Introduction
Data protection regulations
We appreciate your trust and interest in our data protection policy. The security of your personal information and respect for your privacy is our highest priority. We would hereby like to inform you about the principles of data protection and the manner, purpose and extent of the processing of your personal data in our business operations. It goes without saying that we comply with the legal requirements of the German Federal Data Protection Act (BDSG), the General Data Protection Regulation (GDPR), the German Telemedia Act (TMG) and other laws relevant to data protection.
The security of your data is our top priority. We attach great importance to data protection when designing our website. Our data protection guidelines are compliant with the current data protection laws of the European Union. We use state-of-the-art technical and organisational security procedures to protect your data from accidental or intentional manipulation, loss, destruction or unauthorised access. Our experts are constantly working to improve and optimise these security measures. When our website is used, anonymised, general data and information is collected for statistical purposes (such as access and download figures for certain documents and users’ countries of origin). This statistical data helps us to further optimise our website according to the needs of the users. No personal user data is collected and cannot be derived from the statistics. We reserve the right to share these statistics with third parties
Definitions of terms
This privacy policy is based on the terms used both by the European legislators in the General Data Protection Regulation (GDPR) and by the German legislators in the Federal Data Protection Act. In order to ensure better comprehensibility of our privacy policy for the users of our online services, we would like to explain some of the most common terms in advance (further definitions can be found in Art. 4 of the General Data Protection Regulation):
– Personal data: Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
– Data subject: A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
– Processing: Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
– Restriction of processing: Restriction of processing means the marking of stored personal data with the aim of limiting its future processing.
– Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
– Pseudonymisation: Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
– Controller or data controller: A controller or data controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
– Processor: A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
– Recipient: A recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.
– Third party: A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
– Consent: Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Name and contact details of the controller
This data protection information applies to data processing by
Controller:
DGAL Projectmanagement & Consulting GmbH, represented by authorised signatory Thomas Meyer, Schiepziger Str. 59, 06120 Halle
Email contact(at)dgalgmbh (point)de
Data protection officer
You can contact the data protection officer of DGAL Projectmanagement & Consulting GmbH at the above email address.
Legal basis of data processing
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. If the legal basis is not specifically mentioned in the privacy policy, the following bases apply: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfil our services, carry out contractual measures and respond to enquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
Security precautions
In accordance with Art. 32 GDPR, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the current technical standard, the implementation costs and the nature, scope, circumstances and purposes of the processing and the different probabilities and severities of the risk to the rights and freedoms of natural persons.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the corresponding access, input, transfer, security and separation processes. We have also established processes that ensure the exercise of data subject rights, data erasure and response to data compromise. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
Use of cookies
We use cookies to optimise the use of our online services. These are small text files that are stored on your device by your internet browser. By using our website, you expressly consent to the use of this technology. You have the option of accepting cookies individually or rejecting them completely by adjusting your browser settings accordingly. Our website uses cookies to improve your online experience and make it easier to manage your booking activities. Personal data such as your address or name are not stored in the cookies.
Some of the cookies we use are “session cookies”, which are automatically deleted at the end of your browser session. Other cookies remain on your device until you remove them yourself. Such cookies help us to recognise you the next time you visit our website.
In addition, our website uses cookies to optimise advertising measures and advertisements and to measure their effectiveness. As already mentioned, cookies are not absolutely necessary to use our website. However, if you disable cookies, this may limit the functionality of our website.
External websites that are integrated into our website via frames or includes may also set cookies. You are not obliged to accept these and can reject them as described below.
The setting of cookies, which are necessary for electronic communication processes or the provision of certain functions (e.g. shopping basket), is based on Art. 6 para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in storing cookies for the technically flawless and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these are treated separately in this privacy policy.
Deleting cookies
You can easily delete cookies at any time. Cookies are deleted via your internet browser. Please refer to the help function of your browser to find out how to delete cookies in your specific Internet browser.
You can object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative (https://optout.networkadvertising.org/) and additionally the US website (https://www.aboutads.info/choices) or the European website (https://www.youronlinechoices.com/uk/your-ad-choices/).
Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc. (“Google”). The provider of this service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google uses cookies. The information generated by the cookie about the users’ use of our online offering is generally transferred to a Google server in the USA and stored there.
Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering, and to provide us with other services related to the use of this online offering and the use of the internet. Pseudonymized user profiles can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser is not merged with other Google data.
Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and related to their use of the online offering, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de (formatted as text and underlined).
For more information on Google’s use of data for advertising purposes, settings and opt-out options, please visit Google’s websites: (“Data use by Google when you use websites or apps of our partners”), (“Data use for advertising purposes”), (“Manage information that Google uses to show you ads”), and (“Determine which ads Google shows you”).
Alternatively to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data on this website in the future (the opt-out only works in the browser and only for this domain). An opt-out cookie will be stored on your device. If you delete your cookies in this browser, you must click this link again.
We use Google Analytics in the form of “Universal Analytics”. “Universal Analytics” is a process of Google Analytics in which user analysis is based on a pseudonymous user ID, creating a pseudonymous profile of the user with information from the use of various devices (so-called “cross-device tracking”).
We use Google Analytics to display ads within advertising services of Google and its partners only to users who have shown an interest in our online offering or who have certain characteristics (e.g., interests in certain topics or products determined by the websites they have visited) that we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of the remarketing audiences, we also want to ensure that our ads correspond to the potential interest of the users.
To fully comply with legal data protection requirements, we have concluded a contract for order processing with Google.
Demographic Features in Google Analytics
Our website uses the “demographic features” function of Google Analytics. This allows us to generate reports that include information about the age, gender, and interests of our site visitors. These data come from interest-based advertising by Google and visitor data from third-party providers. It is not possible to attribute the data to any specific individual. You can disable this function at any time. This can be done through the ad settings in your Google account, or by prohibiting the collection of your data by Google Analytics as explained in the section “Objection to data collection.”
Google states that it does not combine your IP address with other data. In addition, Google provides further privacy-related information at https://www.google.com/intl/de/policies/privacy/partners, including options for preventing the use of data.
Use of Google AdSense with Personalized Ads
In the interest of analyzing, optimizing, and economically operating our online offering, pursuant to Art. 6 Para. 1 lit. f GDPR, we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the AdSense service, which displays ads on our website and provides us compensation for their display or other use. For this purpose, usage data such as the click on an ad and the user’s IP address are processed, with the IP address being truncated by the last two digits. Therefore, the processing of users’ data is pseudonymized.
We use AdSense with personalized ads. Based on this, Google can infer the interests of users from the websites they visit or the apps they use and the user profiles created from them. Advertisers use this information to align their campaigns with these interests, which is beneficial for both users and advertisers. For Google, ads are considered personalized when collected or known data determine or influence the selection of ads. This includes, but is not limited to: demographic targeting, interest category targeting, remarketing, and targeting with customer match lists and audience lists uploaded in DoubleClick Bid Manager or Campaign Manager.
Further information on Google’s data usage, settings, and opt-out options can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for Google’s display of ads (https://adssettings.google.com/authenticated).
Use of Google AdSense with Non-Personalized Ads
Based on our legitimate interests, namely the analysis, optimization, and economic operation of our online offering in accordance with Art. 6 Para. 1 lit. f GDPR, we use services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google AdSense with Non-Personalized Ads
Google is certified under the Privacy Shield Agreement, providing a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We utilize the AdSense service, which displays ads on our website and compensates us for their display or other use. For this purpose, usage data, such as the click on an ad and the users’ IP address, are processed, with the IP address being truncated by the last two digits. Thus, users’ data processing is pseudonymized.
We use AdSense with non-personalized ads. These ads are not shown based on user profiles. Non-personalized ads do not rely on previous user behavior. Targeting uses contextual information, including coarse geographic targeting based on the current location, content on the current website or app, and current search terms. Google prohibits any personalized targeting, including demographic targeting and targeting based on user lists.
For more information on data use by Google, settings, and opt-out options, see Google’s privacy policy (https://policies.google.com/technologies/ads) and the settings for displaying ads by Google (https://adssettings.google.com/authenticated).
Google AdWords and Conversion Tracking
Based on our legitimate interests, namely the analysis, optimization, and economic operation of our online offering as per Art. 6 Para. 1 lit. f GDPR, we use services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google is certified under the Privacy Shield Agreement, thus guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use Google’s “AdWords” online marketing procedure to place ads in the Google advertising network (e.g., in search results, videos, on websites, etc.), so they are presented to users who likely have an interest in the ads. This enables us to display ads for and within our online offering more targetedly, to present users only with ads likely to match their interests. For instance, if a user is shown ads for products they have shown interest in on other online offerings, this is known as “remarketing.” For this purpose, when accessing our and other websites where the Google advertising network is active, a code from Google is executed directly and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e., a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). This file notes which websites the user has visited, what content they are interested in, and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, visit time, and other information on the use of the online offering.
