Data protection

DATA PROTECTION Thank you for visiting our website and for your interest in our company. The protection of your personal data is important to us and we take the protection of this data very seriously. We therefore comply with the applicable data protection regulations in all our business processes. Our privacy policy does not extend to the websites of other providers to which we may be linked. By visiting our website, you consent to the use of your personal data and agree to the following privacy policy. Definitions
This privacy policy is based on the terms used in the European General Data Protection Regulation (GDPR) and should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance. Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing. Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing. Profiling
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data. Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Name and contact details of the controller and the data protection officer The controller for the processing of personal data pursuant to Art. 4 No. 7 GDPR is Ingenieur und Sachverständigenbüro Krug GmbH represented by the managing directors: Dipl. Ing. Christian Krug & Bernd Schmidt Hauptstrasse 441

66773 Schwalbach
Tel. 06834 995000
info@gutachter-krug.de

We have appointed a data protection officer. You can contact him as follows: Bernd Schmidt

Main street 441
66773 Schwalbach
Tel. 06834 995000

info@gutachter-krug.de

Processing of personal data and the nature and purpose of its use We process personal data exclusively within the lawful framework of the relevant legal norms and, if applicable, with your consent. Personal data is all information that relates to a natural person or at least can be related to a natural person and thus allows conclusions to be drawn about the person. Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Visiting the website When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a log file. The following information is recorded without any action on your part and stored until it is automatically (?) deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • the browser used and, if applicable, the operating system of your computer and the name of your access provider.

We process the aforementioned data for the following purposes:

  • Ensuring a smooth connection to the website,
  • To ensure a comfortable use of our website,
  • Evaluation of system security and stability and
  • for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. We also use cookies and analysis services when you visit our website. You will find more detailed explanations below in this privacy policy. Registration for our newsletter If you have expressly consented in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your email address to send you our newsletter on a regular basis. It is sufficient to provide an email address to receive the newsletter. You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can also send us your unsubscribe request by e-mail at any time. Use of our contact form If you send us your inquiries via our contact form, you must provide a valid email address so that we know who sent the inquiry and can respond to it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent. The personal data collected by us for the use of the contact form will be deleted automatically (?) after your inquiry has been dealt with. Transfer of data Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

  • you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • in the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

Cookies We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. On the one hand, the use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site. (?) In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specified period of time. If you visit our site again to make use of our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 5). These cookies enable us to automatically recognize that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time. The data processed by cookies is required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. If you do not want this, you can deactivate the storage of cookies in the browser you are using or be notified as soon as cookies are sent. Analysis tools The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools. Google Analytics We use Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”) for the purpose of designing and continuously optimizing our pages to meet your needs. In this context, pseudonymized user profiles are created and cookies (see explanation above) are used. The information generated by the cookie about your use of this website such as

  • Browser type/version,
  • operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that they cannot be assigned (IP masking). You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de). As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found in the Google Analytics help section (https://support.google.com/analytics/answer/6004245?hl=de). Google Adwords Conversion Tracking We also use Google Conversion Tracking to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you. Google Adwords places a cookie (see section 4) on your computer if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this – for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain“www.googleadservices.com”. Google’s privacy policy on conversion tracking can be found here (https://services.google.com/sitestats/de.html). Matomo We use the open source software Matomo to analyze and statistically evaluate the use of the website. Cookies are used for this purpose (see explanation above). The information generated by the cookie about website usage is transmitted to our servers and summarized in pseudonymous usage profiles. The information is used to evaluate the use of the website and to enable a needs-based design of our website. The information is not passed on to third parties. Under no circumstances is the IP address associated with other data relating to the user. The IP addresses are anonymized so that they cannot be assigned (IP masking). Your visit to this website is currently recorded by Matomo Web Analytics. Click here (https://matamo.org/docs/privacy/) so that your visit is no longer recorded. Social media plug-ins We use social plug-ins from the social networks Facebook, Twitter and Instagram on our website on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation must be guaranteed by their respective providers. We integrate these plug-ins using the so-called two-click method (?) in order to protect visitors to our website in the best possible way. Facebook Social media plug-ins from Facebook are used on our website to make their use more personal. We use the “LIKE” or “SHARE” button for this purpose. This is an offer from Facebook. When you visit a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser, which integrates it into the website. By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account.

If you interact with the plugins, for example by clicking the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends. Facebook can use this information for the purposes of advertising, market research and the needs-based design of Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook. If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook’s data protection information (https://www.facebook.com/about/privacy/). Twitter Plugins of the short message network of Twitter Inc (Twitter) are integrated on our website. You can recognize the Twitter plugins (tweet button) by the Twitter logo on our site. You can find an overview of tweet buttons here (https://about.twitter.com/resources/buttons). When you visit a page on our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter then receives the information that you have visited our site with your IP address. If you click on the Twitter “tweet button” while you are logged into your Twitter account, you can link the content of our pages to your Twitter profile. This allows Twitter to associate your visit to our website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. If you do not want Twitter to be able to associate your visit to our pages, please log out of your Twitter user account. Further information on this can be found in the Twitter privacy policy (https://twitter.com/privacy).

Instagram Our website also uses social plugins (“plugins”) from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. When you access a page on our website that contains such a plugin, your browser establishes a direct connection to Instagram’s servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plugins, for example by clicking the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed there to your contacts. If you do not want Instagram to assign the data collected via our website directly to your Instagram account, you must log out of Instagram before visiting our website. You can find more information on this in Instagram’s privacy policy (https://help.instagram.com/155833707900388). Rights of data subjects As we process your personal data, you have the following rights: Right to information You can request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details. You can request the immediate rectification of incorrect or incomplete personal data stored by us in accordance with Art. 16 GDPR. Erasure In accordance with Art. 17 GDPR, you can request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims. Restriction In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

Data portability In accordance with Art. 20 GDPR, you can receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller. Right of revocation In accordance with Art. 7 para. 3 GDPR, you can revoke your consent to us at any time. As a result, we may no longer continue the data processing based on this consent in the future. Right to lodge a complaint You can lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR if you believe that the processing of your personal data violates data protection regulations. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters. Right to object If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you wish to exercise your right of revocation or objection, simply send us an e-mail. Data protection for applications and in the application process We process the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents to us electronically, for example by e-mail or via a web form on the website. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically (?) deleted two months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). Duration for which the personal data is stored The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data is routinely (?) deleted, provided that it is no longer required for contract fulfillment or contract initiation. Existence of automated decision-making As a responsible company, we do not use automated decision-making or profiling.

Data security We use the widespread SSL (Secure Socket Layer) (?) encryption method when you visit our website. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. Changes to this privacy policy This privacy policy is currently valid. It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on our website. Status March 2018