We take data protection very seriously. In principle, you can use our website www.kaiserhaus.ch without providing any personal data. However, if you wish to use any of the services available via our website, the processing of personal data may be necessary. In cases where there is no legal basis for such processing, we will always seek your explicit consent.

 

The processing of personal data, such as your name, address, telephone number or email address, is always carried out in full compliance with the General Data Protection Regulation and the country-specific data protection regulations applicable in Switzerland. With this carefully drafted privacy policy, we aim to provide the public with comprehensive information on the nature, purpose and scope of the personal data we collect, use and process. Furthermore, through this privacy policy, we wish to make you fully aware of the rights to which you are entitled.

 

As the data controller, we have implemented a wide range of organisational and technical measures to ensure the most comprehensive protection possible for the personal data processed via this website. Nevertheless, as with all internet-based data transmissions, there is always a possibility of security breaches, meaning that absolute protection cannot be guaranteed. For this reason, you are free to provide us with personal data via alternative means, such as by post or telephone.

 

General information and mandatory details

 

Data controller:
The data controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions relating to data protection is:

 

Verein Dachmarke Kaiserhaus
Marktgasse—41
CH—3011 Bern

media@kaiserhaus.ch

 

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

 

Withdrawal of consent to data processing
The processing of personal data requires explicit consent. Consent that has already been given may be withdrawn at any time. To do so, simply send an informal email to the company. The lawfulness of any data processing carried out prior to the withdrawal remains unaffected by the withdrawal.

 

Right to lodge a complaint with the competent supervisory authority
In the event of breaches of data protection law, you have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection matters is the Data Protection Officer of the Canton of Bern, where our company is based. A list of data protection officers and their contact details can be found at the following link: https://datenschutz.ch

 

Right to data portability
Data subjects have the right to have data processed by Kaiserhaus automatically, on the basis of their consent or for the performance of a contract, transferred to themselves or to a third party in a commonly used, machine-readable format, provided that such data is available in such a format. If the data subject requests the direct transfer of the data to another controller, this will only take place if it is technically feasible.

 

SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries sent to us as the website operator. An encrypted connection can be recognised by the fact that the browser’s address bar changes from “http://” to “https://” and by the padlock symbol in the browser bar. When SSL or TLS encryption is enabled, the data being transmitted cannot be read by third parties.

 

Access, Restriction, Erasure
Data subjects have the right, at any time and in accordance with applicable legal provisions, to obtain, free of charge, information regarding their stored personal data, its origin, recipients and the purpose of the data processing. Where applicable, there is also a right to rectification, blocking or erasure of this data. Data subjects may contact the company at any time regarding such requests or any further questions on the subject of personal data at the address given above or in the legal notice.

 

Objection to promotional emails
We hereby object to the use of contact details published in accordance with the legal notice requirement for the purpose of sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of promotional information, for example via spam emails.

 

Data collection

Hosting
Metanet AG
Josefstrasse 218
8005 Zürich
Schweiz

The hosting services we use are intended to provide the infrastructure and platform services, database services, computing capacity, security services, storage space and technical maintenance services required to operate our online services.

As part of these activities, we or our hosting provider, acting on our behalf, process master data, contact details, content data, contractual data, usage data, as well as metadata and communication data relating to customers, prospective customers and visitors to this online service.

 

Legal basis:
The legal basis for data processing is Article 6(1)(b) of the GDPR, which permits us to process data for the purpose of performing a contract or taking steps prior to entering into a contract.

 

Data Processing Agreement:
We have entered into a Data Processing Agreement with Metanet AG, in which we require them to protect our customers’ data and not to disclose it to third parties.

 

Cookies
This website uses cookies in some cases. These cookies do not cause any damage to the user’s computer and do not contain viruses. They serve to make the website more user-friendly, effective and secure. Cookies are small text files that are stored on the computer and managed by the browser. By using cookies, we can offer more user-friendly services that would not be possible without them. Cookies enable us to provide information and offers on our website tailored to users’ interests. They also help us to recognise users when they visit our website again. The purpose of this recognition is to make it easier to use our website.

