Data Privacy

When using our website, personal data is collected from you. Personal data is all information with which you can be identified, or which can be related to your person.

In the following, you will find our comprehensive data protection notice in fulfilment of our duty to provide information, according to GDPR (EU General Data Protection Regulation) for the processing of your personal data when visiting our website.

Name and contact details of the Controller and the Data Protection Officer

The Controller according to Art. 4(7) GDPR is:

Carpus+Partner AG

represented by the CEO M.Re. Dipl.-Ing. Architect Tobias Ell
Forckenbeckstr. 61
52074 Aachen | Germany
Tel +49 (241) 88 75-0
E-mail info@carpus.de

The Data Protection Officer for Carpus+Partner AG can be contacted at the above address, for the attention of the Data Protection Officer or at datenschutz@carpus.de.

Server log data

When you visit our website, the following information is automatically sent to the server of our website by the browser used on your terminal device (so-called server log data):

IP address of the requesting computer,
date and time of the access,
time zone difference to Greenwich Mean Time (GMT),
name and URL of the retrieved file,
access status/HTTP status code,
respective transferred data volume,
website from which the access occurs (referrer URL),
browser used,
the operating system of your computer and its interface,
the name of your access provider and
language and version of the browser software.

The legal basis for data processing is Art. 6(1) lit. f) GDPR. Our legitimate interest follows from the purposes listed below:

guaranteeing smooth-running connection establishment to the website,
guaranteeing convenient use of our website,
evaluation of the system security and stability, as well as
for additional administrative purposes.

This data is not merged with other data sources. We also never use the collected data for the purpose of drawing conclusions about your person. The information is automatically deleted after 7 days.

Cookies

We use cookies on our website. These are small files, which your browser creates automatically and are stored on your end device (laptop, tablet, smartphone or similar), if you visit our website. Cookies do not cause any damage on your end device, do not contain any viruses, Trojans or other malware.

Information is filed in the cookie, which arises in relation to the specifically used end device. However, this does not mean that we directly receive knowledge of your identity.

We use so-called session cookies, in order to make the use of our offer more pleasant for you. Session cookies store settings that you have made for the duration of the session. These cookies are automatically deleted after leaving our website.

For this, we also use persistent cookies to optimize the user friendliness, which are stored on your end device until their expiry date is reached or until they are deleted by the user. If you visit our website again, in order to use our services, it is automatically identified that you have already been with us and which entries and setting you have made, so you do not need to repeat them.

We have no influence on the duration of storage or deletion of cookies. The settings are made by the respective services or by the user himself.

When you visit our website for the first time – regardless of the page you land on – a consent banner appears. The dialog box tells you what we use the cookies for and how long they are stored for. Some cookies are mandatory and do not allow individual setting options, while other cookies help us to optimize our website design and analyze accesses to our website. With optional cookies, you can decide for yourself which cookies should be set and make an individual setting. See the sections below for more information.

Consent Management Platform (CMP)

As our website uses integrated third party services (e.g. YouTube) that process personal data, we are obligated by law to inform you of the use of these services and to ask for your consent before using them. All declarations of consent must be recorded as evidence.

On this website, we therefore use the “Cookiebot” service from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark for the following purposes:

To provide visitors with transparent information on the use of cookieS
Freedom of choice for visitors regarding the use of cookies
Storage of the user’s consent status regarding cookies

The legal basis for using Cookiebot is Art. 6(1) lit. f) GDPR. Our legitimate interests arise from the aforementioned purposes.

By granting permission using the consent banner, the following data are collected:

The IP number of the end user in anonymized form (the last three digits are set to ‘0’) Date and time of consent
User agent of the end user’s browser
The URL from which the consent was sent
An anonymous, random and encrypted key
The permission status of the end user, which serves as evidence of consent

The data are stored for 12 months. After that, the banner opens again automatically for you to renew your permission.

We have concluded a Data Processing Addendum with Usercentrics. Details on the security of the processing of data collected by Usercentrics can be found in the Usercentrics´ privacy policy .

