Disclaimer

We are very pleased about your interest in our company. Data privacy has particularly high importance for the Management board of Hartung & Ludwig Architektur- und Planungsgesellschaft mbH. As a general rule, it is possible to use the Hartung & Ludwig Architektur- und Planungsgesellschaft mbH website without disclosing any personal data. If a data subject would like to use specific services of our company through our website, however, processing of personal data may become necessary. If the processing of personal data is necessary and if no legal foundation exists for such processing, we will generally obtain consent from the data subject.

 

The processing of personal data, for example, the name, address, e-mail address or telephone number of a data subject, always occurs in line with the General Data Protection Regulation and in accordance with the valid country-specific privacy policies for Hartung & Ludwig Architektur- und Planungsgesellschaft mbH. With this privacy policy, our company intends to inform the public about the nature, scope and purpose of the personal data, which are collected, used and processed by us. Furthermore, data subjects are informed about the rights to which they are entitled by means of this privacy policy.

 

Hartung & Ludwig Architektur- und Planungsgesellschaft mbH has implemented numerous technical and organisational measures for processing, in order to ensure the most gap-free protection possible for the personal data processed via this website. Nevertheless, in principle, Internet-based data transfers may have security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to also send personal data to us using alternative methods, such as by telephone.

 

 

  1. Definitions of terms

 

The privacy policy of Hartung & Ludwig Architektur- und Planungsgesellschaft mbH is based on the definitions, which were used by the European issuer of directives and regulations when the General Data Protection Regulation (GDPR) was issued. Out privacy policy should be easily readable and understandable for the public, as well as for our customers and business partners. In order to guarantee this, we would first like to explain the definitions used.

 

Among others, we use the following definitions in this privacy policy:

 

  1. a) Personal data

 

    Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  1. b) Data subject

 

    A data subject is any identified or identifiable natural person, whose data are processed by the data controller.

  1. c) Processing

 

    Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

  1. d) Restriction of processing

 

    Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

  1. e) Profiling

 

    Profiling means any type of automated processing of personal data, which is comprised of this personal data being used in order to evaluate specific personal aspects, which relate to the natural person, particularly, in order to analyse or forecast aspects regarding work performance, financial situation, health, personal preferences, interests, reliability, conduct, place of residence or change of location by this natural person.

  1. f) Pseudonymisation

 

    Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

  1. g) Controller or data controller

 

    Controller or data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

  1. h) Processor

 

    Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  1. i) Recipient

 

    Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

  1. j) Third party

 

    Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

  1. k) Consent

 

    Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

 

  1. Name and address of the data controller

 

The controller, within the meaning of the General Data Protection Regulation, other valid data protection laws in the Member States of the European Union and other provisions with a data-protection-law character, is:

 

Hartung & Ludwig Architektur- und Planungsgesellschaft mbH

Steubenstraße 31

99423 Weimar

Thuringia

Tel.: +49 3643 740 21 40

E-mail: info@hartung-ludwig.de

Website: www.hartung-ludwig.de

 

 

  1. Name and address of the Data Protection Representative

 

The Data Protection Representative of the data controller is:

Attorney-at-law

André Stämmler

Markt 22

07743 Jena

Thuringia

Tel.: 03641 3161180

E-mail: jena@staemmler.pro

Website: https://www.staemmler.pro

 

A data subject may contact our Data Protection Representative at any time with all questions and suggestions relating to data privacy.

 

 

  1. Cookies

 

The Hartung & Ludwig Architektur- und Planungsgesellschaft mbH website uses cookies. Cookies are text files, which are filed and saved on a computer system via an Internet browser.

 

Many websites and servers use cookies. Many cookies contain a so-called Cookie ID. A Cookie ID is a unique identifier of the cookie. It is comprised of a string of characters that websites and servers associate with the browser on which the cookie is stored. This allows the visited websites and servers to distinguish the data subject’s individual browser from other Internet browsers that contain different cookies. A specific Internet browser can be recognised by its unique Cookie ID.