 

Most of the cookies we use are so-called ‘session cookies’. They are automatically deleted as soon as the visit ends. Other cookies remain stored on the user’s device until they are deleted. These cookies enable us to recognise the user’s browser when they visit again.

 

Users can configure their browser to be notified when cookies are set and to allow cookies only on a case-by-case basis, to refuse cookies in specific cases, or to block them altogether. Users can also set their browser to automatically delete cookies when the browser is closed. However, disabling cookies may restrict the functionality of this website.

 

Cookies that are necessary for the execution of the electronic communication process or for the provision of certain functions requested by the data subject (e.g. the shopping basket function) are stored in accordance with Article 6(1)(f) of the General Data Protection Regulation (GDPR). The company has a legitimate interest in storing such cookies to ensure the technically error-free and optimised provision of its services. Where other cookies (e.g. cookies for analysing browsing behaviour) are stored, these are dealt with separately in this privacy policy.

 

Cookie Consent and Logging
The “Cookie Script” service provided by Objectis Ltd., Laisves St. 60, LT-05120 Vilnius, Lithuania, is used to manage and log cookie consents, as well as to continuously monitor the cookies used on the website.

Cookie Script stores the following personal and non-personal data:

– The end user’s IP address in anonymised form (the last three digits are set to “0”).​
– Date and time of consent.
– The user agent of the end user’s browser.
– The URL from which the consent was sent.
– An anonymous, random and encrypted key.
– The end user’s consent status, which serves as proof of consent.

 

Legal Basis

– Data processing is carried out in accordance with Article 6(1)(f) of the General Data Protection Regulation (GDPR). Our legitimate interest lies in ensuring that our website complies with the law, including compliance with legal obligations in the area of data protection.

 

Data Processing Agreement

– A Data Processing Agreement is in place with Objectis Ltd., under which Objectis Ltd. undertakes to protect customers’ data and not to disclose it to third parties.

 

Deletion of data

– The data is automatically deleted after 30 days.

Server log files
The website automatically collects and stores information in so-called server log files, which are automatically transmitted to the operator by the user’s browser. This information includes:

– Browser type and browser version
– Operating system used
– Referrer URL
– Hostname of the accessing computer
– Time of the server request
– IP address
– Other similar data and information used for security purposes in the event of attacks on the information technology systems.

 

This data is not combined with other data sources. No conclusions are drawn about the user when this general data and information is used. Rather, this information serves to:

– Deliver the website’s content correctly.
– Optimise the website’s content and the advertising displayed on it.
– Ensure the ongoing functionality of the website’s IT systems and technology.
– To provide law enforcement agencies with the information necessary for criminal prosecution in the event of a cyber attack.

 

This anonymously collected data and information is, on the one hand, analysed statistically and, on the other hand, used to enhance data protection and data security within the company, in order to ensure an optimal level of protection for the personal data being processed. The anonymous data from the server log files is stored separately from any personal data provided by the user.

Data processing is carried out in accordance with Article 6(1)(b) of the General Data Protection Regulation (GDPR), which permits the processing of data for the performance of a contract or pre-contractual measures.

Contact form
Users have the option of contacting the company (e.g. via a contact form, by email, telephone or via social media channels). When users contact the company, their details are processed for the purpose of handling and resolving the contact enquiry. The details may be stored in a CRM (Customer Relationship Management) system or a similar enquiry management system. The personal data provided is derived from the relevant input form used to make contact, as well as from any additional data submitted. The personal data entered is collected and stored exclusively for internal purposes and the company’s own purposes. The company may arrange for the data to be passed on to one or more data processors, who will also use the personal data exclusively for internal purposes attributable to the company’s use.

 

When you register on the website, the IP address assigned by your internet service provider (ISP), as well as the date and time of registration, are also stored. This data is stored to protect against misuse of the services and enables the company to investigate criminal offences where necessary. The storage of this data is therefore necessary to safeguard the company. This data is not disclosed to third parties as a matter of principle, unless there is a legal obligation to do so or the disclosure serves the purposes of criminal prosecution.

