Data protection declaration according to the DS-GVO
1. Responsible body
The SMB Construction International GmbH, Max-Bögl-Straße 1, 92369 Sengenthal, Germany, as the operator of this website (https://www.smb-ci.com) is the responsible body (responsible) within the meaning of the European Data Protection Basic Regulation (DS-GVO), which alone or jointly with others decides on the purposes and means of the processing of personal data (hereinafter "data").
2. Processing of personal data
Personal data is, according to the DS-GVO, all information relating to an identified or identifiable natural person (data subject). A natural person is identifiable if he or she can be identified directly or indirectly, in particular by means of assignment to an identifier (such as name, address, telephone number, e-mail address, IP address, location data or special characteristics such as the genetic, economic and social identity of this natural person). Processing means any operation carried out with or without the aid of automated processes or any set of operations relating to data. This includes, in particular, collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, comparison, linkage, limitation, erasure or destruction. You do not need to provide any information in order to use our website. In certain cases, however, we may need your name and address and other information so that we can provide the services you have requested. The same applies, for example, to the sending of information material and goods ordered or to the answering of individual questions. Where this is necessary, we will inform you accordingly. In addition, we only process data that you voluntarily provide to us and, if applicable, data that we automatically collect when you visit our website (e.g. IP address and the names of the pages called up by you, the browser you use and your operating system, date and time of access, search engines used, names of downloaded files). If you make use of services, as a rule only such data are collected that we need to provide the services. As far as we ask you for further data, it is voluntary information. The processing of data takes place exclusively to fulfil the requested service and to protect our own legitimate business interests.
3. Protection of your personal data
4. Purpose of the processing of personal data
We process the data provided by you in accordance with the principles of data economy and purpose limitation. The principle of purpose limitation means that data is collected for specified, clear and legitimate purposes and may be further processed in a manner incompatible with these purposes. Further processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes shall not be deemed incompatible with the original purposes. In principle, we process your data for the purpose of answering your enquiries, processing your orders or providing you with access to certain information or offers. In order to maintain customer relations, it may also be necessary for us or a service company commissioned by us to use this data to inform you about product offers or to carry out online surveys in order to better meet the tasks and requirements of our customers. We will process the data you provide online only for the purposes disclosed to you. Your data will not be passed on to third parties without your express consent. Data will only be collected and transmitted to government institutions and authorities entitled to receive information within the framework of the relevant laws or if we are obliged to do so by a court decision. Of course, we will respect your wishes if you do not want us to use your data to support our customer relationship (in particular for direct marketing or market research purposes). We will not sell or otherwise market your data to third parties unless you have given us permission to do so.
5. Data that is collected automatically when you visit our website
When using our website, the following data may be processed for organisational and technical reasons: the names of the pages called up by you, the browser used by you and your operating system, date and time of access, search engines used, names of downloaded files and your IP address.
When you visit one of our websites, we may store information on your computer in the form of a (session) cookie. Cookies are small text files that are sent from a web server to your browser and stored on your computer's hard drive. Apart from the Internet protocol address, no personal data of the user is stored. This information is used to automatically recognise you when you next visit our website and to facilitate navigation for you. Cookies allow us, for example, to adapt a website to your interests or to save your password so that you do not have to re-enter it each time. Of course, you can also view our websites without cookies. If you do not want us to recognize your computer, you can prevent cookies from being saved on your hard drive by selecting "Do not accept cookies" in your browser settings. Please refer to your browser manufacturer's instructions to find out how this works in detail. If you do not accept cookies, however, this may lead to functional limitations of our offers.
7. WEB ANALYSIS BY MATOMO (FORMERLY PIWIK)
Scope of processing of personal data
We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software sets a cookie on the user's computer (for cookies see above). If individual pages of our website are called up, the following data is stored:
- Two bytes of the IP address of the user's calling system
- The accessed website
- The website from which the user accessed the accessed website (referrer)
- The subpages that are called from the called web page
- The time spent on the website
- The frequency of visiting the website
The software runs exclusively on the servers of our website. A storage of the personal data of the users takes place only there. The data will not be passed on to third parties. The software is set so that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.
Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f DS-GVO.
