Bechtle Network und Security Solutions GmbH Privacy Policy.

Welcome to our website and thank you for your interest in our company. We take the protection of your data very seriously. We process your data in accordance with applicable legislation for the protection of personal data, in particular the EU General Data Protection Regulation (GDPR) and applicable national legislation. This Privacy Policy explains how and why we process your personal data, as well as your rights as the data subject.

Personal data means any information relating to an identifiable natural person, including their name, date of birth, postal address, phone number, e-mail address and IP address. Anonymous data means information that cannot be used to identify an individual.

Responsible authority and data protection officer.

Bechtle Network und Security Solutions GmbH, Elisabeth-Schiemann-Bogen 3, 85716 Unterschleißheim

Contact details: info.bns@bechtle.com, +49 89 147 27 64-0

Contact protection officer: privacy@bechtle.com

Your rights as a data subject.

We would first like to inform you of your rights as a data subject as defined in Art. 15 - 22 EU GDPR These include:

• The right of access (Art. 15 GDPR)
• The right to erasure (Art. 17 GDPR)
• The right to rectification (Art. 16 GDPR)
• The right to data portability (Art. 20 GDPR)
• The right to restriction of processing (Art. 18 GDPR)
• The right to object (Art. 21 GDPR)

To exercise these rights, please contact: privacy@bechtle.com. You may also contact us via this e-mail address if you have any questions about data processing in our company, or if you wish to revoke your consent. You also have the right to appeal to a data protection supervisory authority.

Your right to object to us processing your data is subject to the following:

If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time without giving a reason. The same applies to customer profiling in relation to direct marketing.

If you object to your personal data being processed for the purpose of direct marketing, we will cease to do so. You may submit your objection free of charge and without any formal requirements to: marketing.bns@bechtle.com. 

If we process your data in line with our legitimate interests, you may object to such processing at any time for reasons relating to your particular situation; this also applies to customer profiling in relation to our legitimate interests.

In this case, we shall no longer process such personal data unless we can demonstrate compelling legitimate grounds for the continued processing of your data which override the interests, rights and freedoms of the data subject, or if this is required to establish, exercise or defend our legal claims.

Purposes and legal bases for data processing.

When we process your personal data, we observe all provisions of the EU GDPR and all other applicable data protection regulations.
Legal bases for data processing arise in particular from Art. 6 EU GDPR.

We use your data to initiate business opportunities, fulfil our contractual and legal obligations, perform our contractual relationship, offer products and services, and strengthen our relationship with you as our customer. This may also include analyses for marketing purposes, customer satisfaction surveys and direct marketing. Specifically, we require your personal information in order to provide the following functions and services:

For example:

• for any type of digital offering that is booked

• use of our customer portals

• contacting you for the purpose of event registrations

• newsletters

Your consent is also deemed a legal basis for us to process your data for the specified purposes subject to your right to object. Should we obtain your consent in order to process special categories of personal data, we will make an express note of such an intent in obtaining your consent.

Transfer of data to third parties.

We will only pass on your data to third parties where this is permitted by applicable legislation or after obtaining your consent, or if we are required to do so by law (transfer to external bodies such as supervisory or law enforcement authorities).

Data recipients / categories of recipients

Within our company, we ensure that your data is only accessible to persons who need them to fulfil their contractual and legal obligations.

Our online shop enables customers to enter into a purchase contract with Bechtle direct GmbH, the Bechtle subsidiary responsible for the online sales channel.

Other Bechtle subsidiaries may become involved in processing purchase contracts and other requests. For example, a request for on-site support at your location may be processed by the appropriate Bechtle company in your area.

In certain cases, we rely on third-party services, e.g. to send out newsletters, payment services, credit check, IT service providers. All third-party service providers have signed the relevant agreements to ensure data protection.

Data transfer to third countries

We do not transfer data to a third country, i.e. a country outside the European Union or the European Economic Area, unless we are required to do so by law, or you have given us your consent to do so, or this is necessary for the performance of a requested service.

We (currently) do not transfer your personal data to any service provider or group company outside the European Economic Area.

Data retention.

We will store your data only for as long as it is needed for the intended purposes. Please note that statutory retention periods may require that data continue to be stored for extended periods of time. This applies in particular to retention periods stipulated in commercial or tax legislation (e.g. German Commercial Code, Fiscal Code, etc.). If there are no further obligations for us to retain your data, the data will be routinely deleted once its purpose has been achieved.

