DATA PRIVACY
Data Privacy Policy
To MAURER SE, data privacy is a matter of particular concern. Our efforts to comply in particular with the requirements of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act in its current version aim first and foremost at respecting your private and personal sphere.
These days, for modern enterprises such as MAURER SE it is indispensable to use electronic data processing equipment (EDP). It is self-evident that we apply highest standards in order to comply with legal regulations.
Generally, it is possible to make use of the MAURER websites without entering any personal data. If a data subject wants to use special company services offered on our website, this may require the processing of personal data. In case the processing of personal data is required and there is no legal basis for it, we shall, as a matter of principle, ask the data subject for his/her consent.
On no account shall we sell or rent out your personal data to third parties for their marketing or other purposes. In case you do not agree with the data protection regulations, please do not send any personal data to us.
1. General remarks / definitions of terms
This data privacy statement is based on the terms as mentioned in the GDPR and is intended to be legible and understandable to any person. Therefore, we explain various terms beforehand:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as „data subject“). An identifiable natural person is one that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
c) Processing
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
f) Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
g) Controller
Controller means the natural person or corporate body, which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or member state law, the controller or the specific criteria for his/her nomination may be provided for by Union or member state law.
h) Processor
Processor/data processor means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient means the natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data within the framework of a particular inquiry in accordance with Union or member state law shall not be regarded as recipients.
j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Information about the collection of personal data
(1) Hereinafter, we inform about the collection of personal data when using our website. Personal data are any data that can be attributed to you personally, e.g. name, address, e-mail address, user behavior, etc.
(2) Controller in accordance with Article 4(7) EU GDPR is
MAURER SE
Chair of the supervisory board: Mr. Jörg Beutler
Managing Directors: Dr. Christian Braun and Mr. Max Meincke
Frankfurter Ring 193
80807 Munich
Phone: 089/32394-0
E-mail: info@maurer-soehne.de
Website: www. maurer.eu
(3) Our data protection officer is:
Attorney-at-law Sascha Weller, IDR-Weller, Institut für Datenschutzrecht
Ziegelbräustraße 7
85049 Ingolstadt
Phone: 0841 – 885 167 15
E-mail: ra-weller@idr-datenschutz.de
Web: www.idr-datenschutz.de
(4) When you contact us via e-mail or contact form, the data provided by you (your e-mail address, your name and phone number, if applicable) are automatically stored by us in order to answer your questions. Any such personal data deliberately transmitted by the data subject to the controller are stored exclusively for processing the inquiry or to get in contact with the data subject. We shalll erase any data received in this context once they are no longer required to be stored, or we shall restrict processing in case a legal obligation to preserve records applies.
(5) In case we make recourse to service providers commissioned by us for individual functions of our offer or want to use your data for advertising purposes, we shall inform you in detail about the respective procedures as stated below. In this context, we shall also inform you about the determined criteria of the storage period.
(6) In our capacity as controller we have implemented numerous technical and organizational measures to ensure end-to end protection of the data processed via this website to the highest possible extent. Nonetheless, internet-based data transmissions may have security flaws so that absolute protection cannot be ensured. For this reason, any data subject may feel free to transmit personal data via alternative communication channels, for instance by phone.
(7) As a responsible company we abdicate automatic decision making or profiling.
3. Your rights
(1) Regarding your personal data, you have the following rights toward us:
– Right of access:
Any data subject whose personal data are processed is entitled by the GDPR to the right of receiving free-of-charge information at any time about the personal data concerning him or her that have been stored and to receive a copy of this information. Furthermore, the European directive and regulation legislator has conceded access to the following information to the data subject:
a) the purposes of the processing
b) the categories of personal data concerned
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
e) the existence of the right to request from the controller rectification or erasure of personal data relating to the data subject, or restriction of processing by the controller, or the right to object to such processing
f) the existence of the right to lodge a complaint with a supervisory authority
g) where the personal data are not directly obtained from the data subject: all available information as to their source
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
Moreover, the data subject has the right to be informed whether personal data have been transferred to a third country or an international organization. If this is the case, the data subject also shall have the right to be informed of the appropriate safeguards applied in connection with the transmission.
In case a data subject wants to make use of this right of access, he or she may contact a staff member of the controller at any time.
– Right to withdrawal of a consent regarding data protection:
Any data subject whose data are processed has the right to withdraw his or her consent regarding the processing of personal data at any time.
