Privacy policy - UHRIG Energie

Privacy Policy

What you need to know about the privacy of your data Privacy at a glance

In the following, you will learn how your personal data are used when you visit this website.

Who is responsible for collecting data on this website? The operator of the website (herein: “we”) is responsible for processing the data collected via this website. You can find our contact details in the section entitled “Data controller”.

How do we collect your data? The first way that we collect your data is when you share them with us. These include data that you enter in a contact form. The second way we obtain data is when our IT systems automatically collect them when you visit our website or after you have given your consent. The latter are primarily technical data that are collected automatically as soon as you access our website.

What do we use your data for? Some of the data are used to ensure you get the full functionality of the website. Other data may be used for the purpose of analyzing user behavior.

What are your rights with regard to your personal data? You are entitled to assert the rights set out in the section entitled “Your rights as a data subject” at any time. Should you have any questions regarding your rights or other matters relating to privacy, you can contact us anytime.

Analysis tools and third-party tools: When you visit our website, your browsing behavior may be analyzed for statistical reasons. This is primarily carried out by analysis programs. We provide the details on any relevant analysis programs in the following privacy notice.

Data controller

Unless otherwise specified, the data controller responsible for the data processing described in the following is:

Helmut Straßen und Tiefbau GmbH

Am Roten Kreuz 2

78187 Geisingen, Germany

E-mail: zentrale@uhrig-bau.de

Tel.: +49 (0) 7704-806-0

Contact details for privacy-related inquiries

If you have any questions relating to the processing of your personal data or your rights as a data subject, or if you would like to revoke your consent, please contact our data protection officer.

You can send a letter to: a.s.k. Datenschutz e.K.

Schulstraße 16 a

91245 Simmelsdorf, Germany

or an e-mail to: datenschutz@uhrig-bau.de

Correspondence initiated by your sending us an e-mail is unencrypted.

Scope of our privacy notice

With this privacy notice, we fulfill our obligations, in accordance with the General Data Protection Regulation (GDPR), to provide information with regard to our website and the personal data collected by us on our webpages. In addition, the national data protection regulations of the EU Member States also apply; in Germany, in particular, these are the German Federal Data Protection Act (BDSG) and Telecommunications-Telemedia Data Protection Act (TTDSG). In the case of third-party applications and websites that are linked on our website, the privacy notices of those third-party applications and websites apply. Unless otherwise specified, we are neither responsible for the processing of data collected by websites or applications not operated by us, nor for their content.

Scope of processing of personal data

In principle, we only process the personal data of our users for the purpose of ensuring the full functionality of our webpages and our content and services. Your personal data are generally only processed if you have given your consent. However, the exception is in cases where it is not de facto possible to obtain consent in advance, and it is permitted.

Legal basis for processing personal data

Insofar as we obtain your consent for the processing of personal data, Art. 6(1) (a) GDPR serves as the legal basis.

If the purpose of the processing of personal data is the performance of a contract of which you are a contracting party, Art. 6(1) )(b) GDPR serves as the legal basis. The same applies for taking steps prior to entering into a contract.

If the purpose of the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1) (c) GDPR serves as the legal basis.

If the processing of personal data is necessary in order to protect the vital interests of you or of another natural person, Art. 6(1) (d) GDPR serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data, Art. 6(1) (f) GDPR serves as the legal basis.

Erasure of data and duration of storage

Your personal data will be erased or blocked as soon as the purpose for storage lapses. Data may be stored beyond this point in time if the European or national legislator has provided for this in EU regulations, laws, or other provisions to which we are subject. The data will also be blocked or erased if a storage period under the aforementioned regulations expires, except where ongoing data storage is required for the conclusion or performance of a contract.

Processing of personal data when you visit our website

(1) If you merely visit our website to obtain information, our system only collects such data that your end device (computer, laptop, tablet, smartphone, etc.) sends to our website’s server on the basis of the HTTPS internet protocol. The server’s automatized requests and responses are assigned to your IP address, which may allow the assignment of the data to you as the user.

