Privacy Statement

Data protection declaration of Max Bringmann KG

We are pleased about your interest in our company and our products or services and want you to feel secure regarding the protection of your data when visiting our website. We take the protection of your data very seriously. Complying with the provisions of the GDPR and the German Federal Data Protection Act (BDSG) is a matter of course for us.


As part of our duty to inform, we would like to make this privacy policy as transparent as possible. Below, we explain, among other things, how we process your personal data when you use our website, which tracking/analysis tools, cookies and third-party services we use, and inform you about your rights.


If you still have questions about how we handle your personal data, please feel free to contact us or our data protection officer (contact details below).


1. Controller

Max Bringmann KG
Johann-Höllfritsch-Str. 37
90530 Wendelstein


as the operator of this website (https://www.folia.de) is the controller within the meaning of the European General Data Protection Regulation (GDPR), and decides alone or jointly with others on the purposes and means of processing personal data, hereinafter referred to as “data”.


2. Definitions

We would like to inform you below about the processing of your personal data when visiting our website and using our content and services.


"Personal data" under the GDPR refers to all information relating to an identified or identifiable natural person (data subject). A natural person is deemed identifiable if they can be directly or indirectly identified, particularly by assigning an identifier (such as name, address, telephone number, email address, IP address, location data, or specific characteristics such as genetic, economic, or social identity).


"Processing" refers to any operation or set of operations performed on data, with or without automated means. This includes, in particular, the collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, querying, use, disclosure by transmission, dissemination or provision, alignment, combination, restriction, deletion, or destruction.


3. Scope of Processing Personal Data

It is generally not necessary to provide data in order to use our website. However, in certain cases we need your name and address as well as further information so that we can provide the services you request.


The same applies, for example, to sending informational material or ordered goods, or responding to individual inquiries. Where necessary, we will inform you accordingly. Beyond that, we only process data that you voluntarily provide to us, as well as data that we automatically collect when you visit our website (e.g., IP address and the names of the pages you visit, your browser and operating system, date and time of access, search engines used, names of downloaded files).


If you use our services, only the data we require to provide these services will generally be collected. If we ask for additional information, providing it is optional.


4. Purpose Limitation of Personal Data Processing

We process the data you provide according to the principles of data minimization and purpose limitation.


Generally, we process your data for the purpose of answering your inquiries, processing your orders, or granting you access to certain information or offers. To maintain customer relationships, it may also be necessary for us or an appointed service provider to use this data to inform you about product offers or conduct online surveys to better meet our customers’ needs.


We only process the data you provide online for the purposes communicated to you. We do not transfer your data to third parties without your explicit consent.


Data collection and transmission to authorized governmental institutions and authorities occur only within the scope of applicable laws or if we are required to do so by a court decision.


Naturally, we respect your wish if you do not want to provide us with your data to support our customer relationships (especially for direct marketing or market research). We will neither sell nor otherwise market your data to third parties unless you have given us permission to do so.


5. Legal Basis for Processing Personal Data

If we obtain your consent for processing operations involving personal data, this consent according to Art. 6(1) sentence 1 lit. a GDPR is the legal basis for processing your data.


If the processing of personal data is necessary for the performance of a service requested by you, we rely on Art. 6(1) sentence 1 lit. b GDPR.


If processing personal data is required for compliance with a legal obligation to which our company is subject, Art. 6(1) sentence 1 lit. c GDPR serves as the legal basis.


If processing is necessary to protect a legitimate interest of our company or a third party, and if your interests, fundamental rights, and freedoms do not override that interest, Art. 6(1) sentence 1 lit. f GDPR forms the legal basis.


6. Data Deletion and Storage Duration

We store your data only as long as necessary to fulfill its purpose and no statutory retention periods exist (e.g. commercial or tax retention obligations).


If you have granted consent, we store your data until you revoke that consent, provided there is no other legal basis for processing and no statutory retention period prevents deletion.


In individual cases, e.g. for evidence purposes, a longer storage period may be required to defend or enforce civil or public claims.


7. Data Automatically Collected When Visiting Our Website

When using our website, the following data may be processed for organizational and technical reasons: names of the pages accessed, browser and operating system used, date and time of access, search engines used, names of downloaded files, and your IP address.


8. Cookies

8.1 General

When you visit one of our websites, we may store information in the form of a cookie on your computer. Cookies are small text files that are sent by a web server to your browser and stored on your computer’s hard drive.


Some cookies are deleted at the end of the browser session, i.e. when you close your browser (so-called session cookies). Other cookies remain on your device and allow your browser to be recognized on your next visit (persistent cookies). When cookies are set, they process certain user information such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a predefined period, which may vary depending on the cookie.


With the cookies we use, typically no personal data other than the IP address is stored. This information helps automatically recognize you on future visits and makes navigation easier. For example, cookies allow us to tailor a website to your interests.

