Privacy Protection

INFORMATION ON THE COLLECTION OF PERSONAL DATA

Thank you for visiting our website and for your interest in the services offered by Ganter Construction & Interiors GmbH.

We take the protection of your personal data very seriously in our role as data controller. Internet pages can only be displayed if data of the visitor, at least the IP address, is transmitted beforehand. Therefore, we would like to inform you comprehensively with this data protection declaration about the processing of your personal data in the context of visiting this website. We are legally obligated to do so as the entity responsible for data processing. You can reach us via the following contact options:

 

Ganter Construction & Interiors GmbH

Am Kraftwerk 4

D-79183 Waldkirch

 

The internet presence of Ganter Construction Interiors GmbH is subject to the EU Data Protection Act (EUDSGVO) and the German Federal Data Protection Act (BDSG), and to the German Telemedia Act (TMG). We are thus obliged to protect all information and recorded data of visitors to this website and to treat it confidentially. The data stored as part of the visit to this website will be processed exclusively in the manner described in this privacy policy. A use of personal data beyond this or a transfer to third parties is not intended.

 

PERSONAL DATA

Personal data is information about personal or factual circumstances of an identified or identifiable person. This includes names and contact data, such as address, telephone number, e-mail address, as well as sensitive data, such as information about the state of health but also usage data such as your IP address.

 

SCOPE OF THE PROCESSING OF PERSONAL DATA

As a matter of principle, Ganter Construction Interiors GmbH collects and uses personal data of visitors to this website only to the extent that this is necessary for the provision of a functional website and of our contents and services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.

 

PURPOSES AND LEGAL BASIS OF DATA PROCESSING, STORAGE PERIOD OF THE DATA

If you use our website for purely informational purposes and do not send us any other information (e.g. by e-mail), we only collect data that your browser transmits to our server (so-called “server log files”). This data is processed in accordance with Art. 6 (1) f EUDSGVO on the basis of our legitimate interest in improving the stability and functionality of our homepage. This data is not used in any other way or even passed on to third parties. However, we reserve the right to analyze the log files retrospectively if there are indications of illegal use. The stored data will be deleted regularly.

If you contact us by e-mail, personal data will be collected. This data is stored and used exclusively for the purpose of processing your request and the associated technical administration. The legal basis for processing the data is our legitimate interest in processing your request in accordance with Art. 6 (1) f EUDSGVO. Your data will be deleted after final processing of your request, this is the case when the matter concerned has been conclusively clarified and provided that no legal retention obligations prevent deletion. We use service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 b or f EUDSGVO, insofar as they are not order processors. Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures) may have access to your data to the extent necessary. The legal basis for the disclosure is then Art. 6 (1) b or f EUDSGVO. Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) a EUDSGVO serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) b EUDSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c EUDSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) d EUDSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) f EUDSGVO serves as the legal basis for the processing.

 

PROCESSING OF DATA IN COMMUNICATIONS PURSUANT TO ART. 6 ABS. 1 A TO F EUDSGVO

If you send us information by e-mail or via a contact form, the data you provide (your e-mail address, your name, if applicable, and your telephone number) will be stored by us in order to respond to your inquiry. For this purpose, your information will be read within Ganter Construction Interiors GmbH and forwarded to the responsible department. The personal data will be stored and processed for this purpose. We delete the data accruing in this context after the storage is no longer required or restrict the processing if there are legal retention obligations.

If you send us an application by e-mail, we subsequently process your transmitted data exclusively for the purpose of handling the application process. If an employment relationship is established with an applicant, we store the transmitted data in order to perform the activities required within the scope of the employment relationship. Only our employees responsible for personnel processing have access to such applicant data. If no employment relationship is established, we generally delete the application documents two months after notifying you of the rejection, unless there is a legitimate interest in deletion.

If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. Where possible, we will also state the criteria defined for the storage period.

 

COLLECTION OF GENERAL INFORMATION WHEN YOU VISIT OUR WEBSITE

As long as you use our website for information purposes only, i.e. without registering or otherwise transmitting information, we only collect the personal data that your browser transmits to our server (log files).
In this respect, information is automatically collected by us or the web space provider with each access. This information, also referred to as server log files, is of a general nature and does not allow any conclusions to be drawn about your person.

Among other things, the following information is collected: Name of the website, language, requested data, date and time of the request, time zone difference to Greenwich Mean Time (GMT), the amount of data transferred in each case, web browser and web browser version, operating system and its version, the domain name of your Internet provider, the so-called referrer URL (the page from which you accessed our offer – if transmitted. Users can switch this on and off in the browser), access status/HTTP status code and the IP address.
Without this data, it would not be technically possible in part to deliver and display the contents of the website. In this respect, the collection of the data is mandatory. In addition, we use the anonymous information for statistical purposes. They help us to optimize the offer and the technology. We also reserve the right to subsequently check the log files if we suspect illegal use of our offer.