In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use it as evidence within statutory limitation periods of up to thirty years; the regular limitation period is three years.

Secure data transmission.

We have taken appropriate technical and organisational measures in order to protect data from accidental or deliberate manipulation, loss, corruption or unauthorised access. To this end, we work with security experts to continuously review our level of security and make adjustments to adopt the latest security standards.

Any and all data transferred to and from our website is encrypted. Our website uses the HTTPS communication protocol along with current encryption technology.

In addition, any information submitted through contact or application forms on our website is also encrypted and cannot be decrypted again by a third party. It is also possible to use alternative communication channels (e.g. by post).

Obligation to provide data.

Various personal data are necessary in order to establish, perform and terminate a contract and fulfil related contractual and legal obligations. The same applies to the use of our website and the various functions it provides.

You can find these summarised above. In certain cases, we are required by applicable legislation to collect and/or disclose personal information. Please note that we are unable to process your enquiries or fulfil our underlying obligations without obtaining the required data.

Data categories, sources and origins.

The specific data we process is dependent on the purpose for which it is used. We require different data e.g. when you place an online order, submit a contact form, apply for a job, or register a complaint.

In certain situations, we may process specific types of information, which we will indicate in an appropriate place, e.g. next to a contact form or an upload form for application documents.

When you visit our website, we collect and process the following data:

When you visit our website, we collect the following data through your internet browser:

• the browser type and language;
• the IP address of the computer used to access the site;
• the server requests (e.g. page views) including time stamps; and
• the referral URL (i.e. the address of the previous website that you visited, if you came to our site by following a hyperlink from there).

Your browser type and language, IP address and server requests are required in order to properly display the webpage you are viewing. In addition, this data may be used to safeguard secure operations of our website (e.g. to fend off hacking attempts). The IP address and browser language are also used to suggest appropriate language settings for our website. The referral URL is anonymised and used to for statistics. For reasons of technical security and in particular to block attacks on our web server, this type of data are also stored for a certain period of time in accordance with Art. 6 Paragraph 1(f) EU GDPR.

When you communicate through our website, we collect and process the following data:

Our website offers you different ways to contact us, e.g. to order a catalogue or to get information on certain products. You can use the online chat function, request a call back or send a message.

The provided contact forms are used to collect the required details for communication (e.g. your name, phone number or e-mail address) as well as receive your message. The collected data are used for customer relations management (contact history) and for responding to/fulfilling your request.

To protect our website from spam requests, we use the Friendly Captcha service. Friendly Captcha is a Proof-of-Work-based anti-bot solution where the user’s device does all of the work. We generate a unique crypto puzzle for each visitor. Solving this puzzle only takes a few seconds and happens automatically when the user enters their data into a form.

Friendly Captcha uses and processes the following information: The IP address of the computer sending the requests (IP address is collected as plain text before it is anonymised as a hash value), information on the browser, the operating system, anonymous counter per IP address for controlling the cryptographic tasks, as well as the website from which you have accessed bechtle.com (the referrer URL).  The legal basis for this is our legitimate interest in protecting our website from spam requests in accordance with Art. 6 Para. 1(f) EU GDPR. The information collected is stored for a period of 30 days.

For more information about Friendly Captcha’s privacy practices, please visit https://friendlycaptcha.com/privacy/.

When you place an order, we process the following data:

General Contact Form:

First Name*
Last Name*
Your Message to Us*
Email Address*

SecurityScorecard Services Contact Form:

First Name*
Last Name*
Email Address*
Phone Number
Company Name*
Your Interests*

Using our website, you can submit various types of inquiries to us, e.g., to request a catalog or to ask about specific products. For this purpose, a contact form, an email address, and a phone number are available.

Each contact form is designed to collect the contact details necessary for communication (first name, last name, your message, and email address) and to record the content of your message. This data is used for customer relationship management (contact history) and to respond to or fulfill your request.

To protect our website from spam inquiries, we use the service Friendly Captcha. Friendly Captcha is a proof-of-work-based anti-bot solution in which the user’s device performs all the work. For each visitor, we generate a unique cryptographic puzzle. Solving this puzzle takes only a few seconds and occurs while the user enters their data into the respective form.