 

Data processing is carried out in accordance with Article 6(1)(b) of the General Data Protection Regulation (GDPR), which permits the processing of data for the performance of a contract or pre-contractual measures. The data entered by users in the contact form remains with the company until users request its deletion, withdraw their consent to its storage, or the purpose for storing the data no longer applies (e.g. once the enquiry has been processed). Mandatory legal provisions, in particular retention periods, remain unaffected.

 

Social media, plugins and tools

Social media
The company maintains an online presence on social networks and platforms in order to communicate with customers, prospective customers and users active on these platforms and to inform them about the services offered. Please note that users’ data may be processed outside the European Union in this context. This may entail risks for users, as it could, for example, make it more difficult for them to enforce their rights. In the case of US providers certified under the Privacy Shield, it is noted that they undertake to comply with EU data protection standards. As a rule, users’ data is also processed for market research and advertising purposes. User profiles may be created based on usage behaviour and the resulting interests of users. These user profiles may in turn be used to display advertisements, both within and outside the platforms, that correspond to the users’ interests. For these purposes, cookies are usually stored on users’ computers, in which their usage behaviour and interests are recorded. In addition, user profiles may also store data that is independent of the devices used by users (particularly where users are members of the respective platforms and are logged in there). The processing of users’ personal data is based on the company’s legitimate interest in effective information and communication with users in accordance with Article 6(1)(f) of the General Data Protection Regulation (GDPR). If users are asked by the platform providers to consent to the data processing described, the processing is based on Article 6(1)(a) and Article 7 of the GDPR. For a detailed description of the respective processing activities and the options for objecting (opting out), please refer to the information provided by the providers, which can be accessed via the links below. It should also be noted that requests for information and the exercise of user rights are most effectively made directly to the platform providers themselves. Only the platform providers have access to users’ data and can take appropriate measures and provide information. Should users nevertheless require assistance, they may contact the company.

 

Integration of third-party services and content (plugins)
As part of the online service, content or services from third-party providers are used on the basis of a legitimate interest (i.e. the interest in analysis, optimisation and the economic operation of the online service, as well as in presenting the online service in an appealing manner, in accordance with Article 6(1)(f) of the General Data Protection Regulation), for example to embed videos or posts. Such integration always requires the third-party providers to detect the user’s IP address, as otherwise they cannot send the content to the browser. The IP address is therefore necessary for the display of this content.

 

Care is taken to use only such content where the respective providers use the user’s IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. These ‘pixel tags’ enable information such as visitor traffic on the pages of this website to be analysed. The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring websites, time of visit and further details regarding the use of the online service, and may be linked to such information from other sources.

 

Google Maps
We integrate maps from the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

The data processed may include, in particular, users’ IP addresses and location data; however, this data is not collected without their consent (usually provided via the settings on their mobile devices). The data may be processed in the USA.

 

Further information on the handling of user data: Google’s Privacy Policy https://www.google.de/intl/de/policies/privacy/.

 

The use of Google Maps is in the interest of presenting our online services in an appealing manner and ensuring that the locations specified on our website are easy to find. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

Instagram
Our website may incorporate features and content from the Instagram service, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

 

These may include various elements such as images, videos, text and buttons, which allow users to express their interest in content, follow the authors of the content or subscribe to our posts. If users are members of the Instagram platform, Instagram may associate the access to this content and these functions with their profiles.

 

More information on how Instagram handles user data: Instagram Privacy Policy.

The use of Instagram is based on Article 6(1)(a) of the GDPR.

 

LinkedIn
Our website may incorporate features and content from the LinkedIn service, provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

 

These may include various elements such as images, videos, text and buttons, which allow users to express their interest in content, follow the authors of the content or subscribe to our posts. If users are members of the LinkedIn platform, LinkedIn may associate their access to this content and these features with their profiles. We may also integrate scripts and measures that enable us to use marketing and statistical functions within LinkedIn.

