Privacy

This is fulfilled by the providers of the social media channels we use, Microsoft, Google and meta platforms (non-HR data).

How long and where is the data stored?

In principle, LinkedIn retains your personal data for as long as the company considers it necessary to provide its own services. However, LinkedIn deletes your personal data when you delete your account. In some exceptional cases, LinkedIn retains some data in aggregated and anonymized form even after you delete your account. As soon as you delete your account, other people will no longer be able to see your data within one day. However, LinkedIn retains data if it is required by law. Data that can no longer be assigned to a person remains stored even after the account has been closed. The data is stored on various servers in America and presumably also in Europe. The data is deleted when it is no longer required for our and LinkedIn purposes.

Legal basis

If you have consented that data from you can be processed and stored by integrated social media elements, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.

LinkedIn also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be accompanied by various risks to the lawfulness and security of data processing.

Through our social media presence, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on 10.07.2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google for (non-HR data).

We have tried to provide you with the most important information about data processing by LinkedIn. At https://www.linkedin.com/legal/privacy-policy you can find out more about the data processing of the social media network LinkedIn.

c. Facebook

Facebook privacy policy summary
” Affected parties: Visitors to the website
” Purpose: Optimization of our service performance
” Processed data: Data such as customer data, user behavior data, information about your device and your IP address.
” You can find more details below in the privacy policy.
” Storage period: until the data is no longer useful for Meta and our purposes
” Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are Facebook tools?

We use selected tools from Facebook on our website. Facebook is a social media network of the company Meta Platforms Inc. or for the European area of the company Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can offer you and people who are interested in our products and services the best possible offer.

If data is collected from you and forwarded via our embedded Facebook elements or via our Facebook page (Fanpage), both we and Facebook Ireland Ltd. are responsible for this. Facebook is solely responsible for the further processing of this data. Our shared commitments have also been embodied in a publicly available agreement at https://www.facebook.com/legal/controller_addendum. This states, for example, that we must clearly inform you about the use of Facebook tools on our site. Furthermore, we are also responsible for ensuring that the tools are securely integrated into our website in accordance with data protection law. Facebook, on the other hand, is responsible for the data security of Facebook products, for example. If you have any questions about data collection and processing by Facebook, you can contact the company directly. If you submit the question to us, we are required to forward it to Facebook.

Below we provide an overview of the different Facebook tools, what data is sent to Facebook and how you can delete this data.

Among many other products, Facebook also offers the so-called “Facebook Business Tools”. This is the official name of Facebook. However, since the term is hardly known, we decided to just call them Facebook tools. Among them are:

• social plug-ins (such as the “Like” or “Share” button)
• Facebook Login
• Account Kit
• APIs (Application Programming Interface)
• SDKs (collection of programming tools)
• Platform integrations
• Plugins
• Codes
• Specifications
• Documentations
• Technologies and services

Through these tools, Facebook extends services and has the ability to obtain information about user activity outside of Facebook.

Why do we use Facebook tools on our website?

We only want to show our services and products to people who are really interested in them. With the help of advertisements (Facebook Ads), we can reach exactly these people. However, in order to show users suitable advertising, Facebook needs information about people’s wishes and needs. This provides the company with information about user behavior (and contact information) on our website. As a result, Facebook collects better user data and can show interested people the appropriate ads about our products or services. The tools thus enable customized advertising campaigns on Facebook.

Facebook calls data about your behavior on our website “event data”. These are also used for measurement and analysis services. Facebook can thus generate “campaign reports” on our behalf about the impact of our advertising campaigns. Furthermore, through analytics we get a better insight into how you use our services, website or products. As a result, we use some of these tools to optimize your user experience on our website. For example, you can use the social plug-ins to share content on our site directly on Facebook.

What data is stored by Facebook tools?

By using individual Facebook tools, personal data (customer data) may be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number and IP address can be sent.

Facebook uses this information to match the data with the data it itself has from you (if you are a Facebook member). Before customer data is transmitted to Facebook, a so-called “hashing” takes place. This means that a data set of any size is transformed into a string. This also serves to encrypt data.

