Skip to main content

Data Privacy

It is especially important to us to protect your personal data and responsibly handle the information that you entrust to us. AMF-Bruns GmbH & Co. KG (AMF-Bruns) only processes personal data in accordance with statutory regulations, including but not limited to the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). This Privacy Policy applies to the AMF-Bruns conveyor technology section, including the website www.amf-foerderanlagen.de. The corresponding privacy policies for our other sections can be found on the respective website.

In this Privacy Policy, we disclose the legal bases on which, the extent to which and for which purposes we process personal data when

  • general use is made of our website (see Section 2) and when further data processing (see Section 3) is carried out on our website amf-foerderanlagen.de,
  • visiting our Facebook fan page and Instagram profiles (Insights) (see Section 4),
  • using our services on social networks (LinkedIn) (see Section 5),
  • concluding contracts with us (see Section 6),
  • visiting our business premises (video surveillance) (see Section 7),
  • visiting the business offices and production sites (visitor process) (see Section 8),
  • applying for a position (see Section 9),
  • we establish contact in the usual way through business operations (e.g. trade fairs) (see Section 10),
  • we send advertising and information flyers (see Section 11).

We also inform you about the recipients of your personal data within the European Economic Area (EEA) (Section 12) and in third countries (Section 13), the deletion of your personal data and corresponding retention periods (Section 14), your rights as the data subject (Section 15) and whether automated decision-making is used (Section 16).

1. Controller and Data Protection Officer

Controller: AMF-Bruns GmbH & Co. KG, Hauptstrasse 101, 26689 Apen, Germany; info@amf-bruns.de

Data protection officer: PLANIT // LEGAL Rechtsanwaltsgesellschaft mbH, Jungfernstieg 1, 20095 Hamburg; mail@planit.legal

2. General use of our websites

In the section below, we have provided general information about the legal bases, purposes and, if applicable, legitimate interests and the need to process your personal data.

We have implemented SSL or TLS encryption on our website (identified by the ‘https://’ in the address bar and the padlock symbol) in order to protect your personal data transferred to us via our website against unauthorised access by third parties.

a) Data processing when you visit our websites
When you visit our website, we collect personal data to enable you to use it (usage data). This includes your IP address and data about the start and end points of your usage of the website and why you are using the website, and potentially also identification data (such as your login data if you log in to a secure area). This also includes technical data transferred from your browser such as its type/version, the referrer URL, monitor resolution, operating system and any device information (e.g. device type), etc. It is in our legitimate interest to process this data in order to provide our website and design it such that it meets user needs (Art. 6 (1) (f) GDPR). If you would like detailed information on the balancing of interests, please contact one of the people mentioned in Section 1.

b) Contact form
We process your personal data when you use our contact form. If you contact us using the contact form provided, your information will be stored so that it can be accessed to process and respond to your query. Please note that there may be security gaps when data is transferred online. Data cannot be protected completely against third-party access. Depending on the nature of your query, the legal basis for this data processing will be the admissibility of processing in the context of contract preparation, a contract, or our legitimate interest in providing a contact form for general queries (Art. 6 (1) (b) or (f) GDPR). You are not obliged to contact us via the contact form or to provide any personal data. If you do not provide your personal data, we may not be able to process your request. Apart from that, there will be no consequences for you. If you would like detailed information on the balancing of interests, please write to one of the addresses mentioned in section 1.

3. Supplementary data processing when visiting our website

When you visit our website www.amf-foerderanlagen.de, we process your personal data as described below, in addition to the purposes listed in Section 2.

a) Access and storage on your device (“cookies”)
We use tracking technologies on our website that enable us or our contractors or service providers to collect data relating to use of our website. These tracking technologies are usually referred to as cookies, which is why we will also use this term below. However, the following statements also apply accordingly to other tracking technologies or file formats, such as local storage, pixels, beacons or tags. Cookies are text files that are stored on your device in the browser. User-related pseudonymous data may be stored in these files. This data can then be read again. When you visit our website www.amf-foerderanlagen.de for the first time, we display a cookie consent banner to inform you about the tracking technologies we use and to let you choose which optional cookies you wish to consent to. You can change your selection at any time in the Privacy Preference Centre on our website (see below under (iv)).

