de

Quality requires
commitment

Privacy Policy

 

This Privacy Policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") during the provision of our services as well as within our website and the associated websites, functions and content as well as external online presences, such as our social media profiles (hereinafter referred to collectively as the "website"). As regards the terms used, such as "processing" or "controller", we refer to the definitions provided in Art. 4 of the General Data Protection Regulation (GDPR).


Controller 

 Albrecht GmbH
 Gewerbestr. 1
 87754 Kammlach, Germany
 Tel: +49 (0) 8261 / 7689 – 0
 Fax: +49 (0) 8261 / 7689 – 22 
 Email: info@albrecht-engineers.com 
 Web: www.albrecht-engineers.com
 
 Managing Director: Dipl.-Ing.(FH) Roman Albrecht
 Court of Registration: Memmingen District Court
 Registration Number: HRB No. 10611

 

Types of processed data

 - Inventory data (e.g. personal master data, names or addresses)
 - Contact data (e.g. email, telephone numbers)
 - Content data (e.g. text inputs, photographs, videos)
 - Usage data (e.g. websites visited, interest in content, access times)
 - Metadata/communication data (e.g. device information, IP addresses)

Categories of data subjectsVisitors and users of the website (the data subjects are hereinafter referred to collectively as "users").

Purpose of processing

- Provision of the website, its functions and content
 - Answering contact requests and communication with users
 - Security measures
 - Reach measurement/marketing

Definitions

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This term is extensive and comprises virtually any handling of data.
"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal bases

In accordance with Art. 13 GDPR, we inform you about the legal bases of our data processing activities. The following applies to users within the territorial scope of the General Data Protection Regulation (GDPR), i.e. the EU and the EEA, if the legal basis is not mentioned in the Privacy Policy: The legal basis for obtaining consent is point (a) of Art. 6 (1) and Art. 7 GDPR;The legal basis for processing necessary for the performance of our services and the implementation of contractual measures as well as the answering of enquiries is point (b) of Art. 6 (1) GDPR;The legal basis for processing necessary for compliance with our legal obligations is point (c) of Art. 6 (1) GDPR;In the event that processing of personal data is necessary in order to protect the vital interests of the data subjects or another natural person, point (d) of Art. 6 (1) GDPR serves as the legal basis.The legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is point (e) of Art. 6 (1) GDPR. The legal basis for processing necessary for the purposes of the legitimate interests pursued by us is point (f) of Art. 6 (1) GDPR. The processing of data for a purpose other than that for which they have been collected is governed by the provisions of Art. 6 (4) GDPR. The processing of special categories of personal data (pursuant to Art. 9 (1) GDPR) is governed by the provisions of Art. 9 (2) GDPR.

Security measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk in accordance with the statutory provisions and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data as well as their access, input, disclosure, availability and separation. In addition, we have established procedures to ensure the exercise of data subjects' rights, erasure of data and response to any potential threats to data. Furthermore, we take the protection of personal data into account as early as during development and selection of hardware, software and processes, in accordance with the principle of data protection by design and by default.

 

Collaboration with processors, joint controllers and third partiesWhere we disclose data to other persons and companies (processors, joint controllers or third parties), transfer data to them or otherwise grant them access to data in the course of our processing activities, this is done solely based on a statutory permission (e.g. if transfer of data to third parties, such as payment service providers, is necessary for the performance of the contract), the users' consent, on account of a legal obligation or on grounds of our legitimate interests (e.g. when employing agents, web hosts, etc.).

Where we disclose data to other companies of our corporate group, transfer data to them or otherwise grant them access to data, this is done in particular for administrative purposes, as our legitimate interest, and based on the statutory provisions. 

Transfer to third countries

Where we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or this happens while using third-party services or disclosing/transferring data to other persons or companies, this is done solely to fulfil our (pre)contractual obligations, based on your consent, on account of a legal obligation or on grounds of our legitimate interests. Subject to express consent or transfer required by contract, we only process data or have data processed in third countries that offer an adequate level of data protection, which include U.S. processors certified under the "EU-US Privacy Shield", or based on appropriate safeguards, such as contractual obligation by so-called standard data protection clauses of the EU Commission, available certifications or binding corporate rules (Art. 44 to 49 GDPR, information website of the EU Commission).

Rights of the data subjects
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed and to obtain access to these data as well as further information and a copy of the data in accordance with the statutory provisions.

In accordance with the statutory provisions, you have the right to have incomplete personal data concerning you completed or to obtain the rectification of inaccurate personal data concerning you. In accordance with the statutory provisions, you have the right to obtain the erasure of personal data concerning you without undue delay or, alternatively, to obtain restriction of processing of the data. In accordance with the statutory provisions, you have the right to receive the personal data concerning you, which you have provided to us, and to request their transmission to another controller. In accordance with the statutory provisions, you have the right to lodge a complaint with the competent supervisory authority.