When using Friendly Captcha, the following information is collected and processed: the IP address of the requesting computer (initially collected in plain text, then converted into an anonymous hash value), information about the browser used, operating system, an anonymized counter per IP address to control cryptographic tasks, as well as the website from which access occurred (so-called referrer URL). The legal basis for this processing is our legitimate interest in protecting our website from spam inquiries, pursuant to Art. 6 (1) lit. f GDPR. The collected information is stored for a period of 30 days.

Further information on data protection at Friendly Captcha can be found at https://friendlycaptcha.com/privacy/.

Contact forms / communication by e-mail, chat or phone.

On our website, we offer a contact form that allows you to get in touch with us electronically. When you contact us via this form, we process the data you provide solely for the purpose of handling your inquiry and communicating with you.

We adhere to the principle of data minimization. You are only required to provide the data necessary for processing your request (marked with * in the form). All other information is voluntary. For technical and legal reasons, your IP address is also processed.

As part of a contact inquiry, we generally collect and process the following data:

• First name*

• Last name*

• Email address*

• Your message to us*

• Company name*

• Your interests*

• Phone number

• IP address (automatically recorded)

The required information may vary depending on the contact form.

Processing is carried out on the basis of Art. 6 (1) lit. b GDPR (pre-contractual measures or contract performance).

Your data will only be shared with other departments or third parties if this is necessary to process your inquiry or if you have given your explicit consent. Within our company, only the relevant departments and authorized persons have access to your data.

Your data will be stored only as long as necessary to process your inquiry or as required by statutory retention periods.

To protect the security and confidentiality of your data as effectively as possible, we implement appropriate security measures. Your inquiry is transmitted to us in encrypted form (to be specified/extended if content encryption is applied).

If you contact us by email, we will process the personal data provided in your message solely for the purpose of handling your inquiry.

Customer and supplier data.

Advertising purposes – Existing customers.

Bechtle would like to maintain a relationship with its customers and send information and offers on products and services in accordance with Art. 6 Para. 1(f), GDPR. We therefore use your data to email you relevant information and offers as well as customer satisfaction surveys. 

If you would prefer us not to do so, you can object at any time to the use of your personal data for direct marketing purposes. This right also applies to profiling as long as it is connected with direct advertising. As soon as we receive your objection, your data will no longer be processed for this purpose.

An objection is free of charge and can be made without giving a reason or the need for filling in a form by calling +49 7132 981 – 0, by e-mail to marketing.bns@bechtle.com or by post to Bechtle Platz 1, 74172 Neckarsulm, Germany.

Customer satisfaction survey.

To carry out customer satisfaction surveys, we use the Qualtrics service provided by Qualtrics LLC, 2250 N. University Pkwy, 48-C, Provo, Utah 84604, USA,  with whom we have concluded all contracts required under applicable data protection legislation.

Our customers are sent a survey via e-mail which they can answer on the Qualtrics platform. By carrying out customer surveys, we can improve our offerings and make them more interesting for users.

The following data are collected:

• E-mail
• Title
• Last name
• City, country
• Company

The use of Qualtrics requires your consent in accordance with Art. 6 Para. 1 S. 1(a) GDPR, which can be revoked with effect for the future by e-mail to privacy@bechtle.com.

The collected data are erased as soon as they are no longer needed for the intended purposes.

Please note that this service also transfers data collected to third countries outside of the European Union and the European Economic Area, which may not offer a suitable level of data protection. If required, Qualtrics transfers personal data to the USA. In this case, there is a risk that your data will be processed by US authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. We do, however, take all possible and necessary measures in accordance with Art. 44 et seqq. GDPR to ensure the level of protection guaranteed by the GDPR in the third country.

Further information on data protection at Qualtrics can be found here: https://www.qualtrics.com/privacy-statement/.

Transparency and information obligations for whistleblowers and others involved in the whistleblower system.

Data categories and origins

When you use the whistleblower system, any personal data you provide is processed for the purposes of processing your lead and implementing additional measures as required. You can submit leads anonymously. The personal data processed depends on your lead.

We process personal data to review leads submitted through the whistleblower system and investigate potential compliance breaches and infringements. In individual cases, the data processed depends on the specific lead as well as on the information provided. To this end, the following data may be processed:

• Contact details (personal address, and if required, mobile and landline numbers, e-mail address)
• Master data (e.g. first and last name incl. pre or post-nominals, date of birth)
• Photos / videos
• Time recording data
• Special types of personal data Health-related information

Purposes and leg.al bases for data processing

Your personal data is collected and processed in accordance with the provisions of the EU GDPR, the German Federal Data Protection Act, and all other applicable legislation (e.g. Works Constitution Act (BetrVG), Ordinance on Working Time (ArbZG)).