Additionally, we receive an individual “conversion cookie.” The information obtained by the cookie allows Google to compile conversion statistics for us. However, we only receive the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not receive any information that could personally identify users.
Users’ data is processed pseudonymously within the Google advertising network. This means that Google does not store and process, for example, the user’s name or email address, but processes the relevant data cookie-related within pseudonymous user profiles. From Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google’s servers in the USA.
For more information on data use by Google, settings, and opt-out options, see Google’s privacy policy (https://policies.google.com/technologies/ads) and the settings for displaying ads by Google (https://adssettings.google.com/authenticated).
Google DoubleClick
Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering in accordance with Art. 6 Para. 1 lit. f GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google is certified under the Privacy Shield Agreement, thereby offering a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We utilize the online marketing procedure “DoubleClick” by Google to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). DoubleClick is characterized by displaying ads in real-time based on the presumed interests of users. This allows us to place ads for and within our online offering more targetedly, presenting users only with ads that potentially match their interests. For example, if a user is shown ads for products they have shown interest in on other online offerings, this is known as “remarketing”. For this purpose, when accessing our and other websites where the Google advertising network is active, a code from Google is executed directly and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e., a small file, is stored on the user’s device (similar technologies may also be used instead of cookies). This file records which websites the user has visited, what content they are interested in, and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, visit time, and other information about the use of the online offering.
The IP address of the users is also recorded, but it is truncated within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is transmitted in full to a Google server in the USA and truncated there. The above-mentioned information can also be linked by Google with such information from other sources. When the user visits other websites later, ads tailored to them, based on their presumed interests recorded on their user profile, can be displayed.
The data of users is processed pseudonymously within the Google advertising network. This means that Google, for example, does not store and process the user’s name or email address, but processes the relevant data cookie-related within pseudonymous user profiles. From Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, irrespective of who this cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about users by Google marketing services is transmitted to Google and stored on Google’s servers in the USA.
For more information on data usage by Google, settings, and opt-out options, see Google’s privacy policy (https://policies.google.com/technologies/ads) and the settings for displaying ads by Google (https://adssettings.google.com/authenticated).
Integration of Google Maps
On some of our web pages, we use Google Maps for displaying maps, locations, and for route planning. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to as “Google.”
Through certification under the EU-US Privacy Shield (“EU-US Privacy Shield”) https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active, Google guarantees that it complies with the data protection regulations of the EU even when processing data in the USA.
To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.
If you call up the Google Maps component integrated into our website, Google stores a cookie on your device via your internet browser. Your user settings and data are processed to display our location and create a route description. We cannot exclude the possibility that Google may use servers in the USA.
The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.
Through this connection to Google, Google can determine from which website your request has been sent and to which IP address the directions should be transmitted.
If you do not agree with this processing, you have the option to prevent the installation of cookies by making the appropriate settings in your Internet browser. Details can be found in the section “Cookies.”
Furthermore, the use of Google Maps and the information obtained via Google Maps is in accordance with the Google Terms of Service and the Terms and Conditions for Google Maps.
Additionally, Google provides more information at https://adssettings.google.com/authenticated and https://policies.google.com/privacy.
Bing Ads
As part of our online offering, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering in accordance with Art. 6 Para. 1 lit. f GDPR), we use the conversion and tracking tool “Bing Ads” of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft stores cookies on users’ devices to enable an analysis of the use of our online offering by users if they have reached our online offering via a Microsoft Bing ad (so-called “conversion measurement”). In this way, Microsoft and we can recognize that someone clicked on an ad, was redirected to our online offering, and reached a previously determined target page (so-called “conversion page”). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No IP addresses are stored. No personal information about the identity of the users is disclosed.
Microsoft is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).
If you do not wish to participate in the tracking process of Bing Ads, you can also refuse the required setting of a cookie – for example via a browser setting that generally disables the automatic setting of cookies or by using the opt-out page of Microsoft: https://choice.microsoft.com/de-DE/opt-out.