Purpose of the data processing
The processing of the personal data of users enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also include our legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f DS-GVO. By making the IP address anonymous, the interest of the users in their protection of personal data is sufficiently taken into account.
Duration of storage
The data is deleted as soon as it is no longer required for our recording purposes. In our case this is the case after 180 days.
objection and elimination possibility
We offer our users on our website the possibility of an opt-out from the analysis procedure. To do this you must follow the corresponding link. In this way another cookie is set on your system, which signals our system not to store the user's data. If the user deletes the corresponding cookie from his own system in the meantime, he must set the opt-out cookie again.
For more information about the privacy settings of the Matomo software, please click on the following link: https://matomo.org/docs/privacy/.
8. Social media
In addition to our website, we also use the presence of the following social media providers:
- facebook.com operated by the company Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2 in Ireland.
- instagram.com operated by the company Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2 in Ireland.
- twitter.com, operated by Twitter Inc, 1355 Market Street, San Francisco, CA 94103 in the USA.
- xing.de, which are operated by the company XING SE, Dammtorstraße 30, 20354 Hamburg, in Germany.
- linkedin.com operated in Ireland by the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2.
- youtube.com, which are operated by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066 in the USA.
We point out to users of our website that your data may be transmitted to Facebook, Instagram, Twitter, XING, LinkedIn or YouTube if you visit our Facebook, Instagram, Twitter, XING, LinkedIn or YouTube presence. It is possible that in addition to processing the data you enter into the social network, other data may also be processed by the social network provider. It is beyond our control to influence the content of the transmitted data. However, we would like to inform you which data is transmitted to Facebook, Instagram, Twitter and others according to our current state of knowledge. If you use these presences, information that you have accessed certain pages of our website will be forwarded to the Facebook, Instagram, Twitter, XING, LinkedIn or YouTube servers. For users logged in at the same time, e.g. from Facebook, Instagram, Twitter, XING, LinkedIn or YouTube and others, this means that the usage data is assigned to your respective personal account. Even if you are not a member of the aforementioned social networks, it is still possible for Facebook, Instagram, Twitter, XING, LinkedIn or YouTube to determine and store your IP address. To find out the purpose and scope of the collection, processing and use of your data, as well as your rights and settings to protect your privacy, please visit the following websites with the data protection information of the social network providers at:
- Facebook: http://facebook.com/policy.php
- Instagram: http://instagram.com/about/legal/privacy/
- Twitter: https://twitter.com/de/privacy
- XING: https://privacy.xing.com/
- LinkedIN: https://www.linkedin.com/legal/privacy-policy
- YouTube: https://policies.google.com/privacy
If you do not agree to Facebook, Instagram, Twitter, XING, LinkedIn or YouTube collecting data about you via our website, please log out of Facebook, Instagram, Twitter, XING, LinkedIn or YouTube before visiting our website. For further options, please refer to the data protection information of the respective medium.
Data processing on our Facebook fanpage
When you visit our Facebook page, through which we present our company and communicate with our customers and prospects, certain information about you is processed. Facebook Ireland Ltd (Ireland/EU) is solely responsible for this processing of personal data. Further information about the processing of personal data by Facebook can be found here.
1. processing of page insights
Facebook provides us with anonymous statistics and insights for our Facebook page, which we use to gain insight into the types of actions people take on our page (so-called "Page Insights"). These Site Insights are created based on certain information about individuals who have visited our Site. This processing of personal data is done by Facebook and us as the joint responsible party. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on this knowledge. The legal basis for this processing is Art. 6 Para. 1 Letter f) DS-GVO. Under no circumstances will we assign the information obtained via the page insights to a specific Facebook profile via the reference to "Like" information for our page.
We have reached an agreement with Facebook on the processing as jointly responsible party, in which the distribution of the data protection obligations between us and Facebook is specified. Details on the processing of personal data for the creation of page insights and the agreement concluded between us and Facebook can be found here.
2. processing of data communicated to us via our site
We also process information that you have provided to us through our Facebook page. Such information may include your Facebook name, contact information or a message to us. We only process this personal data if we have expressly requested you to provide us with it beforehand, for example as part of a survey or a competition. This processing is carried out by us as the sole responsible party.