In addition to contact data, “event data” is also transmitted. “Event Data” means that information we receive about you on our website. For example, which subpages you visit or which products you buy from us. Facebook does not share the information it receives with third parties (such as advertisers) unless the company has explicit permission or is legally required to do so. “Event data” can also be associated with contact data. This allows Facebook to offer better personalized advertising. After the aforementioned matching process, Facebook deletes the contact data again.

In order to deliver ads in an optimized manner, Facebook only uses event data when it has been aggregated with other data (collected by Facebook in other ways). Facebook also uses this event data for security, safety, development, and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files that are used to store data or information in browsers. Depending on the tools you use and whether you are a Facebook member, different numbers of cookies are created in your browser. In the descriptions of the individual Facebook tools, we go into more detail about individual Facebook cookies. General information about the use of Facebook cookies can also be found at https://www.facebook.com/policies/cookies.

How long and where is the data stored?

Basically, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers spread all over the world where its data is stored. The data is deleted when it is no longer required for our and Meta’s purposes.

How can I delete my data or prevent data storage?

In accordance with the Basic Data Protection Regulation, you have the right to information, correction, transferability and deletion of your data.

A complete deletion of the data only occurs if you delete your Facebook account completely. And this is how deleting your Facebook account works:

1) Click Settings on the right side of Facebook.

2) Then click “Your Facebook information” in the left column.

3) Now click “Deactivation and deletion”.

4) Now select “Delete account” and then click “Next and delete account”.

5) Now enter your password, click “Next” and then click “Delete account”.

The storage of data that Facebook receives via our site takes place, among other things, via cookies (e.g. for social plugins). In your browser, you can disable, delete or manage individual or all cookies. Depending on which browser you use, this works in different ways. Under the section “Cookies” you will find the corresponding links to the respective instructions of the most popular browsers.

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. Thus, for each individual cookie, you can decide whether to allow it or not.

Legal basis

If you have consented that data from you can be processed and stored by integrated Facebook tools, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view Facebook’s privacy policy or cookie policy.

Facebook also processes data from you in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be accompanied by various risks to the lawfulness and security of data processing.

Through our social media presence, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on 10.07.2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google for (non-HR data).

We hope we have provided you with the most important information about the use and data processing by Facebook tools. If you want to learn more about how Facebook uses your data, we recommend that you read the data policy at https://www.facebook.com/privacy/policy/.

d. XING

What is Xing?

We use social plugins of the social media network Xing, of the company Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany, on our website. Through these functions, you can, for example, share content on Xing directly from our website, log in via Xing or follow interesting content. You can recognize the plug-ins by the company name or the Xing logo. When you visit a website that uses a Xing plug-in, data may be transmitted to the “Xing servers”, stored and analyzed. In this privacy policy, we want to inform you about what data is involved and how to manage or prevent this data storage.

Xing is a social network headquartered in Hamburg, Germany. The company specializes in managing professional contacts. That is, unlike other networks, Xing is primarily about professional networking. The platform is often used for job hunting or to find employees for one’s own company. In addition, Xing offers interesting content on various professional topics. The global counterpart to this is the American company LinkedIn.

Why do we use Xing on our website?

There is now a flood of social media channels and we are well aware that your time is very precious. Not every company’s social media channel can be scrutinized closely. That’s why we want to make your life as easy as possible, so you can share or follow interesting content directly from our website on Xing. With such “social plug-ins” we extend our service on our website. In addition, the data collected by Xing helps us to carry out targeted advertising measures on the platform. This means that our service is only shown to people who are really interested in it.

What data is stored by Xing?

Xing offers the share button, the follow button, and the log-in button as plug-ins for websites. As soon as you open a page where a social plug-in from Xing is installed, your browser connects to servers in a data center used by Xing. In the case of the share button, no data should be stored – according to Xing – that could derive a direct reference to a person. In particular, Xing does not store your IP address. Furthermore, no cookies are set in connection with the share button. Thus, no evaluation of your user behavior takes place. For more information, please visit https://dev.xing.com/plugins/share_button/privacy_policy

For the other Xing plug-ins, cookies are only set in your browser when you interact with or click on the plug-in. Personal data such as your IP address, browser data, date and time of your page view on Xing may be stored here. If you have a XING account and are logged in, collected data will be assigned to your personal account and the data stored in it.

