Privacy Statement

General Introduction

We take the protection of your personal data very seriously and want to ensure your safety when visiting our Internet page. We handle data protection, in particular, in compliance with the provisions of the European General Data Protection Regulation, the Federal Data Protection Act (BSDG - new) and the German Telemedia Act (TMG). We would herewith like to inform you of the nature, scope and purpose of the processing of your personal data. To begin with, we would like to point out that this Privacy Statement solely refers to our own webpages and does not apply to any third-party websites to which we may refer in the form of a link.

Object of protection

The object of this Privacy Statement is to protect personal data. This includes all information that refers to an identified or identifiable natural person (hereinafter referred to as the “data sub-ject”). This includes, in particular, all information that allows conclusions to be drawn as to your identity (e.g. details such as your name, postal address, email address and telephone number).

Technical requirements

In order for you to be able to set up a connection to our website, your browser transfers specif-ic data to the webserver of our website. This is a technical requirement that allows the infor-mation you called up to be made available to you by our website. This is achieved by storing your IP address, the date and time of your request, your operating system type and other in-formation which is then stored and used for a maximum period of 7 days. We reserve the right to store these data for a limited period in order to safeguard our legitimate interests so as to be able to derive information from personal data in the case of unauthorized access or the attempt to deliberately cause damage to our company through this route (Art. 6, para. 1 (f) GDPR). These data shall be solely stored or transferred for this and no other purpose, whereby we shall not inform you of this or ask for your consent in advance.


Cookies are small text files that are stored by your browser on your computer or mobile termi-nal device to detect, for example, whether you visit the same websites repeatedly from the same terminal device or browser. In general, we set cookies to analyze the interest in our web-site as well as to improve the user-friendliness of our website. In principle, however, you can also call up our website without using cookies.
As a rule, cookies can be deactivated or removed with the aid of special tools which are of-fered by most commercial browsers. For each browser that you use, you have to determine the settings separately and configure these individually. The different browsers offer a range of functions and options to this purpose.
For full and easy usage of our website, you should accept those cookies that allow the use of specific functions, resp. make it easier to use. You can review which cookies are used by us and to which purpose - and how long these are stored - in the following overview:

Cookie list




Storage period


Is used by Google Analytics to limit the request rate.

2 years


Registers an unambiguous ID that is used to generate statistical data with regard to how the visitor users the website.

Until the end of the session


Registers an unambiguous ID that is used to generate statistical data with regard to how the visitor users the website.

Until the end of the session


When calling up our website, you will be informed about the use of these cookies by way of an informative text in our cookie banner. You automatically accept these cookies, if you continue to use them or by clicking on the “Accept” button.

Cookie types

In order to be able to explain the most common cookie types in more detail, we have provided explanations of these in the following to help you to understand them:

  • Session cookies
    The usage of session cookies allows users and the changes they make on a website to be identified. They allow the website to track their movements across individual pages so that information that has already been entered/stored does not have to be re-entered/stored again. Webshop shopping baskets are a good example of this. The session cookie stores the selected products in the shopping basket so that this contains the correct articles when payment is made at checkout. Session cookies are deleted when the user logs off or be-come invalid once the session has automatically expired.
  • Permanent or protocol cookies
    A permanent or protocol cookie stores the user’s information and settings on the user’s computer for the duration of the period defined by the respective expiration date. This al-lows quicker and easier access as you do not, for example, have to repeat the language settings or re-enter your login data. These cookies are automatically deleted when the stor-age period expires.
  • Third-party cookies
    As a rule, third-party cookies have no influence on the usage of the page as they do not originate from the operator of the website. They fulfill, for example, the purpose of collect-ing information for advertising purposes, personalized content and web statistics and for passing these on to the respective third-party provider.
  • Tracking cookies
    Tracking cookies are special text files which open up the possibility of collecting data on the behavior of the Internet users. This is aimed at gaining information on what the user’s main points of interest are, for example, to be able to launch made-to-measure promotional of-fers. Therefore, tracking cookies are not only set during the login process but are automati-cally set whenever the website is visited.