If your request is directed to the conclusion or execution of a contract with us, Art. 6 Para. 1 Letter b) DS-GVO is the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for the data processing is then Art. 6 Para. 1 Letter f) DS-GVO.
9. Use of Google Maps
10. Use of reCaptcha
11. Online meetings, conference calls and webinars via "Zoom" by the Max Bögl Group
We would like to inform you in the following about the processing of personal data in connection with the use of "Zoom".
Purpose of processing
We use the "Zoom" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings"). "Zoom" is a service of Zoom Video Communications, Inc. which is based in the USA.
The person responsible for data processing directly related to the holding of "online meetings" is Max Bögl Bauservice GmbH & Co. KG.
Note: If you access the "Zoom" website, the provider of "Zoom" is responsible for data processing. However, it is only necessary to call up the website in order to download the software for the use of "Zoom".
You can also use "Zoom" if you enter the respective meeting ID and, if necessary, other access data for the meeting directly in the "Zoom" app.
If you do not want to or cannot use the "Zoom" app, the basic functions can also be used via a browser version, which you can also find on the "Zoom" website.
Which data is processed?
Various types of data are processed when using "Zoom". The scope of the data also depends on the information you provide before or during participation in an "online meeting".
The following personal data are processed:
User details: first name, last name, telephone (optional), e-mail address, password (if "Single-Sign-On" is not used), profile picture (optional),
Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat
When dialling in by telephone: information on incoming and outgoing telephone number, country name, start and end time. If necessary, further connection data, such as the IP address of the device, can be saved.
Text, audio and video data: You may be able to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display and, if necessary, log them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone as well as from a possible video camera of your end device will be processed during the meeting. You can switch off or mute the camera or microphone yourself at any time using the "Zoom" applications.
In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.
Scope of processing
We use "zoom" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed in the "Zoom" app.
If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case.
In the case of webinars, we can also process the questions asked by webinar participants for the purposes of recording and follow-up of webinars.
If you are registered as a user at "Zoom", reports on "online meetings" (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at "Zoom".
Automated decision-making within the meaning of Art. 22 DS-GVO is not used.
Legal basis of the data processing
Insofar as personal data is processed by employees of the Max Bögl Group, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "Zoom", personal data are not required for the establishment, execution or termination of the employment relationship, but are nevertheless an elementary component in the use of "Zoom", Art. 6 Paragraph 1 letter f) DS-GVO is the legal basis for data processing. In these cases, we are interested in the effective conduct of "online meetings".
Furthermore, the legal basis for data processing when "online meetings" are held is Art. 6 para. 1 lit. b) DS-GVO, insofar as the meetings are held within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) DS-GVO. Here too, we are interested in the effective implementation of "online meetings".
Recipient / passing on of data
Personal data processed in connection with participation in "online meetings" are generally not passed on to third parties, unless they are specifically intended to be passed on. Please note that content from "online meetings" as well as personal meetings often serves the purpose of communicating information to customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider of "Zoom" necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in our contract processing agreement with "Zoom".
Data processing outside the European Union
"Zoom" is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order processing contract with the provider of "Zoom" which meets the requirements of Art. 28 DS-GVO.
An adequate level of data protection for the transfer to a third country was guaranteed by the data importer in accordance with Art. 46(2)(c) DPA (so-called EU standard contractual clauses).
12. Children and adolescents
Our website is aimed exclusively at potential applicants, customers, business partners and press representatives. Persons under the age of 16 should not transmit any data to us without the consent of their parents or legal guardians. We do not request data from children and adolescents under the age of sixteen. We do not collect them and do not pass them on to third parties.
We have taken technical and organizational security measures in accordance with the legal requirements to protect your data from loss, destruction, manipulation and unauthorized access. All our employees and all persons involved in data processing are obliged to comply with the Basic Data Protection Ordinance, the Federal Data Protection Act in its current version and other laws relevant to data protection as well as the confidential handling of data. Furthermore, we conclude the corresponding agreements on order processing with the external service providers working on behalf. Our security measures are regularly reviewed and continuously revised in line with technological developments.
We reserve the right to change our security and data protection measures as far as this becomes necessary due to technical development. In these cases we will also adapt our data protection information accordingly. Therefore, please note the current version of our data protection declaration.