 

Cookies allow Hartung & Ludwig Architektur- und Planungsgesellschaft mbH to provide the user of this website with more user-friendly services, which would not be possible without setting cookies.

 

With a cookie, the information and offers on our website can be optimised in the interest of the user. As already mentioned, cookies allow us to recognise the users of our website. The purpose of this recognition is to simplify the use of our website for the users. For example, the users of a website, which uses cookies, does not need to enter his or her access data each time he or she visits the website, because this is taken from the website and the cookie filed on the user’s computer system. Another example is the cookie of a shopping basket in an online shop. The online shop remembers the item, which a customer has placed in the virtual shopping basket, through a cookie.

 

The data subject can prevent the setting of cookies by our website at any time using an appropriate setting of the Internet browser and thereby permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted using an Internet browser or other software programs. This is possible in all of the commonly-used Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, under certain circumstances, not all functions of our website will be fully usable.

 

 

  1. Collection of general data and information

 

Each time the website is accessed by a data subject or an automated system, the Hartung & Ludwig Architektur- und Planungsgesellschaft mbH website collects a series of general data and information. These general data and information are stored in the log files of the server. The (1) browser types and versions, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites, which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet Service Provider of the accessing system and (8) other similar data and information can be collected, which have the purpose of averting hazards in the case of attacks on our information technology systems.

 

When using these general data and information, Hartung & Ludwig Architektur- und Planungsgesellschaft mbH does not draw any conclusions about the data subject. In fact, this information is required in order to (1) correctly deliver the contents of our website, (2) optimise the contents of our website and the advertising for these, (3) guarantee the permanent functionality of our information technology systems and the technology of our website and (4) provide criminal prosecution authorities with necessary information in the event of a cyber attack. These anonymously collected data and information are therefore evaluated by Hartung & Ludwig Architektur- und Planungsgesellschaft mbH for statistical purposes, on the one hand, and on the other hand, to increase data privacy and data security, in order to ultimately guarantee an optimum protection level for the personal data, which we process. The anonymous data of the server log files are stored separately from all of the personal data provided by a data subject.

 

 

  1. Routine deletion and blocking of personal data

 

The data controller only processes and stores the data subject’s data for as long as it is necessary for achieving the storage purpose, or if this has been prescribed in the laws or regulations imposed on the data controller by the European issuer of directives and regulations or another legislator in laws or regulations.

 

If the storage purpose ceases to apply or if a storage period prescribed by the European issuer of directives and regulations or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

 

 

  1. Rights of the data subject

 

  1. a) Right to confirmation

 

    Every data subject has the right granted by the European issuer of directives and regulations, to request a confirmation from the data controller regarding whether his or her personal data are processed. If a data subject intends to exercise this confirmation right, he or she may contact an employee of the data controller at any time for this purpose.

  1. b) Right to disclosure

 

    Any data subject affected by the processing of personal data has the right granted by the European issuer of directives and regulations, to obtain a free-of-charge information at any time from the data controller regarding his or her personal stored data and obtain a copy of this information. Furthermore, the European issuer of directives and regulations has conceded disclosure of the following information to the data subject:

        the processing purposes

        the categories of personal data, which are processed

        the recipient or categories of recipients, to whom the personal data have been disclosed or are yet to be disclosed, particularly for recipients in third countries or with international organisations

        if possible, the planned duration for which the personal data will be stored, or if this is not possible, the criteria for specifying this duration

        the existence of a right to correction or deletion of your personal data, a right to restriction of processing by the controller or right to object to this processing

        the existence of a right to object with a supervisory authority

        if the personal data are not collected from the data subject: all available information about the origin of the data

        the existence of automated decision-making, including profiling in accordance with Article 22 Para. 1 and 4 GDPR and - at least in these cases - significant information about the logic involved, as well as the scope and intended implications of such processing for the data subject

 

    Furthermore, the data subject is entitled to a right to information about whether personal data have been sent to a third country or an international organisation. If this is the case, the data subject, ceteris paribus, has the right to obtain information about the appropriate guarantees in relation to the sending.

