PRIVACY POLICY

 

This privacy policy shall inform you regarding how, to what extent and for which purpose personal data (hereinafter referred to as “data”) are processed within our online offering and the websites, functions, contents as well as external online presences as for example our social media profiles, connected to it (hereinafter together referred to as “online offering”). For further information regarding the terms used in this legal notice, as for example, “processing” or “person responsible” please refer to the definitions used in article 4 of the General Data Protection Regulation (hereinafter referred to as “Datenschutzgrundverordnung” – DSGVO)

 

Person Responsible

 

Björn Glass / Glass GmbH Bauunternehmung

Daimlerstr. 3

87719 Mindelheim

Germany

 

E-mail: info@glass-bau.de

Managing Directors/ Owners: Dieter Glass, Björn Glass

Link to the Impressum – Legal Notice: http://www.glass-bau.de/de/fg-impressum.html

 

Data Protection Commissioner

 

Sebastian Meier / Glass GmbH Bauunternehmung

Daimlerstr. 3

87719 Mindelheim

Germany

Tel.: +49 (0) 8261 / 992 - 0

E-Mail: info@glass-bau.de

 

Type of Data Processed

 

• Inventory data (e.g. names, addresses)
• Contact data (e.g. e-mail, telephone number)
• Content data (e.g. text input, pictures, videos)
• Usage data (e.g. visited websites, interest in contents, time of access)
• Meta/communications data (e.g. device information, IP addresses)

 

Categories of Persons Affected

 

Visitors and users of the online offering (hereinafter the persons affected are referred to as “users”)

 

Purpose of Processing

 

• Making the online offering, its functions and contents available
• Answering to contact requests and communication with users
• Safety precautions
• Audience measurement/marketing

 

Terms Used

 

“Personal data” are any information referring to an identified or identifiable natural person (hereinafter referred to as “person affected”). A natural person is considered to be identifiable if he/she can be identified directly or indirectly particularly by means of an identifier as for example a name, an identification number, location data, an online identification (e.g. cookie) or by means of one or more specific attributes, which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

 

“Processing” refers to any kind of procedure carried out with or without the help of automated procedures or any set of operations connected to personal data. The term is far reaching and comprises practically all and any kind of handling of data.

 

“Pseudonymisation“ refers to the processing of personal data in a way that this personal data cannot be assigned to a specific affected person without using additional information, provided that this additional information is stored separately and subject to technical and organisational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.

 

“Profiling” is any kind of automated processing of personal data which consists of those personal data being used to evaluate certain personal aspects referring to the natural person, in particular, in order to analyse or predict aspects regarding the work performance, the economic situation, health, personal preferences, interests, reliability, behaviour, the whereabouts or a change of location of that natural person.

 

“Person responsible“ refers to the natural or legal person, authority, organisation or any other body which decides alone or together with others on the purposes and means of processing of personal data.

 

“Data processor” refers to a natural or legal person, authority, organisation or any other body that processes personal data on behalf of the person responsible.

 

Relevant Legal Bases

 

In accordance with article 13 DSGVO we would like to inform you about the legal bases of our data processing. Should the legal basis not be stated in the privacy policy, the following shall apply: Article 6 subsection 1 letter a as well as article 7 DSGVO are the legal basis for obtaining consent. Article 6 subsection 1 letter b DSGVO constitutes the legal basis for processing data, in order to perform our services and carry out contractual measures as well as the basis for replying to inquiries. The legal basis for processing in order to comply with our legal obligations is article 6 subsection 1 letter c DSGVO and the legal basis for safeguarding our legitimate interests is section 6 subsection 1 letter f DSGVO. Article 6 subsection 1 letter d DSGVO shall be the legal basis in case vital interests of the person affected or any other natural person require the processing of personal data.

 

Security Measures

 

In accordance with article 32 DSGVO we take appropriate technical and organisational measures in order to ensure a level of protection appropriate to the risk with regard to the state of the art, implementation costs and how the data are processed, to what extent and for which purpose as well as the various probabilities of occurrence and the seriousness of the risk for the rights and freedoms of natural persons.

