Data protection policy
We take data protection seriously
We take the protection of your privacy when processing personal data very seriously. When you visit our website, our web servers automatically store the IP of your internet service provider, the website from which you visited us, the websites that you visit after us and the date and duration of the visit. This information is essential for the technical transmission of the website and the secure operation of the server. There is no personalised analysis of these data.
If you send us data in a contact form, these data are stored on our servers in the course of data backup. We use your data exclusively for the purpose of dealing with your request. Your data are treated strictly confidentially. They are not forwarded to third parties.
Rayener Straße 14
Telephone: 00 49 / 28 45 - 20 30
Personal data are data about you. This includes your name, your address and your email address. You do not have to disclose any personal data in order to be able to visit our website. In some cases, we need your name, address and other information so that we can provide the requested service.
The same applies in the event that we deliver information to you at your request and if we are responding to your queries. You will always be informed of this in these cases. Furthermore, we only store data that you have provided to us automatically or voluntarily.
When you use one of our services, we generally only collect the data that are necessary to allow us to provide or service to you. We may ask you for further information, but this is of a voluntary nature. Whenever we process personal data, we do this so that we are able to provide our service to you or to pursue or commercial objectives.
Automatically stored data
Server log files
The website provider automatically collects and stores information in so-called server log files that your browser automatically sends to us. This information is:
- Date and time of the request
- Name of the requested file
- Website from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- Full IP address of the requesting computer
- Volume of data transferred
These data will not be consolidated with other data sources. Data are processed in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.
For reasons of technical security, particularly for preventing attempts at attacking our web server, we only store these data for a short period. We cannot trace any individual person using these data. The data are anonymised within seven days by truncating the IP address to the domain level so that it is no longer possible to make reference to individual users. The anonymised data are also processed; no comparison is made with other databases and there is no disclosure to third parties, even in extracts. The number of visits to the website are only reported with our server statistics, which we publish every two years in our Activity Report.
We have taken technical and administrative precautions in order to protect your personal data against loss, destruction, manipulation and unauthorised access. All of our employees and service providers working for us are bound by the valid data protection laws.
Whenever we collect and process personal data, such data are encrypted before they are transferred. This means that your data cannot be misused by third parties. Our security processes are therefore subject to a continual improvement process and our data protection policies are constantly reviewed. Please ensure that you have the most recent version.
Use of OpenStreetMap
Information regarding data protection in accordance with Art. 13 GDPR
Which data are processed and what are the sources of these data?
We process the data that we have obtained from you during the negotiation and performance of the contract on the basis of consent or in the context of your application to work with us or in the context of your employment with us.
Personal data includes:
Your basic data / contact information. For customers, this includes e.g. forename and surname, address, contact information (email address, telephone number, fax), bank details, images.
For applicants and employees, this includes e.g. forename and surname, address, contact information (email address, telephone number, fax), date of birth, data contained in CVs and references, bank details, religious beliefs, images.
For business partners, this includes e.g. the name of your legal representative, company name, commercial register number, VAT number, company number, address, contact details for your contact (email address, telephone number, fax), bank details.
We also process other personal data as follows:
- Information regarding the type and content of contractual data, job data, sales and documentary data, customer and supplier history and consultation documents.
- Marketing and sales data.
- Information from your electronic interactions with us (e.g. IP address, log-in details).
- Other data that we have obtained from you during the course of our business relationship (e.g. in customer meetings).
- Data that we generate ourselves from basic data / contact details and other data, e.g. by way of customer demand analyses and customer potential analyses.
- The documentation of your consent for receiving e.g. newsletters.
- Photographs for events.
For what purposes and on what legal basis are the data processed?
We process your data in compliance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 as amended:
on compliance with (pre-)contractual obligations (Art. 6 (1) (b) GDPR):
We process your data in order to perform the contract online or in one of our branches and to perform your employment contract in our companies. The data are particularly processed at the start of the business relationship and when performing the contracts with you.
on complying with legal obligations (Art. 6 (1) (c) GDPR):
Processing your information is necessary for the purpose of complying with various statutory obligations e.g. under the German Commercial Code or the German Tax Code.
on protecting legitimate interests (Art. 6 (1) (f) GDPR):
Data may be processed beyond the actual performance of the contract on the basis of a balance of interests for the protection of our or third parties’ legitimate interests. Data may be processed for the protection of legitimate interests in the following cases:
- Advertising or marketing (see number 4).
- Measures for business management and the further development of services and products.
- Keeping a group-wide customer database for improving customer service.
- During legal claims.
in the scope of your consent (Art. 6 (1) (a) GDPR):
If you have provided us with your consent to process your data, e.g. for sending our newsletters, publishing photos, etc.