 

    If a data subject intends to exercise this right to information, he or she may contact an employee of the data controller at any time for this purpose.

  1. c) Right to correction

 

    Each person affected by the processing of personal data has the right granted by the European issuer of directives and regulations to request immediate correction of inaccurate personal data relating to him or her. Furthermore, the data subject is entitled to the right to demand the completion of incomplete personal data, in consideration of the purposes of processing, also by means of a supplementary declaration.

 

    If a data subject intends to exercise this correction right, he or she may contact an employee of the data controller at any time for this purpose.

  1. d) Right to deletion (right to being forgotten)

 

    any person affected by the processing of personal data has the right granted by the European issuer of directives and regulations to demand that the controller immediately deletes his or her personal data, provided that one of the following reasons applies and processing is not necessary:

        The personal data have been collected for such a purpose or processed in another manner, for which they are no longer necessary.

        The data subject revokes his or her consent to the processing in accordance with Art. 6 Para. 1 Letter a GDPR or Art. 9 Para. 2 Letter a GDPR and another legal basis is lacking for the processing.

        In accordance with Art. 21 Para. 1 GDPR, the data subject files an objection to the processing and no overriding legitimate reasons exist for the processing, or the data subject files an objection against the processing in accordance with Art. 21 Para. 2 GDPR.

        The personal data have been processed unlawfully.

        The deletion of your personal data is required to fulfil a legal obligation under Union law or the law of the Member States, by which the controller is governed.

        The personal data have been collected in relation to offered services of the information society, in accordance with Art. 8 Para. 1 GDPR.

 

    If one of the aforementioned reasons applies and a data subject would like to arrange for the deletion of personal data, which are stored with Hartung & Ludwig Architektur- und Planungsgesellschaft mbH, he or she can contact one of the data controller’s employees at any time for this purpose. The employee of Hartung & Ludwig Architektur- und Planungsgesellschaft mbH will arrange for the request for deletion to be fulfilled at once.

 

    If the personal data have been disclosed by Hartung & Ludwig Architektur- und Planungsgesellschaft mbH and our company is obligated to delete the personal data, as the controller in accordance with Art. 17 Para. 1 GDPR, in consideration of the available technology and the implementation costs, Hartung & Ludwig Architektur- und Planungsgesellschaft mbH shall take appropriate measures, also of a technical nature, in order to notify other data controllers, which process the disclosed personal data, that the data subject has been asked by these other data controllers to delete all of the links to these personal data or copies or replications of these personal data, if the processing is not necessary. The employee of Hartung & Ludwig Architektur- und Planungsgesellschaft mbH will make the necessary arrangements on a case-by-case basis.

  1. e) Right to restriction of processing

 

    Every person affected by the processing of personal data has the right granted by the European issuer of directives and regulations, to demand the restriction of processing from the controller, if one of the following preconditions exists:

        The accuracy of the personal data is disputed by the data subject, for a duration, which enables the controller to check the accuracy of the personal data.

        The processing is unlawful and the data subject rejects the deletion of the personal data and instead, requests the restriction of use of the personal data.

        The controller no longer requires the personal data for the processing purposes, however, the data subject requires them to assert, exercise or defend legal claims.

        The data subject has filed an objection to processing in accordance with Art. 21 Para. 1 GDPR and it is not yet determined whether the legitimate reasons of the controller outweigh those of the data subject.

 

    If one of the aforementioned reasons applies and a data subject would like to request the restriction of personal data, which are stored with Hartung & Ludwig Architektur- und Planungsgesellschaft mbH, he or she can contact one of the data controller’s employees at any time for this purpose. The employee of Hartung & Ludwig Architektur- und Planungsgesellschaft mbH will arrange for the necessary restriction of processing.

  1. f) Right to data transferability

 

    Each person affected by the processing of personal data has the right, granted by the European issuer of directives and regulations, to receive the personal data related to him or her, which are provided by the data subject to a controller, in a structured, commonly-used and machine-readable format. He or she also has the right to send these data to another controller, without any impediment by the controller, to whom the personal data were provided, as long as the processing is based on the consent in accordance with Art. 6 Para. 1 Letter a GDPR or Art. 9 Para. 2 Letter a GDPR or on a contract in accordance with Art. 6 Para. 1 Letter b GDPR and the processing occurs using automated procedures, if the processing is not required for exercising a duty, is in the public interest or occurs by way of exercising public authority, which was assigned to the controller.