The examples of the most common types of cookies in the above representation is intended to provide you with a global overview of this type of data collection. The information contained therein does not claim to be complete. As a result of technical developments in the IT sector, it is to be assumed that further cookie types will be developed during the course of time. Prior to using our website, please refer at regular intervals to the Privacy Statement on our website to find out about the latest changes.


Contact form users

Our webssite includes a contact form which can be used to contact us electronically. To en-sure that your data are transferred securely, we use a connection which deploys state of the art encryption with an SSL certificate during the transfer process. By clicking on the “Send” button, you automatically consent to the transfer of the data that you entered in the entry form over to us. We store you name and email address, and possibly other information that you have pro-vided us with, in order to be able to contact you and provide you with the best-possible answer to your enquiry. On the one hand, this allows us to offer you the service that you expect from us and, on the other, it provides us with the opportunity to continually improve (Art. 6, para. 1 (f) GDPR).


Our website makes use of the functions provided by a range of different web analysis services offered by other companies, such as Google Inc., for example. In the following, we shall ex-plain in more detail which individual services are involved and which data are analyzed.

Implementation of Google Analytics using the anonymization function

On our website, we implement Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA - hereinafter referred to as “Google”. Google Analytics uses cookies which allow your usage of our website to be analyzed. As a rule, the information created by these cookies on the us-age of our online offer (e.g. when, where and how often you access our website, incl. your IP address) is transferred to and stored on a Google server in the USA. In order to eliminate the possibility of linking your IP address to your person, it is immediately shortened after its collection (e.g. through the deletion of the last 8 bits), thus rendering it anonymous. This IP anonymization process also applies to all the other Member States of the European Union and other signatories to the Agreement on the European Eco-nomic Area. More information on IP anonymization and the usage of data by Google is available at:

If you want to decide yourself which data are recorded by Google with respect to the websites you have called up, you can download a deactivation add-on for your Internet browser. However, this add-on does not prevent data being transferred to us or other web analysis services that we use. More information on the usage and installation of this add-on is available at:

If you use a mobile terminal device (e.g. a smartphone) to access our website, or if you would like to object to the use of Google Analytics on our website in general, please click on the following link to prevent the transfer of analytical data to Google Analytics. The above link can also be used as an alternative to the browser add-on described above as it activates an “opt-out cookie” which is only valid for the browser and domain in question. If cookies are deleted in this browser, this cookie is also lost so that you will have to click on the link again.


MyFonts Counter

We use MyFonts Counter on this website. MyFonts Counter is a web analysis service provided by MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA. Page-view tracking is carried out based on the terms of the license agreement and involves counting the number of times a webpage is visited for statistical purposes. This infor-mation is then transmitted to MyFonts. MyFonts only collects anonymized data. The da-ta may be passed on when JavaScript code is executed in your browser. In order to completely prevent JavaScript code from being run by MyFonts, you can install a Ja-vaScript blocker (e.g. Further information on MyFonts Counter is available in the notes on data protection provided by MyFonts which are available here:

Further general information

Changes to this Privacy Statement

We check this Privacy Statement on a regular basis to ensure that it complies with the legal provisions, the jurisprudence and the statements of the supervisory authorities, as well as to align it to emerging trends and the technological state of the art. In this respect, we reserve the right to change this Privacy Statement in order to adjust it in line with new legal data protection requirements or other changes in the factual or legal circumstances. We kindly ask, therefore, that you always check the information on our Privacy Statement applicable at the time prior to using our website.


Who is responsible for the data processing?
(Art. 13, para. 1 (a), (b) GDPR)

Bama GmbH is responsible for data processing on our webpage. The respective contact data are available on our Imprint page.

Bama GmbH
To the attention of the Data Protection Officer
Pfalzgraf-Otto-Strasse 50
74821 Mosbach
Tel.: +49(0)6261/801-268


Who receives your personal data?
(Art. 13, para. 1 (e), (f) GDPR)

We treat your personal data confidentially and never pass these on to third parties unless you have provided us with your consent to do so or in cases where these are to be made available based on a legal or contractual commitment. In individual cases, we may contract processors to process your personal data. This would be carried out in accordance with Art. 28 GDPR and on the basis of a respective commissioned data processing contract.
Personal data on our website is processed exclusively in Germany and shall not be forwarded to any third countries.