 

Further information on how LinkedIn handles user data: LinkedIn’s Privacy Policy

https://www.linkedin.com/static?key=privacy_policy&lipi=urn%3Ali%3Apage%3Ad_flagship3_notifications%3BoTiLebVdTnSjuWDjh9rgkw%3D%3D

 

The use of Instagram is based on Article 6(1)(a) of the GDPR.
You can find an opt-out option in our Cookie Policy.

 

YouTube
We embed videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

When you visit one of our pages equipped with the YouTube plugin, a connection is established with YouTube’s servers. In doing so, the YouTube server is informed which of our pages have been visited. If you are logged in to a YouTube account, YouTube is able to directly associate your browsing behaviour with your personal profile. This can be prevented by logging out of your YouTube account.

 

Further information on the handling of user data: YouTube’s Privacy Policy.
https://policies.google.com/privacy?hl=de&gl=de

The use of YouTube is based on Article 6(1)(a) of the GDPR.

 

Analytics tools and advertising

 

Google Analytics
This website uses features of the web analytics service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

Google Analytics uses ‘cookies’, which are text files stored on the user’s computer and enable an analysis of website usage. The information generated by the cookie regarding the use of this website is usually transmitted to a Google server in the USA and stored there.

IP anonymisation
The IP anonymisation function is enabled on this website. This means that the IP address of users within the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area is truncated before being transmitted to the USA. In exceptional cases, the full IP address is transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate the use of the website, compile reports on website activity and provide other services relating to website and internet usage. The IP address transmitted within the scope of Google Analytics is not merged with other Google data.

Demographic characteristics
This website uses the ‘demographic characteristics’ feature of Google Analytics to generate reports containing information about the age, gender and interests of site visitors. This data is derived from Google’s interest-based advertising and from third-party visitor data, and cannot be linked to any specific individual. The ‘demographic characteristics’ feature can be disabled at any time via the ad settings in your Google Account.

Further information on how Google Analytics handles user data: Google’s Privacy Policy.https://support.google.com/analytics/answer/6004245?hl=de

Browser plugin
Google Analytics cookies are stored in accordance with Article 6(1)(a) of the GDPR. A data processing agreement has been concluded with Google, and the requirements of the German data protection authorities regarding the use of Google Analytics are fully implemented.

Users can prevent cookies from being stored by adjusting the settings in their browser software. Please note that in this case, it may not be possible to use all the functions of this website to their full extent. Furthermore, the collection of data generated by the cookie and relating to the use of the website (including the IP address) by Google, as well as the processing of this data by Google, can be prevented by downloading and installing the browser plugin available via the link provided. https://tools.google.com/dlpage/gaoptout?hl=de

Google Analytics Remarketing
We use the features of Google Analytics Remarketing in conjunction with the cross-device features of Google Ads and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This feature enables the advertising target groups created with Google Analytics Remarketing to be linked to the cross-device features of Google Ads and Google DoubleClick. This allows personalised advertising messages, which have been tailored based on previous usage and browsing behaviour on a specific device (e.g. mobile phone), to also be displayed on another device used by the user (e.g. tablet or PC). Provided the user has given their consent, Google links web and app browsing history to the Google Account in order to display these personalised advertising messages on any device on which the user signs in with their Google Account. To support this function, Google Analytics temporarily collects Google-authenticated user IDs, which are linked to our Google Analytics data to define and create audiences for cross-device advertising.

Further information and the privacy policy: Google’s Privacy Policy. https://www.google.com/policies/technologies/ads/

The consolidation of the collected data in your Google Account is based solely on the consent that the user may give or withdraw via Google (Article 6(1)(a) of the GDPR). For data collection processes that are not consolidated in the user’s Google Account (e.g. because the user does not have a Google Account or has objected to the consolidation), the collection of data is based on Article 6(1)(f) of the GDPR. The legitimate interest arises from the fact that we have an interest in the anonymised analysis of website visitors for advertising purposes.

You can permanently opt out of cross-device remarketing/targeting by disabling personalised advertising in your Google Account.

 

Google Ads and Google Conversion Tracking
This website uses Google Ads. Google Ads is an online advertising programme provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).