If you are a person reporting a lead, your data are processed in accordance with your voluntary information and the provisions of the Whistleblower Protection Act (HinSchG), Art. 6 Para. 1 S. 1(a,c) EU GDPR in conjunction with Section 10 HinSchG, Section 8 of Germany’s Supply Chain Act (LkSG) and in the event you are an employee of Bechtle, Art. 88 GDPR in conjunction with Section 26 Paras. 2, 4 of the Federal Data Protection Act (BDSG).

Furthermore, we process your personal data as a data subject on the basis of an employment agreement in accordance with Art. 88 EU GDPR in conjunction with Section 26 Para. 4 BDSG when you are employed by us and insofar as necessary to protect the legitimate interests of the company and/or a third party (Art. 6 Para. 1(f,c) EU GDPR in conjunction with Section 10 HinSchG, Section 8 LkSG and Section 130 Act on Regulatory Offences (OWiG). We have a legitimate interest in processing personal data for the prevention and identification of infringements and deficiencies reported through the whistleblower system. Furthermore, your personal data are processed insofar as necessary to fulfil legal obligations.

If you have voluntarily provided data during the reporting process, you can revoke consent for processing at any time with effect for the future. To revoke your consent or exercise other rights, please contact complianceboard@bechtle.com. You may also contact us via this e-mail address if you have any questions about data processing in our company. You may also lodge complaints against the processing of your data to the data protection supervisory authority.

Data recipients / categories of recipients

We ensure that only those people responsible for processing leads submitted through the whistleblower system receive your personal data.

In certain cases, we are supported by an IT service provider. All third-party service providers have signed the relevant agreements to ensure data protection.

Furthermore, in some cases we are obliged by law to forward certain information to other bodies, e.g. investigating authorities.

Cookies (Art. 6 Para. 1 S. 1(f) GDPR, Art. 6 Para. 1 S. 1(c) GDPR, Art. 6 Para. 1 S. 1(a) GDPR.

Our website uses so-called cookies. They help make our services more user-friendly, effective, and secure. Cookies are small text files that are stored on your device and saved locally by your browser. Cookies contain only pseudonymous, and in most cases, anonymous data. Some cookies remain active only for the duration of a browser session (so-called session cookies), while others are stored for a longer period (so-called persistent cookies, e.g., consent settings). The latter are automatically deleted after the specified period (usually six months). In addition to our own cookies, third-party cookies are also used. These third parties use the information contained in the cookies, for example, to display content to you or to track the pages you have visited.

Based on our legitimate interest (Art. 6 (1) lit. f GDPR), we use technically necessary cookies that are essential for the operation of the website and to ensure its functionality. We also use cookies without your consent insofar as their sole purpose is the storage of, or access to, information stored on your device for the transmission of messages, or if they are absolutely necessary to provide a service expressly requested by you (§ 25 (2) TDDDG).

We use the following technically necessary cookies [please list]:

With your consent, additional cookies are used that enable us or third parties to analyze how our services are used. This allows us to tailor our content to user needs. Moreover, cookies allow us to measure the effectiveness of specific advertisements and to place them, for example, based on thematic user interests. The legal basis for this is your explicit consent (Art. 6 (1) lit. a GDPR, § 25 (1) TDDDG).

You can withdraw your consent at any time with future effect and adjust your cookie settings via our consent banner. Please note that changes must be made separately for each device.

If you have accounts with any of the third-party providers we use and are logged in there, your data may be linked to your respective account. You can prevent such linking by not giving or by withdrawing your consent to the respective cookies, or by logging out of the third-party services beforehand.

Most browsers accept cookies automatically. You can also manually deactivate, restrict, or delete cookies on your device via your browser settings or with the help of software tools. If you deactivate cookies, full use of our website may not be possible or may be limited.

Please also refer to the information provided in the section of each service that uses cookies.

Tools and Services Used

We use the following tools and services across our website:
 

1. User tracking

User tracking—provided by Bechtle AG, Bechtle Platz 1, 74172 Neckarsulm Germany—is used on our website. The legal basis for this is your consent pursuant to Art. 6 Para. 1 S. 1(a) GDPR, which you can revoke at any time at here.

