This privacy statement explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and related websites, functions, content and external online presences such as our social media profile (hereinafter referred to as “online offering”). With regard to the terms used (e.g. “processing” or “responsible person”), we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Prof. Dr. Christoph Motzko
Institute for Construction Management
TU (Technische Universität) Darmstadt
El-Lissitzky-Str. 1, 64287 Darmstadt
– Inventory data (e.g. names, addresses).
– Contact details (e.g. email, telephone numbers).
– Content data (e.g. text entries, photographs, videos).
– Usage data (e.g. websites visited, interest in content, accessing times).
– Metadata/communication data (e.g. device information, IP addresses).
– Provision of the online offering, its functions and content.
– Answering contact requests and communicating with users.
– Security measures.
– Reach measurement/marketing
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “person concerned”). A natural person is considered as identifiable if he or she can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. cookie) or to one or more special features that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
“Processing” means any process performed with or without the aid of automated operations or any such set of operations associated with personal data. The term reaches far and includes virtually every handling of data.
“Responsible person” means the natural or legal person, authority, institution or other body that decides either alone or together with others on the purposes and means of processing personal data.
Pursuant to Art. 13 GDPR, we wish to inform you about the legal bases of our data processing. The following applies, insofar as the legal basis is not stipulated in the privacy statement. The legal basis for obtaining consent is Art. 6 (1)(a) and Art. 7 GDPR, the legal basis for processing to fulfil our performance and implementation of contractual measures and to answer enquiries is Art. 6 (1)(b) GDPR, the legal basis for processing to comply with our legal obligations is Art. 6 (1)(c) GDPR and the legal basis for processing to protect our legitimate interests is Art. 6 (1)(f) GDPR. In the event that vital interests of the person concerned or another natural person may require the processing of personal data, Art. 6 (1)(d) GDPR serves as the legal basis.
Please examine the content of our privacy statement on a regular basis. We will adapt the privacy statement as soon as changes arising from the data processing realised by us make this necessary. We will inform you as soon as the changes require your participation (e.g. consent) or another individual notification.
If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit it to them or otherwise grant access to the data, this only occurs on the basis of legal permission (e.g. if transmission of data to third parties such as payment service providers is necessary pursuant to Art. 6 (1)(b) GDPR to fulfil the contract), when you have consented to this, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when employing agents, web hosting services, etc.).
Insofar as we commission third parties to process data on the basis of a so-called contract processing agreement, this is done on the basis of Art. 28 GDPR.
If we process data in another country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the context of use of third-party services or the disclosure or transmission of data to third parties, this only occurs if it is to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permission, we only process or have data processed in another country where the special conditions stipulated in Art. 44 et seq. GDPR exist. This means, for example, that processing is realised on the basis of special guarantees such as an officially recognised determination of a data protection level equivalent to that of the EU (e.g. Privacy Shield for the USA) or compliance with officially recognised special contractual obligations (so-called standard contractual clauses).
Pursuant to Art. 15 GDPR, you have the right to ask for confirmation of whether the data in question is being processed, for information on this data and for further information and a copy of the data.
Pursuant to Art. 16 GDPR, you have the right to demand completion of data relating to you or the correction of incorrect data concerning you.
Pursuant to Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, to request a restriction of processing of the data pursuant to Art. 18 GDPR.
Pursuant to Art. 20 GDPR, you have the right to obtain the data relating to you which you have provided us with on demand and to request its transmission to other responsible persons.
Pursuant to Art. 77 GDPR, you have the right to register a complaint with the competent supervisory authority.
Pursuant to Art. 7 (3) GDPR, you have the right to revoke consent granted with effect for the future.
Pursuant to Art. 21 GDPR, you have the right to object to future processing of data relating to you at any time. Objection may be registered in particular against processing for direct marketing purposes.
Cookies are small files that are stored on users' computers. Different information can be stored within cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online offering. Temporary cookies, known as session cookies or transient cookies, are cookies that are deleted after a user leaves an online offering and closes his or her browser. Such a cookie can, for example, store the content of a shopping basket in an online shop or a login status. Permanent or persistent cookies are cookies that remain stored even after the browser has been closed. For example, the login status can be saved if users visit after several days. Equally, user interests which are utilised for reach measurement or marketing purposes can also be stored in a cookie of this kind. Third-party cookies are cookies that are offered by providers other than the party responsible for operating the online offering (otherwise, the term used is first-party cookies if only these cookies are involved).
We may use temporary and permanent cookies and clarify this in the context of our privacy statement.
If users do not want cookies stored on their computer, they are requested to deactivate the appropriate option in their browser's system settings. Stored cookies can be deleted in the browser system settings. Excluding cookies can lead to functional restrictions in this online offering.
Data processed by us is deleted or limited in its processing pursuant to Art. 17 and 18 GDPR. Unless explicitly stipulated in this privacy statement, data stored by us is deleted as soon as it is no longer required for its purpose and deletion does not conflict with any legal retention requirements. Insofar as data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
According to legal requirements in Germany, storage is realised for 10 years in particular pursuant to Section 147 Subparagraph 1 of the German Tax Code (AO) and Sections 257 Subparagraph 1 No. 1 and 4 Subparagraph 4 of the German Civil Code (HGB) for books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc. and 6 years pursuant to Section 257 Subparagraph 1 No. 2 and 3, Subparagraph 4 HGB for commercial letters.
