Privacy policy - Uhrig Group

Privacy Policy

Data protection at a glance

The following information provides a simple overview of what happens to your personal data when you visit this website.

Who is responsible for data collection on this website? Data processing on this website is carried out by the website operator (hereinafter referred to as "we"). You can find our contact details in the "Responsible body" section.

How do we collect your data? On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form. Other data is collected by our IT systems either automatically or with your consent when you visit the website. These are mainly technical data. This data is collected automatically as soon as you visit our website.

What do we use your data for? Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior.

What rights do you have with regard to your data? You have the right to assert the rights described in the section "Your rights as a data subject" at any time. You can contact us at any time if you have further questions on the subject of data protection.

Analysis tools and tools from third-party providers: When you visit our website, your surfing behavior may be statistically evaluated. This is mainly done with so-called analysis programs. If relevant, you will find detailed information on analysis programs in the following privacy policy.

Responsible body

Unless otherwise stated, the controller is responsible for the data processing described below:

Helmut Straßen und Tiefbau GmbH

Am Roten Kreuz 2

78187 Geisingen, Germany

E-mail: zentrale@uhrig-bau.de

Phone: +49 (0) 7704-806-0

Contact details for data protection inquiries

For answers to questions regarding the processing of personal data, the exercise of your "data subject rights" and the revocation of consents granted, please contact our appointed data protection officer, namely

in writing to: a.s.k. Datenschutz e.K.

Schulstraße 16 a

91245 Simmelsdorf, Germany

or by e-mail to: datenschutz@uhrig-bau.de

If you contact us by e-mail, the communication will be unencrypted.

Validity of our privacy policy

With the data protection declaration, we fulfill the information obligations of the General Data Protection Regulation (GDPR) for our website offer and for the personal data collected by us via our websites. In addition, national data protection laws of the member states apply, in Germany in particular the Federal Data Protection Act (BDSG) and the Telecommunications and Telemedia Data Protection Act (TTDSG). For third-party applications and websites to which reference is made, e.g. via links, the data protection declarations there apply. Unless otherwise stated, we are not responsible for the processing of your data on websites or applications that are not operated by us, nor for their content.

Scope of the processing of personal data

We only process our users' personal data to the extent necessary to provide functional websites and our content and services. In principle, personal data is only processed if you have given your consent. However, an exception applies in cases where it is not possible to obtain prior consent for factual reasons and this is permitted.

Legal basis for the processing of personal data

Insofar as we obtain your consent for the processing of personal data, Article 6 (1) lit. a GDPR as the legal basis.

If the processing of personal data is necessary for the performance of a contract to which you are a party, Article 6 (1) lit. b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) lit. c GDPR as the legal basis.

In the event that vital interests of you or another natural person require the processing of personal data, Article 6 (1) lit. d GDPR as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms, Article 6(1)(f) GDPR shall apply. f GDPR as the legal basis.

Data erasure and storage duration

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which we are subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or fulfillment of a contract.

Processing of personal data when visiting our website

(1) If you only visit our website to obtain information, our system only records the data that your end device (computer, laptop, tablet, smartphone, etc.) sends to our website server based on the https internet protocol. The automatic requests and responses from the server are assigned on the basis of your IP address, which may be used to establish a link to your person.

(2) When you visit our website, information is automatically sent to the server of our website by the browser of your respective end device and temporarily stored in log files. The log files contain information such as your IP address, the URL of the website accessed, the date and time of access, information about a successful page view, the amount of data transferred, the loading time, the website from which you accessed our website, the type and version of your browser, your device's operating system and the name of your internet service provider.

(3) The technical data collected does not allow any direct conclusions to be drawn about your identity. We do not store the data together with other personal data about you.

(4) The legal basis for data processing is our legitimate interest (Article 6 (1) sentence 1 lit. f GDPR). The purpose of processing the connection data is to technically enable you to use our website. Storage in log files is technically necessary in order to display our website to you, to establish a smooth connection, to ensure the stability and security of the system and to protect against misuse.

(5) The connection data is deleted immediately after the https call has been made. The data stored in log files is automatically deleted after seven days.

(6) As the processing of the data is absolutely necessary for the provision and operation of our website, you have no right to object.

Processing of personal data when contacting us

(1) If you contact us by post, telephone, fax, e-mail or via the contact form, we will only process the personal data you provide and the content of the communication in order to process your request and, if applicable, to comply with existing statutory record-keeping obligations.

