Skip to content
Clever Buildings Clever Buildings
DE

Privacy policy

Data protection is an important matter and we handle your data with care. This privacy policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as „data") within our online offer and the websites, functions and content associated with it, as well as external online presences (hereinafter jointly referred to as „online offer"). With regard to the terms used, such as „processing" or „controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

Johann Schäfer
Hausener Hof 24
53547 Hausen (Wied)
Email: info@clever-buildings.de
Imprint: /en/imprint

Types of data processed

Categories of data subjects

Visitors and users of the online offer (hereinafter jointly referred to as „users").

Purpose of processing

Terminology

„Personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

„Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers practically every handling of data.

The „controller" is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

A „processor" is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Legal bases

In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. Unless the legal basis is named in the privacy policy, the following applies: the legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR; the legal basis for processing in order to fulfil our services and carry out contractual measures as well as to respond to enquiries is Art. 6 (1) (b) GDPR; the legal basis for processing to comply with our legal obligations is Art. 6 (1) (c) GDPR; and the legal basis for processing to protect our legitimate interests is Art. 6 (1) (f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

Security measures

We take appropriate technical and organisational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

Cooperation with processors and third parties

Insofar as we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this is done only on the basis of legal permission, with your consent, on the basis of a legal obligation or on the basis of our legitimate interests (e.g. when using webhosters). If we commission third parties to process data on the basis of a so-called „data processing agreement", this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this happens in the context of the use of third-party services or disclosure or transfer of data to third parties, this is only done if it is necessary for the fulfilment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the EU-US Data Privacy Framework, DPF) or compliance with officially recognised special contractual obligations (so-called „standard contractual clauses").

Rights of data subjects

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to obtain access to that data and further information as well as a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to demand that data concerning you be completed or that incorrect data concerning you be corrected.

In accordance with Art. 17 GDPR, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 GDPR, to demand a restriction of the processing of the data.

You have the right to demand that the data concerning you that you have provided to us be received in accordance with Art. 20 GDPR and to demand its transmission to other controllers.

You also have the right under Art. 77 GDPR to lodge a complaint with the competent supervisory authority (in Rhineland-Palatinate: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz).

Right of withdrawal

You have the right to withdraw consent that has been granted in accordance with Art. 7 (3) GDPR with future effect.

Right to object

You can object to the future processing of data concerning you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against processing for the purposes of direct marketing.

Cookies and right to object to direct marketing

„Cookies" are small files that are stored on users' computers. Different information can be stored within cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offer.

This website currently does not use its own tracking cookies or third-party cookies for marketing/analysis purposes. If technically necessary cookies are used (e.g. for the function of the website), this is done on the basis of Art. 6 (1) (f) GDPR (legitimate interest in the operation of the site).

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

Deletion of data

The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated within the framework of this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

Under statutory regulations in Germany, retention is in particular for 10 years pursuant to §§ 147 (1) AO, 257 (1) no. 1 and 4, (4) HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years pursuant to § 257 (1) no. 2 and 3, (4) HGB (commercial letters).

Business-related processing

In addition, we process:

from our customers, prospects and business partners for the purpose of providing contractual services, service and customer care.

Contact

When you contact us (e.g. by email or phone), the user's information is processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) (b) GDPR (in the context of contractual / pre-contractual relationships) or Art. 6 (1) (f) GDPR (other enquiries).

We delete the requests if they are no longer required. We review the necessity every two years; the statutory archiving obligations also apply.

Hosting and email delivery

This website is hosted by:
goneo Internet GmbH, Pulheim, Germany
Website: www.goneo.de

The hosting services used by us serve to provide the following services: infrastructure and platform services, computing capacity, storage and database services, email delivery, security services and technical maintenance services that we use for the purpose of operating this online offer.

In doing so, we or our hosting provider process master data, contact data, content data, contract data, usage data, meta and communication data of customers, prospects and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR. A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with the hosting provider.

Collection of access data and log files

We or our hosting provider collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 (1) (f) GDPR. Access data includes the name of the accessed web page, file, date and time of the request, amount of data transferred, successful retrieval message, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is necessary for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.

Video surveillance under client orders

Insofar as we plan and install video surveillance systems as part of client orders, it is not Clever Buildings but the respective operator who is the controller under data protection law within the meaning of the GDPR. We advise our clients on their obligations and document the necessary measures (fields of view, information signage, record of processing activities, retention concept).