Data protection

Datenschutzhinweise

1. General information

The following information is intended to give you an overview of how we process your personal data when you use our website https://www.kb-group.com and of your data protection rights. It is generally possible to use our website without entering personal data. However, if you wish to make use of special services or other ways of interacting with us, it may be necessary to process personal data.

2. Person responsible

Konstruktionsgruppe Bauen AG
Mr Dipl.-Ing. (FH) Martin Seitner M.Sc.
Bahnhofplatz 1
87435 Kempten
Phone: +49(0)831521560
E-mail: info@kb-group.com
Further information can be found in our imprint.

3. Data protection officer

If you have any questions about data processing or data protection at Konstruktionsgruppe Bauen AG, you can also contact our external data protection officer at DAISECO GmbH at any time.

You can contact him by post to the above address (please note ‘For the attention of the data protection officer’ on the envelope), by e-mail to datenschutz@kb-group.com or confidentially via our data protection portal.

4. Legal bases of the processing

Article 6(1)(a) GDPR (in conjunction with Section 25(1) TDDDG) serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 para. 1 lit. b) GDPR. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in cases of enquiries about our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.

Ultimately, processing operations could be based on Art. 6 para. 1 lit. f) GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).

5. Transmission of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

• you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a) GDPR,
• the disclosure pursuant to Art. 6 para. 1 lit. f) GDPR is authorised to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
• in the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 lit. c) GDPR, and
• this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b) GDPR.

In order to protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission’s standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as the legal basis for the transfer to third countries in accordance with Art. 49 para. 1 lit. a) GDPR. This sometimes does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR.

6. Data transfer in the design group

As part of our business activities, it may be necessary for us to pass on or jointly process your personal data within our group of companies. This is always done in compliance with the applicable data protection regulations, in particular Articles 26 and 28 of the General Data Protection Regulation (GDPR). The transfer and joint processing of data within our group of companies is generally carried out on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest here lies in the efficient organisation of our business processes and the optimal use of resources within the group of companies and the enforcement of uniform standards to guarantee and enforce the data protection rights of the data subjects.

We have concluded corresponding agreements for the joint processing of personal data in accordance with Art. 26 GDPR within the group of companies. These regulate the respective responsibilities and competences in the processing of your data, if these are processed by us as joint controllers. In cases where companies in our group act as processors for other companies – such as Konstruktionsgruppe Bauen AG for a subsidiary – we have concluded the contracts required under data protection law in accordance with Art. 28 GDPR. These ensure that your data is processed exclusively in accordance with instructions and in compliance with strict data protection standards. This ensures that your rights as a data subject are safeguarded at all times and that you can assert them against the companies involved in our Group.

7. Technology

1. SSL/TLS-encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact enquiries that you send to us as the operator. You can recognise an encrypted connection by the fact that the address line of the browser contains ‘https://’ instead of ‘http://’ and by the lock symbol in your browser line. We use this technology to protect your transmitted data.

2. Data collection when visiting the website

If you only use our website for information purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (in so-called ‘server log files’). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server log files. The following can be recorded

1. the browser types and versions used,
2. the operating system used by the accessing system,
3. the website from which an accessing system reaches our website (so-called referrer),
4. the sub-websites that are accessed via an accessing system on our website,
5. the date and time of access to the website,
6. an internet protocol address (anonymised IP address) and,
7. the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. Rather, this information is required in order to

1. to deliver the content of our website correctly,
2. optimise the content of our website and the advertising for it,
3. to ensure the long-term functionality of our IT systems and the technology of our website and
4. to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

This collected data and information is therefore analysed by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The data of the server log files are stored separately from all personal data provided by a data subject and deleted after 10 days.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above.

8. Hosting durch Hetzner

Our website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhauen (hereinafter referred to as Hetzner). When you visit our website, your personal data (e.g. IP addresses in log files) are processed on Hetzner’s servers.
Hetzner is used on the basis of Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in the most reliable presentation, provision and security of our website. We have concluded an order processing contract (AVV) with Hetzner in accordance with Art. 28 GDPR.
This is a contract prescribed by data protection law, which ensures that Hetzner processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. Data protection provisions: https://www.hetzner.com/de/rechtliches/datenschutz.