Further information on data protection and the cookies used in Microsoft Bing Ads can be found in Microsoft’s privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
Social Media and Social Networks
We maintain online presences within social networks and platforms to communicate with active customers, prospects, and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within social networks and platforms, e.g., write posts on our online presences or send us messages.
Facebook Social Plugins Our offer uses social plugins (“plugins”) of the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins can be recognized by one of the Facebook logos (white “f” on a blue tile or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/
When you visit a page of our offer that contains such a plugin, your browser establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the website. Therefore, we have no influence on the extent of the data that Facebook collects with the help of this plugin and therefore inform users according to our state of knowledge:
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example, press the Like button or leave a comment, the corresponding information is transmitted from your browser directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and store his IP address. According to Facebook, only an anonymized IP address is stored in Germany.
The purpose and scope of data collection and the further processing and use of data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found in Facebook’s privacy notices: https://www.facebook.com/about/privacy/
If a user is a Facebook member and does not want Facebook to collect data about him via this offer and link it to his member data stored on Facebook, he must log out of Facebook and delete his cookies before visiting the internet presence. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads.
𝕏 (formerly Twitter)
Our offer uses the buttons of the service Twitter. These buttons are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. They can be recognized by terms such as “Twitter” or “Follow”, combined with a stylized blue bird. With the help of the buttons, it is possible to share a post or page of this offer on Twitter or to follow the provider on Twitter. If you visit a web page of our internet presence that contains such a button, your browser establishes a direct connection with Twitter’s servers. The content of the Twitter buttons is transmitted by Twitter directly to your browser. We, therefore, have no influence on the extent of the data that Twitter collects with the help of this plugin and inform users according to our state of knowledge. According to this, only the user’s IP address and the URL of the respective website are transmitted when the button is referred to but are not used for purposes other than the display of the button. Further information can be found in Twitter’s privacy policy at https://twitter.com/de/privacy. If you are a Twitter member and do not want Twitter to collect data about you via our internet presence and link it to your member data stored at Twitter, you must log out of Twitter before visiting our internet presence.
Contract Data and Contract Processing We collect, process, and store the data you provide to us when you enter into a contract with us. This includes, among other things, your name, address, contact details, and contract details. We use this data exclusively for fulfilling and processing the contract.
The legal basis for processing this data is Article 6, Paragraph 1, Letter b of the General Data Protection Regulation (GDPR), which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
We retain this data as long as necessary for the fulfillment of the contract and to comply with statutory retention obligations. After the conclusion of the contract and the expiration of legal retention periods, your data will be deleted.
In certain cases, such as the delivery of goods, it is necessary to pass on your data to third parties. However, this is only done if it is necessary for contract processing and is also based on Article 6, Paragraph 1, Letter b of the GDPR.
Collection, Processing, and Use of Personal Data We collect, process, and use your personal data in accordance with applicable data protection laws, including the GDPR and the Federal Data Protection Act (BDSG).
We use your personal data to conclude and fulfill contracts, to provide our services, and to respond to your inquiries. This includes, among other things, using your data for billing and communication with you.
The processing of your data is based on Article 6, Paragraph 1, Letters b and c of the GDPR. Article 6, Paragraph 1, Letter b of the GDPR allows the processing of data for the fulfillment of a contract or pre-contractual measures. Article 6, Paragraph 1, Letter c of the GDPR allows the processing of data to fulfill a legal obligation to which we are subject.
After fulfilling the contractual obligations and the expiration of statutory retention periods, your data will be deleted unless you have consented to further use of your data. In this case, your data will be stored as long as you do not revoke your consent.
Cooperation with Contract Processors and Third Parties
In certain cases, we cooperate with third parties or contract processors to provide our services. This may involve disclosing, transmitting, or granting access to data to third parties. These data transfers always comply with legal data protection regulations.
We only share your data with third parties when:
- it is necessary for the fulfillment of the contract (e.g., transferring payment data to a payment service provider for transaction processing), in accordance with Art. 6 Para. 1 lit. b GDPR;
- you have given explicit consent;
- it is necessary due to a legal obligation;
- it is based on our legitimate interests (e.g., when using web hosts).
When we commission third parties to process data, this always occurs based on a contract processing agreement in accordance with Art. 28 GDPR.
Transfers to Third Countries
In some cases, it may be necessary to process data outside the European Union (EU) or the European Economic Area (EEA) or to grant access to the data to third parties in these countries. This always takes place in compliance with legal data protection regulations and only when:
- it is necessary for the fulfillment of our contractual obligations;
- you have given explicit consent;
- it is necessary due to a legal obligation;
- it is based on our legitimate interests.