Processing personal data for marketing purposes
You can object to the use of your personal data for marketing purposes in general or for individual measures at any time without incurring any costs for this other than the transmission costs at the basic rate.
According to the statutory provisions contained in § 7 (3) of the German Unfair Competition Act (UWG), we are entitled to use the email address you provided when concluding the contract for the direct marketing of our own similar goods or services. You will receive these product recommendations regardless of whether you have subscribed to newsletters.
If you do not wish to receive any such recommendations from us by email, you can object to the use of your email address for this purpose at any time without incurring any costs for this other than the transmission costs at the basic rate. Sending us a message in written form is sufficient for this. An unsubscribe link is also included in each email.
Who gets my data?
If we appoint a service provider within the context of order processing, we still remain responsible for protecting your data. All processors are contractually obliged to treat your data confidentially and only to process such data in the context of providing the service. The processors we appoint are given your data if they need them in order to provide the respective service. These include e.g. IT service providers that we need for the operation and security of our IT system and marketing and mailing companies for our own promotional activities. Your data are processed in our customer database. The customer database helps with increasing the quality of the available customer data (duplicate cleansing, unknown / deceased marks, address correction), and allows integration with data from official sources. These data are provided to the group companies if they are needed for performing the contract. Customer data is stored according to the respective company separately; our parent company acts as the service provider for the individual participating companies. If there is a statutory obligation or in the context of legal claims, authorities and courts may receive your data. In addition, insurance companies, banks, credit agencies and service providers may receive your data for the purpose of negotiating and performing contracts.
For how long are my data stored?
We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention period (e.g. under the German Commercial Code, Tax Code, Nursing Home Act or Working Time Act) or until the conclusion of any legal disputes for which the data are needed as evidence.
Are personal data transferred to a third country?
We do not generally transfer any data to a third country. In individual cases, such a transfer may take place on the basis of an adequacy decision by the European Commission, standard contract clauses, appropriate guarantees or your express consent.
What data protection rights do I have?
At any time, you have a right to receive information about your stored data or to request the rectification, erasure or restriction of processing of the same, a right to object to processing and a right to data portability and to make complaints in accordance with the provisions of the German Data Protection Act.
Right to information:
You can request us to provide you with information about whether and to what extent we process your data.
Right to rectification:
If we process data that are incomplete or inaccurate, you can request us to rectify or complete such data at any time.
Right to erasure:
You can request that we erase your data if we are processing such data unlawfully or if such processing disproportionately interferes with your legitimate protective interests. Please note that there may be grounds that would prevent immediate erasure, e.g. the existence of statutory retention obligations.
Regardless of your right to erasure, we will immediately and fully erase your data if no such contractual or statutory retention period prevents this.
Right to restriction of processing:
You can request the restriction of processing of your data if
- you contest the accuracy of your data for a period that enables us to verify the accuracy of the data;
- the processing of the data is unlawful but you oppose the erasure and request the restriction of the use of such data instead;
- we no longer need the data for the intended purpose but you still require these data for the establishment or defence of legal claims; or
- you have objected to the processing of the data.
Right to data portability:
You can request that we provide you with your data that you have sent us in a structured, commonly used and machine-readable format and to transfer these data to another controller without any hindrance from us, if:
- we process these data on the basis of revocable consent provided by you or for the performance of a contract between us; and
- this processing is carried out by automated means.
Right to object:
If we process your data for legitimate interests, you can object to this data processing at any time; this would also apply to any profiling based on these provisions. We will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving any reasons.
Right of complaint:
If you believe that we are breaching German or European data protection law by processing your data, please contact us so that we can resolve any issues. Of course, you also have the right to contact your competent supervisory authority, the relevant State Office for Data Protection Supervision.
If you wish to assert one of the above rights against us, please contact our data protection officer. In the event of doubt, we may request additional information to confirm your identity.
Am I obliged to provide data?
The processing of your data is necessary for the conclusion or performance of your contract with us. If you do not provide these data, we will usually have to refuse to conclude the contract or we will be unable to continue to perform an existing contract and therefore have to terminate it. However, you are not obliged to grant consent for data processing in relation to data that is irrelevant or is statutorily unnecessary for the performance of the contract.
Amendments to this data protection policy
We reserve the right to amend our data protection policies if this becomes necessary as a result of new technologies. Please ensure that you have the most recent version. We will announce any significant amendments that are made to this data protection policy on our website.
In the event of data protection issues, all potential customers and visitors to our website can contact us using the following details.
Mr Christian Volkmer
Projekt 29 GmbH & Co. KG