As soon as you are logged in to Xing or become a member, additional personal data is definitely collected, processed and stored. Xing also discloses personal data to third parties if this is necessary for the fulfillment of its own business purposes, if you have given your consent, or if a legal obligation exists.

How long and where is the data stored?

Xing stores the data on different servers in various data centers. The company stores this data until you delete the data or until a user account is deleted. Of course, this only affects users who are already Xing members.

How can I delete my data or prevent data storage?

You have the right to access and also delete your personal data at any time. Even if you are not a Xing member, you can use your browser to prevent possible data processing or manage it according to your wishes. Most of the data is stored via cookies. Depending on which browser you have, the management works slightly differently. Under the section “Cookies” you will find the corresponding links to the respective instructions of the most popular browsers.

You can also basically set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented that data from you can be processed and stored by integrated social media elements, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.

We have tried to bring you closer to the most important information about data processing by Xing. At https://privacy.xing.com/de/dat enschutzerklaerung you can learn even more about the data processing of the social media network Xing.

Privacy policy for the contact form

The personal data that you provide to us as part of this contact request will only be used to respond to your request or contact and for the associated technical administration. The transfer to third parties does not take place.
You have the right to revoke your consent at any time with effect for the future. In this case, your personal data will be deleted immediately.
Your personal data will also be deleted without your revocation if we have processed your request or if you revoke the consent to storage given here. This also happens if the storage is inadmissible for other legal reasons.
You can inform yourself at any time about the data stored about your person.
Detailed information on data protection and the handling of personal data can be found in the general privacy policy of this website.

e. Youtube

Youtube privacy policy summary
” Affected parties: Visitors to the website
” Purpose: Optimization of our service performance
” Processed data: Data such as contact details, user behavior data, information about your device and your IP address may be stored. You can find more details below in this privacy policy.
” Storage period: until the data is no longer useful for YouTube and our purposes
” Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is YouTube?

We have integrated YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you access a page on our website that has an embedded YouTube video, your browser automatically connects to the YouTube or Google servers. Various data will be transmitted (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in Europe.

In the following, we would like to explain to you in more detail what data is processed, why we have integrated YouTube videos and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on and upload videos themselves free of charge. Over the last few years, YouTube has become one of the most important social media channels worldwide. To enable us to display videos on our website, YouTube provides a code snippet that we have integrated on our site.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course, interesting videos are a must. With the help of our embedded videos, we provide you with further helpful content in addition to our texts and images. In addition, our website is easier to find on the Google search engine thanks to the embedded videos. Even if we place ads via Google Ads, Google can – thanks to the data collected – only show these ads to people who are interested in our offers.

What data is stored by YouTube?

As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile with the help of cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet provider. Other data may include contact details, any ratings, sharing content via social media or adding it to your favorites on YouTube.

If you are not logged into a Google account or a YouTube account, Google stores data with a unique identifier that is linked to your device, browser or app. For example, your preferred language setting is retained. But a lot of interaction data cannot be saved because fewer cookies are set.

How long and where is the data stored?

The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. At https://www.google.com/about/datacenters/locations/?hl=de you can see exactly where the Google data centers are located. Your data is distributed on the servers. This means that the data can be retrieved more quickly and is better protected against manipulation.

The data will be deleted when it is no longer required for our and YouTube’s purposes.

How can I delete my data or prevent data storage?

In principle, you can delete data in your Google account manually. With the automatic deletion function for location and activity data introduced in 2019, information is stored for either 3 or 18 months, depending on your decision, and then deleted.

Regardless of whether you have a Google account or not, you can configure your browser so that cookies are deleted or deactivated by Google. Depending on which browser you use, this works in different ways. Under the section “Cookies” you will find the corresponding links to the respective instructions of the most popular browsers.

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. Thus, for each individual cookie, you can decide whether to allow it or not.