(2) Data processing for the purpose of contacting us is generally carried out on a voluntary basis. If you use the contact form, we will obtain your consent.

(3) The legal basis depends on the specific purpose of the communication. If consent has been given, the legal basis is Article 6 (1) lit. a GDPR. The legal basis for data processing is often the protection of our legitimate interests in accordance with Article 6 (1) sentence 1 lit. f GDPR (such as conducting business correspondence, responding to inquiries about data protection). If your contact is aimed at the conclusion of a contract, Article 6 (1) lit. b GDPR is the legal basis for data processing. Insofar as further data processing is carried out to fulfill statutory retention obligations, the legal basis is Article 6 (1) sentence 1 lit. c GDPR.

(4) We delete the communication data as soon as storage is no longer required to fulfill the purpose (e.g. after your request has been processed), unless statutory retention obligations prevent deletion.

(5) You have the option of withdrawing your consent to data processing at any time in accordance with the legal requirements (see section "Your rights as a data subject"). If you contact us by e-mail, you can object to data processing at any time, e.g. by e-mail. Data stored in the course of establishing contact will then be deleted so that communication with you can no longer be continued.

Processing of personal data for job applications

(1) We offer you the opportunity to apply to us (e.g. by e-mail, post or online application form).

(1) If you ("applicant") apply to us electronically (e.g. by e-mail) and send us application documents electronically, we will process the personal data you provide to us for the purpose of carrying out the application process.

(2) If we conclude an employment contract with an applicant, we process the data for the purpose of establishing and processing the employment relationship in compliance with the statutory provisions.

(3) If no employment relationship is established between an applicant and us, the application documents will be deleted six months after notification of the rejection decision or withdrawal of the application by the applicant, provided that no other legitimate interests on our part prevent deletion. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). Longer storage may also take place if you have given your consent (Article 6(1)(a) GDPR) or if there are legal obligations to retain data.

(4) The legal basis for data processing is Article 6 (1) sentence 1 lit. b GDPR and Section 26 (1) sentence 1 no. 1 BDSG (decision on the establishment of an employment relationship).

Processing of personal data of business partners

(1) As part of our cooperation with business partners, we process personal data of contact persons at interested parties, customers, sales partners, suppliers, service providers and other partners. The data includes in detail

(i) Contact information such as surname, first name and (business) address, telephone number, mobile phone number, fax number, e-mail address,

(ii) Information for the processing of payment transactions, such as bank details, account numbers, credit card information,

(iii) Information that is required to be processed in the course of a contractual relationship with us or that is voluntarily provided by business partners,

(iv) personal data collected from publicly available sources, credit agencies or information databases,

(v) any other personal data that is legally required to identify our business partner, such as date of birth, ID card date, ID card number.

(2) We process personal data for the following purposes:

(i) Communication with business partners in the context of the initiation, establishment, implementation and termination of business relationships,

(ii) Implementation and administration of the business relationship (e.g. processing of orders for goods and services, bookkeeping, invoicing),

(iii) assertion of and defense against legal claims,

(iv) Carrying out marketing campaigns (e.g. invitations to events, sending newsletters to existing customers),

(v) Maintaining and protecting the safety of our products and services,

(vi) prevention, avoidance and detection of security risks and criminal acts,

(vii) Compliance with legal requirements (e.g. retention obligations under tax and commercial law),

(viii) Compliance with statutory investigation obligations (e.g. under the Money Laundering Act).

(3) We only pass on data to third parties to the extent that this is necessary for the stated purposes or to fulfill legal obligations (e.g. to participating telecommunications, transport and other auxiliary service providers as well as to subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). We will inform you about further data transfers in this privacy policy.

(4) The processing of personal data is necessary to achieve the stated purposes. Unless expressly stated otherwise in the collection of personal data, the legal bases are

(i) the performance and fulfillment of a contract with you (Article 6 (1) sentence 1 lit. b GDPR),

(ii) the fulfillment of legal obligations to which we are subject (Article 6 (1) sentence 1 lit. c GDPR),

(iii) the protection of our legitimate interests (Article 6 (1) sentence 1 lit. f GDPR), whereby our legitimate interest lies in the initiation, implementation, processing and support of the business relationship.

If you have expressly given your consent to the processing of your personal data in individual cases, Article 6 (1) sentence 1 lit. a GDPR is the legal basis for the processing.

(5) We will delete the personal data as soon as storage is no longer required to fulfill the purpose, unless statutory limitation periods or statutory retention obligations (e.g. up to 10 years in accordance with the German Commercial Code or Tax Code) prevent deletion.