9. Contents and contact options

The Construction Group informs you on these pages about our group of companies, our services such as planning for civil engineering structures, building structures and transport routes, but also structural investigations, maintenance planning and construction supervision of construction measures. We also provide information about our projects, our dedicated team of experts and career opportunities. We offer you various other options for contacting and communicating with us, for example via contact forms:

1. Contact via contact form

For questions of any kind, we offer you the opportunity to contact us using the general form provided. Personal data is collected when you contact us. In any case, a valid e-mail address and your name are required to process the information in the contact form. Which other data is collected when a contact form is used can be seen from the respective contact form, e.g. for product enquiries; the mandatory information is marked with an (*) where applicable. This data is stored and used exclusively for the purpose of responding to your enquiry or for making contact and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and the deletion does not conflict with any statutory retention obligations. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary. Alternatively, you can also contact us directly informally and ask us to delete your data.

2. Contact via e-mail

If you contact us via one of the e-mail addresses provided by us, the personal data you provide will be processed exclusively for the purpose of processing your respective enquiry, for correspondence with you, as well as for any initiation and justification of a contract, for specific enquiries for our services, etc. with you in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR. The personal data collected will be automatically deleted after your enquiry has been dealt with; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

3. Contact for application purposes

4. Applicant management via job clusters

We include current vacancies from our group of companies with our various locations and branches on our website. We offer a search function across company divisions and locations for this purpose. For the practical implementation, we use a service provider who takes over the design and content optimisation of the job advertisements and integrates the job advertisements via an iFrame on our website (see above). The service provider is Jobcluster Deutschland GmbH, Fuldaer Straße 13, 36124 Eichenzell (‘Jobcluster’). When you access the job vacancies via the iFrame, your access data such as IP address, time stamp and browser are transmitted to Jobcluster. The processing by Jobcluster is carried out within the framework of order processing in accordance with Article 28 GDPR for the purpose of being able to show interested parties job advertisements that are updated daily and optimised in terms of content and design. The legal basis for the processing is Art. 6 para. 1 lit. f) of the GDPR; our interest in the processing lies in the optimised recruiting process.

The careers portal provides a form and mask for easy uploading of application documents. The data you enter in the form and the input mask are recorded by the careers portal server. The * mandatory fields are marked with an asterisk. Your submitted data will be processed exclusively as a ‘digital application file’. All employees of our group of companies who are authorised to access applicant data in individual cases are specially trained and selected for this purpose and are obliged to observe data protection and confidentiality when handling personal data. Our HR managers confidentially ensure that applications reach the right places in the companies.

You always have the opportunity to ask questions about the application process directly via career@kb-group.com. The ‘Apply now’ function in a job advert gives you the opportunity to upload your application documents via our service provider Jobcluster and send them to us. To do this, click on the button to open an external form at Jobcluster, starting with https://apply.jcd.de/ and referring to the job description you have selected.

jobcluster ensures the technical and organisational implementation for the operation of the career portal for our applicant management on our behalf. We have carefully selected the service provider and concluded order processing contracts in accordance with the data protection regulations, which ensure that your data is handled properly – applicant data is only processed in accordance with instructions and is not passed on to third parties. It goes without saying that we do not commercially pass on your personal data for use by other companies outside Konstruktionsgruppe Bauen AG and our group of companies. In this group of companies, Konstruktionsgruppe Bauen AG works together as joint controllers in order to enable applicants and ourselves to organise tenders and carry out application procedures as attractively and effectively as possible. We have concluded the necessary data protection contracts within the meaning of Art. 26 GDPR with the participating companies in our group of companies. Art. 26 DSGVO concluded.

We have a legitimate interest within the meaning of Art. Art. 6 para. 1 lit. f) GDPR in a secure, expedient and modern implementation and organisation of our recruiting in the group of companies. Insofar as data processing is carried out due to legal obligations, in particular retention obligations, the legal basis is Art. 6 para. 1 lit. c) GDPR.