Legal basis

If you have consented to your data being processed and stored by integrated YouTube elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.

Through our social media presence, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on 10.07.2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google for (non-HR data).

As YouTube is a subsidiary of Google, there is a joint privacy policy. If you would like to find out more about how we handle your data, we recommend that you read our privacy policy at https://policies.google.com/privacy?hl=de.

V. Online meeting tool “Microsoft Teams”

Below we inform you about the processing of personal data in connection with the use of “Microsoft Teams”

Purpose of processing

We use the “Microsoft Teams” tools to hold telephone conferences, online meetings and video conferences. (hereinafter: “Online Meetings”).

What data is processed?

Various types of data are processed when using the “Microsoft Teams” tools. The scope of the data also depends on the information you provide before or during participation in an “online meeting”.

Legal bases of data processing

Insofar as personal data of employees of Terhalle Holding GmbH & Co. KG is processed, § 26 BDSG is the legal basis for the data processing. If, in connection with the use of “Microsoft Teams”, personal data is not required for the establishment, performance or termination of the employment relationship, but is nevertheless an elementary component of the use of “Microsoft Teams”, Art. 6 para. 1 lit. f) DS-GVO is the legal basis for the data processing. Our interest in these cases is in the effective conduct of “online meetings”.

Incidentally, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) DS-GVO, insofar as the meetings are conducted in the context of contractual relationships.

If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) GDPR. Again, our interest is in the effective conduct of “online meetings”.

Should video and audio recordings be necessary by way of exception, this will be done exclusively on the basis of the consent given by you in accordance with Art.6 Para. 1 lit. a) GDPR.

Nature and scope of data processing

We use “Microsoft Teams” to conduct “online meetings”. If we want to record “online meetings”, we will transparently tell you in advance and ask for your consent. If necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

Automated decision-making within the meaning of Art. 22 DS-GVO is not used.

The following personal data is processed when using “Microsoft Teams”, whereby the handling of the data also depends on what data you provide before or when participating in an “online meeting”:

User details (registration information): e.g. user name, activation and conference codes, e-mail address, first and last name, company, organization ID, participant IP, profile picture (optional).

Configuration and communication data: e.g. device name, IP address, geodata, time zone, activity logs, hardware type

Conference information: e.g. date, time, duration, number of participants, dial-in method, diagnostic information

Text, audio and video data: You may have the option to use the chat function in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “Online Meeting”. To enable the display of video and the playback of audio, the data from the microphone of your terminal device as well as from any video camera of the terminal device are processed accordingly during the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Microsoft Teams” applications.

Recipient / passing on of data

Personal data processed in connection with participation in “online meetings” will not be disclosed to third parties as a matter of principle, unless they are specifically intended to be disclosed. Please note that content from “online meetings,” as well as in-person meeting content, is often intended precisely to communicate information with customers, prospects, or third parties and is therefore intended to be shared.

Another recipient is the provider of “Microsoft Teams”.

Data processing outside the European Union / EEA

Data processing in third countries does not take place as a matter of principle, as we or the service provider have restricted the storage location to data centers in the EU or the EEA.

However, we cannot rule out the possibility that the service provider also uses servers outside the EU or EEA or that the routing of data takes place via Internet servers that are located outside the EU or EEA.

Through our social media presence, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on 10.07.2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google for (non-HR data).

Storage duration

Your personal data that we process as part of your use of “Microsoft Teams” will generally be deleted as soon as it is no longer required for the purposes for which it was collected. A requirement for storage may exist in particular if the data is still needed to fulfill contractual services and to be able to check and grant or defend against warranty or guarantee claims. In the case of the statutory retention obligations of 6 years or 10 years according to commercial and tax law, deletion only comes into consideration after the expiry of the respective retention obligation. If and insofar as the processing is based on your consent, the data will only be stored until you revoke your consent, unless there is also another legal basis for the processing.