Right to withdraw consent

You have the right to withdraw any consent you have given with effect for the future.

Right to object

You have the right to object at any time to the future processing of personal data concerning you in accordance with the statutory provisions. In particular, you have the right to object to the processing of personal data for direct marketing purposes.

Cookies and right to object to processing for direct marketing purposes 

"Cookies" are small files that are stored on the users' computers. Cookies can contain different types of information. A cookie is used primarily to store information about a user (or the device on which the cookie is stored) during or after the user's visit to a website. Temporary cookies or "session cookies" are cookies that are deleted after the user leaves the website and closes their browser. Such cookies can store, for example, the content of a shopping cart in an online shop or a login status. "Permanent" or "persistent" cookies are cookies that continue to be stored even after the browser is closed. For example, the login status can be saved if users visit the website again after several days. Such cookies can also store the users' interests, which are used for reach measurement or for marketing purposes. "Third-party cookies" are cookies that are offered by providers other than the controller operating the website (otherwise, if only the latter's cookies are concerned, they are referred to as "first-party cookies").

 
We may use temporary and permanent cookies and inform the users thereof in our Privacy Policy.
Where we ask the users to consent to the use of cookies (e.g. in a cookie agreement), the legal basis for such processing is point (a) of Art. 6 (1) GDPR. Otherwise, the personal cookies of the users are processed, as explained below in this Privacy Policy, on grounds of our legitimate interests (i.e. interest in the analysis, optimisation and economical operation of our website within the meaning of point (f) of Art. 6 (1) GDPR) or, if the use of cookies is necessary for the provision of our contractual services, in accordance with point (b) of Art. 6 (1) GDPR or, if the use of cookies is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, in accordance with point (e) of Art. 6 (1) GDPR.
If the users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The rejection of cookies may lead to functional limitations of this website.
A general objection to the use of cookies used for online marketing purposes can be raised in respect of a large number of services, in particular in the case of tracking, via the U.S. website http://www.aboutads.info/choices/
 or the EU website http://www.youronlinechoices.com/. In addition, the storage of cookies can be prevented by deactivating them in the browser settings. Please note that in this case you may not be able to use all functions of this website.

Erasure of data

The data processed by us will be erased in accordance with the statutory provisions or their processing will be restricted. Unless expressly stated in this Privacy Policy, the data stored by us will be erased as soon as they are no longer required for their intended purpose and to the extent that there are no statutory obligations to retain them. If the data are not erased because they are required for other purposes permitted by law, their processing will be restricted, i.e. the data will be blocked and not processed for any other purposes. This applies, for example, to data that are required to be stored for commercial or tax reasons.

Amendments and updates to the Privacy Policy 

Please check the content of our Privacy Policy on a regular basis. We will adapt the Privacy Policy whenever changes in the data processing activities carried out by us so require. We will inform you if the changes require your cooperation (e.g. consent) or other individual notification.

Business-related processing

We additionally process- Contract data (e.g. subject matter, term, customer category)- Payment data (e.g. bank details, payment history) of our customers, prospective customers and business partners for the purpose of providing contractual services, support and customer care, marketing, advertising and market research.

Agency services

We process the data of our customers while providing our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development, consulting or maintenance, implementation of campaigns and processes/ handling, server administration, data analysis/ consulting services and training services.In this case, we process inventory data (e.g. customer master data, such as names or addresses), contact data (e.g. email, telephone numbers), content data (e.g. text inputs, photographs, videos), contract data (e.g. subject matter, term), payment data (e.g. bank details, payment history), usage data and metadata (e.g. for the evaluation and success measurement of marketing measures). As a rule, we do not process special categories of personal data, unless they are part of processing carried out on behalf of a controller. The data subjects include our customers, prospective customers as well as their customers, users, website visitors or employees as well as third parties. The purpose of the processing is the provision of contractual services, billing and our customer service. The legal basis for processing is stipulated in point (b) of Art. 6 (1) GDPR (contractual services) and point (f) of Art. 6 (1) GDPR (analysis, statistical evaluation, optimisation, security measures). We process data that are necessary for the establishment and performance of the contractual services and point out the necessity of their provision. The data are only disclosed to external parties to the extent necessary for the execution of an order. While processing the data provided to us as part of an order, we act in compliance with the client's instructions as well as the statutory provisions on processing carried out on behalf of a controller pursuant to Art. 28 GDPR and do not process the data for any purposes other than the purposes of the order.We will erase the data after expiry of the statutory warranty and comparable obligations. The necessity of retaining the data is checked every three years; if there are statutory archiving obligations, we will erase the data after their expiry (6 years pursuant to Sec. 257 (1) HGB [German Commercial Code], 10 years pursuant to Sec. 147 (1) AO [Fiscal Code of Germany]). Data disclosed to us by the customer as part of an order will be erased as specified in the order, generally after completion of the order.

