Data protection

This is fulfilled by the providers of the social media channels we use, Microsoft, Google and meta platforms (non-HR data).

How long and where is the data stored?

In principle, LinkedIn retains your personal data for as long as the company considers it necessary to provide its own services. However, LinkedIn deletes your personal data when you delete your account. In some exceptional cases, LinkedIn retains some data in aggregated and anonymized form even after you delete your account. As soon as you delete your account, other people will no longer be able to see your data within one day. However, LinkedIn retains data if it is required by law. Data that can no longer be assigned to a person remains stored even after the account has been closed. The data is stored on various servers in America and presumably also in Europe. The data is deleted when it is no longer required for our and LinkedIn’s purposes.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

LinkedIn also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

Through our social media presences, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on July 10, 2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google, for (non-HR data).

We have tried to provide you with the most important information about data processing by LinkedIn. You can find out more about data processing by the social media network LinkedIn at https://www.linkedin.com/legal/privacy-policy.

c. Facebook

Facebook privacy policy summary
” Data subjects: Visitors to the website
” Purpose: Optimization of our service performance
” Processed data: Data such as customer data, user behavior data, information about your device and your IP address.
” More details can be found below in the privacy policy
” Storage period: until the data is no longer useful for Meta and our purposes
” Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are Facebook tools?

We use selected tools from Facebook on our website. Facebook is a social media network of the company Meta Platforms Inc. or, for the European region, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can offer you and people who are interested in our products and services the best possible offer.

If data is collected and forwarded from you via our embedded Facebook elements or via our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. Facebook is solely responsible for the further processing of this data. Our joint obligations are also set out in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum. This states, for example, that we must clearly inform you about the use of Facebook tools on our site. Furthermore, we are also responsible for ensuring that the tools are securely integrated into our website in accordance with data protection law. Facebook, on the other hand, is responsible for the data security of Facebook products, for example. If you have any questions about data collection and data processing by Facebook, you can contact the company directly. If you address the question to us, we are obliged to forward it to Facebook.

Below we provide an overview of the various Facebook tools, what data is sent to Facebook and how you can delete this data.

Among many other products, Facebook also offers the so-called “Facebook Business Tools”. This is the official name of Facebook. However, since the term is hardly known, we decided to just call them Facebook tools. Among them are:

• Social plug-ins (such as the “Like” or “Share” button)
• Facebook login
• Account Kit
• APIs (programming interface)
• SDKs (collection of programming tools)
• Platform integrations
• plugins
• codes
• specifications
• Documentation
• Technologies and services

Through these tools, Facebook expands services and has the ability to obtain information about user activity outside of Facebook.

Why do we use Facebook tools on our website?

We only want to show our services and products to people who are really interested in them. With the help of advertisements (Facebook Ads), we can reach exactly these people. However, in order to show users suitable advertising, Facebook needs information about people’s wishes and needs. This provides the company with information about user behavior (and contact information) on our website. As a result, Facebook collects better user data and can show interested people the appropriate ads about our products or services. The tools thus enable customized advertising campaigns on Facebook.

Facebook calls data about your behavior on our website “event data”. This is also used for measurement and analysis services. Facebook can thus create “campaign reports” on our behalf about the impact of our advertising campaigns. Furthermore, analytics give us a better insight into how you use our services, website or products. This allows us to optimize your user experience on our website with some of these tools. For example, you can use the social plug-ins to share content on our site directly on Facebook.

What data is stored by Facebook tools?

By using individual Facebook tools, personal data (customer data) can be sent to Facebook. Depending on the tools used, customer data such as name, address, telephone number and IP address may be sent.

Facebook uses this information to match the data with the data it has about you (if you are a Facebook member). Before customer data is transmitted to Facebook, it is hashed. This means that a data record of any size is transformed into a character string. This also serves to encrypt data.

In addition to the contact data, “event data” is also transmitted. “Event data” refers to the information that we receive about you on our website. For example, which subpages you visit or which products you buy from us. Facebook does not share the information it receives with third parties (such as advertisers) unless the company has explicit permission or is legally obliged to do so. “Event data” can also be linked to contact details. This allows Facebook to offer better personalized advertising. After the aforementioned matching process, Facebook deletes the contact data again.

