Björn Glass / Glass GmbH Bauunternehmung
Managing Directors/ Owners: Dieter Glass, Björn Glass
Link to the Impressum – Legal Notice: http://www.glass-bau.de/de/fg-impressum.html
Data Protection Commissioner
Sebastian Meier / Glass GmbH Bauunternehmung
Tel.: +49 (0) 8261 / 992 - 244
Fax.: +49 (0) 8261 / 992 - 102
Type of Data Processed
Categories of Persons Affected
Visitors and users of the online offering (hereinafter the persons affected are referred to as “users”)
Purpose of Processing
“Personal data” are any information referring to an identified or identifiable natural person (hereinafter referred to as “person affected”). A natural person is considered to be identifiable if he/she can be identified directly or indirectly particularly by means of an identifier as for example a name, an identification number, location data, an online identification (e.g. cookie) or by means of one or more specific attributes, which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
“Processing” refers to any kind of procedure carried out with or without the help of automated procedures or any set of operations connected to personal data. The term is far reaching and comprises practically all and any kind of handling of data.
“Pseudonymisation“ refers to the processing of personal data in a way that this personal data cannot be assigned to a specific affected person without using additional information, provided that this additional information is stored separately and subject to technical and organisational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.
“Profiling” is any kind of automated processing of personal data which consists of those personal data being used to evaluate certain personal aspects referring to the natural person, in particular, in order to analyse or predict aspects regarding the work performance, the economic situation, health, personal preferences, interests, reliability, behaviour, the whereabouts or a change of location of that natural person.
“Person responsible“ refers to the natural or legal person, authority, organisation or any other body which decides alone or together with others on the purposes and means of processing of personal data.
“Data processor” refers to a natural or legal person, authority, organisation or any other body that processes personal data on behalf of the person responsible.
Relevant Legal Bases
In accordance with article 32 DSGVO we take appropriate technical and organisational measures in order to ensure a level of protection appropriate to the risk with regard to the state of the art, implementation costs and how the data are processed, to what extent and for which purpose as well as the various probabilities of occurrence and the seriousness of the risk for the rights and freedoms of natural persons.
Those measures particularly include safeguarding the confidentiality, integrity and availability of data by means of controlling physiological access to the data as well as safeguarding the access of the data, the entry, the transfer, the security of availability and its separation. We have furthermore put in place procedures which ensure the exercise of rights of the persons affected, the deletion of data and the reaction to threats to the data. In addition to that, we already take the protection of personal data into consideration when developing or rather choosing hardware, software and procedures according to the principle of data protection by means of technological design and by means of data protection friendly presettings (article 25 DSGVO).
Collaboration with Processors and Third Parties
Provided, that we disclose the data towards other persons or companies (processors or third parties), pass them on or grant any other kind of access to it in relation to the processing, we solely disclose the data, pass it on or grant access to it based on a legal permission (e.g. if passing the data on to third parties as for example payment service providers according to section 6 subsection 1 letter b DSGVO is necessary for fulfilling the contract), your consent, a legal obligation providing the required basis or based on our legitimate interests (e.g. when making use of representatives, web hosts, etc.).
Provided, that we assign the processing of data to third parties based on a so called “data processing agreement”, this agreement shall be based on article 28 DSGVO.
Transfer to Third Countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if that occurs within the framework of using services provided by third parties or disclosure or rather transfer of data to third parties, the processing shall only occur for the purpose of fulfilling our pre-contractual and contractual obligations, based on your consent, a legal obligation or our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special prerequisites of articles 44 ff. DSGVO are given. That means that the data are only processed, for example, based on special guarantees such as the officially recognised assessment of a level of data protection according to the EU (e.g. for the USA by means of the “privacy shield”) or the observance of officially recognised special contractual obligations (so called “standard contractual clauses”).
Rights of Persons Affected
You have the right to demand a confirmation on whether the data in question are being processed as well as the right to demand information regarding that data and further information as well as a copy of that data according to article 15 DSGVO.
According to article 16 DSGVO you have the right to demand the completion of your data or the rectification of incorrect data concerning you.