Your rights as a data subject

As a data subject, you may at any time exercise the rights granted to you by the GDPR insofar as they apply to the processing:

• the right to information as to whether and which of your data is being processed (Art. 15 DS-GVO)
• the right to request the correction or completion of data concerning you (Art. 16 DS-GVO)
• the right to have the data concerning you deleted in accordance with Art. 17 DS-GVO
• the right to request restriction of the processing of the data in accordance with Art. 18 DS-GVO
• the right to data transfer in accordance with Art. 20 DS-GVO;
• the right to object to future processing of data concerning you in accordance with Art. 21 DS-GVO

Revocability of your consent

If the processing takes place on the legal basis of consent, this can be revoked at any time. The revocation shall not affect the lawfulness of the processing carried out until the revocation (Art. 7 (21) DS-GVO).

Right of complaint to a supervisory authority

You have the right to lodge a complaint about our processing of personal data with a data protection supervisory authority.

VI Implementation of competitions

Purposes for which the personal data are processed and the legal basis for the processing

The purpose of the data processing is the implementation and processing of competitions, in particular the verification of the eligibility to participate, as well as the determination of the winners. Participation in the competition is only possible if you provide us with the above data, otherwise no contact can be made in the context of a prize notification.

If you participate in one of our sweepstakes, you consent to the processing of data for the aforementioned purposes. The data processing is therefore based on your consent (Art. 6 para. 1 lit. a DSGVO).

Another legal basis for the processing of personal data is the fulfillment of a contract. (Art. 6 para. 1 lit. b DSGVO), provided that the personal data are processed exclusively for the purpose of determining and notifying the winners and for the transmission of the prize.

Sources and categories of personal data processed

In the event of a win, the following data will necessarily be processed

First and last name

Address

E-mail address

Facebook profile info

Duration for which the personal data are stored and the criteria for determining the duration

The data collected in the competition will be deleted by Terhalle Holzbau as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected as part of the sweepstakes when the processing of the sweepstakes has been completed. Due to legal retention periods, we have to store data of winners until their expiration.

VII. Information on the rights of data subjects

This part of the Privacy Policy provides additional information on how to exercise your rights as a data subject against Terhalle.

You have the right

• pursuant to Article 15 DS-GVO to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
• pursuant to Article 16 DS-GVO to demand the correction of inaccurate or incomplete personal data stored by us without undue delay;
• pursuant to Article 17 DS-GVO to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
• to request the restriction of the processing of your personal data in accordance with Article 18 DS-GVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Article 21 DS-GVO;
• in accordance with Article 21 of the GDPR, on grounds relating to their particular situation, to object at any time to the processing of personal data concerning them which is carried out on the basis of Article 6(1)lit. f is carried out;
• pursuant to Article 20 DS-GVO to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
• in accordance with Article 7(3) DS-GVO to revoke your consent once given at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. This has the consequence that we may no longer continue the data processing based on this consent for the future. You can revoke the consent via: datenschutz@terhalle.de

• complain to a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or our company headquarters for this purpose.
• information as to whether the provision of the personal data is required by law or by contract or is necessary for a pre-contractual or contractual conclusion and whether the data subject is obliged to provide the personal data and what the possible consequences of not providing it would be. Without the data, we will generally no longer be able to carry out pre-contractual or contractual measures or may have to terminate them.

Separate information about your right to object according to Article 21 DS-GVO

According to Art. 21 para. 1 DS-GVO, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) DS-GVO. 1 lit. f of the DS-GVO (data processing on the basis of a balance of interests).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the processing is carried out for the purpose of direct marketing, you have the right to withdraw your consent pursuant to Art. 21 Para. 2 DS-GVO the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising. If you object to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.

If you wish to exercise your right of objection or other data subject rights, a notification in text form is sufficient. You can write to us or contact us by e-mail.

To exercise the rights listed, to ask questions in connection with the privacy policy or for further information, please contact Terhalle’s data protection officer:

DSB Münster GmbH
Martin Luther King Way 42
48155 Münster

Phone: +49 0251 71879-0
datenschutz@terhalle.de

Safety note

We strive to store your personal data by taking technical and organizational possibilities so that they are not accessible to third parties. When communicating by e-mail, complete data security cannot be guaranteed, so we recommend that you send confidential information by post.