You can, of course, view our websites without cookies. If you do not want us to recognize your computer, you can prevent cookie storage by selecting “do not accept cookies” in your browser settings. For more details, please refer to your browser’s instructions. If you do not accept cookies, this may lead to functional limitations of our offerings.


Cookies required for technically correct and optimized service delivery (“functional cookies”) are stored based on our legitimate interest under Art. 6(1) sentence 1 lit. f GDPR. Non-functional cookies (e.g. tracking, statistics) are set only with your consent (Art. 6(1) sentence 1 lit. a GDPR).


You can modify or withdraw your cookie settings at any time at the bottom of the website under “Cookie Settings”.


8.2 Cookie Consent (“EU Cookie Richtlinie Pro”)

This website uses the “EU Cookie Richtlinie Pro” cookie consent tool by ACRIS E-Commerce GmbH, Am Pfenningberg 60, 4040 Linz, Austria (“ACRIS”) to obtain valid user consent for cookies requiring consent and cookie-based applications.


By embedding the corresponding JavaScript code, a banner is displayed when the website is accessed, where consent can be given by ticking checkboxes. The tool blocks all cookies requiring consent until the user opts in. This ensures that such cookies are only set if consent has been given.


To ensure the tool can uniquely assign page views to users and store their consent settings for the duration of a session, certain user information (including IP address) is collected, transmitted to ACRIS servers, and stored there.


These data processing activities occur based on Art. 6(1) sentence 1 lit. f GDPR due to our legitimate interest in a legally compliant, user-specific, and user-friendly cookie consent management solution and thus a legally compliant website setup. Another legal basis is Art. 6(1) sentence 1 lit. c GDPR, as we are legally required to make the use of non-essential cookies dependent on user consent.


Further information about data use by ACRIS can be found at:
https://www.acris-ecommerce.at/datenschutz/


9. Web Analytics

9.1 General

Your browsing behavior may be statistically evaluated when visiting our website. This is mainly done using cookies and analysis programs. The analysis is usually anonymous; the browsing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. More information is provided below.


9.2 Matomo Analytics (formerly Piwik)

Our websites use the web analysis service “Matomo Analytics” by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand (https://matomo.org/); hereinafter “Matomo”. Matomo uses cookies that enable an analysis of website use. For this purpose, the information generated by the cookie (including your shortened IP address) is transferred to our server and stored there for analysis purposes, helping us optimize the website. Your IP address is anonymized immediately so you remain anonymous to us.


The storage of Matomo cookies and use of this analysis tool is based on Art. 6(1) sentence 1 lit. f GDPR, as the website operator has a legitimate interest in anonymized analysis to optimize web presence and advertising. If consent is requested (e.g., for cookie storage), processing occurs solely based on Art. 6(1) sentence 1 lit. a GDPR; this consent can be revoked at any time.


The information generated by the cookie is stored on our server in Germany and not shared with third parties.


You may prevent cookie use by changing your browser settings, though this may limit website functionality.


If you disagree with the storage and evaluation of this data, you can object under Cookie Settings on the website. An opt-out cookie will then be stored, preventing Matomo from collecting session data.

Note: If you delete your cookies, the opt-out cookie will also be deleted and needs to be reactivated.


Further information can be found in Matomo’s privacy policy: https://matomo.org/privacy-policy/


10. Social Media

To make sharing and viewing content easier, we offer links to social networks. Our websites contain links to social networks where we are active. These may refer to the respective “folia” account. Responsibility is shared between us and the social network operator under Art. 26 GDPR.


We use these links based on our legitimate interests per Art. 6(1) sentence 1 lit. f GDPR, including analysis, optimization, economical operation of our online offering, and increasing our reach.


When you click one of these buttons, you are forwarded to the website of the respective social network. We have no influence over the data transmitted.


If you click one of these buttons, information that you accessed certain pages of our site may be transmitted to the social network’s servers. If you are logged in, this may be associated with your personal account.


Even if you are not a member of the networks, it is still possible that they will determine and store your IP address.


We are present on the following networks:


10.1 Instagram

Operated by Meta Platforms Inc., USA, or Meta Platforms Ireland Ltd., EU.


10.2 Facebook

Operated by Meta Platforms Inc., USA, or Meta Platforms Ireland Ltd., EU.


10.3 YouTube

Operated by Google LLC, USA, or Google Ireland Limited, EU.


10.4 Pinterest

Operated by Pinterest Inc., USA, or Pinterest Europe Ltd., EU.


10.5 X (formerly Twitter)

Operated by X Corp., USA, or X International Company, Ireland.


10.6 Further Information

For transfers to U.S. parent companies, these operators have taken appropriate measures (e.g., EU Standard Contractual Clauses) and participate in the EU-U.S. Data Privacy Framework.

We expressly point out that we have no knowledge of the extent and content of transmitted data or how the networks use such data.