In case a data subject wants to make use of the right to withdraw the consent, he or she can contact a staff member of the controller via any communication channel and at any time.
– Right to rectification:
The data subject shall have the right to obtain from the controller the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed – including by means of providing a supplementary statement.
In case a data subject wants to make use of this right to rectification, he or she may contact a staff member of the controller at any time.
– Right to erasure / right to be forgotten:
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) the data subject withdraws his or her consent on which the processing was based pursuant to point (a) of Article 6(1) or point (a) of Article 9(2), and there is no other legal ground for the processing.
c) the data subject lodges an objection to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject lodges an objection to processing pursuant to Article 21 (2).
d) the personal data have been unlawfully processed.
e) the erasure of personal data is required to comply with a legal obligation in Union or member state law to which the controller is subjected.
f) the personal data have been collected in relation to information society services referred to in Article 8(1).
In case a data subject wants to make use of his or her right to erasure / right to be forgotten, he or she may contact a staff member of the controller at any time.
In case we have made the personal data public and are obliged to erase them pursuant to Article 17(1) GDPR, we shall take adequate measures taking into account available technology and the cost of implementation, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copies or replication of, those personal data. Our employees will initiate all necessary measures.
– Right to restriction of processing:
The data subject shall have the right to obtain from the controller restriction of processing where one of the following prerequisites applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing but they are required by the data subject for the enforcement, exercise or defense of legal claims, or
d) the data subject has lodged an objection to processing pursuant to Article 21(1) with the verification pending whether the legitimate grounds of the controller override those of the data subject.
In case a data subject wants to make use of his or her right to restriction of processing, he or she may contact a staff member of the controller at any time.
– Right to object to the processing:
Any data subject whose personal data are processed is entitled by the GDPR to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
We shall no longer process the personal data in case of objection, unless we can prove compelling reasons worth being protected for the processing which override the interests, rights, and liberties of the data subject, or if the processing serves for the enforcement, exercise or defense of legal claims.
Where we process personal data for direct marketing purposes, the data subject shall have the right at any time to lodge an objection to the processing of personal data for the purposes of any such marketing at any time. This shall also include profiling to the extent that it is related to such direct marketing. In case the data subject lodges an objection to the processing for direct marketing purposes, we shall no longer process the personal data for such purposes.
Furthermore, the data subject shall have the right to lodge an objection to the processing of personal data concerning him or her that is executed by us for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary to perform a task in the public interest.
For executing the right to object, the data subject may directly contact any staff member. Furthermore, the data subject shall be free to execute his or her right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EG, by automated means using technical specifications.
– Right to data portability:
The data subject shall have the right to receive the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
a) the processing is based on consent pursuant to point (a) of Article 6(1), or point (a) of Article 9(2), or on a contract pursuant to point (b) of Article 6(1); and the processing is carried out by automated means.
In exercising his or her right to data portability pursuant to Article 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and the rights and liberties of other persons are not adversely affected.
If a data subject wants to execute this right to data portability, he or she may contact an employee of the controller at any time.
– Automated individual decision-making, including profiling
Any data subject whose personal data are processed is entitled by the GDPR to the right of not being subjected to a decision based solely on automated processing – including profiling – which produces legal effects concerning him or her or similarly significantly affects him or her, insofar as the decision
(1) is not required for the conduct or fulfilling of a contract between the data subject and the controller, or
(2) is legitimate pursuant to legal regulations of the Union or the member states to which the controller is subjected, provided these legal regulations include appropriate measures for protecting the rights and liberties as well as the legitimate interests of the data subject, or
(3) is made with the data subject’s explicit consent.
In case the decision is required for concluding or fulfilling a contract between the data subject and the controller or in case it is made with the explicit consent of the data subject, we shall take appropriate measures to protect the rights and liberties as well as the legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, the right to express his or her view, and the right to contest the decision.
In case the data subject wants to execute his or her right regarding automated decisions, he/she may contact an employee of the controller at any time.
(2) Furthermore, you shall have the right to raise a complaint with a data protection supervisory authority against our processing of your personal data. The competent supervisory authority for our company is:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27
91522 Ansbach
Phone: 0981 – 53 1300
E-mail: poststelle@lda.bayern.de
4. Collection of personal data when visiting our website / cookies
(1) When you use our website for information purposes only, that means without registering or transmitting information to us in other ways, we shall only collect the personal data that your browser transmits to our server. If you want to view our website, we shall collect the following data that are technically necessary to display our website to you and to ensure stability and security (legal basis is point (f) of Article 6(1) clause 1 GDPR):
– IP address
– Date and time of the inquiry
– Time zone difference to Greenwich Mean Time (GMT)
– Internet service provider of the accessing system
– Content of request (concrete page)
– Access status/HTTP status code
– Data volume transmitted at a time
– Website from which the request is issued (referrer)
– Browser
– Operating system and its interface
– Language and version of the browser software.
