In the following, we would like to inform you about data protection on our website and about the type, scope and purpose of the personal data that we collect, use and process. Data protection is very important to us.
Personal data is any data that could be used to personally identify you, such as your name, IP address, telephone number, etc. This data is processed automatically when you visit the website (e.g. IP address, browser type, operating system, etc.), or if you give us your consent to process it, or if you voluntarily provide us with your data, e.g. by entering your data in a form on our website.
Furthermore, we would like to inform you about your rights under the GDPR.
You have the right to obtain information about the origin, recipient and purpose of your personal data processed by us at any time and free of charge, as well as the right to correct or delete this data.
You also have the right to request the restriction of the processing of your personal data under certain circumstances. If you have given us your consent to process your data, you can revoke this consent at any time with future effect. Furthermore, you have the right to lodge a complaint with the competent data protection supervisory authority.
Responsible for data protection / processing company is
Spitzner Projekt GmbH & Co. KG
Frankenstraße 7
93059 Regensburg
Fon +49 941 .502796 .0
Complementary: Spitzner Projekt Verwaltung-GmbH
Managing directors: Kilian Spitzner, Stefan Gückel, Simon Lehner
Data processing in the context of our services
For our customers or business partners, or in the event that you are interested in our services, the type, scope and purpose of the processing of your personal data is based on the contractual or pre-contractual relationships that exist between us. In doing so, we process personal data that we request from you or that you provide to us in order to answer your request, to create an offer for you or to process your order. The data subjects in this case are interested parties, business partners and contractual partners. The purpose of processing is to provide contractual services, to communicate, to respond to contact requests and to carry out office and organizational procedures.
Unless otherwise stated in the further information in this privacy policy, the processing of your data and its disclosure to third parties is limited to the data that is necessary and appropriate to respond to your requests and/or to fulfill the contract, to protect our rights and to fulfill legal obligations.
Affected data are
- Inventory data (e.g. names, addresses)
- Payment data (e.g. bank details, invoices)
- Contact data (e.g. e-mail address, telephone number, postal address)
- Contract data (e.g. subject matter of the contract, duration of the contract)
The legal basis for data processing is Art. 6 I 1 lit. b GDPR, the fulfillment of the contract or the fulfillment of pre-contractual inquiries.
Unless a specific storage period is specified in this privacy policy, we will store your personal data until the purpose for which the data is processed no longer applies. We will delete your personal data when we no longer need it, i.e. after the end of the contractual relationship between us, or after our legitimate interest in further processing the data has ceased to apply, or if you request us to delete it. Mandatory legal provisions – in particular statutory retention periods – remain unaffected. Likewise, it may be necessary to process your personal data until these deadlines have expired in order to assert, exercise or defend legal claims arising from contractual relationships or to protect the rights of another natural or legal person. We will then delete the personal data required for this purpose only after these deadlines have expired. However, until these deadlines have expired, we will limit the processing of this data to these purposes.
Calling up the website - processing of personal data and the nature and purpose of its use
When you access our website, you transmit (for technical reasons) data to our web server via your internet browser. The following data is processed in the server log files during an active connection for communication between your internet browser and our web server:
- the page from which the file was requested - referrer URL
- the name of the file
- the date and time of the request
- a description of the type of web browser used / browser version and operating system
- IP address of the requesting computer
- Access status (file transferred, file not found, etc.)
- Amount of data transferred
For technical reasons (calling up the website), this data are stored for a short period of time. We are not able to draw any conclusions about individual persons from this data. After a maximum of 7 days, the IP addresses are deleted or anonymized.
The data is evaluated for internal purposes only and does not allow us to draw any conclusions about you as an individual. It is not compared with other data sets.
The data mentioned is processed for the following purposes:
- Ensuring that the website can be accessed properly and without any problems,
- Ensuring that the website can be used conveniently,
- evaluation of system security and stability
The legal basis for data processing is Art. 6 I S 1 lit. f GDPR. The legitimate interest follows from the above-listed purposes for data collection. In no case do we use the collected data for the purpose of drawing conclusions about your person. You can visit the website without providing any personal information.
E-mail or telephone enquiries
If you contact us by e-mail or telephone, your enquiry, including all personal data arising from it (e.g. name, enquiry), will be stored and processed by us for the purpose of processing your request. We will not pass on your data without your consent. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing your data.
This data is processed on the basis of Art. 6 I S 1 lit. b GDPR, provided that your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 S 1 lit. a GDPR) and / or on our legitimate interest (Art. 6 I S 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us.