Processing of personal data for newsletter registration

(1) If we offer a newsletter, we will send you our newsletter by e-mail on request, even outside of a business relationship, to inform you about news and current offers. The only mandatory information for sending our newsletter is your e-mail address. The provision of further data is voluntary; we use this to be able to address you personally if necessary.

(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the specified e-mail address and ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 48 hours, your data will be blocked and automatically deleted after one month. When you register for the newsletter, we store your IP address and the times of registration and confirmation in order to be able to prove compliance with the legal requirements during the registration process and to clarify any possible misuse of your personal data.

(3) We may pass on your data to a service provider who produces and sends the newsletter for us. The latter is contractually obliged by us neither to use personal data for its own purposes nor to pass it on to third parties.

(4) Your consent will be obtained for the processing of your data for our newsletter as part of the registration process. The legal basis is Article 6 paragraph 1 sentence 1 lit. a GDPR.

(5) You can object to the sending of newsletters and e-mails at any time with effect for the future. To do this, it is sufficient to use the unsubscribe option at the end of the newsletter or to send a message in text form to the contact details given in the imprint (e.g. by e-mail, fax, letter).

(6) We will only process your personal data until you unsubscribe from the newsletter. As soon as you withdraw your consent or unsubscribe from the newsletter, we may store your data saved during the registration process and your unsubscribed e-mail address for up to three years before deleting them. The storage is based on our legitimate interest in being able to prove your originally given consent. We will comply with a request for deletion before the expiry of three years if you confirm to us at the same time that you previously consented to the data processing.

Website hosting

(1) Our website is hosted by an external service provider ("hoster"). The personal data collected via our website is stored on the hoster's servers. Our hoster's servers are located in Germany.

(2) The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Article 6(1)(b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Article 6(1)(f) GDPR).

(3) Our hoster processes the personal data only insofar as this is necessary to fulfill its contractual obligations to us. We have concluded an order processing contract (AVV) with our hoster. This ensures that the hoster processes the personal data of our website visitors only in accordance with our instructions and in compliance with the provisions of the GDPR.

Transmission and disclosure of personal data

We only pass on personal data to third parties if:

(i) you have expressly consented (Article 6 (1) sentence 1 lit. a GDPR), or

(ii) this is necessary to carry out a pre-contractual measure requested by you or to fulfill a contractual relationship with you (Article 6 (1) sentence 1 lit. b GDPR), or

(iii) we are legally obliged to do so (Article 6 (1) sentence 1 lit. c GDPR), or

(iv) the disclosure pursuant to Article 6 (1) sentence 1 lit. f GDPR is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data.

Data transfer to third countries

We do not transfer personal data to recipients in third countries (countries outside the European Economic Area - EEA) or to an international organization.

Audio and video conferencing

(1) We currently use the video conferencing tool "Microsoft Teams" to communicate with our potential and existing customers. You can also take part in a video conference without your own Microsoft user account. If you use your own Microsoft user account to participate, additional data may be processed in accordance with the terms of your Microsoft user account.

(2) The following information will be visible to other participants who are not organizers during the conference: your name and your contributions.

(3) The following data may be collected as part of participation in the conference:

(i) Access data: e.g. an individualized link that you use to dial into the conference,

(ii) Content data: Contents of your posts, e.g. files, photos, videos shared by you,

(iii) Profile data: Data that you have voluntarily released about yourself in connection with the conference, e.g. your name. Profile data is used to address participants personally, align content with their interests and communicate more personally,

(iv) Dial-in data: e.g. the date and time you dialed into the conference and the time you left,

(v) Support/feedback data: Information related to any troubleshooting tickets or feedback,

(vi) Telemetry data: Diagnostic data related to service usage including transmission quality. This data is used for troubleshooting, securing and updating the technical service and monitoring it.

(4) We use the conference tool to communicate with prospective or existing customers or to offer certain services. The legal basis is Article 6 paragraph 1 lit. b GDPR. Furthermore, the use of the conference tool serves to generally simplify and accelerate your communication with us. The legal basis is Article 6 paragraph 1 lit. f GDPR (legitimate interest). If you have expressly given your consent to the processing of your personal data in individual cases, Article 6 (1) sentence 1 lit. a GDPR is the legal basis for the processing.

(5) When accessing the "Microsoft Teams" website, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft") is responsible for data processing. Accessing the website(https://teams.microsoft.com/) is only required for downloading the necessary software if use should/can not take place directly and without a download via an Internet browser.