(2) When you visit our website, the browser of your respective end device automatically sends information to the server of our website, where it is temporarily stored in log files. These log files contain information such as your IP address, the URL of the website accessed, the date and time of access, data relating to the successful access of a page, the amount of data transferred, the loading time, the website that led you to our website, the type and version of your browser, your device’s operating system, and the name of your internet service provider.

(3) The technical data collected cannot be directly assigned to you or reveal your identity. We do not store these data together with other personal data collected from you.

(4) The legal basis for data processing is our legitimate interest (Art. 6(1)(f) GDPR). The purpose of processing connection data is to allow you to technically use our website. Storage in log files is technically necessary in order to display our website to you, to establish a smooth connection, to ensure the stability and security of the system, and to protect against misuse.

(5) The connection data are immediately erased upon execution of the HTTPS request. The data stored in log files are automatically erased after seven days.

(6) As the processing of the data is essential for the provision and operation of our website, you have no right to object.

Processing of personal data when you contact us

(1) If you contact us by post, telephone, fax, e-mail, or through the contact form, we will only process the personal data shared and the content of the correspondence in order to process your request and, if applicable, to fulfill any existing statutory record-keeping obligations.

(2) Data processing for the purpose of contacting us is generally voluntary. We ask for your consent if you use our contact form.

(3) The legal basis depends on the concrete purpose of the correspondence. If you have given your consent, the legal basis is Art. 6(1) (a) GDPR. The legal basis for data processing is often to protect our legitimate interests in accordance with Art. 6(1) )(f) GDPR (such as conducting business correspondence, responding to inquiries about data protection). If you contact us with the intention of entering into a contract with us, Art. 6(1) (b) GDPR also applies as the legal basis for data processing. If further data processing is carried out to comply with statutory storage obligations, the legal basis is Art. 6(1) (c) GDPR.

(4) We erase the communication data as soon as storage is no longer required to fulfill the purpose (e.g. after we have finished handling your inquiry), unless statutory storage obligations stipulate otherwise.

(5) You may revoke your consent to data processing at any time in compliance with legal requirements (see section entitled “Your rights as a data subject”). If you contact us by e-mail, you may object to data processing at any time (in the form of an e-mail, for example). Data collected in the course of your contacting us will be erased, meaning that the communication with you can no longer be continued.

Processing of personal data when you apply for a job

(1) There are a few ways you can send us a job application (e.g. by e-mail, by post, or by using our online application form).

(2) If you (“applicant”) apply for a job electronically (e.g. by e-mail) and send us your application documents electronically, we will process the personal data you share for the purpose of carrying out the application process.

(3) If we enter into an employment contract with an applicant, we process the data for the purpose of concluding and processing the employment contract in compliance with legal requirements.

(4) Should the applicant’s job application not result in an employment contract, we will erase the application documents six months after communication of that decision or after the applicant’s withdrawal of their application, provided that no other legitimate interests on our part preclude erasure. A legitimate interest within the meaning of the above is, for example, a burden of proof in proceedings under the German General Equal Treatment Act (AGG). The storage period may also be extended if you gave your consent (Art. 6(1)(a) GDPR) or in the case of statutory storage obligations.

(4) The legal basis for data processing is Art. 6(1) b) GDPR and Section 26(1)(Clause 1) German Federal Data Protection Act (BDSG) (decision on establishing an employment contract).

Processing of the personal data of business partners

1) In the context of working together with business partners, we process personal data of the contact persons at interested parties, customers, distribution partners, suppliers, service providers, and other partners. These data include the following:

(i) contact details such as last name, first name, (business) address, phone number, cell number, fax number, e-mail address

(ii) information relating to payment transactions such as bank details, account numbers, credit card information

(iii) information that needs to processed for the performance of a contract or that is voluntarily shared by business partners

(iv) personal data that are collected from publicly accessibly sources, from credit agencies, or databases

(v) under certain circumstances, other personal data that are legally required to identify our business partner, such as birth date, ID issue date, ID number.

