We hereby inform you about the processing of your personal data by ITB Ingenieurgesellschaft für technische Berechnungen mbH and the rights you have under data protection law.
1. Name and contact data of the Controller
The Controller for data processing is:
ITB Ingenieurgesellschaft für technische Berechnungen mbH
Telephone: +49 (0) 231 / 94 53 65-0
Fax: +49 (0) 231 / 94 53 65-11
represented by: Dr.-Ing. Frank Brehmer
2. Scope and purpose of the processing of personal data
Accessing the website
When this website itb-fem.de is accessed, the browser used by the visitor automatically sends data to the server of this website and saves it temporarily in a log file. Until automatic erasure, the following data will be stored without further input by the visitor:
We process your personal data in compliance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG-neu) and all other relevant laws, but only to the extent necessary to make available the information on this website and our services on this website. When the website is used for information purposes only, we do not collect any personal data, with the exception of the data transmitted by your browser in order to enable you to visit the website.
These are as follows:
- IP address of the terminal device of the visitor,
- Date and time of access by the visitor,
- Name and URL of the page opened by the visitor,
- Website from which the visitor accesses the company website (“referrer URL”),
- Browser and operating system of the terminal device of the visitor and the name of the access provider used by the visitor.
The processing of this personal data is legitimate in accordance with Art. 6 Para. 1 sentence 1 letter f) GDPR. We have a legitimate interest in the data processing for purposes of:
- establishing a fast connection to our website,
- allowing user-friendly application of the website,
- detecting and safeguarding the security and stability of the systems,
- facilitating and improving the administration of the website.
The processing explicitly does not pursue the purpose of obtaining information about the identity of the visitor to the website.
HTTPS / SSL / TLS
We use the internet communication protocol HTTPS (HyperText Transfer Protocol Secure), which protects the integrity and confidentiality of data traffic between the user’s PC and our website. Data sent via HTTPS is protected by Transport Layer Security protocol (TLS) with the aim of ensuring encryption, data integrity and authentication.
3. Data processing when using contact options (email, post, fax, telephone) and when submitting an application
You have various options for contacting us: by email, telephone or fax. Here we process personal data that you voluntarily provide us with for purposes of fulfilling your request or in the course of working together. These personal data could include:
Address data (company, surname, first names, street, post code, town), communication data (telephone and mobile number, fax, email address), and possible other key data (title, academic degree, professional designation).
The processing of personal data transmitted to us in the course of this contact is based on Art. 6 Para. 1 letter a) GDPR (consent) and letter b) (pre-contractual or contractual measures), or in the case of applications under Art. 88 GDPR.
Your personal data will be deleted after the respective processing purpose has been achieved, taking into account statutory archiving periods.
3.2 Contact form
Visitors can send messages to our company via an online contact form on the website. In order to receive a reply, at least one contact person (your name) and a valid email address are required. All other data can be provided voluntarily by the person making the inquiry. By sending the message via the contact form, the visitor consents to the processing of the personal data transmitted. Data is processed exclusively for the purpose of processing and answering inquiries via the contact form. This is done on the basis of consent provided voluntarily under Art. 6 Para. 1 sentence 1 letter a) GDPR. The personal data collected for the use of the contact form are deleted automatically as soon as the request is completed and there are no reasons for further archiving (e.g. subsequent award of a contract to our company).
You can send your application either by post or via email as PDFs, with the usual application documents such as CV and certificates. Please note that we explicitly accept only applications in PDF format. The documents will be kept until a decision has been made to fill the vacancy; for potential future consideration of your application, we will ask your consent, which you can revoke at any time.
In the application process, we will process the personal data you have voluntarily provided us with under Art. 6 Para. 1 sentence 1 letter a) GDPR and Art. 88 Para. 1 GDPR, in conjunction with Art. 26 BDSG (German Federal Data Protection Act).
Neither profiling nor automated decision-making will take place.
4. Disclosure of data
Personal data will be disclosed to third parties if
- the data subject has explicitly consented to this under Art. 6 Para. 1 sentence 1 letter a) GDPR,
- the disclosure is necessary under Art. 6 (1) sentence 1 letter f) GDPR for the assertion, exercise or defence of legal claims, and where there is no reason to assume that the data subject has an overriding interest in the non-disclosure of their data, which requires protection of personal data,
- a statutory obligation to transfer the data exists under Art. 6 Para. 1 sentence 1 letter c) GDPR, and/or
- this is necessary for the performance of a contractual relationship with the data subject under Art. 6 Para. 1 sentence 1 letter b) GDPR.
In other cases, personal data will not be disclosed to third parties.
Cookies are small text files that are assigned to the browser you are using by a characteristic character string and stored on your hard drive, and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They are used to make the Internet offer as a whole more user-friendly and effective, i.e. more pleasant for you.