(6) The use of Microsoft Teams is generally subject to the terms of use and data protection provisions of "Microsoft", over which we ourselves have no influence. To use the conference tool, you must therefore agree to Microsoft's terms of use and privacy policy. Otherwise you will not be able to use the conference tool. Detailed information can be found at:

Data protection provisions: https://www.microsoft.com/en-us/microsoft-365/microsoft-teams/download-app and https://privacy.microsoft.com/de-de/privacystatement

(7) Microsoft collects certain diagnostic and service data when providing the service and uses this data for its own purposes. To the extent that Microsoft processes personal data in connection with its own legitimate business operations, Microsoft is an independent controller within the meaning of the GDPR for such processing. Details on processing by Microsoft can be found at https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.

(8) The technical service provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin/Ireland ("Microsoft Ireland"). We have concluded a data processing agreement (DPA) with Microsoft Ireland. This ensures that Microsoft Ireland processes the personal data of our conference participants only in accordance with our instructions and in compliance with the provisions of the GDPR.

(9) Data is stored in the Microsoft Cloud. We have limited the storage location to data centers in the European Union. Therefore, data processing does not take place outside the European Union (EU). However, we cannot technically rule out the possibility of routing or storage on servers outside the European Union at Microsoft Ireland.

(10) We delete the data collected directly by us via the conference tool as soon as you ask us to delete it, you revoke your consent to storage or the purpose for data storage no longer applies, unless statutory limitation periods or statutory retention obligations prevent deletion.

(11) We have no influence on the storage period of your data that is stored by Microsoft for its own purposes. Please contact Microsoft directly for more information. There you will also receive further information on the type, scope, purpose and further processing of your data and further information on your rights in this regard and setting options to protect your privacy:

Website: https://www.microsoft.com/de-de/microsoft-teams/group-chat-software,

Data protection provisions: https://privacy.microsoft.com/de-de/privacystatement,

Microsoft Teams data protection: https://learn.microsoft.com/de-de/microsoftteams/teams-privacy.

General information on the use of cookies

When you visit our website, our web server sends so-called cookies. Cookies are very small text files that are stored on the hard disk of your end device (computer, laptop, tablet, smartphone, etc.) and assigned to the browser you use when you visit our websites. Cookies cannot execute programs or transfer viruses or Trojans to your end device. Personal data is not stored in a cookie.

Information on necessary cookies

(1) In order to simplify the use of our website for you, we use strictly necessary ("necessary") cookies. Necessary cookies ("temporary cookies") include, for example, session cookies that store information about you during a single browser session, which remain in place for each page change and are deleted when the browser is closed, cookies that store certain settings on your part for a short period of time (e.g. log-in data, language settings or other settings on our website), cookies for uniform load distribution on the server, contact form cookies that store the answer to a question on the contact form, multimedia cookies to play media log-in data, language settings or other settings on our website), cookies for even load distribution on the server, contact form cookies that store the answer to a question via the contact form, multimedia cookies for playing media content (e.g. Flash player, vimeo), opt-out cookies with which cookie consents can be revoked, the cookie that records the consent status for other cookies, cookies from messenger services. You can find out which cookies we use in our cookie banner.

(2) The purpose of using necessary cookies is to enable you to use our websites and to ensure optimal usability. Some functions of our website cannot be offered without the use of cookies. The user data collected by the necessary cookies is not used to create user profiles.

(3) The necessary cookies are used on the basis of legitimate interests (Article 6 (1) sentence 1 lit. f GDPR).

Information on non-essential cookies

(1) We occasionally use non-essential cookies ("permanent cookies"). Such cookies enable us, for example, to analyze the use of our website in order to make the Internet offer more user-friendly and effective and to improve the content. Furthermore, when you visit our website again, it automatically recognizes that you have already visited our website and which entries and settings you have made so that you do not have to enter them again. You can find out which cookies we use in our cookie banner.

(2) Non-essential cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

(3) The use of non-essential cookies is based on your consent (Article 6 (1) sentence 1 lit. a GDPR). You can revoke your consent at any time with effect for the future.

Information on the technical deactivation of cookies

You can allow or prohibit temporary, permanent and other cookies independently of each other in the security settings of your browser. Help menus for the most common browsers can be found under the following links:

Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09?tid=111983446

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: http://help.opera.com/Windows/10.20/de/cookies.html

If cookies are deactivated, you can surf our website without restrictions. However, you may not be able to use all the functions of our website if you deactivate the necessary cookies.