According to legal requirements in Austria, storage is realised for 7 years in particular pursuant to Section 132 Subparagraph 1 of the Austrian Federal Tax Code (BAO) for accounting documents, receipts/invoices, accounts, receipts, business papers, statements of income and expenses, etc., for 22 years in relation to real estate and for 10 years for documents relating to services, telecommunications, radio and television services provided electronically which are rendered to non-entrepreneurs in EU member states and for which advantage is taken of the Mini One Stop Shop (MOSS).
The hosting services we use are for the purpose of providing infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services we use to operate this online service.
We or our hosting provider process inventory data, contact data, content data, contract data, usage data, customer metadata and communication data, interested parties and visitors to this online offering in this respect on the basis of our legitimate interests in the efficient and secure provision of this online offering pursuant to Art. 6 (1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of contract processing agreement).
On the basis of our legitimate interests and pursuant to Section 6 (1)(f) GDPR, we or our hosting provider collect data on every accessing of the server on which this service is located (so-called server log files). Access data includes the name of the website retrieved, the file, date and time of retrieval, the volume of data transferred, the message of successful retrieval, the browser type and version, the user's operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.
Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate abusive or fraudulent activities) and then deleted. Data whose further retention is required for evidential purposes is exempted from deletion until final clarification of the respective incident.
We process the data of our members, supporters, interested parties, customers or other persons pursuant to Art. 6 (1)(b) GDPR, insofar as we offer contractual services to them or act in the context of an existing business relationship (e.g. for members), or are ourselves recipients of services and benefits. In addition, we process the data of the persons concerned pursuant to Art. 6 (1)(f) GDPR on the basis of our legitimate interests (e.g. if it concerns administrative tasks or public relations).
Data processed in this respect and the nature, scope and purpose and necessity of its processing are determined by the underlying contractual relationship. This always includes inventory and master data of the persons (e.g. name, address, etc.) and contact data (e.g. email address, telephone, etc.), the contract data (e.g. services used, content and information communicated, names of contact persons) and, insofar as we offer paid services or products, payment data (e.g. bank details, payment history, etc.).
We delete data that is no longer required for our statutory and business purposes. This is determined by the respective tasks and contractual relationships. In the case of business processing, we retain data for as long as it may be relevant to the business process and with regard to any warranty or liability obligations. The necessity to retain data is checked every three years. Legal retention obligations apply otherwise.
We process data in the context of administrative tasks and the organisation of our business, financial accounting and compliance with legal obligations such as archiving. We process the same data in this context as that processed while providing our contractual services. Bases for processing are Art. 6 (1)(c) GDPR and Art. 6 (1)(f) GDPR. Processing affects customers, interested parties, business partners and website visitors. The purpose of and our interest in processing lies in administration, financial accounting, office organisation and data archiving – all tasks that help us to maintain our business, perform our duties and provide our services. The deletion of data in terms of contractual performance and contractual communication corresponds to the information provided during these processing activities.
In doing so, we disclose or transmit data to the financial authorities, consultants such as tax accountants or auditors and other fee agents and payment service providers.
Furthermore, we store information on suppliers, event organisers and other business partners on the basis of our business interests (e.g. for the purpose of contacting them later). We generally store this mainly business-related data permanently.
When we are contacted (e.g. through a contact form, by email, telephone or via social media), information provided by the user to process the contact enquiry and its handling is processed pursuant to Art. 6 (1)(b) GDPR. User information can be stored in a customer relationship management system (CRM system) or comparable enquiry organisation.
We delete enquiries if they are no longer required. We check the necessity for this every two years. Legal archiving obligations apply in all other cases.
Google is certified under the Privacy Shield agreement which provides a guarantee that it will comply with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google uses this information on our behalf to evaluate use of our online offering by users, compile reports on activities within this online offering and to provide us with further services related to use of this online offering and internet usage. Pseudonymous usage profiles of users can be created from the data processed in this respect.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is abbreviated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only sent to a Google server in the United States and abbreviated there in exceptional cases.
The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by configuring their browser software accordingly. Users may also prevent the collection by Google of data generated by the cookie and related to their use of the online offering and processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Personal user data is deleted or anonymised after 14 months.
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and inform them about our services. Where particular networks and platforms are contacted, the business terms and conditions and data processing guidelines of their respective operators apply.
On the basis of our legitimate interests (i.e. interest in analysis, optimisation and business operation of our online offering pursuant to Art. 6 (1)(f) GDPR), we use third-party content or service offerings (hereinafter collectively referred to as “content”) within our online offering to integrate their content and services (e.g. videos or fonts).
This always presupposes that third-party providers of this content recognise the IP address of users, since they could not send content to their browser without the IP address. The IP address is therefore required for presentation of this content. We endeavour to use only content whose respective providers only use the IP address for the delivery of content. Third-party providers may also use so-called pixel tags (invisible graphics which are also referred to as web beacons) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on the user's device and may include – but is not limited to – technical information about the browser and operating system, referring web pages and the visit time and other information regarding use of our online offering. It may also be linked to information of this nature from other sources.