In order to deliver optimized ads, Facebook only uses the event data if it has been combined with other data (collected by Facebook in other ways). Facebook also uses this event data for security, protection, development and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files that are used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, different numbers of cookies are stored in your browser. We go into more detail about individual Facebook cookies in the descriptions of the individual Facebook tools. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.

How long and where is the data stored?

In principle, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers all over the world where its data is stored. The data is deleted when it is no longer needed for our and Meta’s purposes.

How can I delete my data or prevent data storage?

In accordance with the General Data Protection Regulation, you have the right to information, correction, transferability and deletion of your data.

The data will only be completely deleted if you delete your Facebook account completely. And this is how deleting your Facebook account works:

1) Click on Settings on the right-hand side of Facebook.

2) Then click on “Your Facebook information” in the left-hand column.

3) Now click on “Deactivation and deletion”.

4) Now select “Delete account” and then click on “Continue and delete account”

5) Now enter your password, click on “Next” and then on “Delete account”

The data that Facebook receives via our site is stored using cookies (e.g. for social plugins). You can deactivate, delete or manage individual or all cookies in your browser. Depending on which browser you use, this works in different ways. In the “Cookies” section, you will find the relevant links to the instructions for the most popular browsers.

If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is to be set. This allows you to decide for each individual cookie whether you want to allow it or not.

Legal basis

If you have consented to your data being processed and stored by integrated Facebook tools, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy policy about cookies carefully and take a look at Facebook’s privacy policy or cookie guidelines.

Facebook also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

Through our social media presences, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on July 10, 2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google, for (non-HR data).

We hope we have provided you with the most important information about the use and data processing by the Facebook tools. If you would like to find out more about how Facebook uses your data, we recommend that you read the data policy at https://www.facebook.com/privacy/policy/.

d. XING

What is Xing?

We use social plugins from the social media network Xing, Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany, on our website. These functions allow you, for example, to share content on Xing directly via our website, log in via Xing or follow interesting content. You can recognize the plug-ins by the company name or the Xing logo. When you visit a website that uses a Xing plug-in, data may be transmitted to the “Xing servers”, stored and analyzed. In this privacy policy, we want to inform you about what data is involved and how you can manage or prevent this data storage.

Xing is a social network with its headquarters in Hamburg. The company specializes in the management of professional contacts. This means that, unlike other networks, Xing is primarily about professional networking. The platform is often used for job searches or to find employees for your own company. Xing also offers interesting content on various professional topics. Its global counterpart is the American company LinkedIn.

Why do we use Xing on our website?

There is now a flood of social media channels and we are well aware that your time is very valuable. Not every company’s social media channel can be scrutinized closely. That’s why we want to make your life as easy as possible so that you can share or follow interesting content directly via our website on Xing. With such “social plug-ins” we expand our service on our website. In addition, the data collected by Xing helps us to carry out targeted advertising measures on the platform. This means that our service is only shown to people who are really interested in it.

What data is stored by Xing?

Xing offers the share button, the follow button and the log-in button as plug-ins for websites. As soon as you open a page where a Xing social plug-in is integrated, your browser connects to servers in a data center used by Xing. In the case of the share button, according to Xing, no data is stored that could be directly linked to a person. In particular, Xing does not store your IP address. Furthermore, no cookies are set in connection with the share button. Therefore, no evaluation of your user behavior takes place. You can find more information on this at https://dev.xing.com/plugins/share_button/privacy_policy

With the other Xing plug-ins, cookies are only set in your browser when you interact with the plug-in or click on it. Personal data such as your IP address, browser data, date and time of your Xing page visit can be stored here. If you have a XING account and are logged in, the data collected will be assigned to your personal account and the data stored in it.

As soon as you are logged in to Xing or become a member, further personal data will definitely be collected, processed and stored. Xing also passes on personal data to third parties if this is necessary for the fulfillment of its own business purposes, if you have given your consent or if there is a legal obligation.

How long and where is the data stored?

Xing stores the data on various servers in various data centers. The company stores this data until you delete the data or until a user account is deleted. Of course, this only affects users who are already Xing members.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. Even if you are not a Xing member, you can use your browser to prevent any data processing or manage it according to your wishes. Most data is stored via cookies. Depending on which browser you have, the administration works slightly differently. In the “Cookies” section, you will find the relevant links to the instructions for the most popular browsers.

You can also set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

We have tried to provide you with the most important information about data processing by Xing. You can find out more about data processing by the Xing social media network at https://privacy.xing.com/de/datenschutzerklaerung.