 

    Furthermore, in exercising his or her right to data transferability in accordance with Art. 20 Para. 1 GDPR, the data subject has the right to arrange that the personal data are sent directly from one controller to another controller, insofar as this is technically feasible and if the rights and freedoms of other persons are not impaired by this.

 

    To assert the right to data transferability, the data subject can contact an employee of Hartung & Ludwig Architektur- und Planungsgesellschaft mbH at any time.

  1. g) Right to objection

 

    Any person affected by the processing of personal data has the right, granted by the European issuer of directives and regulations, which arises from his or her specific situation, to file an objection to the processing of his or her personal data, which occurs on the basis of Art. 6 Para.1 Letters e or f GDPR, at any time. This also applies to profiling based on these provisions.

 

    Hartung & Ludwig Architektur- und Planungsgesellschaft mbH will no longer process the personal data, in the case of an objection, unless we can provide evidence of mandatory protectable reasons for the processing, which outweigh data subject’s interests, rights and freedoms, or are for the purpose of processing the assertion, exercising or defence of legal claims.

 

    If Hartung & Ludwig Architektur- und Planungsgesellschaft mbH processes personal data in order to perform direct marketing, the data subject has the right to file an objection to the processing of the personal data for the purpose of such marketing at any time. This also applies to profiling, if it is related to such direct marketing. If the data subject objects to Hartung & Ludwig Architektur- und Planungsgesellschaft mbH about the processing for the purpose of direct marketing, Hartung & Ludwig Architektur- und Planungsgesellschaft mbH will no longer use the personal data for these purposes.

 

    Furthermore, the data subject has the right to file an objection to the relevant processing of personal data, which arise from the specific situation, which takes place at Hartung & Ludwig Architektur- und Planungsgesellschaft mbH for scientific or historical purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, unless such processing is necessary for the fulfilment of a duty in the public interest.

 

    To exercise the right to objection, the data subject may contact any employee of Hartung & Ludwig Architektur- und Planungsgesellschaft mbH or another employee at any time. The data subject is also entitled to exercise the right to object using an automated procedure, for which technical specifications are used, in relation to the use of information society services - without prejudice to Regulation 2002/58/EC.

  1. h) Automated decisions on a case-by-case basis, including profiling

 

    Every person affected by the processing of personal data shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, if the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or (3) is based on the data subject’s explicit consent.

 

    If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is explicitly authorised by the data subject, Hartung & Ludwig Architektur- und Planungsgesellschaft mbH shall take the appropriate measures, in order to preserve the rights and freedoms, as well as the legitimate interests of the data subject, which includes the right to attain the intervention of a person by the controller, to prevent the own point of view and to challenge the decision.

 

    If the data subject intends to exercise rights with respect to automated decisions, he or she may contact an employee of the data controller at any time for this purpose.

  1. i) Right to revocation of the data protection law declaration of consent

 

    Each person affected by the processing of personal data has the right granted by the European issuer of directives and regulations to revoke consent for the processing of personal data at any time.

 

    If the data subject intends to exercise rights with respect to revoking a consent, he or she may contact an employee of the data controller at any time for this purpose.

 

 

  1. Data protection for applications and in the application procedure

 

The data controller collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing may also occur electronically. This is particularly the case, if an applicant sends corresponding application documents electronically, e.g. by e-mail using a web form available on the website, to the data controller. If the data controller concludes an employment contract with the applicant, the sent data are stored for the purpose of processing the employment relationship in accordance with the statutory provisions. If no employment contract is concluded by the data controller with the applicant, the application documents are automatically deleted two months after notifying the rejection decision, provided that other legitimate interests of the data controller do not oppose deletion. Other legitimate interest in this sense is e.g. a burden of proof in proceedings under the General Equal Treatment Act (AGG).