i. Technically necessary cookies
In certain cases, it is absolutely necessary to store information on your device, or to access information already stored on your device, so that we can make our website available for you to use (‘necessary cookies’ or ‘essential’). In these cases, your device is accessed on the basis of Section 25 (2) (2) Telecommunications Digital Services Data Protection Act (TDDDG). Insofar as this information relates to a person and is further processed by us in our IT systems, the legal basis for this data processing is our legitimate interest in providing our website and ensuring data security, Art. 6 (1) (f) GDPR.

ii. Cookies requiring consent
Any cookies that are not technically necessary are only used with your consent. We use the following categories of cookies requiring consent:

  • Performance cookies: these cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answer questions about which pages are the most popular, which are the least used and how visitors move around the website. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not be able to know when you visited our website.
  • Functional cookies: these cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we use on our pages. If you do not allow these cookies, some or all of these services may not function properly.
  • Cookies for marketing purposes: these cookies may be set on our website by our advertising partners. They may be used by these companies to create a profile of your interests and show you relevant advertisements on other websites. They do not store personal data directly, but are based on a unique identification of your browser and Internet device. If you do not allow these cookies, you will see advertising that is less targeted.

Further information about the file name, storage period, provider and category of each of the cookies can be found in the cookie settings of the cookie consent banner or in the Privacy Preference Centre of the relevant website (under the categories ‘Statistics’ or ‘External Media’).

Further information about the file name, storage period, provider and category of each of the cookies can be found in the cookie settings of the cookie consent banner or in the Privacy Preference Centre of the relevant website (under the categories ‘Statistics’ or ‘External Media’).

iii. Consent to transfer to third countries
We also use cookies from third-party providers on www.amf-foerderanlagen.de that are based in third countries outside the European Union (EU) and the European Economic Area (EEA), or use servers in such third countries. The level of data protection in such third countries may not be comparable to that in the EU. For this reason we additionally safeguard the transfer of your personal data (for example, through your consent via our cookie consent banner or the Privacy Preference Centre (Art. 49 (1) (a) GDPR), the conclusion of standard contractual clauses or an effective adequacy decision by the European Commission).

When deciding which cookies you want to consent to, please take into account that by consenting to the setting of the relevant cookies, you are also consenting to any associated transfer of your personal data to unsafe third countries.

You can find out details of which third-party providers and cookies this affects in the cookie settings in the cookie consent banner or in the Privacy Preference Centre of the website.

iv. Withdrawal of your consent
You can withdraw your consent given in the cookie consent banner at any time with future effect (Art. 7 (3) GDPR). To do this, go to the Privacy Preference Centre on our website. You can access the Privacy Preference Centre by clicking on the ‘Cookie Settings’ link in the bottom left corner of our website. In the Privacy Preference Centre, you have the option to revoke and re-grant consent already given by de-checking the corresponding cookies. However, you can also select additional cookies there and give us further consent in this respect.

Your selection of optional cookies will in turn be stored in your browser as a cookie handled by our cookie consent management provider Borlabs GmbH, Rübenkamp 32, 22305 Hamburg.

b) Use of Google services
We use several services of the US provider Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on www.amf-foerderanlagen.de. If you consent to the setting of the corresponding cookies by Google in our cookie consent banner or the Privacy Preference Centre of our website, Google collects certain personal data from you. This is done by storing cookies in your browser with a pseudonymous user ID assigned by Google. The data collected by means of Google Analytics is also stored on Google’s servers in the USA. We have activated the ‘IP anonymisation’ function on our website. As a result, your IP address will be truncated by Google within member states of the EU or the EEA before being transferred to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then truncated. The IP address transferred within the scope of using the Google services listed below will not be merged with other Google data. The legal basis for the use of Google services is your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG (see Section 2.b.ii.).

When deciding whether to consent to our use of Google cookies, please note that by consenting to the use of these cookies, you also consent to any associated transfer of your personal data to the USA.

