Solutions
For financial institutions
For media partners
About us
Career
biallo.de
Get in touch
Solutions
For financial institutions
For media partners
About us
Career
biallo.de
Get in touch
DE | EN

Privacy Policy

1. Controller and Contact Details

The controller responsible for data processing is Biallo & Team GmbH (hereinafter referred to as the “Controller”). The Controller processes the data provided by the data subject in accordance with the provisions of the General Data Protection Regulation (GDPR).

Contact details of the Controller:

Address: Achselschwanger Straße 5, 86919 Utting, Germany
Phone: +49 8806 33384 0
Fax: +49 8806 33384 19
Email: datenschutz@biallo.info

 

2. Data Protection Officer

Contact details of the Data Protection Officer:

Address: ISiCO GmbH, Am Hamburger Bahnhof 4, 10557 Berlin, Germany
Email: datenschutz@biallo.info

Please note explicitly that emails sent to the above email address are not read exclusively by our Data Protection Officer. If you wish to exchange confidential information, please first contact us via this email address to arrange direct communication.

 

3. Purpose and Legal Basis of Processing

We process your personal data on the basis of the following legal grounds and for the purposes outlined below.

3.1 Performance of a Contract or Pre-Contractual Measures

In certain cases, the processing of personal data is necessary for the performance of a contract or for the implementation of pre-contractual measures carried out at the request of the data subject.
The legal basis is Art. 6(1)(b) GDPR.

This includes in particular:

Processing contact inquiries (contact details and communication data).

3.2 Compliance with a Legal Obligation

Personal data (name, contact details, content of the inquiry) is processed in order to handle data subject rights requests pursuant to Art. 6(1)(c) GDPR in conjunction with Art. 15 GDPR.
Subsequently, we store the process to comply with our accountability obligations (Art. 5(2) GDPR).

3.3 Legitimate Interests

In other cases, personal data is processed to safeguard the legitimate interests of the Controller.
The legal basis is Art. 6(1)(f) GDPR.

This includes in particular:

Provision of the website and ensuring its security;

Limited, aggregated reach measurement to optimize the website using Matomo (device data, usage data);

Detection, limitation, and elimination of disruptions, bots, or errors on the website (e.g., form misuse) (device data, usage data).

The Controller informs data subjects of their right to object. Further details can be found in Section 12 of this policy.

 

4. Categories of Data Processed

For the purposes described above, we may process the following personal data:

Contact data: name, email address, postal code, city, address, phone number;

Communication data: content of contact inquiries;

Device data: IP address (stored briefly in plain text in log files; anonymized when processed by Matomo), HTTP headers, browser type and version, operating system (user agent);

Usage data: pages visited (page views), access times, time spent on pages, referrer URL, clicks on page content.

 

5. Recipients of Data

Data collected by us is generally disclosed only where a legal basis exists, in particular if:

Disclosure is necessary pursuant to Art. 6(1)(f) GDPR for the establishment, exercise, or defense of legal claims and there is no reason to assume overriding legitimate interests of the data subject;

The Controller is legally obliged to disclose data pursuant to Art. 6(1)(c) GDPR, e.g., due to official requests, court orders, or legal proceedings;

Disclosure is legally permissible and necessary pursuant to Art. 6(1)(b) GDPR for contract performance or pre-contractual measures.

Some data processing may be carried out by service providers commissioned by the Controller. Depending on the processing activity, recipients may include:

Postal and shipping providers: Deutsche Post AG or DHL Paket GmbH (Germany);

Communication service providers:

Email services: Microsoft Ireland Operations Limited, Dublin, Ireland;

Telephone and fax services: Cisco Systems GmbH, Cologne, Germany;

Web hosting provider: punkt.de GmbH, Karlsruhe, Germany;

External Data Protection Officer: ISiCO GmbH, Berlin, Germany;

Integrated services: Website analytics provider InnoCraft Ltd., Wellington, New Zealand.

 

6. Data Transfers to Third Countries

The Controller may use services whose providers are located in so-called third countries (outside the EU/EEA) or transfer personal data to such countries.

Where an adequacy decision by the European Commission exists (Art. 45 GDPR), data transfers are based on this decision (e.g., Switzerland, the United Kingdom, Canada, New Zealand).
For the United States, this applies only if the recipient is certified under the EU–US Data Privacy Framework.