10.4.2 Embedded YouTube Videos

Our websites contain embedded YouTube videos, which establish only a connection to YouTube. YouTube is provided by Google LLC, USA, or Google Ireland Limited, EU.


Google is certified under the “Privacy Shield” (found at https://www.privacyshield.gov/list under “Google”), committing to comply with EU data protection guidelines.


By embedding YouTube, we aim to present various videos on our website so you can watch them directly.


The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the significant benefit YouTube provides. Using external videos reduces server load and improves stability. YouTube/Google also has a legitimate interest in collecting data to improve its services.


Where consent is required (e.g., cookie storage), processing is based solely on Art. 6(1)(a) GDPR and may be revoked at any time.

More information: www.google.com/policies/privacy/
Google privacy settings: https://privacy.google.com/take-control.html?categories_activeEl=sign-in


11. Additional Services

11.1 Contact Form

When you submit inquiries via our contact form, the data you provide (including contact details) is transmitted to us and stored to process your request and for follow-up questions. We do not share this data without your consent.

Processing takes place based on your voluntary consent or because it is required to perform a contract or pre-contractual measures (Art. 6(1)(a) and (b) GDPR).

You may withdraw consent at any time. A simple email is sufficient. Past processing remains unaffected. Data is stored until you request deletion, revoke consent, or the purpose no longer applies.


11.2 Applications

Our job openings can be found at https://folia.de/karriere/.
Protecting your personal data during the application process is very important to us.


We offer several options to submit your application, including email or postal mail to the address specified in the job posting.


Further details can be found in the information sheet for applicants.


13. Children and Adolescents

Persons under 16 should not submit data to us without parental or guardian consent. We do not request data from children under 16, nor do we collect or share such data.


14. Security

We have implemented technical and organizational measures to protect your data against loss, destruction, manipulation, and unauthorized access, in accordance with legal requirements. All employees and individuals involved in data processing are obligated to comply with the GDPR, the applicable BDSG, and other data-related laws, and to handle data confidentially.


We also conclude data processing agreements with external service providers when required. These providers are obligated to maintain confidentiality and comply with GDPR and BDSG.


This website uses SSL/TLS encryption for secure transmission of confidential content (e.g., orders or inquiries). You can recognize encrypted connections by “https://” and the lock symbol in your browser.


Without encryption, information sent via email may be readable by third parties. We generally cannot verify your identity via email. Therefore, communication via simple email cannot be guaranteed as legally secure. Like many email providers, we use spam filters that may incorrectly classify regular emails. Emails with viruses are always deleted automatically.


Our security measures are regularly reviewed and updated according to technological developments.


15. Rights of Data Subjects

If we process your data, you have extensive rights, described individually below.


15.1 Withdrawal of Consent

If we require your consent, we obtain it and record it digitally. You may withdraw consent at any time with future effect by writing to:

Max Bringmann KG
Johann-Höllfritsch-Str. 37
90530 Wendelstein
or emailing: datenschutz@folia.de


15.2 Right of Access

Under Art. 15 GDPR, you may request information about your processed data at any time, including processing purposes, categories of data, categories of recipients, and storage periods.


15.3 Right to Rectification

Under Art. 16 GDPR, you may request correction or completion of inaccurate or incomplete data.


15.4 Right to Erasure

Under Art. 17 GDPR, you may request deletion if data is no longer necessary, no other legal basis applies, you objected and no overriding legitimate grounds exist, processing was unlawful, or legal deletion obligations exist.


15.5 Right to Restriction of Processing

Under Art. 18 GDPR, you may request restriction if the accuracy is contested, processing is unlawful but deletion is refused, data is no longer needed but required for legal claims, or if an objection under Art. 21 GDPR is pending.


15.6 Right to Data Portability

Under Art. 20 GDPR, you may receive your data in a commonly used, machine-readable format and request transmission to another controller where technically feasible.


15.7 Right to Object

Under Art. 21 GDPR, you may object to processing for the purposes stated above, especially direct marketing. For direct marketing, your objection is always honored without requiring justification.


15.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in your place of residence, workplace, or where an alleged infringement occurred.


List of authorities: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html


16. Questions, Suggestions, Complaints to the External Data Protection Officer

If you have questions about our privacy notices or the processing of your data, you may contact our data protection officer:


Rechtsanwaltskanzlei Costard
Law Firm for IT Law and Data Protection
Attorney Thomas P. Costard
Lina-Ammon-Straße 9
90471 Nuremberg
Phone: 0911 / 790 30 34
Fax: 0911 / 790 30 35
Email: kontakt@it-rechtsberater.de
www.it-rechtsberater.de


He is also available for access requests, suggestions, or complaints.


17. Changes to Our Privacy Policy

We reserve the right to modify our security and data protection measures, where required by technical developments. In such cases, we will adjust our privacy notices accordingly. Please consult the current version of our privacy policy. Current version as of: December 2025.