The data sent to us by contact requests (e-mail) will be stored by us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.
Data protection when sending application documents
If you send us your application documents, we will use them exclusively to decide on your application and will not pass on your data to third parties. We would like to point out that we currently do not offer any encryption of your data when sending application documents by e-mail. However, you can send us your attachments encrypted, e.g. using the 7ZIP program (http://www.7-zip.de/), and then send us your password separately, e.g. by telephone. You will receive an e-mail from us at your e-mail address to confirm that we have received your application. You can also send us your application by post at any time.
Application data are stored and managed separately from other data sets.
If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted no later than 6 months after notification of the rejection decision, provided that no other legitimate interests of the data controller prevent deletion or the applicant has expressly consented to the longer storage and retention of his or her application, e.g. for possible later contact in the event of vacancies. Other legitimate interests in this sense include, for example, the obligation to provide evidence in proceedings under the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG).
The data processing for the purpose of contacting you and processing your application data is carried out in accordance with Art. 6 I S 1 lit. a,b DSGVO on the basis of your voluntarily given consent, as well as for the purpose of carrying out pre-contractual measures.
Social Media
We maintain online presences in social networks for advertising purposes.
In addition to the site operator, Instagram (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland) is also responsible for the company's presence in accordance with the GDPR and other data protection regulations.
We would like to point out that you use the social services and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. sharing, rating).
If you visit our online presence in social media, personal data will be collected and processed by the respective provider for advertising and market research purposes. In general, user profiles are also created in this process. This is particularly the case if you are a member of the respective platform and are logged in to it. The providers can use the usage profiles to display interest-based advertising to you. To avoid social media operators collecting information about you while you are visiting our websites, you should log out of the respective social media before starting your visit to our websites and delete any cookies from the social media that may be present in your browser.
Social network links
No social plugins from Instagram or other social networks are integrated into these websites. Therefore, no program code from a social network is active on our pages. The icons for Instagram on our website are simply linked images.
Data protection notice - online presence on Facebook/Instagram (META)
Facebook Ireland (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland – hereinafter referred to as Facebook) and the page administrator (we) are jointly responsible for the processing of personal data for the products covered by the terms of use for the Facebook account of the page administrator, which are collected in connection with a visit or interaction with a page (including its content).
Covered Products are all Facebook products, Facebook Pages and Page Insights. Facebook Products include Facebook itself (including the Facebook mobile app and the browser within the app), Messenger, Instagram (including apps such as Direct and Boomerang), Portal-branded devices, Bonfire, Facebook Mentions, Facebook Shops, Spark AR Studio, Audience Network, NPE Team Apps, and any other features, apps, technologies, software products, products or services offered by Facebook, Inc. or Facebook Ireland Limited. Facebook Business Tools are also included in the Facebook Products.
The scope of the joint processing and the Addendum for Controllers covers the collection of the personal data specified in the Terms of Use for Covered Products and its transmission to Facebook. The subsequent processing of data by Facebook is not part of the joint processing. Similarly, if personal data is processed exclusively by us, this is not part of the joint processing – in this case, we are the sole controller of the data processing.
You can find the information required under Art 13 I a, b GDPR in Facebook's data policy at https://www.facebook.com/about/privacy. Further information on joint processing can be found in the respective terms of use for the products.
For the use of certain Facebook products (so-called “Facebook Business Tools”) and the associated data processing, the additional agreement between us and Facebook as joint controllers in accordance with Art. 26 GDPR applies, which you can view at https://www.facebook.com/legal/controller_addendum.
The Site Administrator and Facebook have entered into this Addendum for Controllers to determine the respective responsibilities for fulfilling the obligations under the GDPR with respect to joint processing (as set forth in the Terms of Use for Covered Products).
Furthermore, we have agreed that between the parties, Facebook is responsible for enabling the rights of data subjects under Articles 15-20 of the GDPR with respect to the personal data stored by Facebook after joint processing.
Any transfer of personal data to the United States is based on the adequacy decision of the EU Commission (EU-U.S. Data Privacy Framework). Based on adequacy decisions, personal data can flow freely and securely from the European Economic Area to the third country in question without any further conditions or authorizations being required. This means that data can be transferred to the third country in the same way as within the EU.