If we need your consent to the processing of your data, we will obtain it from you and use your data for the purposes stated in connection with the consent. Your consent will be digitally recorded. You can revoke your consent at any time with effect for the future. Please write to the data protection officer or send an e-mail to firstname.lastname@example.org.
16. Contact form and e-mail contact
1. description and scope of the data processing
A contact form is available on our website, which can be used for electronic contacting. If a user makes use of this possibility, the data entered in the input mask will be transmitted to us and stored. These data are:
- (1) The IP address of the user
- (2) First name
- (3) Last name
- (4) E-mail address
- (5) Company (if specified)
- (6) Street
- (7) PLZ
- (8) Location
- (9) Phone No. (if specified)
- (10) Selected application area
- (11) Message
For the processing of the data your consent is obtained in the context of the sending procedure and referred to this data security explanation. Alternatively, you can contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation.
2. legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 lit. a DS-GVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of an e-mail is Art. 6 para. 1 lit. f DS-GVO. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DS-GVO.
3. Purpose of data processing
The processing of the personal data from the input mask serves us exclusively for the processing of the establishment of contact. If you contact us by e-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data are deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. possibility of opposition and removal
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. The following is a description of how the revocation of consent and the objection to storage is made possible. In this case, all personal data stored in the course of contacting us will be deleted.
17. Online Application Portal
We operate an online application portal in which we collect and process the personal data of applicants. Detailed information can be found in the applicant portal, or in the:
18. Affected rights
If we process your data, you have extensive rights as a data subject, which are listed in detail below:
a) Right to information
You can obtain information about your data processed by us at any time in accordance with Art. 15 DS-GVO. In particular, you can request information about the purposes of the processing, the categories of data processed, the categories of possible recipients and the planned storage period. Please address your request for information to the data protection officer or send an e-mail to email@example.com.
b) Right to rectification
You are entitled to demand a correction or completion of your data stored by us in the event of incorrectness of the data according to Art. 16 DS-GVO. You can exercise your right under the contact details listed above.
c) Deletion right
You can request the deletion of the data according to Art. 17 DS-GVO if the storage of the data is no longer necessary and there is no other legal basis for the processing. You can also request deletion if you have objected to the processing and there are no overriding legitimate reasons for further processing of your data and if your data have been processed unlawfully or if there is a legal obligation to delete under EU or national law. You can exercise your right under the contact details above.
d) Right of restriction
In addition, according to Art. 18 DS-GVO, you have the right to limit the processing if you dispute the accuracy of the data for a period of time which enables the data controller to verify the accuracy of the data; if the processing is unlawful but you refuse to delete the data; if the purpose of the processing is no longer valid but the data is necessary for the assertion of your legal claims or if you have objected according to Art. 21 DS-GVO and it is not yet clear whether the justified reasons of the data controller outweigh your interests. You can assert your right under the contact details listed above.
e) Right to data portability
You have the right under Art. 20 DS-GVO to receive the data concerning you in a common, structured and machine-readable format (data transferability). In addition, under certain conditions you can obtain that your data be transmitted directly by a person responsible, as far as this is technically possible. You can exercise your right under the contact details listed above.
19. Right to object
You have the right to object to the use of your data for the above-mentioned purposes at any time (Art. 21 DS-GVO). This is possible if the objection is directed against direct advertising or if there are reasons for it which result from your particular situation. In the case of an objection against direct advertising, you have a general right of objection, which is implemented by us without stating a particular situation. To exercise your right of objection, please write to the data protection officer or send an e-mail to firstname.lastname@example.org.
20. Questions, suggestions, complaints to the internal data protection officer
If you have any questions about our information on data protection or the processing of your personal data, you can contact our data protection officer directly:
SMB Construction International GmbH
P.O. Box 1120
He is also available to you as your contact person in the event of requests for information, suggestions or complaints.
21. Right of appeal to the supervisory authority
We would also like to draw your attention to the fact that, without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State in which you are staying, at your place of work or at the place where the alleged infringement is suspected, if you consider that the processing of the data concerning you is contrary to the Basic Data Protection Regulation. A list of the supervisory authorities (for the non-public sector) and their addresses can be found below: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html