Privacy Policy

Content

1 General information
1.1 Objectives and responsibilities
1.2 Legal bases
1.3 Rights of data subjects
1.4 Data deletion and storage duration
1.5 Security of processing
1.6 Transmission of data to third parties, subcontractors and third-party providers

2 Processing in the context of our Online Services
2.1 Collection of information on the use of the Online Services
2.2 Contact form and contact via email
2.3 Links to other websites
2.4 Google Analytics
2.5 MyFonts

3 Processing for the purpose of executing our business processes
3.1 Direct marketing
3.2 Advertising to existing customers
3.3 Responding to enquiries about projects

4 Cookie policy
4.1 General information
4.2 Overview of cookies
4.3 Options to object

5 Amendments to the Privacy Policy


1 General information

1.1 Objectives and responsibilities

  1. This Privacy Policy notifies you about the type, extent and purpose of processing activities concerning personal data related to our online services and the associated web pages, functions and content (hereinafter referred to collectively as “Online Services” or “Website”). Details about these processing activities can be found in section 2.
  2. Details about data processing activities undertaken for the purpose of carrying out our business processes are described in section 3.
  3. The provider of the Online Services and the controller under data protection law is PGE Grundstücksgesellschaft Europaviertel mbH (Projektbüro “Timber Pioneer”, Pariser Straße 6, 60486 Frankfurt am Main, Germany), hereinafter referred to as “Provider”, “we” or “us”.
  4. Our Online Services are made available by PORR AG (Absberggasse 47, 1100 Vienna, Austria).
  5. Our data protection officer is: Sven Meyzis – IT.DS Beratung (Phone: 0049 40-21091514 / email: s.meyzis@itdsb.de).
  6. The term “User” covers all users of and visitors to the Online Services.

1.2 Legal bases

We collect and process personal data in accordance with the following legal bases:
a. Consent pursuant to Article 6 (1) (a) General Data Protection Regulation (GDPR). “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by other clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
b. Necessity for the performance of a contract or in order to take preparatory steps pursuant to Article 6 (1) (b) GDPR, i.e. the data is necessary in order for us to be able to fulfil the contractual obligations towards you or we require the data in order to prepare to enter into a contract with you.
c. Processing in order to comply with a legal obligation pursuant to Article 6 (1) (c) GDPR, i.e. processing of the data is prescribed e.g. by law or other stipulations.
d. Processing in order to preserve legitimate interests pursuant to Article 6 (1) (f) GDPR, i.e. the processing is necessary to preserve our legitimate interests or those of third parties, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

1.3 Rights of data subjects

Your rights in respect of data processing by us are as follows:
a. The right to lodge a complaint with a supervisory authority pursuant to Article 13 (2) (d) GDPR and Article 14 (2) (e) GDPR
b. Right of access pursuant to Article 15 GDPR
c. Right to rectification pursuant to Article 16 GDPR
d. Right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR
e. Right to restriction of processing pursuant to Article 18 GDPR
f. Right to data portability pursuant to Article 20 GDPR
g. Right to object pursuant to Article 21 GDPR
Note: Users may object to the processing of their personal data at any time with future effect in accordance with the statutory provisions. They may object in particular to processing for purposes of direct advertising.
Without prejudice to any other administrative or judicial remedy, you have a right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or of the alleged infringement, if you are of the opinion that the processing of the data concerning you is in breach of the GDPR.

1.4 Data deletion and storage duration

  1. The data subjects’ personal data will be erased or made unavailable as soon as the purpose of storage ceases to apply. Data may additionally be stored if this is provided for by European or national legislators under EU regulations, legal acts or other stipulations to which the controller is subject. The data will also be made unavailable or erased if a storage period prescribed by the specified regulations expires, unless continued storage of the data is required in order to enter into or carry out a contract.
  2. To the necessary extent, we will process your personal data for the duration of our business relationship, which for instance also extends to the initiation and execution of a contract. Additionally, we are subject to various retention and documentation obligations arising under the German Commercial Code (Handelsgesetzbuch, HGB) and the German Fiscal Code (Abgabenordnung, AO). The retention and/or documentation periods stipulated therein are six years for correspondence related to the conclusion of a contract and ten years for accounting records (sections 238, 257 (1) and (4) HGB, section 147 (1) and (3) AO). Such retention and documentation obligations apply in particular in cases where you enter into a contract with us. Ultimately, the storage duration is also determined by the statutory limitation periods, which are generally three years for instance under sections 195 et seq. German Civil Code (Bürgerliches Gesetzbuch, BGB), but in certain cases may also be up to thirty years. We will delete the data on expiry of the retention and documentation obligations as well as the applicable limitation periods. Log files and cookies will be deleted within the periods specified below.

1.5 Security of processing

  1. We have implemented technical and organisational security measures (TOMs) that are both adequate and comply with the state of the art. As a result, the data processed by us is protected from chance or intentional manipulation, loss, destruction and unauthorised access.
  2. The security measures include in particular the encrypted transfer of data between your browser and our server.

1.6 Transmission of data to third parties, subcontractors and third-party providers

  1. Personal data will only be transmitted to third parties within the framework of the statutory provisions. We will only pass Users’ data to third parties if this is necessary for e.g. invoicing purposes or for other purposes if the transmission is necessary to satisfy contractual obligations vis-à-vis the Users.
  2. Where we deploy subcontractors for our Online Services, we have put in place suitable contractual precautions as well as corresponding technical and organisational measures vis-à-vis these companies.
  3. Where we use content, tools or sundry resources of other companies (hereinafter referred to collectively as “Third-Party Providers”) and their specified headquarters are located in a third country, it can be assumed that data will be transferred to the countries of the Third-Party Providers’ headquarters. We will only transmit personal data to third countries if an appropriate level of data protection is in place, the Users have consented or another form of statutory authorisation applies.