Data processing conditions at Facebook
We expressly draw your attention to the fact that the use of certain Facebook products may involve the transfer of personal information to Facebook. Taking into account the circumstances, it may also be the case that Facebook Ireland Limited transfers EU data to Facebook Inc. in the USA for storage and further processing. By using Facebook products, the user agrees to the data processing conditions of Instagram. These can be found at https://help.instagram.com/581066165581870/
The Facebook EU data transfer addendum can be found at https://www.facebook.com/legal/EU_data_transfer_addendum
the Instagram data policy can be found at https://privacycenter.instagram.com/policy/
Further information on Page Insights data
Facebook continues to provide us with so-called Page Insights for the Facebook page. Insights data is summarized data that provides us with information on how users interact with the Facebook page. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, the protection of our legitimate interests in an optimized presentation of the website and effective communication with users.
The data processing is based on an agreement between the joint controllers in accordance with Art. 26 GDPR, which you can view at https://www.facebook.com/legal/terms/page_controller_addendum.
For more information on page insights data on Facebook, please visit https://de-de.facebook.com/help/instagram/155833707900388
Data processing when contacting us via Facebook Products
We collect personal data when you contact us, e.g. via the contact form or via Messenger. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 para. I sentence 1 lit. f GDPR. Your data will be deleted after your request has been processed, provided that there are no legal obligations to the contrary.
Your rights
Facebook and we have agreed that Facebook is primarily responsible for providing you with information about the joint processing and for enabling you to exercise your rights under the GDPR. Under the GDPR, you have the right to access, rectify, transfer and delete your data, as well as to object to the processing of your data and to restrict the processing. You can find out more about these rights in your Facebook settings. For more information about your rights, see also “Rights of data subjects” in this data protection declaration.
Facebook and we have agreed that the Irish Data Protection Commission is the authority that will exercise primary supervision over the processing under joint responsibility. You have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with your local supervisory authority. www.dataprotection.ie ) oder bei Ihrer lokalen Aufsichtsbehörde einzureichen.
Right to object to advertising
You can object to the processing of your data for advertising purposes on Facebook at any time by changing your advertising settings in your Facebook user account at https://www.facebook.com/settings?tab=ads.
Legal basis for the operation of the Instagram page and the processing of personal data when accessed
We operate the Instagram page for advertising purposes for our services. The processing of personal data is based on Art. 6 I S 1 lit f GDPR.
Data security - SSL encryption
We use the SSL (Secure Socket Layer) procedure on our website to encrypt and protect the transmission of confidential content. When SSL encryption is activated, the data you send to us cannot be read by third parties. You can tell whether a particular page of our website is being transmitted in encrypted form by the closed padlock or key symbol in the status bar of your browser – the address bar of your browser displays “https://” when SSL encryption is in use.
Processing/transfer
Your personal data will not be transferred to third parties for any other purposes than those listed above or below.
We will only transfer your personal data to third parties if:
- you have given your express consent in accordance with Art. 6 I S lit. a GDPR,
- this is legally permissible and in accordance with Art. 6 I S 1 lit. b GDPR is necessary for the fulfillment of contractual relationships or for the implementation of pre-contractual measures with you,
- in the event that we are legally obliged to disclose the data in accordance with Art. 6 I S 1 lit. c GDPR,
- the processing is necessary for the purposes of our legitimate interests or those of a third party pursuant to Art. 6 I S 1 lit. f GDPR, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
Your rights
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR;
- in accordance with Art. 16 GDPR, to request the immediate correction of incorrect or incomplete personal data stored by us;
- in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR;
- to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller in accordance with Art. 20 GDPR;
- to withdraw your consent at any time in accordance with Art. 7 (3) GDPR. This means that we are no longer allowed to continue the data processing based on this consent in the future;
- to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our registered office. A list of data protection officers in Germany and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to object to data collection in special cases
If we process your personal data in accordance with Art. 6 I S 1 1 lit. f GDPR in order to safeguard our legitimate interests, which outweigh your interests, you have the right to object to the processing of your personal data with future effect in accordance with Art. 21 GDPR. If you wish to exercise your right of objection, simply send us an e-mail.
After you have exercised your right of objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
In the event of your objection to the processing of your personal data for the purposes of direct marketing, the personal data will no longer be processed for these purposes.
No automatic decision-making or profiling takes place on our websites.
Amendment of this data protection declaration – status
Due to the further development of our website and offers or due to changes in legal or regulatory requirements, it may be necessary to amend this data protection declaration in accordance with the applicable data protection regulations. The current data protection declaration can be accessed and printed out by you at any time on our website under Data protection.
August 2024created by RA Markus v. Hohenhau – www.e-anwalt.de