(2) We process personal data for the following purposes:

(i) communicating with business partners in the context of initiating, establishing, executing, and terminating contracts

(ii) performing and handling the contract (e.g. processing orders for goods and services, bookkeeping, invoicing)

(iii) asserting legal claims and defending against them

(iv) carrying out marketing campaigns (e.g. invitations to events, sending newsletters to legacy customers)

(v) maintaining and safeguarding the security of our products and services

(vi) guarding against, preventing, and identifying safety risks and criminal offences

(vii) complying with statutory requirements (e.g. obligations to store data under tax and commercial law)

(viii) complying with statutory investigation obligations (e.g. under money-laundering law).

(3) We only pass on data to third parties if this is necessary for the stated purposes or to fulfill legal obligations (e.g. to involved telecommunications, transport, and other auxiliary service providers, as well as to subcontractors, banks, tax and legal advisers, payment service providers, and tax authorities). This privacy notice includes information about any further recipients of data.

(4) The processing of personal data is necessary for the aforementioned purposes. Unless otherwise specified in the course of collecting the personal data, the legal bases are:

(i) the performance and fulfilment of a contract with you (Art. 6(1)(b) GDPR)

(ii) compliance with a legal obligation to which we are subject (Art. 6(1)(c) GDPR)

(iii) for the purposes of the legitimate interests pursued by us (Art. 6(1)(f) GDPR), where our legitimate interest lies in the initiation, execution, handling, and management of the contract.

If you have expressly given your consent to the processing of your personal data in an individual case, Art. 6(1) (a) GDPR is the legal basis for the processing.

(5) We erase personal data as soon as storage is no longer required to fulfill the purpose, unless statutory limitation periods or statutory storage obligations (e.g. up to 10 years in accordance with the German Commercial Code or Tax Code) preclude erasure.

Processing of personal data when you subscribe to our newsletter

(1) Insofar as we offer a newsletter, we will send you our newsletter by e-mail on request, even in the absence of an existing business relationship, to inform you about news and current offers. The only data we need from you to be able to send you our newsletter is your e-mail address. If you share any other data with us, you do so voluntarily; we may use such data to address you by name in our newsletter.

(2) We use the so-called double opt-in method when users subscribe to our newsletter. That means that, after you have registered, we will send an e-mail to the e-mail address provided by you to ask for confirmation that you indeed wish to receive our newsletter. . If you fail to confirm your subscription within 48 hours, your data will be blocked and erased after one month. When you subscribe to our newsletter, we store your IP address and the exact times when you registered and confirmed, in order to be able to prove our compliance with the legal requirements during the registration process and to resolve any possible misuse of your personal data.

(3) We may pass on your data to a service provider who creates and sends the newsletter on our behalf. Such service provider is contractually obliged by us neither to use personal data for their own purposes nor to pass them onto third parties.

(4) We obtain your consent to the processing of your data for our newsletter during the course of subscribing. The legal basis is Art. 6(1) (a) GDPR.

(5) You may object to the sending of newsletters and e-mails at any time with effect for the future. All you need to do is use the unsubscribe link at the end of the newsletter, or send a message to any of the contact options provided in the legal notice (e.g. e-mail, fax, letter).

(6) We only process personal data until such time as you unsubscribe from the newsletter. As soon as you revoke your consent or unsubscribe from the newsletter, we may store the data collected in the course of your registration and your e-mail address up to three years before erasing them. This storage is for the purpose of our legitimate interest of being able to prove your original consent. We will comply with a request for erasure before those three years expire if you provide simultaneous confirmation that you previously consented to the data processing.

Website hosting

(1) Our website is hosted with an external service provider (“host”). The personal data collected through our website are stored on the host’s servers. Our host’s servers are located in Germany.

(2) The purpose of engaging the host is for the performance of the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and the provision of a secure, fast, and efficient online offer by a professional provider (Art. 6(1)(f) GDPR).

