Privacy Policy

Below, BAP Capital GmbH, Elsa-Brändström-Straße 15, 58507 Lüdenscheid (hereinafter: “we” or “us”) informs you about the collection of personal data when using this web application. Personal data means all data that can be related to you personally, e.g. name, address, email addresses, user behavior. Pursuant to Article 4 GDPR (General Data Protection Regulation), personal data means any information relating to an identified or identifiable natural person; a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this happens. Please note that data transmission over the Internet (e.g. communication by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

1. Scope

   This privacy policy applies to the online offering of BAP Capital GmbH and to the personal data collected via this web application. For websites of other providers that may be referenced, e.g. via links, only the privacy notices and statements provided there apply. We assume no liability for this external content. The linked pages were checked for possible legal violations at the time the link was created. No unlawful content was identifiable at the time the link was created. However, continuous monitoring of the content of linked pages is not reasonable without specific indications of a legal violation. As soon as legal violations on the linked websites become known, we will remove the affected links immediately.

2. General information and mandatory details
   1. Controller

      The controller responsible for the processing of personal data on this web application within the meaning of the GDPR (General Data Protection Regulation) is:
      BAP Capital GmbH
      Elsa-Brändström-Straße 15,
      58507 Lüdenscheid
      Authorized managing director: Nico Bachmann
      Email: info@bap-capital.de
      The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

   2. SSL/TLS encryption

      This web application uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the operator. You can recognize an encrypted connection by the browser’s address line switching from “http://” to “https://” and by the lock icon in your browser. If SSL/TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

   3. Information, restriction, deletion

      Within the scope of the applicable legal provisions, you have the right at any time to receive free information about your stored personal data, its origin and recipients, and the purpose of data processing, and, if applicable, a right to rectification, restriction, or deletion of this data. For this purpose, as well as for further questions on the topic of personal data, you can contact us at any time at the address stated in the legal notice.

   4. Right to data portability

      You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

   5. Withdrawal of your consent to data processing

      Many data processing operations are only possible with your explicit consent. You may withdraw consent that you have already given at any time. An informal email notification to us is sufficient. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by the withdrawal.

   6. Right to restriction of processing:

      Within the framework of Article 18 GDPR, you have the right to request restriction of the processing of your data.

   7. Right to lodge a complaint with the competent supervisory authority

      In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection matters is the State Data Protection Commissioner of the federal state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link:
      https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

   8. Objection to advertising emails

      We hereby object to the use of contact data published as part of the legal notice obligation for the transmission of advertising and information material that has not been expressly requested. The operators of this web application expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example via spam emails.

3. Data collection on our web application
   1. Data collection

      Your data is collected, on the one hand, when you provide it to us. This may, for example, be data that you enter into a form. Other data is collected automatically by our IT systems when you visit the web application. This is mainly technical data (e.g. internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter our web application. When visiting our web application, a log file (so-called log files) is created with information that your browser transmits to us, such as the time of access and, for example, the amount of data transferred. When using the web application purely for informational purposes, i.e. if you do not transmit any information to us, we only collect non-personal access data that your browser transmits to our server (so-called “server log files”). For reasons of data security—i.e. to be able to investigate unauthorized access or prevent misuse of the web application—the full IP address of the requesting computer is collected, stored, and automatically deleted 7 days after access ends.

   2. Data use

      Part of the data is collected to ensure error-free provision of the web application.
      Other data, such as the information you provide to request financing, may be used to fulfill the respective request. The conditions stated under (3.7) apply.

   3. Storage duration and retention periods

      The data collected in the context of inquiries is stored for a period of 2 years, unless we have a right or obligation to retain it under statutory provisions. All periods begin at the end of the month in which the processing of the inquiry is completed. Otherwise, the duration of storage of personal data is based on statutory retention rights and obligations (cf. commercial and tax law). After the retention period expires, the data is deleted at the end of the month, provided it is not required for the initiation, performance, or termination of a contract and/or we have no legitimate interest in processing it.

   4. Your rights regarding your data

      You have the right at any time to receive free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request the rectification, restriction, or deletion of this data. For this purpose, as well as for further questions on the topic of data protection, you can contact us at any time at the address stated in the legal notice. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

   5. Server log files

      The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. Each request for an Internet file stores the following non-personal access data:

      1. Browser type and browser version
      2. The page from which the file was requested
      3. The name of the requested file
      4. The amount of data transferred
      5. Access status and type of access
      6. Operating system used
      7. Referrer URL
      8. Hostname of the accessing computer
      9. Date and time of the server request
      10. Anonymized IP address of the requesting computer

   6. The data mentioned under (3.5) is not merged with other data sources. The legal basis for data processing is Article 6(1)(f) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. This data is not disclosed to third parties.

   7. Processing of data (customer and contract data)

      We collect, process, and use personal data only insofar as it is necessary for establishing, defining the content of, or changing the legal relationship (inventory data). This is done on the basis of Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We collect, process, and use personal data about the use of our web application (usage data) only insofar as this is necessary to enable the user to use the service or to bill for it. The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.