 

Those measures particularly include safeguarding the confidentiality, integrity and availability of data by means of controlling physiological access to the data as well as safeguarding the access of the data, the entry, the transfer, the security of availability and its separation. We have furthermore put in place procedures which ensure the exercise of rights of the persons affected, the deletion of data and the reaction to threats to the data. In addition to that, we already take the protection of personal data into consideration when developing or rather choosing hardware, software and procedures according to the principle of data protection by means of technological design and by means of data protection friendly presettings (article 25 DSGVO).

 

Collaboration with Processors and Third Parties

 

Provided, that we disclose the data towards other persons or companies (processors or third parties), pass them on or grant any other kind of access to it in relation to the processing, we solely disclose the data, pass it on or grant access to it based on a legal permission (e.g. if passing the data on to third parties as for example payment service providers according to section 6 subsection 1 letter b DSGVO is necessary for fulfilling the contract), your consent, a legal obligation providing the required basis or based on our legitimate interests (e.g. when making use of representatives, web hosts, etc.).

 

Provided, that we assign the processing of data to third parties based on a so called “data processing agreement”, this agreement shall be based on article 28 DSGVO.

 

Transfer to Third Countries

 

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if that occurs within the framework of using services provided by third parties or disclosure or rather transfer of data to third parties, the processing shall only occur for the purpose of fulfilling our pre-contractual and contractual obligations, based on your consent, a legal obligation or our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special prerequisites of articles 44 ff. DSGVO are given. That means that the data are only processed, for example, based on special guarantees such as the officially recognised assessment of a level of data protection according to the EU (e.g. for the USA by means of the “privacy shield”) or the observance of officially recognised special contractual obligations (so called “standard contractual clauses”).

 

Rights of Persons Affected

 

You have the right to demand a confirmation on whether the data in question are being processed as well as the right to demand information regarding that data and further information as well as a copy of that data according to article 15 DSGVO.

According to article 16 DSGVO you have the right to demand the completion of your data or the rectification of incorrect data concerning you.

In accordance with article 17 DSGVO you have the right to demand the data in question to be deleted immediately or rather alternatively, according to article 18 DSGVO, to demand a restriction of the processing of the data.

You have the right to demand that you receive your data, which you have provided us with, according to article 20 DSGVO and to demand their transfer to other persons responsible.

Furthermore, pursuant to article 77 DSGVO you have the right to file a complaint with the responsible supervisory authority.

 

Right of Revocation

 

You have the right to revoke any consent you have already given according to article 7 subsection 3 DSGVO with future effect.

 

Right of Objection

 

You can at any time object to the future processing of your data pursuant to article 21 DSGVO. You can particularly object against the processing of your data for the purpose of direct advertising.

 

Cookies and Right of Objection in Case of Direct Advertising

 

Small files, which are stored on the computers of the users are called “cookies”. Various data can be stored within these cookies. A cookie primarily serves the purpose of storing data regarding a user (or regarding the device on which the cookie is stored) during or also after his/her visit within an online offering. Cookies which are deleted after the user leaves the online offering and closes his/her browser are called temporary cookies or “session-cookies” or “transient cookies”. For example, the content of a shopping cart in an online shop or a login status can be stored in such a cookie. Cookies which remain stored also after closing the browser are called “permanent” or “persistent”. That way, for example, the login status can be saved if the user revisits the website after several says. The user´s interests, which are used for audience measurement or marketing purposes, can also be stored in such a cookie. Cookies which are offered by providers other than the person responsible who operates the online offering are called “third party cookie” (otherwise, if it is only a cookie from the person responsible, they are called “first party cookies”).

 

We can use temporary and permanent cookies. Our privacy policy clarifies which cookies are used.

 

Should the users not agree with cookies being stored on their computer they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offering.

 

A general objection against the usage of cookies for the purposes of online marketing can be declared at numerous services, in case of tracking in particular on the American website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storing of cookies can be deactivated by means of deactivation in the settings of the browser. Please note, that you may not be able to use all functions of this online offering in that case.