(3) Our host only processes personal data to the extent that this is necessary for the performance of the host’s contractual obligations towards us. We have concluded a processing agreement (PA) with our host. This ensures that the host only processes the personal data of our users in accordance with our instructions and in compliance with the provisions of the GDPR.

Transfer and passing on of personal data

We only pass on personal data to third parties if:

(i) you have given your express consent (Art. 6(1)(a) GDPR), or

(ii) processing is necessary in order to take steps at your request prior to entering into a contract, or for the performance of a contract (Art. 6(1)(b) GDPR), or

(iv) it is necessary, in accordance with Art. 6(1) (f) GDPR, for the establishment, exercise, or defense of legal claims, and there are no grounds to assume that you have a legitimate interest in your data not being passed on.

Transfer of data to third countries

Your personal data will not be passed on to recipients in third countries (countries outside the European Economic Area – EEA) or to international organizations.

Audio and video calls

(1) We currently use the video conferencing tool Microsoft Teams to communicate with our potential and existing customers. You can participate in such video calls without having a Microsoft account. If you have a Microsoft account and you use it to participate in a video call, additional data may be processed in accordance with the provisions of your Microsoft account.

(2) The following data are visible to other participants (besides admin) during the call: your name and whatever you share during the call.

(3) In the context of participating in the call, the following data may be collected:

(i) access data: e.g. an individualized link that you use to join the call

(ii) content-related data: things you share, such as files, photos, videos

(iii) profile data: data you voluntarily share about yourself in the context of the call, e.g. your name. Profile data are used to address you by name, to tailor the topics discussed to the interests of the participants, and for personal communication

(iv) dial-in data: e.g. date and time that you dial into and leave the call

(v) support/feedback data: information relating to any trouble tickets or feedback

(vi) telemetry data: diagnosis data relating to the use of the service including quality of the call. These data help to solve the problem, as well as ensuring the technical service and its monitoring are secure and up to date.

(4) We use the conferencing tool to communicate with potential and existing customers or to offer certain services. The legal basis is Art. 6(1) (b) GDPR. Furthermore, the use of the conferencing tool generally facilitates simpler and speedier communication with us. The legal basis is Art. 6(1) )(f) GDPR (legitimate interest). If you have expressly given your consent to the processing of your personal data in an individual case, Art. 6(1) (a) GDPR is the legal basis for the processing.

(5) When you use the website of Microsoft Teams, the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, U.S.A. (“Microsoft”) is responsible for data processing. If you should not or cannot directly use Microsoft Teams in your internet browser, you only need to access the website (https://teams.microsoft.com/) in order to download the necessary software.

(6) The use of Microsoft Teams is generally subject to the terms of use and data protection provisions of Microsoft, over which we ourselves have no control. In order to use the conferencing tool, you are therefore required to agree to Microsoft’s terms of use and privacy policy. Otherwise you cannot use the conferencing tool. Find more details here:

Privacy policy: https://www.microsoft.com/en-us/microsoft-365/microsoft-teams/download-app and https://privacy.microsoft.com/en-us/privacystatement

(7) Microsoft collects certain diagnostic and service data when providing the service and uses these data for its own purposes. To the extent that Microsoft processes personal data in connection with its own legitimate business operations, Microsoft is an independent controller within the meaning of the GDPR for such processing. Find details about processing by Microsoft at https://docs.microsoft.com/en-us/microsoftteams/teams-privacy.

(8) The technical service provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin, Ireland (“Microsoft Ireland”). We have made a processing agreement (PA) with Microsoft Ireland. This ensures that Microsoft Ireland only processes the personal data of our call participants in accordance with our instructions and in compliance with the provisions of the GDPR.

(9) The data are stored in the Microsoft Cloud. We have restricted the storage locations to datacenters within the European Union. For this reason, the data are generally not processed outside the European Union (EU). However, we cannot technically rule out the possibility of routing or storage on servers outside the European Union at Microsoft Ireland.