 

COOKIES

In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and through which the cookie-setting agency (in this case, this is done by us), certain information flows. This information may include, for example, user settings, history information about the visit to the website or language settings.

Cookies are used to make the website as a whole more user-friendly and effective. We do not pass this data on to third parties or link it to personal data without your consent. Cookies fulfill two main tasks. They help us to make it easier for you to navigate through our offer and enable the correct display of the website.

Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. Cookies can, however, contain data that enable recognition of the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. Cookies cannot directly identify a user.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:

  • Technical cookies: these are mandatory in order to navigate our website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which web pages you have visited;
  • Performance cookies: these collect information about how you use a website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you – all information collected is anonymous and is only used to improve our website and find out what interests our users;
  • Advertising cookies, targeting cookies: these are used to provide the website user with tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
  • Sharing cookies: these are used to improve the interactivity of a website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.

Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) p. 1 a EUDSGVO. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we will only disclose your personal data processed by cookies to third parties if you have given your express consent to do so in accordance with Art. 6 (1) p. 1 a EUDSGVO.

You have the option to call up our offer without cookies. To do this, the appropriate settings must be changed in the browser. Cookies can be controlled with all internet browsers. Most browsers are set so that all cookies are accepted without asking the user. If you do not want cookies to be stored on your computer, you should disable the corresponding option in the browser’s system settings. Please use the help function of your browser to find out how to disable cookies. However, we would like to point out that this may impair some of the functions of this website and reduce user comfort.

 

THIRD COUNTRY TRANSMISSION

We would like to point out that when using our online offer, personal data is partly transferred to the USA. A data transfer to the USA is no longer permitted without further ado since the ruling of the European Court of Justice EU-US-PRIVACY SHIELD/SCHREMS-II-URTEIL of 16.07.2020.

A data transfer to the United States (USA) was previously permitted if the company to which the data is to be transferred was certified under the EU-US Privacy Shield. Although this certification continues to exist, it is no longer sufficient for legal reasons alone since the ECJ ruling SCHREMS II. The European Court of Justice (ECJ) declared the Privacy Shield agreement as such to be insufficient.

Since then, the USA is no longer considered a safe third country in the sense of the EU Data Protection Regulation. It is particularly critical to see that US companies are obliged to hand over personal data to the American security authorities upon request. There is no effective legal protection against this for non-US citizens. Therefore, the European Court of Justice considers the U.S. Privacy Shield to be insufficient when it comes to protecting the rights of Internet users. The problem here is that it cannot be ruled out that authorities in the U.S., e.g., intelligence agencies, investigative authorities, etc., use your data stored on servers in the U.S. for surveillance, for example, and store the data or knowledge gained from it permanently. We have no influence on these processing operations and processes.

We have therefore taken further protective measures to ensure a level of data protection in accordance with European standards. We have directly asked providers from the USA whose services we use and who transfer personal user data how they will react to the ECJ ruling. We contacted the provider with the aim of reaching binding agreements on this matter immediately. In doing so, we are guided by the standard data protection clauses pursuant to Article 46 (2) c of the GDPR or use them by working towards ensuring that the companies concerned guarantee appropriate handling of personal user data via the EU standard contractual clause. This obliges data recipients in the USA to process the data in accordance with the level of protection in Europe. To the extent that agreements of this kind could not be concluded at the present time, we are continuing our efforts to obtain corresponding regulations and commitments from all data recipients in the USA. As long as the legal situation has not been conclusively clarified, we obtain consent for all applications on our website with data transfers to the USA using a consent tool.

For more information about the personal data we transfer to companies in the USA, please refer to the section “Data processing within the scope of this website”.

 

RECIPIENTS OR CATEGORIES OF RECIPIENTS

We sometimes use external service providers, such as IT and telecommunications companies or companies that support us in archiving and destroying documents, to implement and comply with our contractual and legal obligations. We do not pass on data to other recipients not listed in this data protection declaration.

 

NOTE ON PROFILING AND SCORING

We do not make automated decisions in individual cases, including profiling.

