Privacy Policy

Privacy Policy

Data protection notes “Welcome2BS”

Below you will get an overview of which data is processed for what purpose when visiting this website.

I. Who is responsible for this website?

This website is used as a joint controller according to Art. 26 GDPR as part of a cooperation between companies - Braunschweiger Landessparkasse Friedrich-Wilhelm-Platz 38100 Braunschweig,

- BS|ENERGY, Braunschweiger Versorgungs-AG & Co. KG Taubenstraße 7 38106 Braunschweig


** Public insurance Braunschweig** Theodor-Heuss-Straße 10 38122 Braunschweig


You can reach the data protection officer of the respective companies at the address mentioned above or at the following e-mail address:

  • Braunschweiger Landessparkasse

  • BS|ENERGY, Braunschweiger Versorgungs-AG & Co. KG

  • Public insurance Braunschweig

II. What is it about? When we process personal data, it means that we collect, store, transmit, delete or use it in another form. Personal data refers to information about natural persons who inform themselves on this website about the offers of “Welcome2BS” – cooperation/initiative. If you are already a customer of one of the cooperation companies, your data will also be processed in the course of your business relationship with the respective company. You can find information about this in the privacy policy of the respective company.

III. How are your data processed when visiting this website? Data needed to display the website and ensure its stability and security When the website is used only for information purposes, the following technical data are processed: – IP address of your device – Name of the retrieved file – Date and time of call – Transferred data quantity – Retrieval status (successful / not successful) – browser type and version as well as the operating system you use – URL of the previously called page (so-called “Referrer URL”) The processing of the data is carried out in order to safeguard legitimate interests of the joint controllers based on a balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR. The legitimate interest lies in granting the stability and security of the website. We also evaluate this information for statistical purposes and to improve this website without forming personal user profiles. The individual user remains anonymous in any case. Personal data will only be collected if you expressly inform us, for example when sending an email form. We use a transfer method based on the SSL (Secure Socket Layer) protocol. The traffic between your browser and our server is encrypted. In order for the browser you use to transmit data encrypted, the security protocol SSL must be activated within the settings. We will collect, process and use your personal data only to process your orders and inquiries as well as to safeguard legitimate business interests with regard to the advice and support of our customers and the needs-based product design. We expressly point out that all legal provisions are respected.

IV. Who receives your data? Disclosure to third parties takes place only if you have given consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a) GDPR or if there is a legal obligationto do so in accordance with Article 6 Paragraph 1 Clause 1 Letter c) GDPR. In order to provide the platform, contracted service providers receive data if they meet the specific confidentiality requirements of the joint controllers. These may be companies in the IT services category. The service providers then enter into corresponding data protection agreements. In addition, if there are legal or regulatory obligations, we may be required to disclose data to public bodies and institutions, such as law enforcement agencies.

V. When will your data be deleted? If the data mentioned in this declaration are no longer required for the original purpose, they will be deleted. Something else applies only when their – temporary – further processing is required for other purposes. If a different memory duration is defined for certain services, you will find them when describing the respective service.

VI. What rights do you have when it comes to processing your data? You have the following rights to the controllers of this website regarding the personal data concerning you: – Right to information – Right to rectification or deletion – Right to restriction of processing – Right to data portability – Right to revoke granted consent Please note that the revocation only works for the future. Processing carried out before revocation is not affected by this.

Information about your right to object under Art. 21 GDPR

Individual case-related right of opposition You have the right, for reasons arising from your particular situation, at any time to the processing of personal data concerning you, which is based on Art. 6 para. 1 sentence 1 lit. e) GDPR (data processing in public interest) and Article Art. 6 para. 1 sentence 1 lit. f) GDPR (data processing based on a balancing of interests) takes place to object; This also applies to profiling based on this provision within the meaning of Article 4 No. 4 GDPR. If you object, your personal data will no longer be processed by us. Unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms. Or the processing serves to assert, exercise or defend legal claims.

VIII. Information about your complaint law You also have a right of appeal in connection with the processing of your personal data pursuant to Art. 77 GDPR to a supervisory authority.

The competent supervisory authority for the joint controller is: The National Commissioner for Data Protection of Lower Saxony Prinzenstraße 5 30159 Hannover

IX. Are your data used for automated decision-making or profile formation? Data from the visit to this website will not be used for automated decision-making within the meaning of Art. 22 GDPR.

X. Information on joint responsibility according to Art. 26 (2) (GDPR)

1. What is the reason for joint responsibility?

The joint responsibility is the joint operation of this Internet platform “Welcome2BS”. You can request special offers from one or all companies represented here via this medium. As soon as your offer request has been sent to the respective competent company, the respective company is solely responsible for data protection as from this date with regard to this offer request and further subsequent processing steps.

2. What have the cooperation partners agreed?

The definition of the common processing activity, i.e. the operation of the Internet platform, is taken together. This also applies to the operation of this Internet platform

  • the collection and management of the consent of affected persons as permission for the joint processing activities, including the processing of revocations;
  • the guarantee of the measures necessary for GDPR-compliant processing in accordance with Art. 24 GDPR,
  • the implementation of the data protection requirements by means of technical design according to Art. 25 para. 1 GDPR
  • the implementation of the requirements for data protection-friendly defaults according to Art. 25 para. 2 GDPR
  • ensuring the safety of processing in accordance with Art. 32 GDPR and
  • the processing of data protection violations pursuant to Art. 33, 34 GDPR.

3. What does that mean for you?

Even if there is a common responsibility, the cooperation partners fulfil the data protection obligations according to their respective responsibilities for the individual sections as follows:

  • As part of the joint responsibility, a central body has been set up to process your requests. You can reach them by email: You can assert your rights via this contact path. If processing operations are affected by the exercise of your rights, which is the responsibility of a cooperation company, your concern will also only be forwarded to the affected company. You can of course also exercise your rights directly with the respective company at the address mentioned above.
  • The cooperating company shall make the persons concerned the same in accordance with Art. 13 and 14 GDPR necessary information in a precise, transparent, understandable and easily accessible form is freely accessible in a clear and simple language as soon as the requested offer is transmitted.