You can access Google’s privacy policy here.

i. In particular Google Analytics
If you consent to the setting of the Google Analytics cookie in our cookie consent banner or the Privacy Preference Centre of our website, Google collects data relating to your use of our website. This allows Google to assign data relating to usage behaviour on our website to this particular pseudonymous user. We have commissioned Google to use this information to evaluate the usage behaviour on the website, to compile reports on website activity and to provide us with other services relating to website activity and Internet usage.

ii. In particular Google Ads, Google Ads Remarketing
Google Ads enables us to display advertisements in the Google search engine or on third-party websites if you enter certain search terms in Google (keyword targeting). In addition, targeted advertisements can be displayed on the basis of the user data available to Google (e.g. location data and interests) (target group targeting). We can evaluate this data quantitatively by, for example, analysing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to then display interest-based advertising in the Google advertising network (remarketing or retargeting). Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google’s cross-device functions. In this way, interest-based, personalised advertising messages that were tailored to you based on your previous usage and surfing behaviour on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC). If you have a Google account, you can object to personalised advertising here.

iii. Google Conversion Tracking
With the help of Google Conversion Tracking by Google Tag Manager, Google and we can recognise whether users have performed certain actions. For example, we can evaluate which buttons on our website were clicked on and how often, and which products were viewed or purchased particularly often. This information is used to generate conversion statistics. We learn the total number of users who have clicked on our advertisements and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or similar recognition technologies for identification purposes.

iv. Google Maps
We use Google Maps in the interest of making the presentation of our online offers appealing and to make it easy to find the places indicated by us on the website.

v. Embedding of YouTube Videos
YouTube videos from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, are integrated into our website. With your consent via our cookie banner (Art. 6, (1) (a) GDPR), a connection to YouTube is established and the YouTube video is loaded accordingly. Personal data (e.g. IP address, device information) may be transferred to YouTube or Google and cookies may be set. YouTube also recognises which subpage you have visited.

Google may also transfer data to the USA in this context. Google is certified in accordance with the EU‑US Data Privacy Framework, which ensures an appropriate level of data protection for data transfer in accordance with Art. 45 GDPR.

Google itself is responsible under data protection law for the subsequent processing of the data after the YouTube platform is accessed. We have no influence over this data processing.

Further information on data processing by Google can be found in Google’s Privacy Policy at: https://policies.google.com/privacy?hl=en

c) Use of a content delivery network (Cloudflare)
We use the ‘Cloudflare’ service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as ‘Cloudflare’). Cloudflare offers a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed via the Cloudflare network. This enables Cloudflare to analyse the data traffic between your browser and our website and act as a filter between our servers and potentially malicious traffic from the Internet. Cloudflare may also use cookies or other technologies to recognise Internet users, but these are used solely for the purpose described here. The use of Cloudflare is based on our legitimate interest in the error-free and secure provision of our website (Art. 6 (1) (f) GDPR), as well as on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG with regard to the cookies set. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. In addition, Cloudflare is certified according to the EU-US Data Privacy Framework, which ensures an appropriate level of data protection for data transfer in accordance with Art. 45 GDPR.

Details can be found here. Further information on the topic of security and data protection at Cloudflare can be found here.

d) Google reCAPTCHA
We also use Google’s “reCaptcha v3” captcha technology. In Europe, the subsidiary Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Through the use of reCaptcha v3, a distinction can be made between data entries on our website by a human being or automatically created by programs. For this purpose, Google analyses the behaviour of the website visitor on the basis of various characteristics. This analysis starts automatically as soon as the website visitor enters the website and runs completely in the background. For the analysis, Google evaluates various information from which a personal reference to the respective website visitor can be established (IP address, the behaviour of the website visitor, information about the operating system, browser and length of stay, display instructions and scripts, the input behaviour of the website visitor and mouse movements). The data collected during the analysis is also transferred to Google servers located in the USA and stored there.

Data processing is based on Art. 6 (1) (f) GDPR, as we have a legitimate interest in protecting our website from abusive and automated spying and from spam.

For more information on Google reCaptcha v3 and Google’s privacy policy, please see the following links: Privacy policies and About reCAPTCHA.

d) LinkedIn Insight Tag
This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

With the help of the LinkedIn Insight tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, amongst other things, analyse the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our page to the respective target groups. Furthermore, we can use LinkedIn Insight Tags to measure whether visitors to our website make a purchase or take another action (conversion measurement). Conversion measurement can also be performed across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted advertising outside the website to visitors to our website. According to LinkedIn, no identification of the advertising addressee takes place. LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser characteristics and time of access). The IP addresses are truncated or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data will then be deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it as part of its own advertising activities. Details can be found in LinkedIn’s Privacy Policy – available here.

The legal basis is Art. 6 (1) (a) GDPR and Section 25 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here and here. LinkedIn is also certified according to the EU-US Data Privacy Framework, which ensures an appropriate level of data protection for data transfer in accordance with Art. 45 GDPR.