 

Deleting Data

 

The data we process are deleted in accordance with article 17 and 18 DSGVO or limited with regard to their processing. Provided that this privacy policy does not explicitly state anything else, the data we save are deleted as soon as they are not required for the intended purpose anymore and if there are no legal obligations to retain the data which would contradict the deletion. If the data are not deleted as they are required for other and legally admissible purposes, its processing is limited. That means the data are stored and not used for other purposes. That applies, for example, to data which need to be stored due to commercial or tax laws.

 

Pursuant to legal requirements in Germany, the data are stored for 10 years according to sections 147 subsection 1 of the German Fiscal Code, 257 subsection 1 number 1 and 4, subsection 4 of the German Commercial Code (books, records, status reports, receipts, accounting books, documents relevant for taxations, etc.) and 6 years according to section 257 subsection 1 number 2 and 3, subsection 4 of the German Commercial Code (commercial letters).

 

According to legal requirements in Austria the data are stored for 7 years pursuant to section 132 subsection 1 of the Austrian Federal Fiscal Code (accounting documents, receipts/invoices, accounts, receipts, business documents, accounts of all revenue and expenditure, etc.) and for 22 years in case of data connected to properties and for 10 years in case of documents related to services provided electronically, telecommunication, broadcast and television services which were provided for nonentrepreneurs in EU member countries and for which the Mini-One-Stop-Shop (MOSS) was used.

 

Hosting and Sending E-Mails

 

The hosting services we make use of, serve the purpose of providing the following services: infrastructural and platform services, computing capacity, memory space and database services, sending e-mails, security services as well as technical maintenance services which we use for the purpose of running our online offering.

 

While doing so, we, or rather our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communications data of customers, interested parties and visitors of our online offering based on our legitimate interests in making this online offering efficiently and securely available according to article 6 subsection 1 letter f DSGVO in in connection with article 28 DSGVO (conclusion of a contract on the processing of the order).

 

Online Presence in Social Media

 

We maintain online presence within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and in that way, inform them about our services.

 

Please note that due to that users´ data can be processed outside the European Union. As a result, risks for the users could arise as due to that, the enforcement of the users´ rights, for example, could be more difficult. We would like to point out that US providers certified under the privacy shield are obliged to maintain the EU data protection standards.

 

Furthermore, as a rule the user´s data are used for the purposes of market research and advertising. That way, usage profiles can be created, for example, based on the users´ behaviours and the users´ interests concluded therefrom. Those usage profiles can, for example, again be used in order to place advertisements within and outside of the platform, according to the presumed interests of the users. For this purposes, cookies are, as a rule, stored on the users´ computers in which in turn the usage behaviour and the interests of the users are stored. In addition to that, data can be stored within the usage profiles data independent of the devices used by the user (in particular, if the users are members of the respective platforms and logged in on those).

 

The personal data of the users are processed based on our legitimate interests in effectively informing the users and communicating with them according to article 6 subsection 1 letter f. DSGVO. Should the users be asked for consent to the processing of his/her data by the respective providers (that means their consent for example by means of ticking the checkbox or confirmation by clicking on a box) article 6 subsection 1 letter. a., article 7 DSGVO is the basis of that processing.

 

For a detailed description of the respective processing and the possibilities to object (opt out) please refer to the following information provided by the providers.

 

In case of requests for information and assertion of claims with regard to user rights we would also like to point out, that this can be done most effectively with the providers. Only the providers have access to the users´ data and can directly take corresponding measures and give information. Should you need help anyway, feel free to contact us.

 

• Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

 

• Google / YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Privacy Policy:  https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

 

• Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy / Opt-Out: http://instagram.com/about/legal/privacy/

 

• Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

 

• Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy Policy / Opt-Out: https://about.pinterest.com/de/privacy-policy

 

• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) - Privacy Policy https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

 

• Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) - Privacy Policy / Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung

 

• Wakalet (Wakelet Limited, 76 Quay Street, Manchester, M3 4PR, United Kingdom) - Privacy Policy / Opt-Out: https://wakelet.com/privacy.html

 

• Soundcloud (SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany) - Privacy Policy / Opt-Out: https://soundcloud.com/pages/privacy

 

Inclusion of Services and Contents Offered by Third Parties

 

Based on our legitimate interests (i.e. interests in the analysis, optimization and the economic operation of our online offering according to article 6 subsection 1 letter f DSGVO), we make use of contents or services offered by third-party providers within our online offering in order to include their contents and services as for example videos or fonts (hereinafter unitarily referred to as “contents”).