(10) (10) We erase the data collected directly by us via the conferencing tool as soon as you ask us to, or if you revoke your consent to storage, or if the purpose for data storage no longer applies, unless statutory limitation periods or statutory storage obligations preclude erasure.

(11) (11) We have no control over the duration of storage of the data that Microsoft stores for its own purposes. Please contact Microsoft directly to learn more. Microsoft will also be able to provide you with information about the type, scope, purpose, and further processing of your data, as well as further information on your rights with regard to your data, and how you can change your settings to protect your privacy:

Website: https://www.microsoft.com/en-us/microsoft-teams/group-chat-software,

Privacy statement: https://privacy.microsoft.com/en-us/privacystatement,

Microsoft Teams data protection: https://learn.microsoft.com/en-us/microsoftteams/teams-privacy.

General information about use of cookies

When you visit our website, our webserver sends so-called cookies. Cookies are tiny text files stored on the hard disk of your end device (computer, laptop, tablet, smartphone, etc.) that are assigned to the browser you use when you visit our webpages. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies do not store personal data.

Information about strictly necessary cookies

(1) We use strictly necessary (“essential”) cookies to enhance your ease of use of our website. Strictly necessary (temporary) cookies include, for example, session cookies that store information about you during a single browser session that remains in place every time you visit a new page and is deleted when you close your browser; cookies that store some of your settings for a short period of time (e.g. log-in data, language settings, or other settings on our website); cookies that ensure even load distribution on the server; contact form cookies that store the response to an inquiry via the contact form; multimedia cookies for playing media content (e.g. Flash player, Vimeo); opt-out cookies with which cookie consents can be revoked; the cookie that records the consent status for other cookies; cookies from messenger services. Our cookie banner tells you which cookies we use.

(2) The purpose of strictly necessary cookies is to allow you to use our webpages and to ensure optimal user-friendliness. Some of the functions on our website do not work without cookies. The user data collected by the strictly necessary cookies is not used to create user profiles.

(3) The use of strictly necessary cookies is based on legitimate interests (Art. 6(1)(f) GDPR).

Information about non-essential cookies

(1) We occasionally use non-essential (permanent) cookies. These kinds of cookies allow us, for instance, to analyze how our website is used, in order to enhance its user-friendliness, make it more effective, and improve our content. Our cookie banner tells you which cookies we use. Our cookie banner tells you which cookies we use.

(2) Non-essential cookies are automatically deleted after a certain time, which depends on the kind of cookie. You can delete cookies in the security settings of your browser at any time.

(3) The use of non-essential cookies is based on your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time with effect for the future.

Information about the technical deactivation of cookies

You can permit or prevent the use of individual temporary, permanent, and other cookies in the security settings of your browser. Below are links leading to instructions for the most commonly used browsers:

Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09?tid=111983446

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: http://help.opera.com/Windows/10.20/de/cookies.html

If you deactivate cookies, you will still have unlimited access to our website. You may find that not all of the functions on our website work if you have deactivated strictly necessary cookies.

Consent to the use of cookies, objection

(1) The use of strictly necessary cookies neither requires the consent of users of the website nor is there any way to object to their use. These kinds of cookies can only be deactivated in the settings of your browser.

(2) We require your consent to store and analyze cookies that are not technically necessary. This is indicated on our website.

(3) If you do not agree to the storage and analysis of the data from your visit, you can object to the storage and use of technically non-essential data at any time. If you object, the use of cookies and the associated data processing will cease for the future. Your objection does not bring you any disadvantages when using our website, unless you also deactivate the functions of the technically necessary cookies.

(4) You can object to the use of third-party cookies and the associated data processing at any time as follows: (i) By changing the setting in your browser that prevents our website from setting cookies. (ii) By clicking on the opt-out link of the respective service provider indicated for the individual processing operations and deactivate the further use of cookies and the associated data processing there. (iii) By downloading and installing e.g. Google’s opt-out add-on for your browser. Opt-out cookies prevent Google from collecting your data when you visit this website and other websites in the future. To prevent data collection on different end devices, you must install the opt-out add-on on all the end devices you use. You can also use other services to declare your objection to the use of cookies for online marketing purposes, e.g. https://optout.aboutads.info or https://youronlinechoices.com/

Links to social media

(1) Our website contains buttons with links to the following social media: Facebook, Instagram, YouTube, LinkedIn.