Object to the analysis of user behaviour and targeted advertising by LinkedIn here: Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

f) LinkedIn Lead Gen Forms
As part of our online marketing activities, we use what are known as Lead Gen Forms on LinkedIn. Lead Gen Forms are advertisements that enable contact forms to be integrated into sponsored content. Lead Gen Forms are particularly important to us in the B2B area. By using these Lead Gen Forms, we can offer interested parties an option to provide their e-mail address or other user information. We use this functionality to address potential customers in a more targeted manner. The legal basis for the processing of your personal data entered via the form is Art. 6 (1) (f) GDPR. We have a legitimate interest in processing the data you have entered in order to process and respond to your enquiry appropriately. If you are a member of the LinkedIn platform, LinkedIn can assign the access to the aforementioned content and functions to the profiles of the users on the platform.

Further information on data protection and LinkedIn’s Lead Gen Ads can be found here or at this link.

Here you have the option of preventing this in future by setting an opt-out cookie.

Once the purpose has been achieved, we delete the data transferred by you via Lead Gen Forms, unless we are legally obliged to retain it for a longer period or we still need your personal data for the performance or processing of an existing contract or for evidence purposes. In such cases, we delete the data concerned after expiry of the statutory retention period or as soon as we no longer need the data for the performance or processing of an existing contract or for evidence purposes.

g) Google Fonts & Font Awesome (local hosting)
On our website, we use  fonts from Google (Google Fonts) and Fonticons Inc. (Font Awesome) in order to uniformly display fonts. The fonts of both providers are hosted locally by us. When you visit our website, there is no connection to Google and Fonticons servers in the USA.

Further information on Google Fonts can be found here and in Google’s Privacy Policy: available here.

Further information about Font Awesome can be found in the Privacy Policy for Font Awesome: available here.

4. Visiting our Facebook fan page and Instagram profile (Insights)
If you visit or interact with our Facebook fan page or Instagram profile, your personal data (e.g. ‘Like’ information) will be processed as described in this section.

a) Joint Controllership
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, provides us with statistics and insights that help us understand the use of our fan page or Instagram profile (‘Page Insights’). In this case, Meta and AMF-Bruns are jointly responsible for data processing (‘joint controller’). Instagram and Facebook are services provided by Meta. The following information applies to both our Facebook fan page and our Instagram profile.

b) Legal basis, purpose and necessity of the processing of your personal data
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, provides us with statistics and insights that help us understand the use of our fan page or Instagram profile (‘Page Insights’). In this case, Meta and AMF-Bruns are jointly responsible for data processing (‘joint controller’). Instagram and Facebook are services provided by Meta. The following information applies to both our Facebook fan page and our Instagram profile.

  • Age
  • Gender
  • Location

We process this data in our legitimate interest in order to maintain the features of our fan page, to review our reach and to design and present our fan page according to your interests. If you would like detailed information on the balancing of interests, please write to one of the addresses mentioned in Section 1.

c) Further Information on our Joint Controllership with Meta
In order to define transparently and explicitly the responsibilities for compliance with the obligations arising from the GDPR between AMF-Bruns and Meta, we have entered into an agreement with Meta which states that Meta is primarily responsible for data processing when our fan page is visited. In particular, Meta is responsible if you exercise your rights under Articles 12 and 13 of the GDPR, Articles 15 to 22 of the GDPR and for compliance with the obligations under Articles 32 to 34 of the GDPR.

You can also direct your data processing query relating to our fan page to us at any time, or exercise your rights vis-à-vis the address specified in Section 1 (further information on your rights can be found in Section 15). We will forward your concern to Meta insofar as necessary to address your query or exercise your rights.

Further information on Page Insight data and the exercise of your rights can be found here in the information provided by Meta. For more information on the definition of responsibilities under joint responsibility within the meaning of Art. 26 GDPR, see the agreement with Facebook: available here.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Meta is also certified in accordance with the EU-US Data Privacy Framework. Details can be found here and here.

You can also deactivate the “Custom Audiences” remarketing feature in the Ads Settings section here. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate behavioural advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: available here.

You can find more information about the setting of cookies when visiting our fan page in Meta’s Cookie Policy.

Further information on protecting your privacy at Meta can be found in Meta’s Privacy Policy: available here.

Further information on data protection at Instagram can be found here.

5. LinkedIn
We maintain an online presence within the “LinkedIn” social network in order to communicate with the users who are active there or to offer information about us.