We collect the following data:

• Persistent ID (“bechtle-p” cookie) This is an anonymous, randomly generated sequence of numbers that cannot be traced to you. Only when you log in to www.bechtle.com will the login data be anonymised and sent in encrypted form to third-party systems for which you have given your explicit consent.

This data are only used for the purpose of improving our portfolio and optimising our site’s user friendliness. User tracking enables return visitors to be identified without logging in and their behaviour analysed, making it possible to customise content to their requirements.

The data collected via user tracking are passed on to third parties subject to further, explicit consent (see other sections under “User profiles and non-functional cookies ” in our Privacy Policy). Within third-party systems, the anonymised data may be merged with existing data (e.g. registration for newsletters), potentially allowing personal identification.

The collected data are erased as soon as they are no longer needed for the intended purposes. In this case after 28 days. In the event that your data is passed on to third parties, their rules for erasure apply.

2. Google Analytics

This website uses Google Analytics based on your consent (Art. 6 (1) sentence 1 lit. a GDPR and § 25 (1) TDDDG). Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Using cookies and similar technologies, data about the use of this website is collected (e.g., IP address, pages visited, time spent, device and browser information). The information generated is usually transmitted to Google servers and stored there.

IP anonymization (so-called IP masking) is enabled on this website. This means that your IP address is shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

Google processes the collected data on our behalf to analyze website usage. Google may also merge this data with other data and process it for its own purposes (e.g., profiling or service improvement) under its own responsibility. We have no influence over this independent data processing by Google. For more information, please refer to Google’s privacy policy.

When using this service, personal data may be transferred to and processed in countries outside the European Union and the European Economic Area (“third countries”), including the United States. When data is transferred to the U.S., there is a risk that authorities may access your data without any legal remedies available to you. For such transfers, appropriate safeguards—particularly standard contractual clauses—are used to ensure a level of protection comparable to European data protection standards. If data is transferred to a U.S. company certified under the “EU-U.S. Data Privacy Framework” (DPF), an adequate level of data protection is assumed. Google LLC is certified under the DPF, which means an adequate level of protection is generally presumed. In exceptional cases where a transfer is based solely on your explicit consent, you will be informed separately about this and the associated risks.

In Google Analytics, sessions automatically end after 30 minutes of inactivity. Campaign information is stored for a maximum of six months. Personal data of users is deleted or anonymized after no more than 14 months, according to data retention settings. The actual retention period may vary depending on individual configurations.

You may withdraw your consent at any time with effect for the future. To do so, use the settings in our consent banner or the relevant settings of the services and tools you use. Please note that changes to consent settings must be made separately for each device and, if applicable, for each browser used. If you withdraw your consent, no further data about your usage behavior will be transmitted to Google Analytics.

In addition, you can delete already stored cookies or similar technologies via your browser or device settings to prevent further processing. For more information on how to manage or disable cookies and tracking technologies, please refer to the respective providers’ websites.

You can also prevent the collection and processing of your data by Google Analytics by installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more details on terms of use and data protection, please refer to the following links:

• Google Analytics Terms of Service: https://www.google.com/analytics/terms/de.html

• Google Privacy Policy and Terms of Use: https://policies.google.com/?hl=de

A detailed overview of your data subject rights can be found in this privacy policy.

3. Google Tag Manager

This website uses Google Tag Manager based on your consent (Art. 6 (1) sentence 1 lit. a GDPR and § 25 (1) TDDDG). The service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager allows website tags to be managed via a central interface. It is used to control scripts that may, in turn, trigger data processing activities. However, Google Tag Manager itself does not access the collected data. If deactivation has been implemented at the domain or cookie level, it remains in effect for all tracking tags managed through Google Tag Manager.

Google Tag Manager does not set cookies or store personal data itself. It is used solely to implement and manage downstream data-collecting tags, which may require consent. Although Google Tag Manager does not store personal data, the tag infrastructure provided through it may lead to data processing.

When using Google Tag Manager, connection data (e.g., your IP address) is transmitted to Google Ireland Limited. Google may combine this data with other data and process it for its own purposes. Google is independently responsible for such processing. For more information, please refer to Google’s privacy policy.