Web analysis

On this website, we use Matomo. Matomo is an open source software for the statistical analysis of visitor access. We use the Matomo software to optimize the quality of our website and the content presented on it. Using the statistics gathered on usage behaviour, we can improve our offer and make it more interesting for you as a user.

Matomo uses cookies which are saved on your computer and that enable an anonymous analysis of your website usage. It is not possible to infer a specific person because your IP address is anonymized immediately after processing and before it is saved.

Processing of personal data for the above-mentioned purpose only takes place if you have given your consent via the consent banner. The legal basis is Art. 6(1) lit. a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the end device of the user (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

We have concluded a Data Processing Addendum with Matomo. More information about the data processing by Matomo can be found in Matomo´s privacy policy

Map services

We link to the map service Google Maps on this website. Provider is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. By using the service, we can show our company locations on interactive maps and make it easy for you to use our website. The legal basis for the use of Google Maps is in accordance with the aforementioned legitimate interests Art. 6(1) lit. f) GDPR.

Google Maps is only integrated on our website as a link to the respective service. After clicking the integrated text or image link, you will be redirected to the Google Maps site. User information is only transmitted to Google Maps after you have been redirected.

The IP address must be processed by Google in order for the map to be displayed. By visiting the website, Google also receives the information that you have accessed the corresponding sub-site on our website. If you have a Google account and are logged in, your data are allocated directly to your account. If you do not want the allocation to your profile with Google, you must log out before activating the map.

Google is responsible for the use of data by Google. We have no influence on further data processing by the third party. We would like to point out that when Google is called up/used, data may be transferred to third countries (e.g. the USA), where it may not currently be possible to guarantee a level of data protection comparable to that of the EU.

Basic information about data processing by Google as well as about your rights in this regard and setting options for the protection of your privacy can be found in Google´s privacy policy. Please contact Google to assert rights as a person affected.

Videos

On this website we use plugins of the YouTube website operated by Google. Provider is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. By using the service, we can display videos directly on the website and allows you to conveniently use the video play function.

The videos are only loaded after confirmation of the required cookies and a connection to YouTube is established. If the required cookies have not been accepted in the consent banner, the visitor will see a placeholder for the video stating that the content is blocked based on their consent settings. If the user updates their consent settings and accepts the relevant cookies, the placeholder will be automatically hidden and the video preview will be shown. If a video is displayed in the cookie banner despite lack of confirmation, the video is integrated locally on the website.

By watching the video, YouTube receives the information that you have accessed the corresponding sub-site on our website. If you have a YouTube account and are logged in, your data are allocated directly to your account. If you do not want the allocation to your profile with YouTube, you must log out before activating the video.

Basic information about data processing by Google as well as about your rights in this regard and setting options for the protection of your privacy can be found in Google´s privacy policy and YouTube´s privacy policy. Please contact Google to assert rights as a person affected.

Social media appearances

We run the following publicly available social media profiles:

Social networks are only integrated on our website as links to the respective services. After clicking the integrated text or image link, you will be redirected to the site of the respective provider. User information is only transmitted to the respective provider after you have been redirected.

The data you enter on our social media pages, such as videos, images, comments, likes, public messages, etc., are published by the respective social media platform and never used or processed by us for other purposes. We only reserve the right to delete content if this should be necessary. If necessary, we share your content on our site and communicate with you via the social media platform. The legal basis is Art. 6(1) lit. f) GDPR. Data processing is carried out in the interest of our public relations work as well as communication and networking.

For certain processing operations, we and the platform operator jointly serve as the data controller within the meaning of Art. 26 GDPR. However, we only have limited influence on data processing by the operators of social media platforms. At the points where we can exert influence, we work within the framework of the possibilities available to us to ensure that the operator of the social media platform treats the data in accordance with data protection regulations. However, there are many areas in which we cannot influence data processing by the operator of a social media platform and do not know exactly what data they process.

