Data Protection Declaration

1. Data protection at a glance

General information

The following information will provide you with a simple overview of what will happen with your personal data when you visit this website. The term ‘personal data‘ means all data that can be used to personally identify you. For detailed information on the subject of data protection, please see the Data Protection Declaration published below.

Data recording on this website

Who is the party responsible for the recording of data on this website?

The data on this website is processed by the operator of the website, whose contact information is available under the ‘Information about the responsible party’ section in this Data Protection Declaration.

How do we record your data?

On the one hand, we collect your data as a result of your sharing data with us. This may, for instance, be information which you enter into a contact form.

Other data is collected by our IT systems automatically or after you consent to its collection during your visit to this website. This data is primarily technical information (e.g. web browser, operating system, time that the site was accessed). This information is recorded automatically when you access this website.

What do we use your data for?

Some of the information is collected in order to guarantee error-free provision of this website. Other data may be used to analyse your patterns of use of the site.

What rights do you have with respect to your data?

You have the right to receive information about the source and recipients of such of your data as has been stored and about the purposes of its storage at any time without having to pay a fee for such disclosures. You also have the right to demand that your data be amended or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future use of your data by us. You also have the right to demand that the processing of your personal data be restricted under certain circumstances. Furthermore, you have the right to make a complaint to the competent supervising agency. Please do not hesitate to contact us at any time if you have questions about this or any other issues related to data protection. 

2. Hosting

External hosting

This website is hosted by an external service provider (the host). Personal data collected on this website is

stored on the host’s servers. This may include, but is not limited to, IP addresses, contact requests, metadata and communications data, contract information, contact information, names, details of web page access, and other data generated through a web site.

The purpose of using a host is to fulfil contracts with our potential and existing customers (Article 6(1)(b) of the General Data Protection Regulation (GDPR)) and to facilitate secure, fast, and efficient provision of our online services by a professional provider (Article 6(1)(f) of the GDPR).

Our host will only process your data to the extent necessary to fulfil its performance obligations and to
follow our instructions with respect to such data.

We use the following host

IONOS SE
Elgendorfer Str. 57
56410 Montabaur
Germany

Data processing

We have concluded a data-processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data-protection laws; it ensures that the provider processes personal data of our website visitors only in accordance with our instructions and the GDPR.

3. General information and mandatory information

Data protection

The operators of this website and its pages take the protection of your personal data very seriously. We treat your personal data as confidential information and in accordance with the statutory data-protection regulations and this Data Protection Declaration.

Whenever you use this website, a variety of personal information is collected. Personal data is data that can be used to personally identify you. This Data Protection Declaration explains which data we collect and which purposes we use it for. It also explains how and for which purpose this is done.

We hereby advise you that the transmission of data via the Internet (e.g. during communication by email) may be liable to security vulnerabilities. It is not possible to completely protect data against third-party access.

Information regarding the responsible party (referred to as ‘the controller’ in the GDPR)

The data-processing controller on this website is:

TCHOBAN VOSS Architekten GmbH
Baeckerbreitergang 75
20355 Hamburg
Germany
Tel: +49 40 48 06 18 0
Email: hamburg@tchobanvoss.de 

The controller is the natural person or legal entity that single-handedly or jointly with others determines the purposes of and means used for processing personal data (e.g. names, email addresses, etc.).

Storage duration

Unless a more specific storage period has been specified in this Data Protection Declaration, your personal data will remain with us until the purpose for which it was collected no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons cease to apply.

Designation of a data-protection officer 

We have appointed a data-protection officer for our company.

Marko Diepold
adverit compliance GmbH & Co. KG
Kajen 10
20459 Hamburg
Germany
Tel: +49 40 27 14 49 40
Email: datenschutz@adverit.de
https://www.adverit.de/

Information on data transfer to the USA and other non-EU countries

Among other things, we use tools provided by companies domiciled in the United States and other non-EU countries that are not secure from the perspective of data protection. If these tools are active, your personal data may be transferred to these non-EU countries and may be processed there. We must point out that in these countries a level of data protection comparable to that in the EU cannot be guaranteed. For instance, US enterprises are obliged to release personal data to the security agencies without you as the affected person having legal recourse against this. It can therefore not be ruled out that US agencies (e.g. secret services) will process, analyse, and permanently store your personal data for surveillance purposes. We have no control over these processing activities.

Revocation of your consent to the processing of your data 

A wide range of data-processing operations are possible only with your express consent. You can revoke at any time a consent that you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Article 21 of the GDPR)

 IN THE EVENT THAT DATA IS PROCESSED ON THE BASIS OF ARTICLE 6(1)(E) OR (F) OF THE GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT, ON GROUNDS RELATING TO YOUR SPECIFIC SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. FOR THE LEGAL BASIS ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE SEE THIS DATA PROTECTION DECLARATION. IF YOU SUBMIT AN OBJECTION, WE SHALL NO LONGER PROCESS YOUR RESPECTIVE PERSONAL DATA UNLESS WE CAN PRESENT COMPELLING LEGITIMATE GROUNDS FOR DOING SO THAT OUTWEIGH YOUR INTERESTS, RIGHTS; AND FREEDOMS OR UNLESS THE PURPOSE OF THE PROCESSING IS THE ASSERTION, EXERCISING; OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ARTICLE 21(1) OF THE GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS IN CONNECTION WITH SUCH DIRECT ADVERTISING. IF YOU SUBMIT AN OBJECTION, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR PURPOSES OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ARTICLE 21(2) OF THE GDPR).