Consent to the use of cookies, objection

(1) The use of necessary cookies does not require consent, nor is there an option to object. You can only deactivate such cookies by changing your browser settings.

(2) We require your consent for the storage and reading of cookies that are not technically necessary. We draw your attention to this on our website.

(3) If you do not agree to the storage and analysis of the data from your visit, you can object to the storage and use of technically unnecessary data at any time. If you object, the use of cookies and the associated data processing will cease for the future. Your objection has no disadvantages for the use of our website, unless you also deactivate the functions of the technically necessary cookies.

(4) You can object to the use of third-party cookies and the associated data processing at any time as follows: (i) You can set your browser to prevent our website from setting cookies. (ii) You can click on the opt-out link provided by the respective service provider for the individual processing operations and deactivate the further use of cookies and the associated data processing there. (iii) You can, for example, download and install Google's opt-out add-on for your browser. Opt-out cookies prevent the future collection of your data by Google services when you visit this and other websites. To prevent data collection on different end devices, you must install the "opt-out" add-on on all the end devices you use. An objection to the use of cookies for online marketing purposes can also be declared via other services, e.g. via the websites https://optout.aboutads.info and https://youronlinechoices.com/.

Linking to social media

(1) You will find buttons from the following social media services on our website: Facebook, Instagram, YouTube, LinkedIn.

(2) The legal basis for setting the buttons is Article 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in the advertising purpose of increasing the attractiveness of our website and raising the profile of our company.

(3) For data protection reasons, we have deliberately decided against using direct plug-ins from social networks on our website. By placing the buttons, we do not establish a direct connection from your Internet browser to the servers of the respective provider of the integration. It is merely a redirection through a link. Only when you actively click on the button of a network and thereby activate it does your browser establish a connection to the respective network and content from its site is loaded. The network provider (operator) receives the information that you have accessed the corresponding web page of our website. In addition, the data specified in the section "Processing of personal data when visiting our website" is transmitted to the respective provider and processed there (in the case of US providers in the USA). In the case of Facebook, according to the respective provider in Germany, the IP address is anonymized immediately after collection.

(4) Network operators store the data collected about you as user profiles and use these profiles for the purposes of advertising, market research and/or the needs-based design of their websites. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the respective social network about your activities on our website. We have no influence on the data and data processing procedures collected by the respective provider, nor are we aware of the scope of the data collection, the purposes of the processing, the storage periods or information on the deletion of the collected data.

(5) Since network operators use cookies in particular for data collection, we recommend that you delete all cookies in your browser's security settings before clicking on a network button. We also recommend that you log out of the relevant networks before visiting our website, but especially before clicking on a button, if you want to prevent the operators from directly assigning the data collected during your visit to our website to your profile. You also have the right to object to the creation of user profiles, whereby you must contact the respective network operator to exercise this right.

(6) Further information on the type, scope, purpose and further processing of your data by the network operator can be obtained from the operator. There you will also find further information on your rights in this regard and setting options to protect your privacy:

Facebook: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;

Information on data protection: https://www.facebook.com/privacy/center/.

Instagram: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;

Information on data protection: https://privacycenter.instagram.com/policy/.

YouTube: Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland;

Information on data protection: https://policies.google.com/privacy?hl=de&gl=de.

LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;

Information on data protection: https://www.linkedin.com/legal/privacy-policy; opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Your rights as a data subject

(1) Subject to the legal requirements, you have the following rights with regard to your personal data:

Right of access (Article 15 GDPR)
Right to rectification (Article 16 GDPR)
Right to erasure (Article 17 GDPR)
Right to restriction of processing (Article 18 GDPR)
Right to object to processing (Article 21 GDPR)
Right to data portability (Article 20 GDPR)

(2) If you have given us your consent to process your personal data, you have the right to withdraw your consent at any time with effect for the future (Article 7 (3) GDPR). The revocation has no influence on the legality of the processing in the past. After revocation, we may only continue to process your personal data to the extent that we can base the processing on another legal basis (e.g. to fulfill a contract).

(3) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us (Article 77 GDPR).

Data security

When you visit our website, we use the widespread TLS method in conjunction with the highest level of encryption supported by your browser. As a rule, this involves 256-bit encryption. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the address bar of your browser. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Up-to-dateness and amendment of this privacy policy

This privacy policy has the status stated at the end. Due to the further development of our website and the offers via the website or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current privacy policy can be accessed and printed out on our website at any time.

Status: December 2023