For a detailed description of the forms of processing by LinkedIn and the options for objecting, please refer to the privacy policies and information provided by LinkedIn as the network operator. We would also like to point out that in the case of requests for information and the assertion of rights as data subjects, these can be asserted most effectively with LinkedIn as the provider, as only the provider has access to the user’s data and can take appropriate measures and provide information directly. If you still need help, please do not hesitate to contact us.

The service provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn). You can find LinkedIn’s Privacy Policy here. The opt-out option can be found here.

The legal basis for the processing of your personal data is the legitimate interest in offering an online presence in a social network with appropriate features in order to communicate with the users who are active there or to be able to offer information there, Art. 6 (1) (f) GDPR. If you would like detailed information on the balancing of interests, please contact one of the people mentioned in Section 1.

6. Conclusion and execution of contracts
We process your personal data in order to conclude and perform contracts with you (purchase contract). The legal basis for this is Art. 6 (1) (b) GDPR. We process your personal data to establish and execute the contractual relationship with you. You must provide your personal data for this purpose. You are not obliged to provide your personal data, but if you do not, it will not be possible to establish and execute the contractual relationship. Apart from that, there will be no consequences for you.

7. Visit to our premises (video surveillance)
If you visit our premises, please note that we use video systems to monitor some of the outdoor area and car park. These areas are identified by the following pictogram:

The legal basis for this data processing is Art. 6 (1) (f) GDPR and Section 4 (1) No. 2, No. 3 German Federal Data Protection Act (BDSG). The purpose we pursue is to prevent, detect and investigate offences, to safeguard our property rights and to comply with road safety obligations. Our legitimate interest as defined by Art. 6 (1) (f) GDPR is the protection of our property as well as the property and physical safety of all visitors and employees. If you would like detailed information on the balancing of interests, please contact one of the people mentioned in Section 1.

8. Visit to the business premises and production sites (visitor process)
If you visit our business or production facilities as a guest, we process the following data: Last name, first name, employer, date of visit. The legal basis for this is Art. 6 (1) (f) GDPR. The purpose we pursue is to prevent, detect and investigate offences, to safeguard our property rights and to comply with road safety obligations. Our legitimate interest as defined by Art. 6 (1) (f) GDPR is the protection of our property as well as the property and physical safety of all visitors and employees. If you would like detailed information on the balancing of interests, please contact one of the people mentioned in Section 1.

9. Applying for a job
We process your personal data as part of the job application process. The legal basis for this is Section 26 (1), (8) sentence 2 German Federal Data Protection Act (BDSG) or Section 26 (2), (8) sentence 2 German Federal Data Protection Act (BDSG) or Art. 6 (1) (b) GDPR. The data is processed in the context of initiating an employment relationship with you. We process your personal data in order to contact you and to assess your suitability for the position you are applying for. You cannot apply for a position at AMF-Bruns if you do not provide your personal data. You are not obliged to apply for a position at AMF-Bruns, nor are you obliged to provide your personal data. We may not be able to consider your application if you do not provide us with your personal data. Apart from that, there will be no consequences for you.

10. Establishment of contact in the usual way through business operations (e.g. trade fair)
This section describes circumstances that result in the processing of personal data that is customary in the ordinary course of business.

This primarily includes cases such as the spontaneous exchange of contact data at trade fairs, events, business meals or other business activities, e.g. through the exchange of business cards or the establishment of initial contact by AMF-Bruns or by you with business content, e.g. by entering details into a contact form. We also process your personal data if you contact us via other channels (e-mail or similar).

The legal basis is Article 6 (1) (b) or (f) GDPR – depending on the purpose of providing your personal data or establishing contact.

Purpose and necessity of the processing of personal data
We collect the following categories of personal data when you or we establish contact: Contact details, such as your name, address, e-mail or telephone number, information about your company, such as address, e-mail, business field, job description, title, information about your input/enquiry, such as content, time of enquiry, method of communication. This data is processed for storage in our contact databases within the scope of business activities, such as e-mail programs, telephone books, files, etc. for the purpose of re-establishing contact and/or dealing with your request and further processing.

Our legitimate interest is the establishment of contact for any initiation of a business relationship, the re-establishment of contact and/or dealing with your request and further processing as well as general communication with you.

If you would like detailed information on the balancing of interests, please write to one of the addresses mentioned in Section 1.