Right to submit a complaint to the competent supervisory agency

In the event of a violation of the GDPR, those affected are entitled to lodge a complaint with a supervisory agency, in particular in the member state which is their customary domicile or place of work or is the place where the alleged violation occurred. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to demand that we hand over to you or a third party in a commonly used, machine-readable format any data that we automatically process on the basis of your consent or in order to fulfil a contract. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or enquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption programme. You can recognize an encrypted connection by the fact that the address line of the browser switches from “http://” to “https://” and also by the lock symbol in the browser line. If the SSL or TLS encryption is activated, data that you transmit to us cannot be read by third parties.

Amendment and eradication of data

Within the scope of the applicable statutory provisions, you have the right at any time to demand information on your stored personal data, the source of this data, who has received it, and the purpose of the processing of your data. You may also have a right to have your data amended or eradicated. If you have questions on this or other aspects relating to your personal data, please do not hesitate to contact us at any time.

Right to demand restriction of processing

You have the right to demand the imposition of restrictions on the processing of your personal data. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:

·         In the event that you should dispute the correctness of your data that is stored by us, we shall usually need time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.

·         If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand restriction of the processing of your data instead of demanding its eradication.

·         If we no longer need your personal data and you need it to exercise, defend, or claim legal entitlements, you have the right to demand restriction of the processing of your personal data instead of its eradication.

·         If you have raised an objection pursuant to Article 21(1) of the GDPR, your and our interests will have to be weighed against each other. Until it has been determined whose interests prevail, you have the right to demand restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – with the exception of its storage – may be processed only subject to your consent or in order to claim, exercise, or defend legal entitlements, or to protect the rights of other natural persons or legal entities, or for an important reason of public interest of the European Union or a member state of the EU.

Objection to unsolicited emails

We herewith object to the use of contact information published as part of the mandatory information provided in our site notice for sending us promotional and information material that we have not expressly requested. The operators of this website and its pages expressly reserve the right to take legal action in the event of the unsolicited sending of promotional information, for instance via spam emails.

4. Recording of data on this website

Server log files

The provider of this website and its pages automatically collects and stores information in so-called ‘server log files’, which your browser communicates to us automatically. This information comprises:

·         The type and version of browser used
·         The operating system used
·         Referrer URL
·         The hostname of the accessing computer
·         The time of the server inquiry
·         The IP address

This data is not merged with other data sources.

This data is recorded on the basis of Article 6(1)(f) of the GDPR. The operator of the website has a legitimate interest in keeping the presentation and optimization of its website free of technical errors. In order to achieve this, server log files must be recorded.

Requests by email, telephone, or fax

If you contact us by email, telephone, or fax, your enquiry, including all resulting personal data (name, request), will be stored and processed by us for the purpose of processing your request. We do not pass this data on without your consent.

This data is processed on the basis of Article 6(1)(b) of the GDPR if your enquiry relates to the fulfilment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data is processed on the basis of our legitimate interest in the effective handling of enquiries submitted to us (Article 6(1)(f) of the GDPR) or on the basis of your consent (Article 6(1)(a) GDPR) if this has been obtained.

Data sent by you to us via contact requests remains with us until you request us to delete it, revoke your consent to storage, or the purpose of data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular, statutory retention periods - remain unaffected.

5. Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require from you an email address as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Other data is not collected or is collected only on a voluntary basis. For the handling of the newsletter we use newsletter providers, which are described below.

Mailjet

This website uses Mailjet for sending out newsletters. The provider is Mailgun Technologies Inc., 112 E Pecan Sr. #1135, San Antonio, Texas 78205, USA.

Mailjet is a service which, among other things, enables the dispatch and analysis of newsletters. Data entered by you for the purpose of receiving the newsletter will be stored on Mailjet’s servers.

Data analysis by Mailjet

With the aid of Mailjet we are able to analyse our newsletter campaigns. For example, we can see if a newsletter message has been opened and which links have been clicked. In this way we can determine which links have been clicked particularly often.

We can also see whether certain previously defined actions were performed after opening/clicking (conversion rate). For example, we can tell if you have made a purchase after clicking on the newsletter.

Mailjet also allows us to classify newsletter recipients into different categories (‘clusters’). For example, newsletter recipients can be subdivided according to age, gender, or place of residence. In this way, the newsletters can be better adapted to the respective target groups. If you do not want to be analysed by Mailjet, you should unsubscribe from the newsletter. For this purpose we provide a corresponding link in every newsletter message.