Cookies can contain data that make it possible to recognise the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is again made between cookies:
- Technical cookies: These are essential for navigating the website, using basic functions and ensuring the security of the website; they do not collect information about you for marketing purposes nor do they store which internet pages you have visited;
- Performance Cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur during use of the website; they do not collect information that could identify you – all information collected is anonymous and is only used to improve our website and to find out what interests our users;
- Advertising Cookies, Targeting Cookies: These are used to provide the website user with tailored advertising on the website or third party offers and to measure the effectiveness of these offers; Advertising and Targeting Cookies are stored for a maximum of 13 months;
- Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.
You can adjust the cookie settings of these websites at any time. We distinguish between the aforementioned cookie categories (technical cookies, performance cookies, advertising cookies and sharing cookies). Only the “Technical Cookies” are required to use the website.
The following cookies are used on our website:
- cookielawinfo-checkbox-necessary (expires: end of session)
- cookielawinfo-checkbox-non-necessary (expires: end of session)
- CookieLawInfoConsent (expires: end of session)
- viewed_cookie_policy (expires: end of session)
- pll_language: “en” (expires: end of session)
6. Use of services
6.1 Social media plugins
We currently use the following social media plugins: LinkedIn and Xing. We use what is known as the two-click solution. That means that when you visit our website, as a rule no personal data are initially transmitted to the providers of these plugins. You can recognise the providers of the plugins via the marking on the box, from the first letter or logo. We provide you with the option of using the button to communicate directly with the provider of the plugin. Only if you click on the marked field, thus activating it, will the plugin provider be informed that you have accessed the corresponding page of our website. In addition, the data specified under point 2 of this policy will be transmitted. Activating the plugin transfers your personal data to the respective plugin provider (in the USA in the case of American providers), where it is saved. As the plugin provider collects data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.
We have no influence over the data collected or data processing procedures, neither are we aware of the full extent of the data collection, the purposes of processing, or the storage periods. We also have no information about the erasure of the data collected by the plugin provider.
The plugin provider stores these data as user profiles, and utilises them for purposes of advertising, market research and/or demand-oriented design of its website. This analysis is carried out in particular (even for users who are not logged in) for purposes of displaying demand-oriented advertising, and in order to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you will have to contact the respective plugin provider if you wish to exercise this right. Plugins allow us to offer you the option of interacting with social networks and other users, so that we can improve our website and make it more interesting for you as a user. The legal basis for the use of plugins is Art. 6 Para. 1 sentence 1 letter f) GDPR.
The data transmission takes place irrespective of whether you have an account with the plugin provider and are logged in there. If you are logged in with the plugin provider, the data about you that we collect will be directly assigned to your account with the plugin provider. If you click on the activated button and e.g. link the page, the plugin provider will also save this information in your user account and publicly share it with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as you can thus avoid data being assigned to your profile with the plugin provider.
For further information on the purpose and scope of data collection and processing by the plugin provider, please refer to the following privacy policies of those providers. There you can also find further information regarding your related rights and the settings options you can use to protect your privacy.
Addresses of the respective plugin providers and URL with their privacy policies:
1. LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.
2. Xing – New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany; https://privacy.xing.com/de/datenschutzerklaerung
6.2 Google Maps
On this website we use the services of Google Maps. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.
When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website (including your IP address). This happens regardless of whether Google provides a user account through which you are logged in, or whether no user account exists. If you are logged in with Google, this data will be directly assigned to your account. If you do not wish this data to be assigned to your Google profile, you need to log out before activating this button.
Google stores these data as user profiles, and utilises them for purposes of advertising, market research and/or demand-oriented design of its website. This analysis is carried out in particular (even for users who are not logged in) for purposes of displaying demand-oriented advertising, and in order to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you will have to contact Google if you wish to exercise this right.
Information on the third-party service provider: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.de/intl/de/policies/privacy and https://policies.google.com/technologies/product-privacy?hl=de. Google also processes your personal data in the USA and has agreed to be subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
6.3 Google Webfonts
6.4 Search engine optimisation
In order for you to find us easily and conveniently on the internet, keywords from our website have been optimised for conventional search engines via plugins from
Yoast SEO. This is a service provided by Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, The Netherlands.
6.5 Processing abroad
The aforementioned services process your personal data in accordance with the data protection information listed.LinkedIn, Xing, Google and Semper Plugins LLC process your data in the USA, among others. Some of the providers have submitted to the EU-US Privacy Shield, which the ECJ has declared invalid within the meaning of Art. 45, 46 DSG-VO. There is currently no adequacy decision by the European Commission with regard to the conformity of data processing in the USA with the GDPR.There are agreements between the aforementioned companies and us to ensure the protection of your data.Further information on this is available from the contact details given in section 1.
