1. Information on the Processing of Personal Data
We inform you below about the processing of personal data when using
our website https://www.baind.de,
our social media profiles,
our app.
Personal data refers to all data that can be related to an identified or identifiable natural person, e.g., name or IP address.
1.1. Contact Details
The controller according to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is baind AG, Agnes-Pockels-Bogen 1, 80992 Munich, Germany,
E-mail: info@baind.de. Legally represented by Florian Huber and Sebastian Weisel.
1.2. Scope of Data Processing, Purposes, and Legal Bases
The scope, purposes, and legal bases for data processing are detailed below. The following legal bases generally apply:
Art. 6 para. 1 sentence 1 lit. a GDPR: Processing based on consent.
Art. 6 para. 1 sentence 1 lit. b GDPR: Processing necessary for the performance of a contract or pre-contractual measures.
Art. 6 para. 1 sentence 1 lit. c GDPR: Processing to comply with a legal obligation (e.g., tax law).
Art. 6 para. 1 sentence 1 lit. f GDPR: Processing based on legitimate interests (e.g., technically necessary cookies).
1.3. Data Processing Outside the EEA
If we transfer data to service providers or third parties outside the EEA, we ensure data security through:
Adequacy decisions by the EU Commission (e.g., UK, Canada, Israel) according to Art. 45 para. 3 GDPR.
Standard Contractual Clauses (SCCs) if no adequacy decision exists (e.g., USA), as per Art. 46 para. 2 lit. b GDPR.
Additional contractual guarantees, such as data encryption or notification obligations if authorities request access.
1.4. Storage Duration
Unless otherwise specified in this privacy policy, stored data will be deleted once it is no longer required for its intended purpose and no legal retention obligations prevent deletion. If data is not deleted because it is required for other legally permissible purposes, its processing will be restricted (i.e., blocked and not processed for other purposes). This applies, for example, to data required for commercial or tax reasons.
1.5. Rights of Data Subjects
Data subjects have the following rights regarding their personal data:
Right of access,
Right to rectification or erasure,
Right to restriction of processing,
Right to object to processing,
Right to data portability,
Right to withdraw consent at any time.
Additionally, data subjects have the right to lodge a complaint with a data protection supervisory authority.
1.6. Obligation to Provide Data
Customers, interested parties, or third parties are only required to provide personal data necessary for establishing, carrying out, or terminating a business or other relationship, or where we are legally obliged to collect such data. Without this data, we may not be able to enter into or continue a contract or provide a service. Mandatory fields are marked as such.
1.7. No Automated Individual Decision-Making
We do not use fully automated decision-making (including profiling) as per Article 22 GDPR to establish or carry out a business relationship. If we use such methods in individual cases, we will inform you separately if legally required.
1.8. Contact
When you contact us (e.g., by e-mail or telephone), the data you provide (such as name and e-mail address) will be stored to answer your questions. The legal basis is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in responding to inquiries. Data will be deleted once storage is no longer necessary, or processing will be restricted if there are statutory retention obligations.
1.9. Customer Surveys
We occasionally conduct customer surveys to better understand our customers and their needs. The data collected is based on our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR). Data is deleted after the survey results have been evaluated.
2. Newsletter
We may inform existing customers about our offers by e-mail or other electronic means, unless they have objected. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in direct marketing, Recital 47 GDPR). Customers can object to the use of their e-mail address for advertising at any time, e.g., via the link at the end of each e-mail or by contacting us.
Interested parties can subscribe to a free newsletter. Data provided during registration is processed solely for sending the newsletter, based on consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Consent can be withdrawn at any time. We use MailerLite (MailerLite Limited, Dublin, Ireland) for newsletter distribution; data is processed within the EU.
3. Data Processing on the Website
3.1. Informational Use
When using the website for informational purposes only, we collect personal data transmitted by your browser to our server to ensure stability and security. This constitutes a legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR). Data collected includes:
IP address,
Date and time of the request,
Time zone difference to GMT,
Content of the request (specific page),
Access status/HTTP status code,
Amount of data transferred,
Website from which the request comes,
Browser,
Operating system and interface,
Language and version of the browser software.
This data is also stored in log files and deleted when no longer necessary, at the latest after 14 days.
You can change or withdraw your cookie consent at any time: https://baind.de/cookies
3.2. Web Hosting and Website Provision
Our website is hosted by Amazon Web Services, Inc., USA, based on a data processing agreement (Art. 28 GDPR). Data processed includes content, usage, meta/communication, and contact data. The legal basis is our legitimate interest in providing a website (Art. 6 para. 1 sentence 1 lit. f GDPR).
3.3. Contact Form
When contacting us via the website contact form, the data entered and the message content are stored. The legal basis is our legitimate interest in responding to inquiries (Art. 6 para. 1 sentence 1 lit. f GDPR). Data is deleted once storage is no longer required, or processing is restricted if there are statutory retention obligations.
3.4. Appointment Booking
Visitors can book appointments via our website. In addition to the entered data, meta or communication data is processed. The legal basis is our legitimate interest in offering user-friendly appointment scheduling (Art. 6 para. 1 sentence 1 lit. f GDPR).
3.5. Technically Necessary Cookies
We use cookies necessary for the operation of our website. The legal basis for processing is our legitimate interest in providing a functional website (Art. 6 para. 1 sentence 1 lit. f GDPR).
3.6. Contract Processing
Data provided for using our goods and/or services is processed for contract performance (Art. 6 para. 1 lit. b GDPR). Data is deleted after contract completion, subject to statutory retention periods. Data may be shared with transport or payment service providers as necessary for delivery or payment.
3.7. Customer Account / Registration
If you create a customer account, the data entered during registration is used exclusively for pre-contractual services, contract fulfillment, or customer care. IP address and registration date/time are also stored. Data is not shared with third parties. Consent is obtained during registration (Art. 6 para. 1 lit. a GDPR). Consent can be withdrawn at any time. Data is deleted when no longer required, subject to statutory retention periods.
3.8. Third-Party Providers
Google Webfonts: Used for fonts, processed on our servers. Legal basis: legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR).
Google Maps: Used for maps, data processed in the USA based on consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
Google Tag Manager, Conversion Tag, Analytics: Used for analytics and advertising, data processed in the USA based on consent and Standard Contractual Clauses.
Framer.com: Website created and hosted by Framer B.V., Netherlands. Data may be transferred outside the EEA based on Standard Contractual Clauses.
Zapier: Used for automation, data processed in the USA based on legitimate interest and Standard Contractual Clauses.
Facebook Pixel: Used for analytics, data processed in the USA based on consent and Standard Contractual Clauses.
HubSpot: Used for marketing and CRM, data processed in the USA and EU based on consent and Standard Contractual Clauses.
LinkedIn Insight Tag: Used for conversion tracking, data processed in the EU based on consent.
Vimeo: Used for video embedding, data processed in the USA based on consent and Standard Contractual Clauses.
BingAds: Used for conversion and tracking, data processed in the USA based on consent and Standard Contractual Clauses.
Microsoft Booking: Used for appointment scheduling, data processed in the EU/USA based on contract and legitimate interest, with Standard Contractual Clauses.
TWIPLA (Visitor Analytics): Used for website analytics, data processed anonymously or based on consent.
Dealfront: Used for B2B visitor analytics, processes IP addresses to identify companies.