 

YOUR RIGHTS AS A DATA SUBJECT

Data protection law grants you a number of data subject rights of which we must inform you. Depending on the reason and type of processing of your personal data, you have the following rights:

  • Your right to information, Art. 15 EUDSGV.
    You have the right to find out from us whether and – if so – which of your personal data we process. You have the right to request copies of your personal data from us. This right always applies. There are some exceptions regarding the personal data to be communicated. This means that you will not always receive all the information we process.
  • Your right to rectification, Art. 16 EUDSGV.
    You have the right to request from us without undue delay the rectification of personal data concerning you that you consider to be inaccurate. You also have the right to request us to complete such personal data that you consider incomplete. This right always applies.
  • Your right to deletion, Art 17 EUDSGV.
    Under certain conditions, you have the right to request that we delete your personal data. You can read more about this here.
  • Your right to restriction of processing, Art 18 EUDSGV.
    Under certain conditions, you have the right to demand that we restrict the processing of your personal data.
  • Your right to data portability, Art. 20 EUDSGV.
    You only have this right with regard to personal data that you have provided to us yourself. You have the right to request that we transfer this personal data directly to another controller or organization. Alternatively, you have the right to request that we provide you with the data ourselves in a machine-readable format. However, this only applies if we process your personal data on the basis of your consent or on the basis of a contract or in the context of contract negotiations and the processing is carried out with the help of automated processes. You can find more information on the right to data portability here.
  • Your right to object to processing, Art 21 EUDSGV.
    If we process your personal data because the processing is part of our public tasks or if we process your data on the basis of a legitimate interest, you have the right to object to the processing.
    You are not required to pay a fee for exercising your rights. The assertion of your data subject rights is free of charge. If you exercise your data subject rights, we have one month to respond to you.

In order to be able to consider a data block at any time, it is necessary to keep the data in a blocking file for control purposes. If there is no legal archiving obligation, you can also request that the data be deleted. Otherwise, we will block the data if you so wish.

We would like to point out that in certain cases we may request additional information from you in order to establish your identity. For example, when exercising the right to information, we can ensure that information is not disclosed to unauthorized persons.

 

SUPERVISORY AUTHORITY

You also have the right to complain to the competent data protection supervisory authority about our processing of your personal data.

The contact details of the competent supervisory authority are:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Königstraße 10a
70173 Stuttgart

 

OUR DATA PROTECTION OFFICER

You have the possibility to contact our data protection officer:

 

Mr. Jörg Leuchtner (Lawyer)

Freiburger  Datenschutzgesellschaft mbH, Luisenstr. 5. 79098 Freiburg

E-Mail:             info@freiburger-datenschutzgesellschaft.de

Web:                www.freiburger-datenschutzgesellschaft.de

 

DATA MINIMIZATION AND STORAGE LIMITATION

In accordance with the principles of data minimization and storage limitation, we store personal data only for as long as is necessary or required by law (statutory storage period). If the purpose of the information collected no longer applies or the storage period ends, we block or delete the data.

 

CHANGES TO THE PRIVACY POLICY

Due to the constant development of new Internet technologies and changes in applicable data protection regulations, our data protection declaration is updated to the extent necessary. The data protection statement which is available at the time of the respective visit to the website of Ganter Construction Interiors GmbH shall always apply.

 

DATA PROCESSING WITHIN THE FRAMEWORK OF THIS WEBSITE:

As part of the information offered and the use of our website by our visitors, we make use of functions provided by external service providers. By doing so, we want to make your visit to our website as informative and convenient as possible. In addition, we have a vested interest in using features that allow you to engage, interact with us or other Internet users, and track and improve the functionality and effectiveness of our website. When selecting and using such services, we make a responsible choice and take into account data protection aspects. In particular, in order to ensure the processing of data in compliance with data protection law, we have concluded a contract on commissioned processing with the respective providers.

Data processing within the scope of the services listed below is based on our legitimate interests. Website operators regularly have a legitimate interest in particular in the following aspects: the greatest possible visibility in social media, analysis of user behavior, uniform and appealing presentation of content, error-free and secure provision of the web offer, ease of finding the locations we specify on the website, etc. If a corresponding consent was requested, the processing is based on this consent, which can be revoked at any time.

 

INTEGRATION OF THIRD PARTY SERVICES AND CONTENT

jQuery

We use the jQuery script library to process and display dynamic content. The provider is the OpenJS Foundation, Legal Department, 1 Letterman Drive, Bulding D, Suitde D4700, San Francisco, CA 94128. In order to ensure that the functions used are up to date, we reload the libraries every time our visitors visit our website. Among other things, their IP address and information about the website they visited are transmitted to the OpenJS Foundation. You can find more information about the processing of your data at:

https://openjsf.org/wp-content/uploads/sites/84/2019/11/OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf

 

Google Maps

We use the map service Google Maps on this website to make it possible to locate relevant places as part of our information offering. This function is offered by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google stores your IP address for this purpose and transfers data to Google servers in the USA. We have no influence on this data transmission and any further processing of the data. The legal basis for the data transfer to the USA is the standard contractual clauses of the EU Commission:

https://privacy.google.com/businesses/gdprcontrollerterms/

and

https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

Further information on data processing by Google can be found here:

https://policies.google.com/privacy?hl=de.

 

YouTube

This website embeds videos of YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. As soon as eyou start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control. YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.Further information about data protection at YouTube can be found in their privacy policy at:

https://policies.google.com/privacy?hl=de.