Jobcluster’s data protection information can be found here: https://www.jobcluster.de/datenschutz/ and https://apply.jcd.de/Privacy.php for the ‘one-click-recruiter’ and https://www.jobcluster.de/datenschutz/#bewerberformular for the application form.

10. Our activities in social networks

So that we can also communicate with you on social networks and inform you about our services, we have our own pages there. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered by this, within the meaning of Art. 26 GDPR.

We are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective providers.

As a precautionary measure, we would therefore like to point out that your data may also be processed outside the European Union or the European Economic Area, in particular in the USA. Use may therefore be associated with data protection risks for you, as it may be more difficult to protect your rights, e.g. to information, deletion, objection, etc., and processing in the social networks is often carried out directly for advertising purposes or to analyse user behaviour by the providers without us being able to influence this. If user profiles are created by the provider, cookies are often used or the user behaviour is assigned to your own social network member profile.

The described processing operations of personal data are carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 7 GDPR. Art. 7 GDPR.

As we do not have access to the providers’ databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in the social networks is provided below by the respective social network provider we use:

1. Facebook

(Joint) controller for data processing in Europe:
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy (data policy): https://www.facebook.com/about/privacy

2. Instagram

(

Joint) controller for data processing in Germany:
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy (data policy): https://instagram.com/legal/privacy/

3. LinkedIn

(Joint) controller for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Privacy policy: https://www.linkedin.com/legal/privacy-policy

4. XING (New Work SE)

(Joint) controller for data processing in Germany:
New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
Information requests for XING members: https://www.xing.com/settings/privacy/data/disclosure

5. YouTube

(Joint) controller for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy: https://policies.google.com/privacy

11. Webanalyse

1. Google Analytics 4 (GA4)

On our websites, we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). In this context, pseudonymised user profiles are created and cookies (see ‘Cookies’) are used. The information generated by the cookie about your use of this website may include, but is not limited to

a short-term recording of the IP address without permanent storage

• • Location data
  • Browser type/version
  • Operating system used
  • Referrer URL (previously visited page)
  • Time of the server enquiry

The pseudonymised data may be transmitted by Google to a server in the USA and stored there.

The information is used to analyse the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

Data protection information from GA4: https://support.google.com/analytics/answer/12017362?hl=de.

2. Google Analytics 4 (GA4) – Additional information on Google Signals

Google Signals is a feature in Google Analytics that collects session data from websites and apps where users are logged in with their Google Account and have enabled personalised advertising. It enables advanced analysis by linking user behaviour across different devices and providing additional information such as demographic characteristics and interests. Your consent to the use of Google Analytics (see above) also includes consent to the Google Signals add-on function.

3. Google Analytics 4 (GA4) – Additional information on Consent Mode, simple implementation

Under the Digital Markets Act, Google is obliged to obtain user consent before processing user data for personalised advertising. Google fulfils this requirement with the ‘Consent Mode’. Users are obliged to implement this and thus prove that they have obtained the consent of website visitors. Google offers two implementation modes, the simple and the advanced implementation. We use the simple implementation method of Google Consent Mode. Only if you give your consent to the use of Google Analytics (see above) will a connection to Google be established, a Google code executed and the processing described above carried out. If you refuse consent, Google will only receive information that consent has not been given. The Google code is not executed and no Google Analytics cookies are set.

3. LinkedIn Analytics

On this website, we use the retargeting tool and conversion tracking of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (LinkedIn). For this purpose, the LinkedIn Insight Tag is integrated on our website, which enables LinkedIn to collect statistical data about your visit and use of our website and to provide us with corresponding aggregated statistics on this basis. The service is also used to show you interest-specific and relevant offers and recommendations after you have found out about certain services, information and offers on the website. The relevant information is stored in a cookie. The following data is generally collected and processed:

• • IP-address
  • Device information
  • Browser information
  • Referrer URL and
  • Timestamp

These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR. Your data will be stored until you withdraw your consent. As part of processing via LinkedIn, data may be transferred to the USA and Singapore. This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. In addition, the security of the transfer is regularly ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in accordance with Art. 49 para. 1 lit. a) GDPR.

