Data protection notice

counter_2Call up and visit
counter_4User account

Data processing on this website

The following notice explains how BAHAG AG, Gutenbergstraße 21, 68167 Mannheim, Germany (hereinafter referred to as "BAHAG") uses personal data, what data protection rights you are entitled to and how you can contact us in this regard and if you have any questions about data protection.

1. Controller

The controller within the meaning of Art. 4 no. (7) GDPR is BAHAG Baus Handelsgesellschaft AG Belp/Schweiz Zweigniederlassung Mannheim, Gutenbergstraße 21, 68167 Mannheim, Germany (hereinafter also: “we”, “us”).

Supplier support by the BAUHAUS companies takes place as joint controllers within the meaning of Art. 26 GDPR. The single point of contact for data protection-related inquiries from suppliers or data subjects is the

Zweigniederlassung Mannheim Gutenbergstraße 21
68167 Mannheim
Phone: +49 621 3905 1000

BAUHAUS AG undertakes the fulfilment of the rights of data subjects in accordance with the GDPR (see below "Data protection rights").

The BAUHAUS companies forward all inquiries from suppliers and third parties regarding data protection to BAUHAUS AG. Direct inquiries to the data protection officer remain unaffected. You can find the essential content of the agreement of the joint controllers within the meaning of Art. 26 GDPR under:

Further information on contact options can be found in the imprint.

2. Call up and visit of our website - server log files

For the purpose of the technical provision of the website, it is necessary for us to process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically collected each time our website is accessed and automatically stored in so-called server log files. These are:

  • browser type and browser version;
  • operating system used;
  • date and time of access; and
  • IP address of the requesting computer.

The storage of the aforementioned access data is necessary to provide a functional website and to ensure system security for technical reasons. This also applies to the storage of your IP address, which is necessary and, under certain conditions, can at least theoretically enable an assignment to your person. In addition to the above-mentioned purposes, we use server log files exclusively for the needs-based design and optimization of our website, purely statistically and without any conclusions about your person.

The access data collected as part of the use of our website is only kept for the period for which this data is required to achieve the above purposes. Your IP address will be stored on our web server for a maximum of 6 months for IT security purposes and then deleted or made anonymous. In exceptional cases, the data will be stored to clarify suspected cases of illegal use until the suspected case has been clarified.

The data processing described above is carried out based on our legitimate interests in providing our website in a secure manner and in evaluating the use of our website and based on Art. 6 para. 1 (f) GDPR.

3. Contact form and contact by email

On our website we offer you the opportunity to contact us via a contact form. You are also free to send us an e-mail with an enquiry. If your contact is aimed at concluding a contract or otherwise represents a pre-contractual measure, data from your contact and about you will be processed to answer your request based on Art. 6 para. 1 (b) GDPR. If you ask us a question that is not aimed at concluding a contract or pre-contractual measures, we will use the personal data and information about you contained herein based on our legitimate interests in answering inquiries and using information provided to us in accordance with Art. 6 para. 1 (f) GDPR. We store the data in connection with your request for the duration of our business relationship with you or until you have objected to data processing based on Art. 6 para. 1 (f) GDPR and your interests override ours or the weighing of interests without objection in your favour.

4. User account

If you create an account on the BAHAG website for any of the BAHAG services, you must complete the registration process by filling in the required information on the registration form. The legal basis for data processing is Art. 6 para. 1) (b) GDPR. The data from your user account will be processed for as long as this is necessary to provide the account and, if necessary, to comply with relevant legal regulations.

Data protection rights

As the data subject, you are entitled to the following data protection rights if you meet the applicable requirements:

  • Right of access (Art. 15 GDPR);
  • Right to rectification (Art. 16 GDPR);
  • Right to erasure (Art. 17 GDPR);
  • Right to restriction of processing (Art. 18 GDPR);
  • Right to data portability (Art. 20 GDPR);
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

Furthermore, you have the right to object (Art. 21 GDPR) if we carry out data processing based on Art. 6 para.1) (f) GDPR. Please note that in the case of data processing for purposes other than direct advertising, grounds must be given relating to your particular situation. You can send your objection to us by email at

If we process data about you on the basis of a consent you have given, you can withdraw the consent with effect for the future. You can send your withdrawal to us by email at

5. Use of cookies

BAHAG websites may use so-called "cookies" to help you with personalization. A cookie is a text file that is copied onto your hard drive by a web server. Cookies cannot run programs or bring viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. In the following we would like to inform you which cookies are set on the BAHAG website and for which purposes:



Processing purpose

Functional life

Third Party Access

rlmp_language_ detection_languageSelected

Saves the website visitor's language selection.

Until the session expires.



Used for load balancing and ensures that follow-up requests are routed back to the same endpoint.

Until the session expires.



Saves the frontend user session for the underlying CMS (Typo3)

Until the session expires.



Stores the server session for PHP for the Zend Framework

Until the session expires.