(2) In addition to the data as mentioned before, cookies will be stored on your computer when using our website. Cookies are small text files that are stored on your hard disc associated with your browser through which the body placing the cookie (here placed by us) receives certain information. Cookies cannot run a program or transfer viruses to your computer. They serve for making the internet offer as a whole more user-friendly and more effective.
(3) Use of cookies:
a) This website uses the following types of cookies, the extent and functionality of which is explained hereafter:
– Transient cookies (see b)
– Persistent cookies (see c)
b) Transient cookies are automatically erased when you close the browser. In particular, session cookies belong to this type. They store a so-called session ID, with the help of which different inquiries of your browser can be attributed to the joint session. In this way, your computer can be recognized if you get back to our website. The session cookies are erased when you log out or close the browser.
c) Persistent cookies are erased after a predetermined period of time, which may differ depending on the type of cookie. You may erase the cookies in the security settings of your browser at any time.
d) You may configure the settings of your browser pursuant to your wishes and, for example, reject the acceptance of third-party cookies or of all cookies. We draw your attention to the fact that you may not be able any more to use all functions of this website.
e) We use cookies to be able to identify you upon your next visit if you have an account with us. Otherwise, you will have to log in again for each visit.
5. Further functions and offers of our website
(1) Besides the mere use of our website for information purposes we offer various services which you may use if you are interested. To this end, as a rule you will have to enter further personal data which we use for the performance of the respective service and which are subjected to the previously mentioned principles of data processing.
(2) We partly commission external service providers for the processing of your data. These were carefully selected by us and commissioned, are bound to our instructions, and undergo regular checks.
(3) The hosting services we make use of serve for providing the following services: infrastructure and platform services, computing capacity, memory space and database services, security service and technical maintenance services, which we use for the operation of this online offer.
To this end, we or our hosting service provider, respectively, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested persons and visitors of this online offer based on our justified interests in an efficient and secure provision of this online offer in accordance with point (f) of Article 6(1) GDPR in connection with Article 28 GDPR.
(4) Moreover, we shall be entitled to transmit your data to third parties in case we offer campaign participations, prize games, and conclusion of contracts or similar services jointly with partners. You will receive detailed information on this when submitting your personal data or below in the description of the offer.
(5) If our service providers or partners have their place of business in a state outside the European Economic Area (EEA), we will inform you about the consequences arising thereof in the description of the offer.
6. Data protection in case of applications for employment
The controller collects and processes the personal data of job applicants for the purpose of running the application procedure. The processing can also be executed by electronic means. This is particularly the case when an applicant transmits the corresponding résumé and references to the controller by electronic means, for example, via e-mail or a contact form on the website. In case the controller concludes an employment contract with an applicant, the transmitted data are stored for the purpose of execution of the employment contract in accordance with the legal regulations. If no employment contract is concluded by the controller with the applicant, the application papers are automatically erased, unless there are other justified opposed interests of the controller. Other justified interest in this sense includes, for example, a burden of proof in proceedings pursuant to the General Equal Treatment Act.
The processing of personal data of applicants is executed in order to fulfil our (pre-)contractual duties within the framework of the application procedure pursuant to point (b) of Article 6(1) GDPR and point (f) of Article 6(1) GDPR, inasmuch the data processing becomes necessary for us, e.g. within the framework of legal proceedings (in Germany, in addition Section 26 of the Federal Data Protection Act shall apply).
7. Objection to the processing of your data or withdrawal of consent
(1) In case you have given your consent for processing your data, you can revoke this consent at any time and via any communication channel. Such revocation affects the legitimacy of processing your personal data as soon as you have expressed it towards us.
(2) Insofar as we base the processing of your personal data on weighing of interests, you are entitled to lodge an objection to the processing. This shall be the case if, in particular, the processing is not needed for fulfilling a contract with you, which is described by us in each of the function descriptions hereinafter. If you execute your right to object, we will ask you to state the reasons why we should not process your personal data the way we have done it. In case your objection is substantiated, we shall check the factual situation and shall either cease or adjust data processing, or inform you about our compelling reasons worth being protected, based on which we shall continue processing.