The LinkedIn privacy policy:
https://de.linkedin.com/legal/privacy-policy.

4. Matomo

We have integrated the Matomo component of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, for web analysis on this website. Web analysis is the collection, collation and evaluation of data about the behaviour of visitors to websites. Among other things, a web analysis tool collects data on which subpages of the website were accessed or how often and for how long a subpage was viewed. Web analysis is mainly used to optimise a website and to analyse the costs and benefits of Internet advertising. The software is operated on our server and the log files, which are sensitive under data protection law, are stored exclusively on this server. The purpose of the Matomo component is to analyse the flow of visitors to our website. We use the information to understand the behaviour on our website, to evaluate the use of our subpages and to make possible improvements as a result. As we do not sell any products via the site or engage in direct marketing, we are not interested in the identities of our visitors or other data. We have therefore configured Matomo so that it does not use cookies. We also do not use so-called ‘device fingerprinting’. Each time you access one of the individual pages of this website, your internet browser on your device is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. Your browser transmits personal information such as the access time, the location from which the access was made, including the IP address of the Internet access you are using, to our server. This personal data is stored by us in anonymised form. We do not pass this personal data on to third parties. No data is transferred to third countries. Matomo processes the following data:

• • Anonymised IP addresses by removing the last 2 bytes (i.e. 198.51.0.0 instead of 198.51.100.54)
  • Pseudo-anonymised location (based on the anonymised IP address)
  • Date and time
  • Title of the page accessed
  • URL of the page accessed
  • URL of the previous page (if this is permitted)
  • Screen resolution
  • Local time
  • Files that were clicked and downloaded
  • External links
  • Duration of the page load
  • Land, Region, Stadt (mit niedriger Genauigkeit aufgrund von IP-AdresseCountry, region, city (with low accuracy due to IP address)
  • Main language of the browser
  • User agent of the browser

You have the option to object to the collection of data relating to the use of this website and created by Matomo, as well as to the processing of this data by Matomo and to exclude this. To do this, you must set the ‘Do not track’ option in your browser. We have set up Matomo so that this setting is taken into account. If you do not want this for any reason, please deactivate the following checkbox. You have the option of preventing the actions you take here from being analysed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving usability for you and other users.

[ X ] Your visit to this website is currently being recorded by Matomo web analytics. Deselect this checkbox to opt-out.

This will set a Matomo cookie that remembers your setting. You can return to this site at any time and revoke your settings.

Further information and the applicable data protection provisions of Matomo may be retrieved under  https://matomo.org/privacy-policy.

12. Advertising

1. Google Ads with conversion tracking

We have integrated Google Ads on this website. The company operating the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an internet advertising service that allows advertisers to place adverts both in Google’s search engine results and in the Google advertising network. Google Ads allows an advertiser to pre-define certain keywords that are used to display an advert in Google’s search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. In the Google advertising network, the adverts are distributed on relevant websites using an automatic algorithm and taking into account the previously defined keywords.

The purpose of Google Ads is to promote our website by displaying adverts relevant to your interests on the websites of third-party companies and in the search engine results of the Google search engine and by displaying third-party adverts on our website. If you reach our website via a Google advert, a so-called conversion cookie is stored on your IT system by Google. A conversion cookie loses its validity after thirty days and is not used to identify you. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, such as the shopping basket from an online shop system, have been accessed on our website. The conversion cookie enables both us and Google to track whether a user who has reached our website via an AdWords ad has generated a sale, i.e. completed or cancelled a purchase.

The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via Ads ads, i.e. to determine the success or failure of the respective Ads ad and to optimise our Ads ads for the future. Neither our company nor other Google Ads advertisers receive information from Google that could be used to identify you.