We transfer data to a third country only if an adequate level of data protection is guaranteed or if specific safeguards, such as standard contractual clauses, are in place. Regarding data transfers to the USA, an adequate level of data protection is ensured by the Privacy Shield.
Server Log Files
Our web hosting provider automatically collects and stores information in so-called server log files, which your browser transmits to us. This information includes:
- Browser type and browser version
- Operating system used
- Referrer URL (the website from which you visit us)
- Hostname of the accessing computer (IP address)
- Time of the server request
This data is not merged with other data sources. The collection of this data is based on Art. 6 Para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
Use of Personal Data for Customer Consulting
To ensure optimal customer service, we may use your personal data to advise you regarding a service you have requested or contracted. This contact may occur via telephone or email and is necessary for the fulfillment of the contract.
You have the right to object to the use of your data for these or further purposes at any time. You can send your objection by mail or email to us. Please note that due to technical reasons, further contacts may still occur shortly after you have submitted your objection.
DGAL Projectmanagement & Consulting GmbH, Schiepziger Str. 59, 06120 Halle
contact (at) dgalgmbh (point) de
Rights of the Data Subject
As a data subject, you have the following rights:
- Right to information: According to Art. 15 GDPR, you have the right to request information about your personal data processed by us. This includes information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage duration, the existence of a right to correction, deletion, limitation of processing, or objection, the existence of a right to complain, the source of your data if not collected from us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
- Right to rectification: According to Art. 16 GDPR, you have the right to demand the immediate rectification of incorrect or completion of your personal data stored by us.
- Right to deletion: According to Art. 17 GDPR, you have the right to demand the deletion of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for asserting, exercising, or defending legal claims.
- Right to restrict processing: According to Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion and we no longer need the data, but you need it for asserting, exercising, or defending legal claims or you have objected to processing pursuant to Art. 21 GDPR.
- Right to data portability: According to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request its transmission to another controller.
- Right to revoke consent: According to Art. 7 Para. 3 GDPR, you have the right to revoke your consent given to us at any time. As a result, we may no longer continue the data processing based on this consent for the future.
- Right to complain: According to Art. 77 GDPR, you have the right to complain to a supervisory authority. Typically, you can contact the supervisory authority of your usual place of residence, workplace, or our company headquarters for this purpose.
The competent supervisory authority for our company headquarters is:
The State Commissioner for Data Protection Saxony-Anhalt Leiterstr. 9, 39104 Magdeburg Tel.: (0391) 81803-0 Fax: (0391) 81803-33 Freecall: 0800 9153190 (only via landline) Email: poststelle@lfd.sachsen-anhalt.de
Usage-Based Online Advertising
Like many other online services, we rent parts of our website to advertising providers. These providers are allowed to place content on these pages.
Advertisers often use technologies to collect online usage data. The collection of this data is not our responsibility. However, you can suppress the creation of profiles and the display of advertising content by using add-ons for your internet browser, such as uBlock Origin or Ghostery. For Internet Explorer, Microsoft offers so-called Tracking Protection Lists.
We work with advertising partners who create usage-based profiles under a pseudonym across various websites. The data collection for usage-based online advertising is occasionally carried out by the following companies on our behalf: Google. Usage-based online advertising is delivered by these contractors. If you no longer wish to receive usage-based advertising, you can deactivate the data collection by the respective provider.
Accounting, Administration, Market Research, Business Evaluations, and Data Archiving
We process data in the context of administrative tasks, organization of our operations, financial accounting, and compliance with legal obligations such as archiving. In this process, we process the same data that we process in the context of providing our contractual services. The processing bases are Article 6 Paragraph 1 lit. c GDPR and Article 6 Paragraph 1 lit. f GDPR. Customers, prospects, business partners, and website visitors are affected by this processing.
The purpose and our interest in the processing lie in administration, financial accounting, office organization, data archiving, i.e., tasks that serve to maintain our business activities, perform our duties, and provide our services. The deletion of data in relation to contractual services and contractual communication corresponds to the information we have provided in these processing activities.
We disclose or transmit data to the financial administration and to advisors, such as tax consultants or auditors.