Administration, financial accounting, office organisation, contact management

We process data for the purpose of administrative tasks and organisation of our operations, financial accounting and compliance with statutory obligations, such as archiving. In this case, we process the same data as we process while providing our contractual services. The legal basis for such processing is point (c) of Art. 6 (1) GDPR and point (f) of Art. 6 (1) GDPR. The data subjects include customers, prospective customers, business partners and website visitors. The purpose and our interest in the processing consists in administration, financial accounting, office organisation and archiving, i.e. tasks that serve to maintain our operations, perform our tasks and provide our services. The erasure of the data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.In this case, we disclose or transfer data to the fiscal authorities, consultants, such as tax advisors or auditors, as well as to other billing centres and payment service providers.Furthermore, we store information on suppliers, event organisers and other business partners on grounds of our business interests, for example for the purpose of contacting them at a later point. As a rule, we store these mainly company-related data permanently.

Information on data protection during the application process

We only process the applicant data for the purpose and within the scope of the application process in line with the statutory provisions. Applicant data are processed to fulfil our (pre)contractual obligations during the application process within the meaning of point (b) of Art. 6 (1) GDPR and point (f) of Art. 6 (1) GDPR, if the data processing becomes necessary, for example within the scope of legal procedures (in Germany, Sec. 26 BDSG [Federal Data Protection Act] applies in addition).The application process requires applicants to provide us with the applicant data. If we offer an online application form, the required applicant data are marked; otherwise, they are stated in the job descriptions and generally include information about the person, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and references. In addition, applicants may provide us with further information on a voluntary basis.By sending us the application, applicants agree to the processing of their data for the purposes of the application process in accordance with the nature and scope described in this Privacy Policy.Where special categories of personal data within the meaning of Art. 9 (1) GDPR are provided voluntarily during the application process, they are additionally processed in accordance with point (b) of Art. 9 (2) GDPR (e.g. data concerning health, such as severely disabled status or ethnic origin). Where special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants during the application process, they are additionally processed in accordance with point (a) of Art. 9 (2) GDPR (e.g. data concerning health, if these are required to exercise the profession).If available, applicants can send us their applications using an online application form provided on our website. The data will be transmitted to us in encrypted form in accordance with the state of the art.Furthermore, applicants can send us their applications by email. In this case, however, it should be noted that emails are generally not sent in encrypted form and applicants have to take care of the encryption themselves. Therefore, we are unable to accept responsibility for the route of transmission of the application between the sender and the receipt on our server and recommend using an online application form or sending the application by post. Instead of using the online application form or email, the applicants still have the option to send us their applications by post.If the application is successful, the data provided by the applicants can be further processed for the purposes of the employment. Otherwise, if the application for a job is not successful, the data of the applicants will be erased. The data of the applicants will also be erased if the application is withdrawn, which the applicants are entitled to do at any time.Subject to justified withdrawal by the applicant, the data will be erased after a period of six months, enabling us to answer any follow-up questions and meet our obligations to provide proof under the Equal Treatment Act. Invoices for reimbursement of travel expenses will be archived in accordance with the tax regulations.

Talent pool

During the application process, we offer the applicants the opportunity to be included in our "talent pool" for a period of two years based on consent within the meaning of point (a) of Art. 6 (1) and Art. 7 GDPR. The application documents in the talent pool will only be processed during future job advertisements and the recruitment of employees and will be destroyed after expiry of the period at the latest. The applicants will be informed that their consent to inclusion in the talent pool is voluntary, has no influence on the ongoing application process and that they can withdraw this consent at any time with effect for the future and raise an objection within the meaning of Art. 21 GDPR.

New Relic – Server monitoring and error tracking

We use server monitoring & error tracking to ensure the availability and integrity of our website and use the data processed for the technical optimisation of our website. For these purposes, we use the service New Relic, Inc. Attn: Legal Department 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA. New Relic is certified under the Privacy Shield Agreement, which guarantees compliance with the European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TNPiAAO&status=Active).

New Relic processes aggregated performance data, i.e. performance, utilisation and comparable technical values which provide information about the stability and any abnormalities of our website. In the event of any errors and abnormalities, individual enquiries of the users of our website are recorded in pseudonymised form to identify and eliminate problem sources. In this case, pseudonymised means, in particular, that the users' IP addresses are shortened by the last two digits (referred to as IP masking). The aggregated data will be erased after three months, the pseudonymised data after seven days. We use New Relic on grounds of our legitimate interests in the security, error-free operation and optimisation of our website in accordance with point (f) of Art. 6 (1) GDPR.

For more information on the processing of personal data by New Relic, please refer to the privacy policy of the service: https://newrelic.com/termsandconditions/privacy. Created using the privacy policy generator provided by lawyer Dr. Thomas Schwenke

Search references:

Market solutions

Building types

Specialized fields