7. Your rights as a data subject
Insofar as your personal data are processed when you visit our website, you are entitled to the following rights as a “data subject” within the meaning of the GDPR:
You can request information from us regarding whether personal data about you are being processed by us. You do not have a right to information where the disclosure of the requested information would violate the confidentiality obligation under Art. 83 StBerG (German tax consulting law) or where the information must be kept confidential for other reasons, in particular because of an overriding legitimate interest of a third party. Conversely, there may be an obligation to disclose the information where your interests outweigh the interest in maintaining confidentiality, particularly with regard to impending damage. The right to be informed is furthermore excluded where data are stored only because it is not permitted to delete them due to legal or statutory retention periods, or where the data are used exclusively for purposes of data security or data protection control, inasmuch as disclosure would necessitate a disproportionate effort and processing for other purposes is excluded by appropriate technical and organisational measures. Where the right to information is not excluded in your case and your personal data are processed by us, you can request information from us about the following:
- Purposes of processing
- Categories of personal data regarding you that are processed,
- Recipients or categories of recipients to whom your personal data are disclosed, in particular in the case of recipients in third countries,
- where possible, the planned duration for which your personal data will be stored or, where this is not possible, the criteria for determining the duration of storage,
- the existence of a right to correct or erase or restrict the processing of the personal data relating to you, or the right to object to this processing,
- the existence of a right to complain to a supervisory authority for data protection,
- where the personal data were not collected directly from you as the data subject, the available information about the source of the data,
- the existence of an automated decision-making process, including profiling and intelligible information about the logic involved and the scope and intended impact of automated decision-making,
- in the case of data transfers to recipients in third countries, in the absence of a decision by the EU Commission on the adequacy of the level of protection Art. 45 Para. 3 GDPR, information on what appropriate guarantees under Art. 46 Para. 2 GDPR are provided for the protection of the personal data.
7.2 Correction and completion
If you determine that we have inaccurate personal data regarding you, you can require us to correct such incorrect data immediately. In the case of incomplete personal data regarding you, you can require us to complete the data.
You have the right to erasure (“right to be forgotten”) provided the processing is not required for exercising a right to freedom of expression, the right to information or to comply with a legal obligation or for the performance of a task carried out in the public interest, and provided that one of the following reasons applies:
- The personal data are no longer required for the purposes for which they were processed.
- The legitimate grounds for processing were exclusively your consent, which you have revoked.
- You have objected to the processing of your personal data, which we have published.
- You have objected to the processing of personal data that we have not published, and no grounds for processing exist that have a higher priority.
- Your personal data were processed unlawfully.
- The erasure of personal data is required in order to fulfil a statutory obligation to which we are subject.
No entitlement to erasure exists in the case of lawful and non-automated data processing, where erasure is not possible or only possible with disproportionately high effort due to the particular manner of storage, and where your interest in the erasure is low. In such a case, restriction of processing will replace erasure.
7.4 Restriction of processing
You may require us to restrict the processing if any of the following reasons applies:
- You dispute the accuracy of the personal data. Restriction can be required in this case for the duration of the period required to allow us to review the accuracy of the data.
- The processing is unlawful, and you require restriction of use of your personal data rather than erasure.
- Your personal data are no longer required by us for purposes of processing, however we still require them for asserting, exercising or defending legal claims.
- You have submitted an objection under Art. 21 Para. 1 GDPR. The restriction of processing can be required for as long as is necessary to determine whether our legitimate interest outweighs your grounds.
Restriction of processing means that personal data will be processed only with your consent or for purposes of asserting, exercising or defending legal claims or protecting the rights of another person or legal entity or for reasons of important public interest. We are obliged to inform you before we lift the restriction on processing.
7.5 Data portability
You have a right to data portability, provided that the processing is based on your consent (Art. 6 Para. 1 sentence 1 letter a) or Art. 9 Para. 2 letter a) GDPR) or on a contract to which you are party, and where the processing is carried out by means of automated procedures. The right to data portability in this case comprises the following rights, provided that these do not impair the rights and freedoms of other persons: You may require us to provide you with the personal data that you have made available to us in a structured, conventional and machine-readable format. You have the right to transfer these data to another controller without any obstruction on our part. Where technically feasible, you may require us to transfer your personal data directly to another controller.
If the processing is based on Art. 6 Para. 1 sentence 1 letter e) GDPR (performance of a task in the public interest or in the exercise of official authority) or on Art. 6 Para. 1 sentence 1 letter f) GDPR (legitimate interest of the controller or a third party), you have the right to object to the processing of personal data relating to you at any time for reasons arising from your particular situation. This also applies to profiling based on Art. 6 Para. 1 sentence 1 letter e) or f) GDPR. After the right to object has been exercised, we will no longer process your personal data unless we can prove compelling reasons for processing that require protection and outweigh your interests, rights and freedoms, or where the processing serves the assertion, exercise or defence of legal claims.
You may object at any time to the processing of the personal data regarding you for purposes of direct advertising. This also applies to profiling in connection with such direct advertising. After this right to object has been exercised, the affected personal data will no longer be used for purposes of direct advertising.
7.7 Withdrawal of consent
You have the right to withdraw consent that you have given at any time and with effect for the future. The withdrawal of consent may take place by telephone, email, fax, or to our postal address, without any particular formal requirements. The withdrawal of consent will not affect the lawfulness of data processing that takes place on the basis of the consent prior to receipt of the withdrawal of consent. After the withdrawal of consent is received, processing of data on the basis of your consent will be suspended.
If you are of the opinion that the processing of personal data concerning you is unlawful, you may file a complaint with a data protection supervisory authority competent for the location where you live or work, or for the location where the suspected infringement occurred.