As part of our use of Google Ads, we employ what is known as conversion tracking. When a user clicks on an advertisement placed by Google, a cookie is set for conversion tracking. These cookies are small text files stored by the web browser on the user’s computer. They expire after 30 days and are not used to personally identify users. If the user visits certain pages on this website and the cookie has not yet expired, Google and we can recognise that the user has clicked on the advertisement and been redirected to this page. The user can configure their browser to be notified when cookies are set and to allow cookies only in specific cases, to refuse cookies in specific cases or generally, and to enable the automatic deletion of cookies when the browser is closed. If cookies are disabled, this may impair the functionality of this website. Each Google Ads customer receives a different cookie, and cookies cannot be tracked across the websites of Ads customers.

The information collected using conversion cookies is used to generate conversion statistics for Ads customers who have opted in to conversion tracking. Customers receive information about the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that could be used to personally identify users.

Further information on Google Ads and Google conversion tracking: Google’s Privacy Policy https://www.google.de/policies/privacy/

The storage of “conversion cookies” is based on Article 6(1)(a) of the GDPR.

If a user does not wish to be tracked, they may object to this use by disabling the Google conversion tracking cookie via their web browser’s settings.

 

Meta Pixel
Our website uses the so-called “Meta Pixel” from the social network Meta, which is operated by Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).

 

The Meta Pixel enables Meta to identify visitors to the website as a target audience for ad placement (Facebook and Instagram ads). The Meta Pixel is therefore used to show Meta users only those ads placed by us that have shown an interest in our online offering or exhibit certain characteristics (e.g. interests in specific topics or products, determined on the basis of the websites visited), which we transmit to Meta (so-called ‘Custom Audiences’). We use the Meta Pixel to ensure that our adverts match users’ potential interests and are not perceived as intrusive. The Meta Pixel also enables us to analyse the effectiveness of the advertisements for statistical and market research purposes by determining whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion”).

 

Meta processes the data in accordance with Meta’s Data Use Policy. General information regarding the display of Meta ads can be found in Meta’s Data Use Policy. https://www.facebook.com/policy.php

 

Specific information and details about the Meta-Pixel: https://www.facebook.com/business/help/651294705016616

 

The use of the Meta Pixel and the storage of “conversion cookies” are based on Article 6(1)(a) of the GDPR.

 

For the processing of data where Meta acts as a data processor, we have entered into a data processing agreement with Meta, in which we require Meta to protect our customers’ data and not to disclose it to third parties.

 

Users may object to data collection via the Meta Pixel and the use of data for the display of adverts. To specify which types of adverts are to be displayed within Meta, users may visit the relevant Meta page, where they can follow the instructions for setting usage-based advertising preferences. These settings apply across all platforms and devices, including desktop computers and mobile devices.

 

Data processing by staff, infrastructure, software and tools

Employees’ laptops and workstations are protected by comprehensive data storage encryption and are managed centrally. We take great care to ensure that updates are installed on our employees’ devices, and we regularly scan workstations and devices for malware.

 

Office 365
We use Microsoft’s Office365 for the collection, processing and use of personal and non-personal data. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

 

EU-U.S. Data Privacy Framework / Swiss-US Privacy Shield

 

Microsoft is certified under the “EU-U.S. Data Privacy Framework” / “Swiss-U.S. Privacy Shield”. The “EU-U.S. Data Privacy Framework” is an agreement between the European Union (EU) and the USA, and between Switzerland and the USA, designed to ensure compliance with European and Swiss data protection standards in the USA.

 

The legal basis for data processing is Article 6(1)(b) of the GDPR, which permits us to process data for the purpose of performing a contract or taking steps prior to entering into a contract.

 

We have entered into a data processing agreement with Microsoft, in which we require Microsoft to protect our customers’ data and not to disclose it to third parties.

 

ABACUS
We use the ABACUS ERP software from Abacus Research AG, Abacus-Platz 1, 9300 Wittenbach, Switzerland, for the processing of personal and non-personal data.

 

Data protection and data security:
The companies of the Abacus Group in Switzerland and Germany respect privacy and protect personal data in accordance with the applicable data protection laws, in particular the Swiss Data Protection Act (DSG) and the EU General Data Protection Regulation (GDPR).