In accordance with article 17 DSGVO you have the right to demand the data in question to be deleted immediately or rather alternatively, according to article 18 DSGVO, to demand a restriction of the processing of the data.
You have the right to demand that you receive your data, which you have provided us with, according to article 20 DSGVO and to demand their transfer to other persons responsible.
Furthermore, pursuant to article 77 DSGVO you have the right to file a complaint with the responsible supervisory authority.
Right of Revocation
You have the right to revoke any consent you have already given according to article 7 subsection 3 DSGVO with future effect.
Right of Objection
You can at any time object to the future processing of your data pursuant to article 21 DSGVO. You can particularly object against the processing of your data for the purpose of direct advertising.
Cookies and Right of Objection in Case of Direct Advertising
Small files, which are stored on the computers of the users are called “cookies”. Various data can be stored within these cookies. A cookie primarily serves the purpose of storing data regarding a user (or regarding the device on which the cookie is stored) during or also after his/her visit within an online offering. Cookies which are deleted after the user leaves the online offering and closes his/her browser are called temporary cookies or “session-cookies” or “transient cookies”. For example, the content of a shopping cart in an online shop or a login status can be stored in such a cookie. Cookies which remain stored also after closing the browser are called “permanent” or “persistent”. That way, for example, the login status can be saved if the user revisits the website after several says. The user´s interests, which are used for audience measurement or marketing purposes, can also be stored in such a cookie. Cookies which are offered by providers other than the person responsible who operates the online offering are called “third party cookie” (otherwise, if it is only a cookie from the person responsible, they are called “first party cookies”).
Should the users not agree with cookies being stored on their computer they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offering.
A general objection against the usage of cookies for the purposes of online marketing can be declared at numerous services, in case of tracking in particular on the American website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storing of cookies can be deactivated by means of deactivation in the settings of the browser. Please note, that you may not be able to use all functions of this online offering in that case.
Pursuant to legal requirements in Germany, the data are stored for 10 years according to sections 147 subsection 1 of the German Fiscal Code, 257 subsection 1 number 1 and 4, subsection 4 of the German Commercial Code (books, records, status reports, receipts, accounting books, documents relevant for taxations, etc.) and 6 years according to section 257 subsection 1 number 2 and 3, subsection 4 of the German Commercial Code (commercial letters).
According to legal requirements in Austria the data are stored for 7 years pursuant to section 132 subsection 1 of the Austrian Federal Fiscal Code (accounting documents, receipts/invoices, accounts, receipts, business documents, accounts of all revenue and expenditure, etc.) and for 22 years in case of data connected to properties and for 10 years in case of documents related to services provided electronically, telecommunication, broadcast and television services which were provided for nonentrepreneurs in EU member countries and for which the Mini-One-Stop-Shop (MOSS) was used.
Hosting and Sending E-Mails
The hosting services we make use of, serve the purpose of providing the following services: infrastructural and platform services, computing capacity, memory space and database services, sending e-mails, security services as well as technical maintenance services which we use for the purpose of running our online offering.
While doing so, we, or rather our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communications data of customers, interested parties and visitors of our online offering based on our legitimate interests in making this online offering efficiently and securely available according to article 6 subsection 1 letter f DSGVO in in connection with article 28 DSGVO (conclusion of a contract on the processing of the order).
Online Presence in Social Media
We maintain online presence within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and in that way, inform them about our services.
Please note that due to that users´ data can be processed outside the European Union. As a result, risks for the users could arise as due to that, the enforcement of the users´ rights, for example, could be more difficult. We would like to point out that US providers certified under the privacy shield are obliged to maintain the EU data protection standards.
Furthermore, as a rule the user´s data are used for the purposes of market research and advertising. That way, usage profiles can be created, for example, based on the users´ behaviours and the users´ interests concluded therefrom. Those usage profiles can, for example, again be used in order to place advertisements within and outside of the platform, according to the presumed interests of the users. For this purposes, cookies are, as a rule, stored on the users´ computers in which in turn the usage behaviour and the interests of the users are stored. In addition to that, data can be stored within the usage profiles data independent of the devices used by the user (in particular, if the users are members of the respective platforms and logged in on those).
