Data protection
Privacy policy
Status: 01.03.2026
Thank you very much for your interest in our company and our website.
The protection of your personal data is a high priority for us. We treat your data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
With the following information we would like to inform you transparently,
- which personal data we collect,
- the purposes for which they are processed,
- on what legal basis this is done,
- how long we store data and
- what rights you have as a data subject.
Our privacy policy is aimed at all visitors to our website – regardless of whether you are simply accessing information or contacting us.
We have taken technical and organizational measures to protect your data in the best possible way. Nevertheless, data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection against access by third parties is not technically possible.
Definitions
To make the following information easier to understand, we explain some key terms of the General Data Protection Regulation (GDPR):
a) personal data
Personal data is any information relating to an identified or identifiable natural person.
This includes, for example:
- Name
- E-mail address
- Phone number
- IP address
- Location data
- Online identifiers
A person is considered identifiable if they can be identified directly or indirectly.
b) Processing
Processing is any operation in connection with personal data. This includes in particular
- the collection
- saving
- changing
- the transmission
- the deletion
In short, any use of personal data is processing.
c) Person responsible
The controller is the natural or legal person who decides on the purposes and means of processing personal data. With regard to this website, Brühl Safety GmbH is the controller.
d) Processor
A processor is a service provider that processes personal data on behalf of the controller, for example a hosting provider. There are contracts with all processors used in accordance with Art. 28 GDPR.
e) Consent
Consent is your voluntary agreement to the processing of personal data for a specific purpose. You can withdraw your consent at any time with effect for the future.
f) Third country
A third country is a country outside the European Union (EU) or the European Economic Area (EEA). For some of the services we use, data may be transferred to the USA. We will inform you about this transparently in the respective sections.
1. responsible person
Responsible for the processing of your personal data on this website is
Brühl Safety GmbH
Waldstraße 63 b
57250 Netphen
Germany
Phone: +49 2737 5934 0
E-mail: info@bruehl-safety.com
Represented by the managing directors Heinrich Brühl and Kai Wienecke.
2. data protection officer
Our externally appointed data protection officer is:
dokuworks GmbH
Mr. Markus Weber
Essener Str. 1
57234 Wilnsdorf
E-Mail: datenschutz@doku.works
You are welcome to contact us or our externally appointed data protection officer at any time with any data protection concerns.
3. general information on data processing
Personal data is all information with which you can be personally identified. This includes, for example
- IP address
- Name
- E-mail address
- Usage behavior
We process personal data exclusively in accordance with:
- the General Data Protection Regulation (GDPR)
- the Telecommunications Digital Services Data Protection Act (TDDDG)
4. hosting
Our website is operated by the following external hosting service provider:
Raidboxes GmbH
Mario Stiebner
Hafenstraße 32
48153 Münster
E-Mail: datenschutz@raidboxes.de
Further information on data protection at Raidboxes can be found at:
https://raidboxes.io/legal/privacy/
The following data is automatically collected when you visit our website:
- IP address
- Date and time of access
- Browser type and version
- Operating system
- Referrer URL
- accessed subpages
This data is technically necessary in order to:
- deliver the website correctly
- guarantee IT security
- Defending against attacks
- analyze technical errors
Legal basis
Art. 6 para. 1 lit. f GDPR (legitimate interest)
Storage duration
Server log files are automatically deleted after 14 days.
There is a contract with the hosting provider for order processing in accordance with Art. 28 GDPR.
5. cookies and consent management
What are cookies?
Cookies are small text files that are stored on your end device.
They may be technically necessary or used for analysis and advertising.
Borlabs Cookie – Managing your consent
We use the consent management tool Borlabs Cookie.
Borlabs ensures that:
- you can choose which services to activate on your first visit
- Tracking services are only loaded after your consent
- Your decision is documented
- You can revoke your consent at any time with effect for the future
Storage duration
12 months
Legal basis
Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR
You can find more information on data protection at Borlabs at:
https://de.borlabs.io/datenschutz/
6. technically necessary services
These services are necessary for the operation of the website. Consent is not required (Section 25 (2) TDDDG).
6.1 WordPress
Our website is based on WordPress. WordPress is a system for managing website content.
Technically necessary cookies are set, for example for:
- Management of meetings
- Storage of login data
Storage duration
Session cookies: end of session, login cookies: up to 14 days
Legal basis
Art. 6 para. 1 lit. f GDPR
You can find more information on data protection at WordPress at:
https://wordpress.org/about/privacy/
6.2 WPML (multilingualism)
WPML enables our website to be displayed in several languages.
It stores your selected language in a cookie.
Storage duration
1 year
You can find more information on data protection at WPML at:
https://wpml.org/home/privacy-policy/
6.3 JQuery CDN
For certain functions we use the JavaScript library “jQuery”, which is partly loaded via a so-called Content Delivery Network (CDN). Your IP address is technically transmitted to the provider.
Third country transfer
USA possible
You can find more information on data protection at:
https://openjsf.org/privacy-policy/
7. analysis and marketing services (only with consent)
These services help us to understand:
- how visitors use our website
- how successful advertising measures are
Legal basis:
Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG
You can revoke your consent at any time with effect for the future.