When using this service, personal data may be transferred to and processed in countries outside the European Union and the European Economic Area (“third countries”), including the United States. When data is transferred to the U.S., there is a risk that authorities may access your data without any legal remedies available to you. For such transfers, appropriate safeguards—particularly standard contractual clauses—are used to ensure a level of protection comparable to European data protection standards. If data is transferred to a U.S. company certified under the “EU-U.S. Data Privacy Framework” (DPF), an adequate level of data protection is assumed. Google LLC is certified under the DPF, meaning an adequate level of protection is generally presumed. In exceptional cases where a transfer occurs solely on the basis of your explicit consent, you will be separately informed about this and the associated risks.

The retention period of data collected through Google Tag Manager depends on the specific tags controlled via the Tag Manager. Since Google Tag Manager itself does not store data, retention is determined by the settings of the downstream tools (e.g., Google Analytics, Google Ads). Further details can be found in the privacy notices of the respective tools.

You may withdraw your consent at any time with effect for the future. To do so, use the settings in our consent banner or the respective settings of the services and tools you use. Please note that changes to consent settings must be made separately for each device and, if applicable, for each browser used. Once consent is withdrawn, no further tags will be triggered via Google Tag Manager, and thus no data will be transmitted to Google or other providers.

Additionally, you can delete cookies or similar technologies already set via your browser or device settings to prevent further processing. For more information on how to manage or disable cookies and tracking technologies, please refer to the websites of the respective providers.

For more details on terms of use and data protection, please visit the following links:

• Google Tag Manager Terms of Use: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

• Google Privacy Policy and Terms of Use: http://www.google.de/intl/de/policies/privacy/

A detailed description of your data subject rights can be found in this privacy policy.

4. YouTube Platform

Embedding YouTube content is done using the technical method known as framing. Framing means that by simply inserting an HTML link provided by YouTube into the code of a website, a playback frame is created on the third-party site, enabling the video stored on YouTube’s servers to be played.

We use the YouTube-generated framing codes in the so-called enhanced privacy mode. According to YouTube, cookie activity and the resulting data collection are only triggered when the playback function of the video itself is used. This prevents data from being collected simply by visiting a page containing embedded content.

To play YouTube content, we require your consent (Art. 6 (1) lit. a GDPR), which you can give – if not already done via the cookie settings – by clicking the button located near the respective video. By clicking the play button, you consent to your IP address being transmitted to YouTube (YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA) and to the provider placing cookies in your browser.

When using this service, personal data may be transferred to and processed in countries outside the European Union and the European Economic Area (“third countries”), including the United States. When data is transferred to the U.S., there is a risk that authorities may access your data without you having any effective legal remedy. Appropriate safeguards, in particular Standard Contractual Clauses, are used for such transfers to ensure a level of protection comparable to European data protection standards. If data is transferred to a U.S. company certified under the “EU-U.S. Data Privacy Framework” (DPF), an adequate level of data protection is presumed. Google LLC is certified under the DPF, meaning an adequate protection level is generally assumed.

For your convenience, we store your consent for 30 days using a so-called local storage object in your browser. You can withdraw your consent at any time here.

Additionally, you can delete already stored cookies or similar technologies via your browser or device settings to prevent further processing. More information about managing and disabling cookies and tracking technologies can be found on the respective providers’ websites.

Further information on terms of use and data protection can be found here:

• YouTube Privacy Information: https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/

• Google Privacy Policy: https://policies.google.com/privacy?hl=de

A detailed overview of your data subject rights can be found in this privacy policy.

5. Qualtrics

As part of our Customer Experience Management, we use the service Qualtrics, provided by Qualtrics LLC, 2250 N. University Pkwy, 48-C, Provo, Utah 84604, USA, to conduct customer surveys. The use of Qualtrics is based on your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR, which you can withdraw at any time here.

We use Qualtrics for feedback and market research purposes, particularly to analyze the use of our website and to continuously improve individual functions, offerings, and the overall user experience. Through customer surveys, we can enhance our services and make them more relevant to our users.

Specifically, the following data is collected:

• Total Visited Page Count

• Current Page URL

• Site Referrer

• Recorded Site History

• Intercept ID

• Creative ID

• Device Type

• Customer Type

• Procurement Type

• Shop Country

• External/Internal Customer

• Logged In

The surveys are not conducted anonymously but are linked to your Bechtle login account. This allows us to track and control which users see specific surveys and avoid duplicate survey invitations. After participating, we may contact you by phone or email regarding the survey.