The platform operator operates the service’s entire IT infrastructure, determines its own privacy policy and maintains its own relationship with you as a user (if you are a registered user of the social media service). Furthermore, the operator alone is responsible for all questions pertaining to your user profile data, to which we have no access as a company.

We would like to point out that when social media platforms are called up/used, data may be transferred to third countries (e.g. the USA), where it may not currently be possible to guarantee a level of data protection comparable to that of the EU.

Basic information about data processing by the provider of the social media platform as well as about your rights in this regard can be found in privacy policy of the respective provider:

Please contact the respective social media provider to assert rights as a person affected, insofar as this concerns data that comes under the area of responsibility of the respective provider.

Recipients / disclosure of data

This website is hosted externally. Personal data collected on this website is stored on the host’s servers. The hoster is used for the purpose of fulfilling the contract with our potential and existing clients (Art. 6(1) lit. b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6(1) lit. a) GDPR). If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6(1) lit. a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the end device of the user (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

In addition, we use an IT service provider and a digital agency for the operation of this website. In this context, it may happen that a service provider becomes aware of personal data.

Basically, we ensure that our service providers are carefully selected – especially in regard to data protection and data security – and take all measures required under data protection law for permissible data processing. Our service providers will only process your data in accordance with our instructions and to the extent necessary to fulfill their performance obligations.

If not already mentioned above, data will not be passed on to third parties.

Inquiries by e-mail, telephone and fax

If you contact us by e-mail, telephone or fax, your request, including all personal data resulting from it (e.g. name, contact details, request) will be stored and processed for the purpose of processing your request.

This data is processed on the basis of Art. 6(1) lit. b) GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1) lit. f) GDPR) or on your consent (Art. 6(1) lit. a) GDPR), if requested.

The data you sent to us in a context of a contact request will remain until you request a deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Data security

Within the website visit, we use the widely prevalent SSL procedure (secure socket layer) in conjunction with the respective highest encryption level, which is supported by your browser. You can identify whether an individual page of our Internet presence has been transferred using encryption, you can recognize this by the closed illustration of the key/lock symbol in the bottom status bar of your browser.

We also use appropriate technical and organizational security measures, in order to protect your data from accidental or malicious manipulation, partial or complete loss, destruction of from unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.

Rights of data subjects

You have the right to information about the personal data concerning your person processed by us. In the case of a request for information that is not made in writing, please understand that we may then request information from you that proves that you are the person you claim to be. Furthermore, you have a right of correction or deletion or to restriction of the processing, insofar as you are legally entitled to this. Moreover, you have a right of objection to the processing within the context of the statutory provisions. The same applies for a right to data portability.

Please contact the Data Protection Officer (datenschutz@carpus.de) to assert your rights as a data subject.

Right of revocation and right of objection

Insofar as the data processing is based on consent in accordance with Art. 6(1) lit. a) GDPR respectively § 25(1) TTDSG, you have the right to revoke your consent at any time with effect for the future. Notice of revocation does not effect the legality of the processing carried out before the revocation notice. By deleting the stored cookies on our website, you can revoke your consent to data processing by the respective services.

If your personal data are processed on the basis of legitimate interests in accordance with Art. 6(1) lit. f) GDPR, you have the right to lodge an objection against the processing of your personal data, in accordance with Art. 21 GDPR, insofar as reasons exist for this, which arise from your specific situation or if the objection is aimed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us, without indicating a specific situation. If you wish to assert your right objection, it is sufficient to send an e-mail to datenschutz@carpus.de.

Right of complaint

If you see any reason to be dissatisfied with the handling of your data by us or if you think that the data processing is not in accordance with the law, please contact the Data Protection Officer by email (datenschutz@carpus.de). The majority of questions and problems relating to data protection law can probably be resolved quickly and easily. If your request has not been dealt with satisfactorily, you have regardless to this the right to complain to a data protection supervisory authority about the processing of personal data by us.

Currency of and amendments to this data protection notice

We reserve the right to amend and update this data protection notice as required in compliance with the applicable data protection regulations. The respective current version applied for your visit.

This data protection notice applies as of: September 2023