7.1 Google Analytics
Google Analytics is an analysis service from Google. It helps us to understand:
- how many visitors use our website
- which contents are particularly interesting
- how long users stay on the website
Processed data
- shortened IP address
- Device information
- Usage behavior
IP anonymization is activated.
Storage duration
14 months
Third country transfer
USA (DPF / standard contractual clauses)
You can find more information on data protection at Google at:
https://policies.google.com/privacy
7.2 Google Tag Manager
Google Tag Manager is an administration tool that technically controls other tracking services. It does not store any personal data itself, but can trigger other services.
You can find more information on data protection at Google at:
https://policies.google.com/privacy
7.3 Google Ads
Google Ads enables us to run advertising campaigns and measure their success. Cookies can be set in order to:
- Capture ad clicks
- Analyze conversion actions
Storage duration
up to 90 days
You can find more information on data protection at Google at:
https://policies.google.com/privacy
7.4 Meta Pixel (Facebook)
The Meta Pixel is used to measure the success of Facebook ads. It enables:
- Analysis of advertising campaigns
- Formation of target groups
- Addressing visitors again
Storage duration
up to 180 days
You can find more information on data protection at Meta at:
https://www.facebook.com/privacy/policy/
7.5 LinkedIn Insight Tag
The LinkedIn Insight Tag enables the analysis of LinkedIn advertising campaigns. It processes:
- IP address
- Device information
- Interaction data
Storage duration
up to 180 days
You can find more information on data protection at LinkedIn at:
https://www.linkedin.com/legal/privacy-policy
7.6 Serverside tracking (taggrs)
What is server-side tracking?
With server-side tracking, certain usage information is not transmitted directly to third-party providers via your end device, but is first processed on our own server and forwarded from there – pseudonymized if necessary. We use a tracking technology (“Taggrs”) to evaluate the use of our website and to optimize marketing measures.
What data is processed?
- IP address (shortened or pseudonymized if necessary)
- Device and browser information
- pages viewed
- Interactions
- Timestamp
Depending on the configuration, this data can then be forwarded to analysis or marketing service providers.
Purpose of the processing
- Analysis of user behavior
- Measuring the success of marketing measures
- Technical optimization of the website
Legal basis
If the server-side tracking is used for analysis or marketing purposes, the processing is carried out exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG. Consent can be revoked at any time via the cookie banner.
Storage duration
The storage period depends on the respective configuration and is generally a maximum of 14 months. If data is transmitted to third-party providers, their storage periods also apply.
Provider
If an external service provider is used for the server-side infrastructure, the processing is carried out on the basis of an order processing contract in accordance with Art. 28 GDPR. Further information on the data protection of the respective tracking provider can be found in their privacy policy: https://dashboard.taggrs.io/de/legal/privacy
8 Embedded services
8.1 YouTube
We use YouTube to provide videos.
When playing a video:
- your IP address is transmitted
- cookies can be set
- your behavior can be associated with your Google Account’
You can find more information on data protection at YouTube at:
https://policies.google.com/privacy
8.2 Google Maps
We use Google Maps to display our location. When loading the map, your IP address is transmitted to Google.
You can find more information on data protection at Google at:
https://policies.google.com/privacy
8.3 3Dfindit (CADENAS GmbH)
3Dfindit is a platform for providing 3D CAD models and technical product data. We use this solution to provide our customers with digital product information and technical drawings. The service is technically provided via the “partcommunity” platform of CADENAS GmbH and is integrated into our website.
What data is processed?
When the corresponding pages are accessed, a connection to the servers of CADENAS GmbH is established. In particular, the following data may be processed:
- IP address
- Date and time of access
- Browser information
- Usage data in connection with the display or download of CAD files
Depending on use, further data may also be processed, especially if interactive functions are used.
Purpose of the processing
- Provision of 3D CAD models
- Technical product presentation
- Improving our range of services
Legal basis
If the service is technically integrated and is not required for purely functional purposes, the processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG. If only a technical provision without tracking takes place, the processing can also be based on Art. 6 para. 1 lit. f GDPR (legitimate interest in a modern product presentation).
Storage duration
The specific storage period depends on the specifications of CADENAS GmbH.
Provider
CADENAS GmbH
Further information on data protection at CADENAS can be found at:
9. contact form
When you contact us, we store your data:
- Your name
- Your e-mail address
- Your message
Purpose
Processing your request
Storage duration
6 months after completion of processing
10. third country transfer
When using Google, Meta or LinkedIn services, data may be transferred to the USA. This takes place on the basis of:
- EU-U.S. Data Privacy Framework
- Standard contractual clauses
A residual risk of state access cannot be completely ruled out.
11. your rights
You have the right to:
- Information
- Correction
- Deletion
- Restriction
- Data portability
- Contradiction
- Revocation of consent
Right to lodge a complaint with the competent supervisory authority.
11 Automated decision making
Automated decision-making does not take place.