 

ABACUS processes data only within the framework of legal requirements and is committed to handling personal data responsibly.

 

Joint responsibility:
This privacy policy applies to all companies within the Abacus Group and their digital services. Abacus ensures that all internal processes and data processing comply with data protection regulations.

 

Technical and organisational measures:
To safeguard data, Abacus implements comprehensive technical and organisational measures to protect data from unauthorised access, loss or misuse. These measures are regularly reviewed and updated in line with the latest technological standards.

 

Data processing:
Abacus acts as a data processor in the context of this service. A corresponding data processing agreement is in place, which ensures that personal data is processed exclusively in accordance with instructions and is not disclosed to unauthorised third parties.

 

Data locations:
The data is processed in data centres within Switzerland and Germany. Data is only transferred to third countries if there is a legal basis for doing so or if explicit consent has been given.

 

Rights of data subjects:
Data subjects have the right at any time to access, rectify, erase or restrict the processing of their personal data, as well as the right to data portability.

 

Further details can be found directly in Abacus’s official privacy policy:
https://www.abacus.ch/datenschutz

 

Processing of customer and contract data

Customer data is processed as part of the contractual services, which include conceptual and strategic consultancy, campaign planning, software and design development/consultancy or maintenance, the implementation of campaigns and processes/handling, server administration, data analysis/consultancy services and training services.

 

This involves master data (e.g. customer master data such as names or addresses), contact details (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), contract data (e.g. subject matter of the contract, term), payment data (e.g. bank details, payment history) and usage and metadata (e.g. in the context of evaluating and measuring the success of marketing measures).

 

As a general rule, no special categories of personal data are processed, unless they form part of a commissioned processing operation.

 

Data subjects include customers, prospective customers and their customers, users, website visitors, employees and third parties.

 

The processing is carried out for the purposes of providing contractual services, billing and customer service. The legal basis for the processing is derived from:

– Article 6(1)(b) of the GDPR (contractual services)

– Article 6(1)(f) GDPR (analysis, statistics, optimisation, security measures)

 

The data required for the establishment and fulfilment of contractual services is collected, and the necessity of providing such data is emphasised. Data will only be disclosed to third parties if this is necessary within the scope of a contract.

 

When processing data transmitted within the scope of a contract, we act in accordance with the client’s instructions and the legal requirements for data processing under Article 28 of the GDPR.

 

The data will be deleted as soon as statutory warranty and similar obligations have expired. The necessity of retaining the data is reviewed every three years; in the case of statutory retention obligations, deletion takes place upon their expiry (6 years pursuant to Section 257(1) of the German Commercial Code (HGB), 10 years pursuant to Section 147(1) of the German Fiscal Code (AO)).

 

In the case of data disclosed to us by the client in the context of a contract, we will delete the data in accordance with the terms of the contract – usually upon completion of the contract.

 

The collection, processing and use of personal data is limited to what is necessary for the establishment, organisation or amendment of the legal relationship (master data). This is carried out on the basis of Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

 

Rights relating to personal data

 

Right of access, rectification and portability:
You have the right to request information about the personal data we hold about you. You also have the right to have incomplete, inaccurate or outdated personal data corrected. Where required by applicable law, you may also request that personal data provided be transferred to us or to other organisations.

 

Objection:
You have the right to object to the use or disclosure of personal data where this is not required by law, to fulfil a contractual obligation, or to serve our legitimate interests. If an objection is raised, we will work together to find an acceptable solution. Furthermore, consent to the processing of personal data may be withdrawn at any time, provided that the processing is based on consent.

 

Erasure:
Within the framework of legal provisions, you have the right to the erasure of personal data. This applies, for example, if the data is out of date, processing is unnecessary or unlawful, consent to processing has been withdrawn, or if we are required to comply with a justified objection to processing.

 

In certain circumstances, we may be required to retain personal data in accordance with our legal obligations or to process it for the purpose of establishing, exercising or defending legal claims. Statutory retention periods remain unaffected.

 

October 2025