We delete the data collected through Qualtrics as soon as it is no longer required for our purposes, typically after 24 months.

Please note that this service may transfer the collected data outside the European Union and the European Economic Area to countries that do not provide an adequate level of data protection. In particular, personal data may be transferred to the United States, where there is a risk that U.S. authorities may process your data for monitoring purposes without providing effective legal remedies. We take all necessary and legally required measures under Art. 44 et seq. GDPR to ensure an adequate level of data protection.

For more information from the provider, please refer to: https://www.qualtrics.com/privacy-statement/

6. Friendly Captcha

To protect our website from abusive requests and automated access (e.g., bots or spam), we use Friendly Captcha, provided by Friendly Captcha GmbH, Am Anger 3–5, 82237 Wörthsee, Germany.

Friendly Captcha uses a proof-of-work system: when filling out forms, your device solves a cryptographic puzzle in the background. This verifies that the input is made by a human, effectively preventing automated attacks.

During use, the following data is processed:

• IP address of the requesting device (initially collected and then pseudonymized via a hash value)

• Technical information about the browser and operating system used

• An anonymized counter per IP address to control cryptographic tasks

• The website from which access occurs (referrer URL)

Friendly Captcha does not set cookies or store personal data permanently. The processed information is used solely to prevent automated access and is deleted after 30 days at the latest.

The legal basis for use is our legitimate interest in protecting the integrity and functionality of our website (Art. 6 (1) lit. f GDPR), as a secure and reliable online offering cannot be ensured without these security measures. Please note that our contact and online forms may not be available or may function only in a limited way without this security solution.

Processing takes place exclusively within the European Union; no data is transferred to third countries.

Further information on data protection by Friendly Captcha can be found at: https://friendlycaptcha.com/privacy/

A comprehensive overview of your rights (e.g., access, rectification, deletion, or objection) can be found in this privacy policy.

7. Usercentrics

We use the Usercentrics Consent Management Platform, operated by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, to obtain, manage, and securely document your consent for cookies and similar technologies.

When you visit our website, a consent banner is loaded that informs you about the services/technologies used and, where necessary, requests your consent. The following data is processed: device and browser information, IP address (initially collected and then pseudonymized), consent status (opt-in/opt-out), date and time of visit, and visited/referring URLs. To store your selection, Usercentrics uses technically necessary cookies or local storage objects – specific to each device and browser.

If JavaScript is disabled, the consent banner cannot display correctly. In this case, consent settings cannot be adjusted, and certain services may not function for security reasons. Any changes to your selection apply prospectively and must be made separately per device and browser.

The legal basis for using Usercentrics is our legitimate interest under Art. 6 (1) lit. f GDPR in providing a user-friendly, secure management of your settings and ensuring legally compliant documentation of consents.

Your selection is typically stored on your device for 12 months, after which you will be asked again. Consent logs (consent ID, timestamp, status, metadata) are stored for up to three years unless other legal retention obligations apply.

Data processing by Usercentrics primarily takes place within the EU/EEA. In exceptional cases where cooperation with service providers outside the EEA is necessary, this is done exclusively under appropriate safeguards (especially EU Standard Contractual Clauses).

For more information about Usercentrics’ privacy policy, visit: https://usercentrics.com/privacy-policy/

A detailed description of your rights – e.g., access, rectification, deletion, restriction, and withdrawal – can be found in this privacy policy.

Social media.

Social media plug-ins

No social media plug-ins are enabled on our website.

Social media links.

You’ll find to social media services from Facebook, Twitter, YouTube, Instagram, LinkedIn and Xing on our website. Links to websites of these providers are clearly identified by their respective company logos. These links will open our page on the respective social media platforms. When you click on a social media link, you establish a connection to the provider’s servers. Information transmitted to the provider include the fact that you have visited our website, as well as other data, including:

• The URL of the website on which you have clicked on the link;
• The date and time of your visit to the website, or at which you have clicked on the link;
• Your browser and operating system;
• Your IP address.

If you are logged in to the social media service when you click on the link, the provider may be able to determine your user name and possibly even your real name from the data transferred and link this information to your personal user account. To prevent this from happening, please make sure you are logged out of your account.

