DATA PROTECTION DECLARATION
1. Controller name and contact information
This data protection declaration provides information about the processing of personal data on the www.pss-gp.de website.
PSS Generalplanung GmbH
Pfalzburger Str. 42
Tel.: +49 30 86319520
2. Scope and purpose of personal data processing
When this website is accessed, the visitor’s internet browser automatically sends data to the website’s server and stores it in a log file for a limited period of time. Until automatic deletion, the following data will be stored without further entry by the visitor:
– IP address of the visitor’s terminal device,
– date and time of access by the visitor,
– name and URL of the page accessed by the visitor,
– website from which the visitor reaches our company website (so-called referrer URL),
– browser and operating system of the visitor’s terminal device and the name of the access provider used by the visitor.
The processing of this personal data is justified in accordance with Article 6 (1), first sentence, letter f) of the GDPR. The company has a legitimate interest in data processing for the following purposes:
– quickly establishing a connection to the company’s website,
– enabling user-friendly utilisation of the website,
– recognising and ensuring the security and stability of the systems, and
– facilitating and improving the administration of the website.
Processing expressly does not take place for the purpose of gaining knowledge about the person of the visitor to the website.
3. Data disclosure
Personal data will be transferred to third parties if
– the data subject has expressly consented in accordance with Article 6 (1), first sentence, letter a) of the GDPR,
– disclosure pursuant to Article 6 (1), first sentence, letter a) of the GDPR is necessary for the establishment, exercise, or defence of legal claims, and there is no reason to assume that the data subject has compelling legitimate grounds for not disclosing his/her data,
– there is a legal obligation for data transfers in accordance with Article 6 (1), first sentence, letter c) of the GDPR, and/or
– doing so is necessary for the fulfilment of a contractual relationship with the data subject pursuant to Article 6 (1), first sentence, letter b) of the GDPR.
In no other cases will personal data be passed on to third parties.
So-called cookies are used on the website. Cookies are data packets that are exchanged between this website’s server and the visitor’s browser. During visits to the website, they are stored by the devices used (PC, notebook, tablet, smartphone, etc.). Cookies thus cannot cause any damage to the devices used. Specifically, they do not contain viruses or other malware. Information that, in each case, results in connection with the specifically used terminal device is stored in the cookies. Under no circumstances can the company use this information to obtain direct knowledge of the identity of the visitor to the website.
By default, browsers are usually set to accept cookies. Browser settings can be adjusted so that either cookies are not accepted on the devices used or a special message is displayed before a new cookie is created. However, it should be noted that disabling cookies may result in suboptimal use of functions on the website.
Cookies serve to make the use of the website more convenient. For example, session cookies can be used to determine whether the visitor has already visited individual pages of the website. After the visitor leaves the website, these session cookies are automatically deleted.
Temporary cookies are used to improve user-friendliness. They are stored on the visitor’s device for a limited period of time. When the visitor goes back to the website, the fact that he/she has already visited the page and the entries and settings made during previous visits are automatically detected so that the visitor does not have to repeat them.
Cookies are also used to analyse website views for statistical purposes and to improve service. These cookies allow automatic detection of the fact that the visitor has previously viewed the website. Cookies thus used are automatically deleted after a specified period of time.
The processing of data by cookies is justified for the above-mentioned purposes in order to safeguard the legitimate interests of the company pursuant to Article 6 (1), first sentence, letter f) of the GDPR.
5. Your rights as a data subject
If your personal data are processed during your visit to our website, you as the “data subject” are entitled to the following rights within the meaning of the GDPR:
You may request information from us as to whether we are processing your personal data. There is no right of access if the provision of the requested information would violate the statutory obligation of confidentiality pursuant to § 57 Para. 1 of the German Tax Consultancy Act (Steuerberatungsgesetz, or StBerG) or if the information must be kept secret for other reasons, in particular because of a compelling legitimate third party interest. Deviating from this, there may be an obligation to provide information if your interests outweigh the interest in confidentiality, especially taking into account impending damage. Furthermore, the right of access does not apply if the data are stored only because they may not be deleted due to legal or statutory retention periods or exclusively serve purposes of data protection or data protection control, provided that granting access would require a disproportionately high effort and processing for other purposes is ruled out by suitable technical and organisational measures. If, in your case, the right of access does apply and we are processing your personal data, you can request information from us about the following information:
– purposes of the processing,
– categories of personal data processed,
– recipients or categories of recipients to whom your personal data are disclosed, in particular recipients in third countries,
– where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine the storage period,
– the right to lodge a complaint with a supervisory authority for data protection,
– the existence of the right to request from the controller rectification or erasure or restriction of processing of personal data concerning you or to object to such processing,
– if the personal data have not been collected from you as the data subject, the available information on the origin of the data,
– as applicable, the existence of automated decision-making, including profiling and meaningful information about the logic involved and the significance and envisaged consequences of automated decision making,
– in the case of transfers to recipients in third countries, unless the EU Commission has decided on the adequacy of the level of protection pursuant to Article 45 (3) of the GDPR, information on the appropriate safeguards provided for the protection of personal data pursuant to Article 46 (2) of the GDPR.