11. Sending advertising and information flyers
We use your personal data, which you have provided to us in the course of a business relationship with us, to send you advertising and information flyers. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest in accordance with Art. 6 (1) (f) GDPR lies in the advertising of our products. We process your personal data to send you product, company and event information. Our legitimate interest lies in providing information about AMF-Bruns and our services as well as communicating with you.

12. Transfer to recipients of personal data within the EEA
We only disclose the personal data described in this Privacy Policy to the extent necessary to provide our service or to the extent required by law. For the purposes specified here, personal data is forwarded to the service providers that work for us and in particular help us to provide our services. These service providers are bound by the statutory obligation to comply with all data protection provisions, and we also impose additional contractual obligations relating to data protection on them. This includes in particular an obligation as a processor in accordance with Art. 28 GDPR. We forward personal data to the following types of service providers in particular:

  • Accounting, financial institutions, tax and legal advice,
  • IT service and infrastructure/hosting,
  • IT support and maintenance,
  • Data destruction and facility services.

Apart from that, we only transfer personal data to other recipients if we are legally permitted to do so or you have consented to this in advance. Any consent granted may be revoked at any time with effect for the future. We only pass on your data to government bodies in accordance with statutory obligations or as a result of an official order or court decision, and only to the extent permitted under data protection law.

13. Transfer to recipients of personal data in countries outside the EEA
If necessary for our purposes, we may also transfer your data to recipients outside the EU, in particular to the USA. These data transfers are usually carried out on the basis of the adequacy decision of the European Commission of 10 July 2023 (C(2023) 4745). Our service providers are generally certified under the EU-US Data Privacy Framework. If this is not the case, we ensure appropriate safeguards within the meaning of Art. 46 GDPR. If this is not the case, we ensure appropriate safeguards within the meaning of Art. 46 GDPR. This may include conclusion of the European Commission’s standard contractual clauses and, if necessary, additional measures to ensure an appropriate level of data protection. In individual cases, we make the transfer to third countries conditional on your consent to this transfer of data in accordance with Art. 49 (1) sentence 1 (a) GDPR. We forward personal data to the following types of service providers in particular:

  • Web analysis,
  • Intra-group order processing and data transfer.
  • In addition to the aforementioned types, other types of service providers may exist or be added at any time.

14. Erasure
We delete your personal data when it is no longer required for the aforementioned processing purposes, if there are no compelling, legitimate grounds on the part of AMF-Bruns that preclude erasure if a data subject lodges an objection, or if there is no legal basis for the processing in the event that the data subject withdraws consent. In certain cases, for example if there is a statutory retention obligation, your personal data will initially be blocked and deleted at the end of the retention period.

CCTV images are generally deleted after a period of no more than 72 hours. In justified individual cases, particularly for criminal investigations or to preserve evidence, recordings may be kept for longer and deleted once they have fulfilled this purpose.

Position-related data is retained until a decision has been made and then deleted after no more than six months or, if the job application is successful, transferred to personnel files.

15. Your rights
As a data subject, you have the following rights:

  • A right to confirmation as to whether data relating to you is processed by AMF-Bruns and, if applicable,
  • The right to access this personal data and to obtain a copy of the data (Art. 15 GDPR),
  • A right to rectification of your incorrect data (Art. 16 GDPR),
  • A right to erasure (Art. 17 GDPR) and
  • A right to restriction (blocking) of your data (Art. 18 GDPR).

If processing is based on Art. 6 (1) (e) or (f) GDPR, you may also object to the processing (Art. 21 GDPR), although you must have a specific reason, except in the case of direct marketing. You can ask for data to be transferred insofar as you have provided it (Art. 20 GDPR). The aforementioned regulations legally define whether and to what extent these rights exist in individual cases and the conditions under which they apply. If the processing is based on consent as defined by Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, you can revoke this at any time with future effect (Art. 7 (3) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).

If you any questions or complaints relating to data protection at AMF-Bruns, please contact our data protection officer in the first instance (contact details can be found in section 1).

16. No automated individual decision-making
We do not use your personal data for automated individual decision-making within the meaning of Art. 22 (1) GDPR.

Changes to the Privacy Policy
We may need to amend this Privacy Policy as a result of new legal requirements, corporate decisions and technical developments. The Privacy Policy will then be amended accordingly. The most recent version can be found on our website.

As at: September 2025