The conversion cookie is used to store personal information, such as the web pages you have visited. Each time you visit our website, personal data, including the IP address of the Internet connection you are using, is therefore transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

These processing operations are only carried out if express consent is given in accordance with Art. 6 para. 1 lit. a) GDPR. The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may also be transferred without further guarantees or additional measures. You can view Google AdSense’s privacy policy and further information at : https://www.google.de/intl/de/policies/privacy/.

2. Google Ads – Additional information on Consent Mode,
   simple implementation

Under the Digital Markets Act, Google is obliged to obtain user consent before processing user data for personalised advertising. Google fulfils this requirement with the ‘Consent Mode’. Users are obliged to implement this and thus prove that they have obtained the consent of website visitors.

Google offers two implementation modes, the simple and the advanced implementation.

We use the simple implementation method of Google Consent Mode. Only if you give your consent to the use of Google Ads (see above) will a connection to Google be established, a Google code executed and the processing described above carried out. If you refuse consent, Google will only receive information that consent has not been given. The Google code is not executed and no Google Ads cookies are set.

3. LinkedIn Ads

We have integrated LinkedIn Ads on this website. The operating company of the service is LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. We use it to advertise our company on the LinkedIn social network. For this purpose, LinkedIn places a cookie in the browser of your end device, which automatically enables interest-based advertising based on the pages you visit. These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a GDPR. Your data will be deleted as soon as it is no longer required to fulfil the purpose or you withdraw your consent. As part of processing via LinkedIn, data may be transferred to the USA and Singapore. This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. In addition, the security of the transfer is regularly ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in accordance with Art. 49 para. 1 lit. a) GDPR.

Privacy policy of LinkedIn: https://de.linkedin.com/legal/privacy-policy.

13. Plugins and other services

1. Google Maps

We use Google Maps (API) on our website. The operating company of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps in order to visualise geographical information. By using this service, you can, for example, be shown the respective location and a possible journey can be made easier or job advertisements can be specified.

Information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there as soon as you access the subpages in which the Google Maps map is integrated, provided that you have given your consent within the meaning of Art. 6 para. 1 lit. a) GDPR.

In addition, Google Maps loads the Google web fonts and Google Photos as well as Google stats. The provider of these services is also Google Ireland Limited. When you access a page that integrates Google Maps, your browser loads the web fonts and photos required to display Google Maps into your browser cache. The browser you are using also establishes a connection to Google’s servers for this purpose. This informs Google that our website has been accessed via your IP address. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account.

If you do not wish your data to be associated with your Google profile, you must log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and analyses them. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

If you do not agree to the future transmission of your data to Google in connection with the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.

These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Google’s terms of use: https://www.google.de/intl/de/policies/terms/regional.html. From Google Maps: https://www.google.com/intl/de_US/help/terms_maps.html. The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. The data protection provisions of Google Maps / “Google Privacy Policy“: https://www.google.de/intl/de/policies/privacy/.

2. Google Tag Manager

We use the Google Tag Manager service on this website. The operating company of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This tool can be used to implement ‘website tags’ (i.e. keywords that are integrated into HTML elements) and manage them via an interface. By using Google Tag Manager, we can automatically track which button, link or personalised image you have actively clicked on and can then record which content on our website is of particular interest to you. The tool also triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have opted out at domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager. These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR. The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. Further information on Google Tag Manager and Google’s privacy policy: https://www.google.com/intl/de/policies/privacy/.

3. Google WebFonts

Our website uses so-called web fonts for the standardised display of fonts. Google Web Fonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using establishes a connection to Google’s servers. This informs Google that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our website. These processing operations are carried out exclusively with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR. The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. Further information and data protection information: https://developers.google.com/fonts/faq ; https://www.google.com/policies/privacy/.

14. Cookies

1. General information about cookies

Cookies are data records as information that your browser automatically creates and that are stored on your IT system or end device (laptop, tablet, smartphone, etc.) when you visit websites. Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that identities are obtained directly. The use of cookies is intended to make the use of websites more pleasant. Session cookies are used to recognise whether individual pages have already been visited.