How long are the data stored?
(Art. 13, para. 2 (a) GDPR)

The legislator has imposed numerous retention periods and deadlines.

We only store your data as long as this is legally required.

Once these periods have lapsed, we delete the respective data as a matter of routine, in as far as they are no longer required with a view to fulfilling the contract. We store data that are pro-cessed based on your consent until this consent is revoked, resp. as long as these data are required. We store data that are processed based on a legitimate interest as long as this legiti-mate interest continues to exist.

In line with the legal provisions, commercial law data or financially-relevant data ensuing from a closed financial year are deleted after a further ten years have passed, in as far as no longer retention periods have been stipulated or are required for legitimate reasons. In as far as the data are not subject to specific retention periods, they are deleted when the purpose for which they were processed ceases to exist.


For which purposes and on which legal basis do we process your personal data?
(Art. 13, para. 1 (c), (d) GDPR)

We have already outlined the purposes and legal basis for processing data. In addition, the fol-lowing generally applies: Where required, we shall process your data to safeguard our legiti-mate interests or those of other third parties in accordance with Art. 6, para. 1 (f) GDPR, for example to establish legal claims or to defend ourselves in legal disputes or to uphold our IT operations or security.

Only in cases where we have a legitimate interest or where we have received your written consent to process your personal data do we process your data for purposes of external com-munications and marketing on the basis of Art. 6, para. 1 (a) or (f) GDPR. You have the right to revoke your consent at any time.
In order to be able to comply with legal obligations, we are allowed or must, where required, process your data and pass these on to third parties (in accordance with Art. 6, para. 1 (c)).
In no case shall we use your data in an automated decision-making process or for profiling purposes.

Furthermore, we use cookies to be able to offer you an improved service when using our webpage and to make this webpage more convenient for you to use (Art. 6, para. 1 (f) GDPR).


Which rights and obligations do you have?
(Art. 13, para. 2 (b), (c), (d), (e) GDPR)

All data subjects have the following rights:

  • In accordance with Art. 15 GDPR, you have the right to receive information. This means that you can request confirmation from us as to whether your personal data are being pro-cessed by ourselves.
  • In accordance with Art. 16 GDPR, you have the right to rectification. This means that you can demand that we rectify any incorrect personal data concerning yourself.
  • In accordance with Art. 17 GDPR, you have the right to erasure (“right to be forgotten”). This means that you can demand that we erase any personal data concerning your person without undue delay - unless we are unable to erase your data due to being required to ob-serve, for example, legal retention periods.
  • In accordance with Art. 18 GDPR, you have the right to restriction of processing. This means that we are practically no longer allowed to process your personal data - apart from storing them.
  • In accordance with Art. 20, GDPR, you have the right to data portability. This means that you have the right to receive the personal data concerning yourself and that you have made available to us in a structured, commonly used and machine-readable format and to transmit these data to another controller.
  • In accordance with Art. 7, para. 3 GDPR, you have the right to withdraw any consent you have provided at any time with future effect.
  • In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the re-sponsible supervisory authority.

In addition, you also have the right to object which we will be explaining in more detail at the end of this data protection information sheet.

If you would like to exercise any of your above rights, please contact our Data Protection Of-ficer (see contact information listed above).


Responsible supervisory authority

State Data Protection and Freedom-of-Information Officer
Office address: Koenigstrasse 10a, 70173 Stuttgart, Germany
Postal address: P.O. Box 102932, 70025 Stuttgart, Germany
Tel.: +49 (0) 711 615541-0
Email address:


Information on your right to object in accordance with Art. 21 General Data Protection Regulation (GDPR)

You have the right to object, on grounds resulting from your particular situation, at any time to the processing of personal data concerning your person which is carried out based on Art. 6, para. 1 (f) GDPR (data pro-cessing based on the weighing up of legitimate interests); this also applies to profiling based on this provi-sion as described in Art. 4 (4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or where this processing is for the establishment, exercise or defense of legal claims.

Please direct your objection in writing (via email or post) to the attention of our Data Protection Officer (see contact information listed above).