The social media providers’ servers are located in the USA and other countries outside of the European Union. For this reason, data can also be processed by the social media provider in countries outside of the European Union. Please be aware that business in these countries are not subject to the same strict levels of data protection as those who are member states of the European Union.

Please also be aware that we have no influence on the scope, type and purpose of data processing carried out by these social media providers. Further information about the use of your data by the social media platforms whose content is embedded on our website can be found in the Privacy Policies of the respective social media provider.

Privacy Notice for Social Media

We operate a company presence on LinkedIn. To the extent that we can influence the processing of your personal data, we ensure compliance with the applicable data protection regulations.

Below you will find key information regarding data protection in connection with our social media presence.

Name and Address of the Controllers

In terms of the General Data Protection Regulation (GDPR) and other data protection laws, responsibility for the company’s social media presence lies both with Bechtle Network & Security Solutions GmbH and LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland).

However, you use this platform and its features on your own responsibility. This applies in particular to the use of interactive functions (e.g., commenting, sharing, liking).

Please note that your data may be processed outside the territory of the European Union.

Purpose and Legal Basis

We maintain our LinkedIn company page to communicate with visitors and to inform them about our services and offers.

Additionally, we collect data for statistical purposes in order to further develop and optimize our content and make our online presence more attractive. The necessary data for this (e.g., total page views, activities on the page, data provided by visitors, interactions) are processed and made available to us by LinkedIn. We have no influence over how this data is generated or displayed.

Furthermore, your personal data is processed by LinkedIn – and, to a certain extent, by Bechtle Network & Security Solutions GmbH – for market research and advertising purposes. This means that, for example, user profiles may be created based on your behavior and interests. Such profiles can be used to display targeted advertisements both within and outside of the platform that correspond to your interests.

For this purpose, cookies are usually stored on your device. In addition, other data not collected directly from your device may also be stored in your usage profile. This storage and analysis may occur across devices, especially if you are registered and logged in as a member of the respective platform.

The processing of your personal data by Bechtle Network & Security Solutions GmbH is based on our legitimate interest in effective communication and public relations in accordance with Art. 6 (1) sentence 1 lit. f GDPR.

If you are asked for your consent to data processing (e.g., by confirming a button or selecting an option), the legal basis for processing is Art. 6 (1) sentence 1 lit. a and Art. 7 GDPR.

Your Rights / Right to Object

If you are a member of a social network and do not want the network to collect data about you via our page and link it with your stored member data, you must:

• log out of the respective network before visiting our page,

• delete the cookies stored on your device, and

• close and restart your browser.

However, once you log in again, you will again be identifiable to the network.

For a detailed description of the respective data processing and your opt-out options, please refer to the following LinkedIn links:

• Privacy Policy: https://www.linkedin.com/legal/privacy-policy

• Opt-out: https://www.linkedin.com/legal/cookie-policy and http://www.youronlinechoices.com

You have the following rights regarding the processing of your personal data:

• Right of access

• Right to rectification

• Right to erasure

• Right to restriction of processing

• Right to object

• Right to data portability

• Right to lodge a complaint with a data protection authority regarding unlawful processing of your personal data

Since Bechtle Network & Security Solutions GmbH does not have full access to your personal data, you should exercise your rights directly with the social media provider. These providers have access to their users’ personal data and can take the appropriate measures or provide information.

If you need assistance, we will of course support you. Please contact us at marketing.bns@bechtle.com.

Notes on Copyright and Image Rights

If you wish to publish images, texts, plans, videos, music, etc. on our social media page, please be aware that by doing so, you may transfer all usage rights to the platform. This may have legal consequences if you are not the copyright holder or do not possess the required rights to the content.

Our website contains links to websites of other companies, and these links are clearly recognisable as such. We have no control over the content of these websites and cannot, therefore, be held responsible for them. The respective provider or operator is always responsible for the content on the page.

We review websites for possible violations and obvious infringements at the time we place the a link on our website. We did not identify any unlawful content on these websites when the link was added to our website. However, we cannot be reasonably expected to continuously review the content of external websites unless we become aware of a potential violation. Should we become aware of any illegal content on an external website, we will promptly remove any links to that site.

Individuals under the age of 16 may not submit personal information or a declaration of consent to us without the consent of their legal guardian. We ask parents and legal guardians to actively participate in the online activities and interests of their children.

Please note that, as a rule, we do not use purely automated processes to make a decision.