Business Evaluations, Market Research, and Market Development
To operate our business economically, recognize market trends, and understand customer and user preferences, we analyze the data available to us regarding business transactions, contracts, inquiries, etc. In this process, we process inventory data, communication data, contract data, payment data, usage data, and metadata based on Article 6 Paragraph 1 lit. f GDPR. Affected individuals include customers, prospects, business partners, visitors, and users of our online offering.
The analyses serve to increase user-friendliness, optimize our offer, and operate economically. The analyses are for our use only and are not disclosed externally, unless they are anonymous analyses with aggregated values.
If these analyses or profiles are personal, they are deleted or anonymized upon the user’s termination, otherwise after two years from the conclusion of the contract. Otherwise, the business analyses and general trend determinations are prepared anonymously.
Procedures to Prevent Misuse of Services
When visiting our websites, we automatically check using your contract data (such as the item purchased, name, postal address, email address, delivery address, payment method, and bank details) and a cookie or ID whether there are indications of misuse of our services. If there is a suspicion of misuse, an employee of ours will review the evaluation and the underlying indications.
If a contract conclusion is rejected, we will inform you of this and the main reasons for it. You then have the opportunity to respond, after which we will review the decision again.
The legal basis for this is Article 6 Paragraph 1 lit. f GDPR. In principle, this data is not passed on to third parties unless it is necessary to enforce our claims or there is a legal obligation according to Article 6 Paragraph 1 lit. c GDPR.
Newsletter
We offer you the opportunity to subscribe to our newsletters to receive up-to-date news about the topics of the website via email. When signing up for our newsletter, we collect personal data such as your first and last name and your email address. This processing is based on your consent according to Article 6 Paragraph 1 S.1 lit. A GDPR. We use this data for sending and personalizing our mailings, for product information and advertising, and for customer care. For statistical purposes and to improve our newsletter offering, we perform link tracking. These data are not generally passed on to third parties.
To prevent the misuse of email addresses, we use the so-called double opt-in procedure. This means you will receive an email after signing up, in which you are asked to confirm your registration. This registration is logged to be able to prove the registration process according to legal requirements.
You can cancel your newsletter subscription at any time or object to the use of your data. A link to unsubscribe is included in every newsletter. Unsubscribing is also possible via the contact forms on our websites.
Contact Form, Callback Request, etc.
When contacting us (e.g., via a contact form, email, telephone, or social media), we process your details to handle and process your inquiry according to Art. 6 Para. 1 lit. b) GDPR. Your details may be stored in a Customer Relationship Management System (“CRM System”) or comparable inquiry organization.
Right to Information, Correction, Deletion, Revocation, and Objection
You have the right to obtain information free of charge about the data we have stored and processed, to have this data corrected or deleted, and to receive a copy of the data. You can also object to the storage of your personal data at any time, as long as the storage is not necessary for the reasons mentioned above.
Data Security
We guarantee secure data transmission through SSL encryption. To ensure the secure transmission of your payment data and to protect your sensitive customer data, your inputs on our homepage are transmitted via a secure connection with SSL encryption. Your data is encrypted with at least 256 bits to provide you with the highest possible level of security.
Changes to the Privacy Notice
This privacy policy is currently valid and has been updated as of April 20, 2024.
Due to the development of our website and offers or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. You can always access and print the current privacy policy on our website using the provided link.
Video Surveillance Privacy Notice
We use video surveillance on our properties and in our business and office spaces.
Purpose and Legal Basis of Video Surveillance
The purpose of video surveillance is to exercise our domiciliary rights, prevent criminal acts, and secure evidence in case of criminal offenses. The legal basis for video surveillance is Art. 6 Para. 1 lit. f) GDPR. Our interests arise from the aforementioned purposes.
Data Recipients and Data Sharing
In cases of suspected criminal activities, we may pass on data to law enforcement authorities. Otherwise, data are only shared when there is a legal basis for doing so. This can particularly be the case when the police or other security authorities act in the context of so-called danger prevention and demand access to the video surveillance data.
Data Processing Outside the European Union
There is no processing of personal data in the context of video surveillance outside the European Union.
Deletion of Data
Data from video surveillance are generally deleted after 72 hours. Longer storage may occur in certain cases if there are justified indications that the recordings might show actions that could be prosecuted as criminal offenses or could be used to enforce civil law claims. In cases of absence or illness of the responsible personnel, video recordings may be stored for up to 10 days in individual cases.
Contents