the personal data that Bremeninvest holds about the data subject, he or she may contact our data protection officer or any other employee of the controller at any time. The data protection officer or other employee of Bremeninvest will ensure that the erasure request is executed without undue delay.
If the personal data has been published by Bremeninvest and if our company – in its capacity as the controller – is obliged to erase the personal data pursuant to Article 17 (1) GDPR, Bremeninvest will take appropriate measures, including technical measures, to inform other controllers in charge of processing the published personal data that the data subject has submitted a request for these controllers to erase any links to its personal data or copies or replicas of its personal data, unless the data is required for processing purposes; Bremeninvest will take account of available technological means and implementation costs when determining what measures are appropriate in this context. The data protection officer or other employee of Bremeninvest will initiate the necessary steps on a case-by-case basis.
9.5 Right to restrict processing
The GDPR grants every data subject the right to restrict the processing of their personal data where one of the following applies:
- The accuracy of the personal data is contested by the data subject, whereby the restriction applies for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
- The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
- The data subject has objected to processing pursuant to Article 21 (1) pending verification of whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions applies and a data subject wishes to request a restriction of the processing of their personal data held by Bremeninvest, the data subject may contact our data protection officer or any other employee of the controller at any time. The data protection officer or other employee of Bremeninvest will initiate the restriction of processing accordingly.
9.6 Right to data portability
The GDPR grants every data subject the right to receive the personal data they have provided to a controller, in a structured, commonly used and machine-readable format. The data subject also has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Article 6 (1) a GDPR or Article 9 (2) a GDPR or on a contract pursuant to Article 6 (1) b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising his or her right to data portability pursuant to Article 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another where technically feasible and provided the rights and freedoms of others are not adversely affected.
If a data subject wants to exercise this right to data portability, they may contact the data protection officer of Bremeninvest or any other employee of the company at any time.
9.7 Right to object
The GDPR grants every data subject the right to object at any time, on grounds relating to their own particular situation, to processing of their personal data which is based on Article 6 (1) e or f GDPR. This also applies to profiling based on those provisions.
In the event of an objection, Bremeninvest will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject, or if the processing is for the establishment, exercise or defence of legal claims.
Where personal data is processed by Bremeninvest for direct marketing purposes, the data subject shall have the right to object at any time to processing of their personal data for such marketing. This includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing by Bremeninvest for direct marketing purposes, Bremeninvest will no longer be process personal data for such purposes.
Where personal data is processed by Bremeninvest for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
If a data subject wishes to exercise this right to object, he or she may approach the data protection officer of Bremeninvest directly or contact any other employee of the company. In relation to the use of information society services, the data subject may, at its free discretion, exercise its right to object by means of automated processes based on technical specifications, notwithstanding the provisions of Directive 2002/58/EC.
9.8 Automated individual decision-making, including profiling
The GDPR grants every data subject the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless this decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.
If the decision is (1) necessary for entering into, or performance of, a contract between the data subject and a data controller or (2) based on the data subject’s explicit consent, Bremeninvest will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to exercise their rights in relation to automated decision-making, they may contact our data protection officer or any other employee of the controller at any time.
9.9 Right to withdraw consent to data processing
The GDPR grants every data subject the right to withdraw consent to the processing of their personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, they may contact our data protection officer or any other employee of the controller at any time.
10 Protection of data in applications and during the application process ↑ top
The controller collects and processes personal data of applicants for the purposes of conducting the application procedure. Data may be processed using electronic methods. This applies in particular where applicants submit their application documents to the controller electronically, e.g. by email or through an online form provided on a website. If the controller and the applicant enter into an employment contract, the data submitted with the application will be stored, in accordance with statutory requirements, for the purposes of carrying out administrative tasks in relation to the employment relationship. If the controller and the applicant do not conclude an employment contract, the application documents will automatically be deleted two months after the applicant was informed that the application was unsuccessful, unless the data erasure conflicts with other legitimate interests of the controller. Other legitimate interests within the meaning of this provision include, but are not limited to, the requirement to furnish evidence in proceedings under the German General Equal Treatment Act (AGG).
1 Analytical tools ↑ top
1.1 Statistical evaluations with Matomo
We use the tool Matomo for web analysis. Matomo uses so-called “cookies”, which are text files that are stored on your computer and that allow us to analyze the use of the website. For this purpose, the usage information generated by the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes, which serves the web page optimization on our part. Your IP address will be immediately anonymized during this process so that you remain anonymous to us as a user. The information generated by the cookie about your use of this website will not be disclosed to third parties.
If you do not agree with the storage and evaluation of this data from your visit, then you can object to the storage and use at any time by clicking the mouse. In this case, a so-called opt-out cookie is stored in your browser, with the result that Matomo does not collect any session data. Attention: If you delete your cookies, this will result in the opt-out cookie being deleted as well and possibly re-activated by you.
2 Social media ↑ top
2.1 Data protection provisions regarding the use of YouTube
The controller has integrated components of YouTube on this website. YouTube is an online video platform that enables video content publishers to make video clips available online for free and offers other users the possibility to view, rate and comment on these video contents for free. YouTube allows users to publish a wide range of content. Videos available on this platform therefore range from entire films and TV shows to music videos and trailers as well as videos produced by individual users.
YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Every time an individual page of the controller’s website with an embedded YouTube component (YouTube video) is accessed, the web browser of the data subject’s IT system is automatically prompted by the embedded YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/intl/en-GB/yt/about/. As part of the aforementioned process, YouTube and Google obtain information on which specific sub-page of our website the data subject is accessing.
If the data subject is logged into YouTube at the same time, YouTube can recognise the specific sub-page visited on our website every time the data subject accesses a sub-page that contains an embedded YouTube video. This information is collected by YouTube and Google and allocated to the relevant YouTube account of the data subject.
YouTube and Google are notified by the YouTube component about the data subject visiting our website whenever the data subject is logged into YouTube whilst accessing our website; this happens regardless of whether or not the data subject clicks on a YouTube video. If data subjects do not wish this information to be provided to YouTube and Google, they can prevent this data from being transmitted to these recipients by logging out of their YouTube account before visiting our website.
o recognise the specific sub-pages of our website that the data subject is accessing every time the data subject visits our website and for the entire duration of each visit to our website. This information is collected by the Twitter component and allocated to the relevant Twitter account of the data subject. If the data subject uses an embedded Twitter button on our website, the data and information transmitted by this action is allocated to the data subject’s personal Twitter user account and is stored and processed by Twitter.
Twitter is notified by the Twitter component about the data subject visiting our website whenever the data subject is logged into Twitter whilst accessing our website; this happens regardless of whether or not the data subject clicks on
3 Other plug-ins ↑ top
3.2 Google Maps ↑ top
This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this page has no influence on this data transmission. The use of Google Maps is in the interest of an attractive presentation of our online offers and to make it easier to find the places we have specified on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can find more information on the handling of user data in Google’s data protection declaration: https://policies.google.com/privacy?hl=en&gl=en