For detailed information on the functions of Mailjet, please refer to the following link:
https://www.mailjet.com/products/.

Mailjet’s privacy policy can be found at:
https://www.mailjet.com/legal/security-privacy/.

Legal basis

Data processing is based on your agreement (Article 6(1)(a) of the GDPR). You can revoke this agreement at any time. The legality of data-processing operations that have already taken place remains unaffected by the revocation.

Data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.mailjet.com/legal/dpa/.

Storage period

Data deposited with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and are deleted from the newsletter distribution list after unsubscribing from the newsletter. Data stored by us for other purposes will remain unaffected.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. Data from the blacklist is used only for this purpose and is not merged with other data. This serves both your and our interests in complying with the legal requirements for sending newsletters (legitimate interest in the sense of Article 6(1)(f) of the GDPR). Storage of this data in the blacklist is indefinite.

You may object to the storage if your interests outweigh our legitimate interest.

Data processing

We have concluded a data-processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data-protection laws that guarantees that the provider processes personal data of visitors  to our website based only on our instructions and in compliance with the GDPR.

6. Online-based audio and video conferences (conferencing tools)

Data processing

We use online conferencing tools, among other things, for communication with our customers. The tools we use are listed in detail below. If you communicate with us by video or audio conference using the Internet, your personal data will be collected and processed by the provider of the respective conferencing tool and by us.

The conferencing tools collect all information that you provide/access to use the tools (email address and/or your phone number). Furthermore, the conferencing tools process the duration of the conference, start and end times of participation in the conference, the number of participants, and other ‘contextual information’ related to the communication process (metadata).

Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and type of connection.

Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the tool provider’s servers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have complete influence on the data-processing procedures of the tools used. Our capabilities are largely determined by the corporate policy of the respective provider. Further information on data processing by conference tools can be found in the data-protection declarations of the tools used, which we have listed below this text.

Purpose and legal bases

The conferencing tools are used in order to communicate with prospective or existing contractual partners or to offer certain services to our customers (Article 6(1)(b) of the GDPR). The use of the tools also serves to generally simplify and accelerate communication with us or our company (legitimate interest in the sense of Article 6(1)(f) on the GDPR). Insofar as consent has been requested, the tools in question are used on the basis of this consent; consent may be revoked at any time with effect from that date.

Duration of storage

Data collected by us directly through the video and conferencing tools will be deleted from our systems immediately after you request us to delete it or revoke your consent to its storage or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the duration of storage of your data by the operators of the conferencing tools for their own purposes. For details, please contact the operators of the conferencing tools directly.

Conferencing tools used

We employ the following conferencing tools:

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For details on data processing please refer to the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

Data processing

We have concluded a data-processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data-protection laws that guarantees that the provider processes our website visitors’ personal data only in compliance with our instructions and the GDPR.

7. Custom services

Job applications

We offer website visitors the opportunity to submit job applications to us (e.g. by email, by post, or by submitting an online job application form). Below we give you details of the scope, purpose, and use of the personal data collected from you during the application process. We assure you that collection, processing, and use of your data will comply with applicable data-protection rights and all other statutory provisions and that your data will always be treated as strictly confidential.

Scope and purpose of the collection of data

If you submit a job application to us, we will process any related personal data (e.g. contact details and communications data, application documents, notes taken during job interviews, etc.), if this is required in order to make a decision concerning the establishment of an employment relationship. The legal grounds for this are Article 26 of the GDPR (Negotiation of an Employment Relationship), Article 6(1)(b) of the GDPR (General Contract Negotiations) and – provided you have given us your consent – Article 6(1)(a) of the GDPR. You may revoke any consent given at any time. Within our company your personal data will only be shared with individuals who are involved in the processing of your job application.

If your job application is successful, the data you have submitted will be stored in our data-processing system on the basis of Article 26 of the GDPR and Art. 6(1)(b) of the GDPR for the purpose of implementing the employment relationship.

Data-storage period

If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Article 6(1)(f) of the GDPR) for up to 6 months from the end of the application procedure (rejection or withdrawal of the application). Subsequently the data will be deleted, and the physical application documents will be destroyed. Storage is in particular for the purpose of supplying evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose of further storage no longer applies.

Longer storage may also take place if you have given your agreement (Article 6(1)(a) of the GDPR) or if statutory data-retention requirements preclude deletion.

Admission to the pool of applicants

If we do not make you a job offer, you may be able to join our pool of applicants. In case of admission to the pool, all documents and information from the application will be transferred to the pool of applicants to enable us to contact you in case of suitable vacancies.

Admission to the pool of applicants is based exclusively on your express agreement (Article 6(1)(a) of the GDPR). The submission agreement is voluntary and has no relation to the ongoing application procedure. The person concerned can revoke his or her agreement at any time. In this case the data will be irrevocably deleted from the pool of applicants, provided there are no legal reasons for storing it.

Data from the pool of applicants will be irrevocably deleted no later than two years after consent has been granted.