(3) As a matter of course, you shall be entitled to lodge an objection to the processing of your personal data for advertising purposes and data analysis at any time. ) For lodging your objection to data processing for advertising purposes, you may contact us at the address as mentioned in item 2. (2).
8. Legal or contractual regulations for the provision of personal data / necessity for the conclusion of a contract / consequences in case of non-provision
We would like to draw your attention to the fact that the provision of personal data is partly required by law. It may also be possible that a data subject has to provide personal data for the execution of a contract. Non-provision would have the consequence that the contract could not be concluded. Our staff will be ready to answer any questions you may have in the individual case.
9. Web analytics
1. Use of Matomo
(1) This website uses the web analytics service Matomo, a service provided by InnoCraft Ltd., 150 Willis St., 6011 Wellington, New Zealand, in order to analyze and continuously improve our website. The statistics thus obtained assist us in improving our offer and making it more interesting for you as the user. Legal basis for the use of Matomo is point (f) of Article 6(1) clause 1 GDPR.
(2) For this evaluation, cookies (read more under item 4) are stored on your computer. The controller stores the information obtained in this way exclusively on his server in [Germany]. You may cease this evaluation by erasing existing cookies and preventing new cookies from being stored. In case you prevent cookies from being stored, we draw your attention to the fact that you might not be able to make use of our website to its full extent. The storage of cookies can be blocked via the settings of your browser. The use of Matomo can be blocked by deleting the following check to activate the opt-out plug-in:
(3) This website uses Matomo with the extension „AnonymizeIP“. In this way, IP addresses are further processed in abbreviated form, which excludes a direct attribution to you as a person. The IP address transmitted by your browser will not be merged with other data collected by us.
(4) The Matomo program is an open source project. Information from the third-party service provider regarding data protection is available at https://matomo.org/privacy/policy.
10. Integration of YouTube videos and Google Maps
1. Integration of YouTube videos
(1) We have integrated YouTube videos into our online offer which are stored at www.YouTube.com and can be viewed directly from our website. These are integrated in the “extended data protection mode” ensuring that no personal data of you as a user are transmitted to YouTube if you do not view the videos. The data mentioned in paragraph 2 will be transmitted once you view the videos. The transmission of these data is beyond our control.
2) When you visit our website, YouTube will receive the information that you have called the respective subpage of our website. In addition, the data mentioned under item 6 of this data privacy statement will be transmitted, irrespective of whether YouTube provides a user account where you have logged in or no user account exists. If you have logged in at YouTube, your data will be directly allocated to your account. If you do not want the allocation to your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research and/or need-based design of its website. Such evaluation is performed in particular (even for users that have not logged in) to disseminate need-based advertising and to inform other users of the social network about your activities on our website. You are entitled to execute your right to object to the generation of user profiles. To exercise this right, you shall have to address YouTube.
3) Further information on purpose and extent of data collection and their processing by YouTube can be obtained in the data privacy statement, where you can also obtain further information regarding your rights and setting options for the protection of your private sphere: www.google.de/intl/de/policies/privacy. YouTube also processes your personal data in the USA and has subjected itself to the EU-US-Privacy-Shield, www.privacyshield.gov/EU-US-Framework.
Integration/Linking of Google Maps
(1) On this website, we use the Google Maps service. This allows us to provide you with interactive maps linked to Google Maps, enabling you to use the map function.
(2) By accessing the link, Google receives various information, such as the data mentioned in section 4 of this statement. This happens regardless of whether Google provides a user account through which you are logged in or if no user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not wish to have your data associated with your Google profile, you must log out before activating the link. Google stores your data as user profiles and uses them for purposes of advertising, market research, and/or the tailored design of its website. Such analysis occurs particularly (even for users who are not logged in) to provide tailored advertising and to inform other users of the social network about your activities. You have the right to object to the creation of these user profiles, although you must contact Google to exercise this right. The legal basis for this is Art. 6(1) sentence 1 lit. f) GDPR (legitimate interests) and Art. 6(1) sentence 1 lit. a) GDPR (consent).
(3) Further information regarding the purpose and scope of data collection and processing by Google can be found in Google's privacy policy. There you will also find additional information about your rights and privacy protection settings: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to the Trans-Atlantic Data Privacy Framework.
(4) There is an option to opt out at: https://adssettings.google.com/authenticated.