Temporary cookies, which are stored on end devices for a specified period of time, are used to optimise user-friendliness. If you visit these pages again to make use of services, it is automatically recognised that you have already been there and which entries and settings you have made so that you do not have to enter them again. They are also used to statistically record the use of the pages and to evaluate them for the purpose of optimisation. These cookies are automatically deleted after a defined period of time.

2. Legal basis for the use of cookies

The data processed by the cookies, which are required for the proper functioning of the website, are therefore necessary to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR. For all other cookies, you must have given your consent to this directly or via our opt-in cookie banner in accordance with Art. 6 para. 1 lit. a) GDPR.

3. Notes on avoiding cookies in common browsers

You have the general option of deleting cookies, allowing only selected cookies or completely deactivating cookies at any time via the settings of the browser you are using. Further information can be found on the support pages of the respective providers:

Chrome: https://support.google.com/chrome/answer/95647?tid=311178978 .
Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac?tid=311178978.
Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?tid=311178978.
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09.

4. Usercentrics (Consent Management Tool)

We use a so-called Consent Management Tool (CMP) to obtain consent for the storage of certain cookies on your end device or for the use of certain technologies and to document these in compliance with data protection regulations. We use the consent management tool ‘Usercentrics’ from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service enables us to obtain and manage the consent of website users for data processing. Usercentrics collects data generated by end users who use our website. When an end user gives consent, Usercentrics automatically logs the following data:

• •     Browser information.
  •     Date and time of access.
  •     Device information.
  •     The URL of the page visited.
  •     Geographical location.
  •     Page path of the website.
  •   The consent status of the end user, which serves as proof of consent.

The consent status is also stored in the end-user’s browser so that the website can automatically read and follow the end-user’s consent in all subsequent page requests and future end-user sessions for up to 12 months. The consent data (consent and revocation of consent) is stored for three years. The retention period corresponds to the regular limitation period in accordance with Section 195 of the German Civil Code (BGB). The data will then be deleted immediately or forwarded to the person responsible on request in the form of a data export. The functionality of the website is not guaranteed without the described processing. The user has no right to object as long as there is a legal obligation to obtain the user’s consent to certain data processing operations (Art. 7 para. 1, 6 para. 1 sentence 1 lit. c) GDPR).

Usercentrics is the recipient of your personal data and acts as a processor for us. Detailed information on the use of Usercentrics can be found at: https://usercentrics.com/privacy-policy/.

15. Your rights as a data subject

Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

Right to information
Art. 15 GDPR – You have the right to receive information from us at any time free of charge about the personal data stored about you and a copy of this data in accordance with the statutory provisions.

Right to rectification
Art. 16 GDPR – You have the right to request the rectification of inaccurate personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

Erasure
Art. 17 GDPR – You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.

Restriction of processing
Art. 18 GDPR – You have the right to demand that we restrict processing if one of the legal requirements is met.

Data portability
Art. 20 GDPR – You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20 para. 1 GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

Objection Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e (data processing in the public interest) or f (data processing on the basis of a balancing of interests) GDPR. This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defence of legal claims.

In individual cases, we process personal data for direct marketing purposes. You can object to the processing of your personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Withdrawal of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

Complaint to a supervisory authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data. A list of the contact details of the data protection officers in the federal states and the supervisory authorities for the non-public sector and in other countries can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information, BfDI under addresses and links.

Automated decision-making including profiling
We do not use profiling within the meaning of Art. 22 GDPR when using our websites.

16. Storage, deletion and blocking

We process and store your personal data only for the period of time required to achieve the purpose of storage or if this is provided for by the legal provisions to which our company is subject.

If the purpose of storage ceases to apply or if a prescribed storage period expires, the personal data will be routinely deleted in accordance with the relevant statutory provisions.

blocked or erased in accordance with the relevant statutory provisions.

17. Storage period
The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data is routinely deleted, provided it is no longer required for the fulfilment or initiation of a contract.

18. Further data protection issues

If you have any further questions, comments or other enquiries regarding your personal data that are not answered here, simply contact us using one of the methods listed above.

*The English language version has been translated from the German language version at DeepL. In case of doubt, the German language version remains authoritative*