Privacy Policy
Last updated: December 2025
1. Data Protection at a Glance
General Information
This privacy statement provides an overview of what happens to your personal data when you visit our website. Personal data includes any information that can identify you personally. Detailed information can be found in the sections below.
Data Collection on Our Website
Who is responsible for data processing on this website?
The controller responsible for data processing on this website is the website operator. The operator’s contact details can be found in the imprint.
How do we collect your data?
What do we use your data for?
Some data is necessary to ensure the proper functioning of the website. Other data may be analysed statistically to improve our services.
Your Rights
You have the right to receive information about the origin, recipients and purposes of your personal data at any time. You may request correction, deletion or restriction of your data. You may also request data portability if technically feasible.
If processing is based on your consent, you may withdraw this consent at any time. Processing carried out before the withdrawal remains lawful.
You may object to processing based on Art. 6(1)(e) or (f) GDPR, particularly in the case of direct marketing, where you may object at any time without providing reasons.
To exercise your rights, please contact us using the contact details provided in this policy. Proof of identity may be required. You also have the right to lodge a complaint with the competent supervisory authority.
Analysis Tools and Third-Party Tools
Your browsing behaviour may be statistically evaluated using cookies and analytics tools. This analysis is typically pseudonymised. Information on how to opt out can be found in this statement.
2. General and Mandatory Information
Data Protection
We treat your personal data confidentially and in accordance with the GDPR and this privacy statement. Please note that data transmission over the internet (e.g., via email) may have security vulnerabilities.
Controller
Bancon GmbH
Josef-Reiert-Str. 4
69190 Walldorf, Germany
Tel.: +49 6227 3097876
Email: info@bancon-it.com
Data Protection Officer
Andreas Schwarz
Staufer Straße 13
67133 Maxdorf, Germany
Email: andreas.schwarz.sv@web.de
Withdrawal of Consent
You may withdraw consent for processing at any time. Processing prior to withdrawal remains lawful.
Right to Object (Art. 21 GDPR)
You may object to processing based on Art. 6(1)(e) or (f) GDPR for reasons relating to your particular situation. We will stop processing unless compelling legitimate grounds exist or the processing is required for legal claims.
For direct marketing, you may object at any time.
Right to Lodge a Complaint
You may lodge a complaint with the competent supervisory authority in your place of residence, workplace or place of the alleged infringement.
Right to Data Portability
You have the right to receive personal data in a machine-readable format or request its transfer to another controller, provided this is technically feasible.
SSL/TLS Encryption
Our website uses SSL/TLS encryption. You can recognise encrypted pages by the “https://” prefix and the lock symbol in your browser.
Technical and Organisational Measures
We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include access controls, role-based authorisation, encryption technologies, secure backup procedures and regular security reviews.
Our measures are continuously improved in line with technological developments and risk assessments.
3. Data Collection on Our Website
Cookies & Cookie Consent Management
Cookies help ensure the technical functionality of our website and improve user experience. Session cookies are deleted after your visit, while persistent cookies remain until you delete them. You can configure your browser to block or delete cookies.
We use a cookie consent management platform (CMP) to obtain and document consent for cookies and similar technologies that are not technically necessary. Consent is obtained under Art. 6(1)(a) GDPR and §25(1) TTDSG. You can grant, refuse or revoke consent at any time via the cookie settings on our website.
Technically necessary cookies are used on the basis of §25(2) TTDSG and Art. 6(1)(f) GDPR, as they are required for secure and functional website operation.
Server Log Files & Hosting
When you access our website, our systems automatically collect:
These data are processed on the basis of Art. 6(1)(f) GDPR to ensure security, functionality and optimisation.
Our website is hosted by an external provider. All website-related personal data may be processed on its servers. Processing is carried out exclusively on our documented instructions under a data processing agreement (Art. 28 GDPR).
Contact Form
Data submitted via contact forms is processed to handle your request. Processing is based on your consent (Art. 6(1)(a) GDPR), which may be withdrawn at any time.
Contact via Email, Phone or Fax
Data shared during direct contact is processed to handle your inquiry. Processing is based on Art. 6(1)(b) GDPR when related to pre-contractual steps or on our legitimate interest under Art. 6(1)(f) GDPR.
Customer and Contract Data
We process personal data only when necessary to establish, execute or amend legal relationships (Art. 6(1)(b) GDPR). Data is deleted when no longer needed unless statutory retention periods apply.
Data Retention
We store personal data only for as long as necessary for the respective purpose or for the duration of statutory retention periods. After this, data is deleted or anonymised in accordance with legal requirements.
4. Analysis Tools and Advertising
Google Analytics
Provider: Google Ireland Limited, Dublin.
Google Analytics uses cookies to analyse website usage. IP anonymisation is enabled. Data is retained for 14 months. You can opt out using the Google Analytics opt-out mechanism.
Processing is based on your consent (Art. 6(1)(a) GDPR), obtained via our cookie consent management platform.
LinkedIn Insight Tag
This tool collects pseudonymised data for analytics and advertising. LinkedIn does not provide personal identifiers. Members may manage advertising preferences in their LinkedIn account settings.
Data Transfers to Third Countries
The use of analytics and advertising tools may involve the transfer of personal data to third countries, particularly the United States. Such transfers take place on the basis of Standard Contractual Clauses (Art. 46 GDPR).
Please note that U.S. authorities may access personal data without equivalent legal protections.
5. Plugins and Tools
Data Transfers to Third Countries
The use of these services may involve transfers of personal data to servers located in third countries, particularly the United States. Transfers are based on Standard Contractual Clauses (Art. 46 GDPR).
Please be aware that U.S. authorities may access personal data without equivalent legal remedies.
6. Own Services
Applicant Data
We process applicant data to conduct the application process and make recruitment decisions in accordance with Art. 6(1)(b) GDPR and §26 BDSG. Data is processed only by individuals involved in the recruitment process.
If an application is unsuccessful, the data will be deleted once the process is completed unless statutory retention obligations apply or the applicant has consented to longer storage for future opportunities. Applicants may exercise their rights under applicable data protection law, including the right to request deletion where no statutory retention obligations apply.
7. Third-Party Links and Services
Our website may contain links to external websites (e.g., YouTube, LinkedIn, SAP). This privacy statement does not apply to third-party websites; please review their privacy policies independently.
Embedded Third-Party Content
Embedded content such as videos, maps or social media feeds may transmit personal data (e.g., IP address, browser information) to the respective provider. Such content is loaded only with user consent or another lawful basis under Art. 6 GDPR.