(2) The legal basis for the placement of buttons is Art. 6(1) (f) GDPR. Our legitimate interest lies in the marketing purpose where processing is carried out to enhance the appeal of our website and increase the notoriety of our company.

(3) For data privacy reasons, we have made the conscious decision not to include direct plug-ins of social networks on our website. The buttons we have placed on our website do not create a direct link between your internet browser and the servers of the providers in question. They merely contain links that take you to their sites. Only when you click on the link of a network, thereby activating it, does your browser establish a connection to the respective network and load the contents of that page. The network provider (operator) is notified that you have accessed the website in question via our website. In addition, the data set out in the section “Processing of personal data when you visit our website” is transmitted to the respective provider and processed there (in the case of U.S. providers, in the U.S.A.). In the case of Facebook, according to the information supplied by the provider in Germany, the IP address is anonymized as soon as the data is collected.

(4) Network operators store the data they collect about you as usage profiles and use these profiles for the purposes of advertising, market research, and/or demand-driven design of their websites. The aim of this kind of exploitation (also in the case of users who are not logged in) is, in particular, to display demand-driven advertisements and to inform other users of the social network in question about your activities on our website. We have no control over the data collected and the data processing procedures of the respective provider, nor do we have any knowledge of the full extent of the data collection, the purposes of the processing, the storage periods, and the conditions of erasure of the data collected.

(5) Since network operators primarily use cookies for data collection, we recommend that you delete all cookies in your browser’s security settings before clicking on a network button. We also recommend that you log out of the relevant networks before visiting our website, but especially before clicking on a button, if you want to prevent the operators from directly assigning the data collected when you access our website to your profile. You also have the right to object to the creation of user profiles; you need to contact the respective network operator to exercise this right.

(6) Further information on the type, scope, purpose, and further processing of your data by the network operator can be obtained from the operator. The operator will also be able to provide you with information about your rights with regard to your data, and how you can change your settings to protect your privacy:

Facebook: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;

Information about privacy: https://www.facebook.com/privacy/center/.

Instagram: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;

Information about privacy: https://privacycenter.instagram.com/policy/.

YouTube: Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland;

Information about privacy: https://policies.google.com/privacy?hl=de&gl=de.

LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;

Information about privacy: https://www.linkedin.com/legal/privacy-policy; opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Your rights as a data subject

(1) Pursuant to the statutory requirements, you have the following rights regarding your personal data:

Right of access to personal data (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to object to the processing of personal data (Art. 21 GDPR)
Right to data portability (Art. 20 GDPR)

(2) If you have given us your consent to process your personal data, you have the right to withdraw your consent at any time with effect for the future (Art. 7(3) GDPR). The revocation of consent does not affect the lawfulness of the processing carried out in the past. Once you have revoked your consent, we may only continue to process your personal data to the extent that the processing is justified by another legal basis (e.g. performance of a contract).

(3) You also have the right to lodge an objection with regard to the processing of your personal data by us with a data protection supervisory authority (Art. 77 GDPR).

Data security

When you visit our website, we use the widespread TLS method in conjunction with the highest level of encryption supported by your browser. As a rule, we use 256-bit encryption. You can tell whether an individual page of our website is encrypted if you see a closed key or lock symbol in the address bar of your browser. You can tell whether an individual page of our website is encrypted if you see a closed key or lock symbol in the address bar of your browser. Our security measures are continuously improved in line with technological developments.

Effectiveness and amendment of this privacy policy

This privacy policy is valid as of the date stated at the end. In the event of the further development of our website and the offers on the website, or due to changes to legal or regulatory requirements, it may become necessary to adapt this privacy notice. The privacy policy that is in effect at any given time can be accessed and printed out on our website.

Stand: December 2023