The personal data of the users are processed based on our legitimate interests in effectively informing the users and communicating with them according to article 6 subsection 1 letter f. DSGVO. Should the users be asked for consent to the processing of his/her data by the respective providers (that means their consent for example by means of ticking the checkbox or confirmation by clicking on a box) article 6 subsection 1 letter. a., article 7 DSGVO is the basis of that processing.
For a detailed description of the respective processing and the possibilities to object (opt out) please refer to the following information provided by the providers.
In case of requests for information and assertion of claims with regard to user rights we would also like to point out, that this can be done most effectively with the providers. Only the providers have access to the users´ data and can directly take corresponding measures and give information. Should you need help anyway, feel free to contact us.
Inclusion of Services and Contents Offered by Third Parties
Based on our legitimate interests (i.e. interests in the analysis, optimization and the economic operation of our online offering according to article 6 subsection 1 letter f DSGVO), we make use of contents or services offered by third-party providers within our online offering in order to include their contents and services as for example videos or fonts (hereinafter unitarily referred to as “contents”).
This always requires that the third-party providers of these contents use the users´ IP addresses, as without the IP address they would not be able to send the contents to their browser. The IP address is thus necessary for displaying these contents. We endeavour to only use content where the IP addresses are solely used by the providers for delivering the content. Third-party providers can furthermore use so called pixel tags (invisible graphics also referred to as “web beacons”) for statistical or marketing purposes. By means of the “pixel tags” information, for example, the visitor traffic on the pages of that website can be evaluated. That pseudonymous information can furthermore be saved on the user´s device in cookies and contain among other, technical information regarding the browser and the operating system, referring webpages, time of visit as well as other information regarding the usage of our online offering. It can also be connected with information of that kind from other sources.
Using Facebook Social Plugins
Based on our legitimate interests (i.e. interests in analysing, optimizing and the economic operation of our online offering according to article 6 subsection 1 letter f DSGVO) we use social plugins (“plug-ins”) of the social network facebook.com which is operated by the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
That can comprise, for example, contents such as pictures, videos or texts and buttons by means of which the user can share contents of that online offering within Facebook. The list and how the Facebook social plug-in looks like, can be seen here:
Facebook is certified under the Privacy Shield Agreement and thus guarantees to observe the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If a user uses a function of this online offering which contains such a plug-in, his/her device directly connects to the Facebook servers. The content of the plug-in is transferred by Facebook directly to the user´s device and included by him/her into the online offering. Thereby usage profiles of the users can be created from the processed data. Thus, we have no influence on the extent of data which Facebook collects by means of that plug-in and thus we inform the user according to our best knowledge.
By including the plug-in, Facebook receives the information that a user visited the corresponding page of the online offering. Is the user logged in on Facebook, Facebook can allocate the visit to his/her Facebook account. If users interact with the plug-ins, for example if they click the like button or leave a comment, the corresponding information is transferred directly from the device to Facebook and stored there. Should a user not be a member of Facebook, the possibility exists anyway that Facebook finds out his/her IP address and saves it. According to Facebook in Germany only an anonymised IP address is saved.
The purpose and the extent of the processing of the data as well as the further processing and usage of the data by Facebook as well as rights regrading that and settings possibilities for the protection of the user privacy can be read in the Facebook´s data protection notice: https://www.facebook.com/about/privacy/.
If a user is a member of Facebook and does not want Facebook to collect information on him/her through that online offering and connect it to his/her membership data saved on Facebook, he/she has to log out from the use of our online offering at Facebook and delete his/her cookies. Further settings and objections regarding the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or through the American page http://www.aboutads.info/choices/ or the European page http://www.youronlinechoices.com/. The settings are independent of the platform, i.e. they are applied for all devices as for example desktop computer or mobile devices.
This site uses the “Google Maps” service offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data used can comprise the users´ IP addresses and location data which cannot be collected without their consent (as a rule this consent is given in the settings of your mobile device). The data may be processed in the USA.