 

 

  1. Privacy policy for the implementation and use of LinkedIn

 

The data controller has integrated components of LinkedIn Corporation into this website. LinkedIn is an Internet-based social network, which enables the connection of users with existing business contacts, as well as the establishment of new business contacts. More than 400 million registered persons use LinkedIn in more than 200 countries. Therefore, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.

 

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data privacy matters outside of the USA.

 

Each time our website is accessed, which contains a LinkedIn component (LinkedIn plugin), this component arranges for the browser being used by the person concerned to download a corresponding display of the LinkedIn component. Additional information about the LinkedIn plugins can be accessed at https://developer.linkedin.com/plugins. Within the scope of this technical procedure, LinkedIn receives information about which concrete sub-site of our website is visited by the data subject.

 

If the data subject is logged into LinkedIn at the same time, LinkedIn will recognise which concrete sub-site of our website the data subject visits, each time our website is accessed by the data subject and during the entire presence on our website. This information is collected by the LinkedIn component and allocated by LinkedIn to the data subject’s respective LinkedIn account. If the data subject clicks on one of the LinkedIn buttons integrated into our website and thereby gives a LinkedIn recommendation, LinkedIn allocates this information to the personal LinkedIn user account of the data subject and stores this personal data.

 

LinkedIn always receives information that the data subject visits our website via the LinkedIn component, if the data subject is logged into LinkedIn at the time of accessing our website; this occurs, irrespective of whether the data subject clicks on the LinkedIn components or not. If such sending of this information to LinkedIn is not wanted by the data subject, he or she can prevent the sending by logging out of his or her LinkedIn account prior to accessing our website.

 

Under https://www.linkedin.com/psettings/guest-controls, LinkedIn offers the option to cancel e-mail messages, text messages and targeted displays, as well as managing settings. LinkedIn also uses partners, such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which can set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. The valid privacy policy of LinkedIn is accessible at https://www.linkedin.com/legal/privacy-policy. The cookie policy of LinkedIn is accessible at https://www.linkedin.com/legal/cookie-policy.

 

 

  1. Privacy policy for the implementation and use of Xing

 

The data controller has integrated Xing components into this website. Xing is an Internet-based social network, which enables the connection of users with existing business contacts, as well as the establishment of new business contacts. The individual users can set up a personal profile with Xing. Companies can create company profiles, for example, or publish job vacancies on Xing.

 

The operating company of Xing is XING SE, Dammtorstraße 2930, 20354 Hamburg, Germany.

 

Each time one of the individual pages of this website is accessed, which are operated by the data controller and on which a Xing component (Xing plug-in) has been integrated, the Internet browser on the data subject’s information technology system is automatically instigated by the respective Xing component to download the appropriate Xing component from Xing. Additional information about the Xing plug-ins can be accessed at https://dev.xing.com/plugins. Within the scope of this technical procedure, Xing receives information about which concrete sub-site of our website is visited by the data subject.

 

If the data subject is logged into Xing at the same time, Xing will recognise which concrete sub-site of our website the data subject visits, each time our website is accessed by the data subject and during the entire presence on our website. This information is collected by the Xing component and allocated by Xing to the data subject’s respective Xing account. If the data subject clicks on one of the Xing buttons integrated into our website and thereby gives a Xing recommendation, Xing allocates this information to the personal Xing user account of the data subject and stores this personal data.

 

Xing always receives information that the data subject visits our website via the Xing component, if the data subject is logged into Xing at the time of accessing our website; this occurs, irrespective of whether the data subject clicks on the Xing component or not. If such sending of this information to Xing is not wanted by the data subject, he or she can prevent the sending by logging out of his or her Xing account prior to accessing our website.

 

The privacy policy published by Xing, which is accessible at https://www.xing.com/privacy, gives information about the collection, processing and use of personal data by Xing. Furthermore, Xing has published a privacy policy for the XING Share button at https://www.xing.com/app/share?op=data_protection.