 

This always requires that the third-party providers of these contents use the users´ IP addresses, as without the IP address they would not be able to send the contents to their browser. The IP address is thus necessary for displaying these contents. We endeavour to only use content where the IP addresses are solely used by the providers for delivering the content. Third-party providers can furthermore use so called pixel tags (invisible graphics also referred to as “web beacons”) for statistical or marketing purposes. By means of the “pixel tags” information, for example, the visitor traffic on the pages of that website can be evaluated. That pseudonymous information can furthermore be saved on the user´s device in cookies and contain among other, technical information regarding the browser and the operating system, referring webpages, time of visit as well as other information regarding the usage of our online offering. It can also be connected with information of that kind from other sources.

 

Using Facebook Social Plugins

 

Based on our legitimate interests (i.e. interests in analysing, optimizing and the economic operation of our online offering according to article 6 subsection 1 letter f DSGVO) we use social plugins (“plug-ins”) of the social network facebook.com which is operated by the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

 

That can comprise, for example, contents such as pictures, videos or texts and buttons by means of which the user can share contents of that online offering within Facebook. The list and how the Facebook social plug-in looks like, can be seen here:

https://developers.facebook.com/docs/plugins/

 

Facebook is certified under the Privacy Shield Agreement and thus guarantees to observe the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

 

If a user uses a function of this online offering which contains such a plug-in, his/her device directly connects to the Facebook servers. The content of the plug-in is transferred by Facebook directly to the user´s device and included by him/her into the online offering. Thereby usage profiles of the users can be created from the processed data. Thus, we have no influence on the extent of data which Facebook collects by means of that plug-in and thus we inform the user according to our best knowledge.

 

By including the plug-in, Facebook receives the information that a user visited the corresponding page of the online offering. Is the user logged in on Facebook, Facebook can allocate the visit to his/her Facebook account. If users interact with the plug-ins, for example if they click the like button or leave a comment, the corresponding information is transferred directly from the device to Facebook and stored there. Should a user not be a member of Facebook, the possibility exists anyway that Facebook finds out his/her IP address and saves it. According to Facebook in Germany only an anonymised IP address is saved.

 

The purpose and the extent of the processing of the data as well as the further processing and usage of the data by Facebook as well as rights regrading that and settings possibilities for the protection of the user privacy can be read in the Facebook´s data protection notice: https://www.facebook.com/about/privacy/.

 

If a user is a member of Facebook and does not want Facebook to collect information on him/her through that online offering and connect it to his/her membership data saved on Facebook, he/she has to log out from the use of our online offering at Facebook and delete his/her cookies. Further settings and objections regarding the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or through the American page http://www.aboutads.info/choices/ or the European page http://www.youronlinechoices.com/. The settings are independent of the platform, i.e. they are applied for all devices as for example desktop computer or mobile devices.

 

Xing

 

Functions and content of the service Xing, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, can be included within our online offering. That can, for example, be pictures, videos or texts and buttons by means of which the user can share contents of the online offering within Xing. Should the user be a member of the platform Xing, Xing can allocate the visit of the above-mentioned contents and functions to the profiles of the user. Privacy Policy of Xing: https://privacy.xing.com/de/datenschutzerklaerung.

Generated with Datenschutz-Generator.de von RA Dr. Thomas Schwenke

 

Google Maps

 

This site uses the “Google Maps” service offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data used can comprise the users´ IP addresses and location data which cannot be collected without their consent (as a rule this consent is given in the settings of your mobile device). The data may be processed in the USA.

You can find the terms of use for Google maps under http://www.google.com/intl/de_de/help/terms_maps.html. You can find detailed information in the data protection centre of google de: https://policies.google.com/privacy?hl=de&gl=de as well as https://policies.google.com/privacy?hl=de&gl=de.