Privacy policy for the contact form

The personal data that you provide to us as part of this contact request will only be used to respond to your request or contact and for the associated technical administration. It will not be passed on to third parties.
You have the right to revoke your consent at any time with effect for the future. In this case, your personal data will be deleted immediately.
Your personal data will also be deleted without your revocation if we have processed your request or if you revoke the consent given here for storage. This also happens if the storage is inadmissible for other legal reasons.
You can find out about the data stored about you at any time.
Detailed information on data protection and the handling of personal data can be found in the general privacy policy of this website.

e. Youtube

Youtube privacy policy summary
” Affected parties: Visitors to the website
” Purpose: Optimization of our service performance
” Processed data: Data such as contact details, user behavior data, information about your device and your IP address may be stored. You can find more details below in this privacy policy.
” Storage period: 6 months
” Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is YouTube?

We have integrated YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you access a page on our website that has an embedded YouTube video, your browser automatically connects to the YouTube or Google servers. Various data will be transmitted (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in Europe.

In the following, we would like to explain to you in more detail what data is processed, why we have integrated YouTube videos and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on and upload videos for free. Over the last few years, YouTube has become one of the most important social media channels worldwide. To enable us to display videos on our website, YouTube provides a code snippet that we have integrated into our site.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course, interesting videos are a must. With the help of our embedded videos, we provide you with further helpful content in addition to our texts and images. In addition, our website is easier to find on the Google search engine thanks to the embedded videos. Even if we place ads via Google Ads, Google can – thanks to the data collected – only show these ads to people who are interested in our offers.

What data is stored by YouTube?

As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet provider. Other data may include contact details, any ratings, the sharing of content via social media or adding to your favorites on YouTube.

If you are not logged into a Google account or a YouTube account, Google stores data with a unique identifier that is linked to your device, browser or app. For example, your preferred language setting is retained. But a lot of interaction data cannot be saved because fewer cookies are set.

How long and where is the data stored?

The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. At https://www.google.com/about/datacenters/locations/?hl=de you can see exactly where the Google data centers are located. Your data is distributed across the servers. This means that the data can be accessed more quickly and is better protected against manipulation.

The data will be deleted when it is no longer required for our and YouTube’s purposes.

How can I delete my data or prevent data storage?

In principle, you can delete data in your Google account manually. With the automatic deletion function for location and activity data introduced in 2019, information is stored for either 3 or 18 months, depending on your decision, and then deleted.

Regardless of whether you have a Google account or not, you can configure your browser so that cookies are deleted or deactivated by Google. Depending on which browser you use, this works in different ways. In the “Cookies” section, you will find the relevant links to the instructions for the most popular browsers.

If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is to be set. This allows you to decide for each individual cookie whether you want to allow it or not.

Legal basis

If you have consented to your data being processed and stored by integrated YouTube elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

Through our social media presences, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on July 10, 2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google, for (non-HR data).

As YouTube is a subsidiary of Google, there is a joint privacy policy. If you would like to find out more about how your data is handled, we recommend that you read the privacy policy at https://policies.google.com/privacy?hl=de.

V. Online meeting tool “Microsoft Teams”

Below we inform you about the processing of personal data in connection with the use of “Microsoft Teams”

Purpose of the processing

We use the tools of “Microsoft Teams” to conduct telephone conferences, online meetings and video conferences. (hereinafter: “online meetings”).

What data is processed?

Various types of data are processed when using the “Microsoft Teams” tools. The scope of the data also depends on the data you provide before or when participating in an “online meeting”.

Legal basis for data processing

Insofar as personal data of employees of Terhalle Holding GmbH is processed, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of “Microsoft Teams”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of “Microsoft Teams”, Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective conduct of “online meetings”.

In addition, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we have an interest in the effective conduct of “online meetings”.

Should video and audio recordings be necessary in exceptional cases, this will be done exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Type and scope of data processing

We use “Microsoft Teams” to conduct “online meetings”. If we want to record “online meetings”, we will inform you transparently in advance and ask for your consent. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

The following personal data is processed when using “Microsoft Teams”, whereby the handling of the data also depends on what data you provide before or when participating in an “online meeting”:

User details (registration information): e.g. user name, activation and conference codes, e-mail address, first name and surname, company, organization ID, participant IP, profile picture (optional)

Configuration and communication data: e.g. device name, IP address, geodata, time zone, activity logs, hardware type

Conference information: e.g. date, time, duration, number of participants, dial-in method, diagnostic information

Text, audio and video data: You may have the option of using the chat function in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting”. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Microsoft Teams” applications.