 

 

  1. Privacy policy for the implementation and use of Google Maps

 

We use Google Maps (API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for displaying interactive maps and our location.

 

Irrespective of whether you have a Google account or not or whether you are logged into an account, when accessing a sub-site of our website, in which a Google Maps map is integrated, information will be transfered about your use of our website (e.g. your IP address) to Google servers in the USA and stored there. If you are logged into Google when accessing a sub-site of our website, in which a Google Maps map is integrated, your data will be allocated directly to your account. You can prevent the allocation of your data to your profile by Google by logging out of the Google account before accessing the website. Google stores and evaluates your data as user profiles. This occurs, irrespective of whether you are logged in or not.  The legal basis for the processing of the data is Art. 6 Para. 1 Letter f GDPR. A legitimate interest exists by Google in displaying personalised advertising, market research and/or needs-based designing of its website. You have a right to object to the formation of these user profiles. You must exercise the right to object vis-à-vis Google.

 

Google LLC, with its registered office in the USA, is certified for the US-European “Privacy Shield” data protection convention, which guarantees compliance with the data protection level that is applicable in the EU.

 

You can deactivate the Google Maps web service by switching off JavaScript in your browser. The map display on our website can no longer be used. No further data are then sent to Google Maps.

 

You can find additional information about data privacy at Google Maps under the following link: http://www.google.de/intl/de/policies/privacy/

 

 

  1. Legal basis for processing

 

Art. 6 I Letter a GDPR serves as a legal basis for our company for processing activities, in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract, whose contracting party is the data subject, as is the case, for example, with processing activities, which are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I Letter b GDPR. The same applies to such processing activities, which are necessary for the implementation of pre-contractual measures, such as in the cases of inquiries about our products or services. If our company is subject to a legal obligation, due to which processing of personal data becomes necessary, for example, for the fulfilment of tax obligations, the processing is based on Art. 6 I Letter c GDPR. In rare cases, the processing of personal data may be necessary, in order to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor was injured in our premises and his/her name, age, health insurance fund details or other vital information need to be disclosed to a doctor, a hospital or other third parties. Then, the processing would be based on Art. 6 I Letter d GDPR. Finally, processing activities may be based on Art. 6 I Letter f GDPR. Processing activities are based on this legal foundation, which are not covered by any of the aforementioned legal bases, if the processing is required to preserve our company’s legitimate interest or that of a third party, provided that the interests, constitutional rights and basic freedoms of the data subject do not outweigh this. We are specifically permitted to perform such processing activities, because they have been specifically mentioned by the European legislator. In this respect, it held the opinion that a legitimate interest could be assumed, if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).

 

 

  1. Legitimate interests in processing, which are pursued by the controller or a third party

 

If the processing of personal data is based on Article 6 I Letter f GDPR, our legitimate interest is the implementation of our business activity in favour of the well-being of all of our employees and shareholders.

 

 

  1. Duration for which the personal data can be stored

 

The criterion for the duration of storage of personal data is the respective statutory retention period. After the period has elapsed, the corresponding data are routinely deleted, provided that they are no longer required for contract fulfilment or contract procurement.

 

 

  1. Legal or contractual regulations on the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide personal data; possible consequences of non-provision

 

We inform you that the provision of personal data is partly prescribed by law (e.g. tax regulations) or may arise from contractual regulations (e.g. details about the contracting party). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data, which must be subsequently processed by us. The data subject is, for example, obligated to provide us with personal data, if our company concludes a contract with it. Non-provision of personal data would have the consequence that the contract could not be concluded with the data subject. Prior to the provision of personal data by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis about whether the provision of the personal data is legally or contractually prescribed or necessary for conclusion of the contract, whether an obligation exists to provide the personal data and which consequences the non-provision of the personal data has.

 

 

  1. Existence of automated decision-making

 

As a company that is aware of its responsibility, we waive automated decision-making or profiling.

 

This privacy policy has been created with the assistance of the Privacy Policy Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as an external Data Protection Representative Munich, in cooperation with the lawyer for data protection law, Christian Solmecke.