VIII. Analysis tools and advertising

Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As website operators, we can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Through our social media presence, your data is also processed in the USA, among other places. The legal basis for this data transfer is the adequacy decision adopted by the European Commission on 10.07.2023 for the so-called EU-US Data Privacy Framework. This contains framework conditions that are intended to serve as suitable guarantees for the secure transfer of data between the EU and the USA. The prerequisite for this is that US companies join the EU-US Data Privacy Framework by committing to fulfill detailed data protection obligations. This is currently fulfilled by the provider of the social media channels we use, Microsoft, Meta Platforms and Google for (non-HR data).

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Ads Remarketing
This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups in order to subsequently show them interest-based advertising in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google’s cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Further information and the data protection provisions can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can analyze which buttons on our website are clicked how often and which products are viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

You can find more information about Google Conversion Tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

IX. Privacy policy app

Privacy policy

We welcome you to our app and appreciate your interest. The protection of your personal data is an important concern for us. Therefore, we conduct our activities in compliance with applicable laws on personal data protection and data security. In the following, we would like to inform you about which data is used in the context of the use, for which purposes.

Responsible party for processing according to DSGVO

The responsible party within the meaning of the General Data Protection Regulation and other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

Terhalle Holding GmbH & Co KG
Solmsstrasse 46
48683 Ahaus-Ottenstein

Data Protection Officer

DSB Münster GmbH
Martin Luther King Way 42-44
48155 Münster
+49 251 718790

Scope of data collection and data processing

Unless otherwise stated in the following sections, personal data is generally collected, processed or used when using our apps so that we can meet our quality standards. Therefore, within the registration process, the user’s master data is collected first:

• First and last name
• Language and country
• E-mail address

We additionally learn about the use of web-based structures certain technical information based on the data transmitted by your browser (for example, browser type/version, operating system used). The following data may be collected in the process:

• Information about the browser type and version used;
• the operating system of the user;
• Device ID of the terminal device;
• the IP address of the user;
• Date and time of access;
• Web pages accessed by the user’s system via our app, if additional data must be obtained from Community Connect Server

Relevant legal bases for the processing of personal data

In order to be in line with our legitimate interests as per. Art. 6 par. 1 lit. f) GDPR to provide effective and dynamic apps, we may use your data for the following:

• to ensure your safety and security, including reviewing user content, messages, and related metadata for violations of our Community Guidelines and our Terms of Use;
• to ensure that content is presented in the most effective way for you and your device;
• to understand how users use the apps so we can improve, promote, and develop them;

When we process your data to fulfill our legitimate interests, we conduct a balancing test to determine whether the use of personal data is truly necessary to achieve our business purpose. When we conduct this balancing test, we also consider the privacy rights of our users and take appropriate precautions to protect their personal information.

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a) EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) DS-GVO as legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) DS-GVO as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) DS-GVO as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f) DS-GVO as the legal basis for the processing.

Duration of the storage of personal data

Personal data is stored for the duration of the respective statutory retention period. After expiry of the deadline, the data is routinely deleted, unless it is necessary for the initiation or fulfillment of a contract.

Registration in our app

If the data subject uses the option to register via d.velop postbox with the app of the controller by providing personal data, the data in the respective input mask will be transmitted to the controller. The data is stored exclusively for internal use by the controller. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. During registration, the user’s IP address and the date and time of registration are stored (d.velop postbox). This serves to prevent misuse of the services. The data will not be passed on to third parties. An exception exists if there is a legal obligation to disclose. The registration of the data is necessary for the provision of content or services. Registered persons have the possibility to have the stored data deleted or modified at any time. The data subject shall receive information about his/her stored personal data at any time.

Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for as long as necessary to achieve the purpose of storage. Furthermore, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. As soon as the purpose of storage ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.

Security

We have extensive technical and operational safeguards in place to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress. In addition, we ensure data protection on an ongoing basis by constantly auditing and optimizing our data protection organization.

Close

Terhalle Holding GmbH & Co KG reserves all rights to make changes and updates to this privacy policy.