Recipients / forwarding of data

Personal data that is processed in connection with participation in “online meetings” is not passed on to third parties unless it is intended to be passed on. Please note that content from “online meetings”, as with face-to-face meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Another recipient is the provider of “Microsoft Teams”.

Data processing outside the European Union / EEA

Data processing in third countries does not take place, as we or the service provider have restricted the storage location to data centers in the EU or the EEA.

However, we cannot rule out the possibility that the service provider also uses servers outside the EU or the EEA or that data is routed via internet servers located outside the EU or the EEA.

Through our social media presences, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on July 10, 2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google, for (non-HR data).

Storage duration

Your personal data that we process as part of your use of “Microsoft Teams” will generally be deleted as soon as it is no longer required for the purposes for which it was collected. A requirement for storage may exist in particular if the data is still required in order to fulfill contractual services and to be able to check and grant or defend against warranty or guarantee claims. In the case of statutory retention obligations of 6 years or 10 years under commercial and tax law, deletion will only be considered after expiry of the respective retention obligation. If and insofar as the processing is based on your consent, the data will only be stored until you withdraw your consent, unless there is another legal basis for the processing.

Your rights as a data subject

As a data subject, you may at any time exercise the rights granted to you by the GDPR insofar as they apply to the processing:

• the right to information as to whether and which of your data is being processed (Art. 15 GDPR)
• the right to request the rectification or completion of data concerning you (Art. 16 GDPR)
• the right to erasure of the data concerning you in accordance with Art. 17 GDPR
• the right to request a restriction on the processing of data in accordance with Art. 18 GDPR
• the right to data portability in accordance with Art. 20 GDPR;
• the right to object to the future processing of data concerning you in accordance with Art. 21 GDPR

Revocability of your consent

If the processing takes place on the legal basis of consent, this consent can be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal (Art. 7 (21) GDPR)

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint about our processing of personal data with a data protection supervisory authority.

VI Implementation of competitions

the purposes for which the personal data are processed and the legal basis for the processing

The purpose of data processing is the implementation and processing of competitions, in particular the verification of eligibility to participate and the determination of winners. Participation in the competition is only possible if you provide us with the aforementioned data, as otherwise we will not be able to contact you in the context of a prize notification.

If you take part in one of our competitions, you consent to data processing for the stated purposes. The data processing therefore takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR).

Another legal basis for the processing of personal data is the fulfillment of a contract. (Art. 6 para. 1 lit. b GDPR), provided that the personal data is processed exclusively for the purpose of determining and notifying the winners and for transmitting the prize.

Sources and categories of personal data processed

In the event of a win, the following data will necessarily be processed

First name and surname

your address

e-mail address

Facebook profile information

Duration for which the personal data will be stored and the criteria for determining the duration

The data collected in the competition will be deleted by Terhalle Holzbau as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected as part of the competition when the competition has been completed. We must store winners’ data until the statutory retention periods expire.

VII. Information on the rights of data subjects

This section of the privacy policy provides additional information on exercising your rights as a data subject vis-à-vis Terhalle.

You have the right

• in accordance with Article 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
• in accordance with Article 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us;
• in accordance with Article 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
• in accordance with Article 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Article 21 GDPR;
• pursuant to Article 21 GDPR, to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(f);
• in accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission to another controller;
• in accordance with Article 7(3) DS-GVO to revoke your consent once given at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. This has the consequence that we may no longer continue the data processing based on this consent for the future. You can revoke the consent via: datenschutz@terhalle.de

• to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or our company headquarters.
• information as to whether the provision of personal data is required by law or contract or is necessary for the pre-contractual or contractual conclusion and whether the data subject is obliged to provide the personal data and what the possible consequences of non-provision would be. Without the data, we will generally no longer be able to carry out pre-contractual or contractual measures or may have to terminate them.

Separate information about your right to object in accordance with Article 21 GDPR

According to Art. 21 para. 1 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6 para. 1 lit. f GDPR (data processing on the basis of a balancing of interests).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.

If the processing is carried out for the purpose of direct advertising, you have the right under Art. 21 (2) GDPR to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.