Where no adequacy decision exists, appropriate safeguards are implemented, such as EU Standard Contractual Clauses or Binding Corporate Rules (Art. 46 GDPR).
Where this is not possible, transfers are based on exceptions under Art. 49 GDPR, in particular explicit consent or necessity for contract performance.

If no adequacy decision or safeguards apply, there is a risk that authorities in the third country (e.g., intelligence agencies) may access the data and that data subject rights may not be enforceable. In the case of explicit consent, data subjects are informed accordingly.

 

7. Reading and Storing Information on End Devices

7.1 Technologies Used

This website uses only technically necessary technologies and a cookieless web analytics solution (Matomo).
No cookies or comparable storage technologies (e.g., local storage or session storage) are used.

 

8. Website Analytics with Matomo

This website uses Matomo, an analytics tool provided by InnoCraft Ltd., to statistically analyze website usage.

Personal data is processed exclusively to generate aggregated, anonymized usage statistics for the purpose of website optimization.

Processed data includes:

Pages accessed;

Time spent on pages;

General usage interactions;

Shortened or anonymized IP address;

Technical browser and operating system information.

No information is stored on users’ devices.

Matomo is configured with privacy-friendly settings, including:

Complete cookie deactivation;

IP anonymization prior to processing;

Data processing exclusively on anonymized IP addresses;

Referrer URL anonymization;

Automatic deletion and limited retention periods;

Respect for browser “Do Not Track” settings;

Deactivation of heatmaps, session recordings, visit logs, and user profiles.

No user profiling, cross-site tracking, or processing for advertising, marketing, or affiliate purposes takes place.

Further information: Matomo privacy policy.

 

9. Social Media Platforms

The Controller maintains company profiles on social media platforms to communicate with users and provide information about products and services.

9.1 Processing by Social Media Providers

Social media platforms typically process data for market research and advertising purposes, including creating usage profiles and displaying targeted ads.
The legal basis and details of such processing can be found in the respective platform privacy policies.

9.2 Statistical Processing

The Controller may access aggregated statistics provided by social media platforms (e.g., demographics, interactions). These insights are used to optimize content and presentation.
Processing is generally based on joint controllership.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(b) GDPR (pre-contractual communication).

9.3 Data Protection Rights

Requests can be asserted most efficiently directly with the respective platform provider. Users may also contact the Controller, who will forward the request as appropriate.

9.4 Social Media Platforms Used

Facebook

Instagram

YouTube

X (Twitter)

TikTok

LinkedIn

(Each with corresponding privacy policies, joint controller agreements, and opt-out options as listed.)

 

10. Data Retention Periods

Personal data is stored only as long as necessary for the stated purposes. Thereafter, data is deleted unless statutory retention periods or legal claims apply.

Examples:

Communication data: duration of request processing;

Device and usage data for security purposes: 14 days.

Statutory retention obligations (e.g., under German Commercial Code or Tax Code) range from 2 to 10 years.
Limitation periods under German law may be up to 30 years.

 

11. Data Subject Rights

Data subjects have the following rights under GDPR:

Right of access (Art. 15);

Right to rectification (Art. 16);

Right to erasure (Art. 17);

Right to restriction (Art. 18);

Right to object (Art. 21);

Right to withdraw consent (Art. 7(3));

Right to data portability (Art. 20).

Requests may be sent to the address listed in Section 1 or to datenschutz@biallo.info.

A right to lodge a complaint with a supervisory authority also exists (Art. 77 GDPR).

 

12. Right to Object and Withdrawal of Consent

Consent may be withdrawn at any time with effect for the future.
Processing based on legitimate interests may be objected to at any time for reasons arising from the data subject’s particular situation.

Data processing for direct marketing purposes may be objected to at any time without giving reasons.

Requests can be submitted informally by email or post.

 

13. Obligation to Provide Data

Mandatory fields are marked accordingly. Without required data, services cannot be provided or contracts concluded.
Optional fields are voluntary and not required.

 

14. Automated Decision-Making

No automated decision-making, including profiling pursuant to Art. 22 GDPR, takes place.