5.2 Rectification and completion
If you find that we have inaccurate personal data about you, you can ask us to rectify this inaccurate data without undue delay. If there is incomplete personal data concerning you, you may request the completion.
You have a right to erasure (“right to be forgotten”), provided that the processing is not necessary to exercise the right to freedom of expression or the right to information, to fulfil a legal obligation, or to perform a task which is in the public interest and one of the following reasons applies:
– The personal data are no longer necessary in relation to the purposes for which they were processed.
– The basis of justification for the processing was exclusively your consent, which you have revoked.
– You have objected to the processing of your personal data, which we have made public.
– You have objected to the processing of personal data we have not made public, and there are no overriding legitimate reasons for the processing.
– Your personal data have been unlawfully processed.
– The erasure of personal data is necessary to fulfil a legal obligation to which we are subject.
There is no entitlement to deletion if, in the case of lawful, non-automated data processing, deletion is not possible or possible only with disproportionate effort due to the special type of storage, and your interest in erasure is low. In such a case, restriction of processing takes the place of erasure.
5.4 Restriction of processing
You may request that we restrict processing if one of the following reasons applies:
– You dispute the accuracy of the personal data. In this case, restriction may be required for a length of time that enables us to verify the accuracy of the data.
– The processing is unlawful, and instead of erasure, you request the restriction of the use of your personal data.
– We no longer need your personal data for the purposes of processing, but you do need them to establish, exercise, or defend legal claims.
– You have registered an objection in accordance with Article 21 (1) of the GDPR. The restriction of processing may be required as long as it is not yet clear whether our justification outweigh yours.
Restriction of processing means that personal data will be processed only with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest. Before we lift the restriction, we have a duty to inform you.
5.5 Data portability
You have a right to data portability provided that the processing is based on your consent (Article 6 (1) sentence 1 letter a) or Article 9 (2) letter a) of the GDPR) or on a contract to which you are party and the processing is carried out using automated procedures. In such a case, the right to data portability includes the following rights, provided that they do not affect the rights and freedoms of others: You can request that we provide the personal data you have provided to us in a structured, commonly used, and machine-readable format. You have the right to transfer this data to another controller without any hindrance from us. If technically feasible, you can request that we transfer your personal data directly to another controller.
If the processing is based on Article 6 (1) sentence 1 letter e) of the GDPR (performance of a task carried out in the public interest or in the exercise of an official authority) or on Article 6 (1) sentence 1 letter f) of the GDPR (legitimate interest of the controller or a third party), you have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation. This also applies to profiling based on Article 6 (1), first sentence, letter e) or letter f) of the GDPR. After you exercise your right to object, we will no longer process your personal data unless we can provide compelling legitimate grounds for the processing, which outweigh your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims.
You may at any time object to the processing of personal data concerning you for direct marketing purposes. This also applies to profiling in connection with such direct marketing. After you exercise this right of objection, we will no longer use the personal data concerned for direct marketing purposes.
You have the option of informing our office or our data protection officer informally of your objection by telephone, e-mail, or mail to the postal address listed at the beginning of this data protection declaration.
5.7 Revocation of consent
You have the right to revoke consent you have given at any time with effect for the future. The revocation of the consent can be communicated informally by telephone, e-mail, or mail to our postal address. The legality of the data processing based on the consent until receipt of the revocation is not affected by the revocation. After receipt of the revocation, data processing based exclusively on your consent will cease.
If you believe that the processing of personal data concerning you is unlawful, you may lodge a complaint with a data protection supervisory authority responsible for the place of your stay, for your workplace, or for the place of the alleged infringement.
6. Status and updating of this data protection declaration
This data protection declaration is dated 25/05/2018. We reserve the right to update this data protection declaration in due course in order to improve data protection and/or adapt it to changes in official practice or case law.