If you wish to make use of your right to object or other data subject rights, a notification in text form is sufficient. You can write to us or contact us by e-mail.

To exercise the rights listed, to ask questions in connection with the privacy policy or for further information, please contact Terhalle’s data protection officer:

DSB Münster GmbH
Martin-Luther-King-Weg 42
48155 Münster

Phone: +49 0251 71879-0
datenschutz@terhalle.de

Safety note

We make every effort to take technical and organizational measures to store your personal data in such a way that it is not accessible to third parties. Complete data security cannot be guaranteed when communicating by e-mail, so we recommend that you send confidential information by post.

VIII. Analysis tools and advertising

” Affected parties: Visitors to the website
” Purpose: Google cookie used for Google Ads conversion tracking to advertise targeted online marketing measures and also to record corresponding conversions and remarketing measures.
” Processed data: Data such as user behavior data, information about your device and your IP address.
” You can find more details below in the privacy policy.
” Storage period: 30 days
” Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transmitted to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and origin of the user. This data is assigned to the respective end device of the user. There is no assignment to a user ID.

Furthermore, we can use Google Analytics to, among other things: Record your mouse and scroll movements and clicks. In addition, Google Analytics uses various modeling approaches to complement the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Browser Plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on the handling of user data by Google Analytics in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

You can find more information about Google Conversion Tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

IX. Privacy policy app

Privacy policy

Welcome to our app and thank you for your interest. The protection of your personal data is important to us. We therefore conduct our activities in accordance with the applicable legal provisions on the protection of personal data and data security. We would like to inform you below about which data is used for which purposes.

Controller for processing in accordance with the GDPR

The controller within the meaning of the General Data Protection Regulation and other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the:

Terhalle Holding GmbH
Solmsstraße 46
48683 Ahaus-Ottenstein

Data Protection Officer

DSB Münster GmbH
Martin-Luther-King-Weg 42-44
48155 Münster
+49 251 718790

Scope of data collection and data processing

Unless otherwise stated in the following sections, personal data is always collected, processed or used when using our apps so that we can meet our quality standards. As part of the registration process, user master data is therefore collected first:

• First and last name
• Language and country
• E-mail address

We also obtain certain technical information through the use of web-based structures based on the data transmitted by your browser (e.g. browser type/version, operating system used). The following data may be collected:

• Information about the browser type and version used;
• the user’s operating system;
• Device ID of the end device;
• the IP address of the user;
• Date and time of access;
• Websites that are accessed by the user’s system via our app, if additional data must be obtained from Community Connect Server

Relevant legal bases for the processing of personal data

In order to provide effective and dynamic apps in accordance with our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR, we may use your data for the following:

• to ensure your safety and security, including reviewing user content, messages and associated metadata for violations of our Community Guidelines and Terms of Use;
• to ensure that content is presented in the most effective way for you and your device;
• to understand how users use the apps so that we can improve, promote and further develop them;

When we process your data to fulfill our legitimate interests, we carry out a balancing test to check whether the use of personal data is really necessary to achieve our business purpose. When we carry out this balancing test, we also take into account the rights of our users with regard to the protection of their privacy and take appropriate precautions to protect their personal data.

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a) EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) DS-GVO as legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) DS-GVO as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) DS-GVO as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f) DS-GVO as the legal basis for the processing.

Duration of storage of personal data

Personal data is stored for the duration of the respective statutory retention period. After this period has expired, the data is routinely deleted, unless there is a need to initiate or fulfill a contract.

Registration in our app

If the data subject uses the option to register via d.velop postbox with the app of the controller by providing personal data, the data in the respective input mask will be transmitted to the controller. The data is stored exclusively for internal use by the controller. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. During registration, the user’s IP address and the date and time of registration are stored (d.velop postbox). This serves to prevent misuse of the services. The data will not be passed on to third parties. An exception exists if there is a legal obligation to disclose. The registration of the data is necessary for the provision of content or services. Registered persons have the possibility to have the stored data deleted or modified at any time. The data subject shall receive information about his/her stored personal data at any time.

Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for as long as is necessary to achieve the purpose of storage. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. As soon as the storage purpose no longer applies or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.

Security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress. In addition, data protection is continuously guaranteed at our company through constant auditing and optimization of the data protection organization.

Conclusion

Terhalle Holding reserves all rights to make changes and updates to this privacy policy.