2 Processing in the context of our Online Services

2.2 Collection of information on the use of the Online Services

  1. When using the Online Services, information is automatically transmitted from the User’s browser to us; this includes name of the webpage accessed, file, date and time of the access, data volume transferred, report of successful access, browser type including version, User’s operating system, referrer URL (the previous page visited), IP address and the requesting provider.
  2. This information is processed on the basis of legitimate interests pursuant to Article 6 (1) (f) GDPR (e.g. optimisation of the Online Services) as well as to guarantee the security of the processing pursuant to Article 5 (1) (f) GDPR (e.g. to avert and investigate cyber-attacks).
  3. The information will be deleted automatically 30 days after the connection – i.e. use of the Online Services – is ended, unless this is precluded by other retention periods.
  4. The collection of the data and storage thereof in log files is essential for the provision of the Online Services. For that reason, the User has no option of deletion, objection or rectification.

2.2 Contact form and contact via email

  1. If you contact us, your data (name and contact details, if provided by you) and your message will be used exclusively for the purpose of processing and handling your enquiry. We will process this data on the basis of Art. 6 (1) (a) GDPR (consent) in order to deal with your enquiry.
  2. The data will only be used for other purposes subject to the User’s consent.

2.3 Links to other websites

  1. When using some of our services, you may be automatically forwarded to other websites; this occurs for example via references in blog articles.
  2. Please note that this Privacy Policy does not apply there. The privacy policy of the website to which the link refers may vary significantly from this one.

2.4 Google Analytics

  1. We deploy Google Analytics, a web analytics service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) – hereinafter referred to as “Google”, on the basis of your consent for the purpose of analysing, optimising and economically operating our Online Services pursuant to Art. 6 (1) (a) GDPR. Google uses cookies and other technologies. Information about the Users’ usage of the Online Services generated by the service will be transferred to a server of Google in the USA and processed there.
  2. Google acts for us as a processor pursuant to Article 28 GDPR. We have entered into a data protection agreement with Google that contains the EU standard data protection clauses.
  3. Additionally, we have entered into a joint controller agreement pursuant to Article 26 GDPR with Google for the use of Google’s measurement services (cf. https://support.google.com/analytics/answer/9012600). In this context, we have agreed with Google to bear responsibility for complying with the information obligations and for guaranteeing the rights of data subjects pursuant to chapter 3 GDPR as well as for the security of the processing and the reporting/notification obligations (Article 32 to 34 GDPR). Google uses this information to analyse Users’ usage of our Online Services, to compile reports on activity within these Online Services, and to provide further services connected to the use of these Online Services and Internet for our benefit. In the course of this, pseudonymised user profiles of the Users may be created using the processed data.
  4. We use Google Analytics to ensure that the advertisements placed within the advertising services of Google and its partners are only shown to those Users who have also demonstrated an interest in our Online Services or who demonstrate certain characteristics (e.g. interest in certain topics or products that can be determined via the websites visited), which we transmit to Google (known as “Remarketing Audiences”, or “Google Analytics Audiences”). We also seek to use the Remarketing Audiences to ensure that our advertisements are in line with the Users’ potential interests and do not appear bothersome.
  5. We deploy Google Analytics with activated IP anonymisation.
  6. Google Analytics stores cookies in your web browser for a period of two years from your last visit. These cookies contain a randomly generated user ID that enables you to be identified again on future visits to the Website. Users can prevent cookies from being stored by making a corresponding setting in their browser software. Users can further prevent the information generated by the cookie about their use of the Online Services from being transmitted to and processed by Google by downloading and installing the browser plug-in available from the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB
  7. The recorded data is stored along with the randomly generated user ID, enabling the analysis of pseudonymised user profiles. This user-related data is automatically deleted after 26 months. Other data is stored for an indefinite period in an aggregated form.
  8. For further information on the use of data by Google as well as options concerning settings and revocation, refer to Google’s websites:

2.5 MyFonts

  1. This Website uses web fonts from myfonts.com on the basis of Art. 6 (1) (f) GDPR. The web fonts are hosted locally on our server.
  2. The licence terms require page-view tracking to be performed. This involves the number of visits to our Website being counted for statistical purposes and transmitted to MyFonts. MyFonts Counter is a service provided by MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA.
  3. Further information on data protection at MyFonts can be found via the following link: https://www.myfonts.com/legal/website-use-privacy-policy.
  4. To prevent MyFonts from executing JavaScript code altogether, you can install a JavaScript blocker (e.g. www.noscript.net).

3 Processing for the purpose of executing our business processes

3.1 Direct marketing

  1. If you have provided your consent to us, we will regularly notify you by email about new products and services as well as construction projects. We use your name and your email address for this purpose. The legal basis for data processing is Art. 6 (1) (1) (a) GDPR. You can revoke your consent at any time with future effect, e.g. via the link at the end of each email.
  2. Our newsletter will only be sent via email with your prior, express consent in accordance with the double opt-in principle: on registering for the newsletter on our Website, you will receive an email in which you are asked to confirm your newsletter registration. This ensures that no third party has been fraudulently using your data.
  3. During the registration for the newsletter, we further obtain your consent for newsletter tracking for the purpose of personalised advertising and market research performed by us. Using what are known as tracking pixels or web beacons and links, each of which is linked to an individual ID, we collect the following personal tracking information in conjunction with the use of our newsletters:
    – Opening the newsletter, clicking the links contained therein, sending a form on our Website after clicking a link contained in the newsletter (as well as the time when these actions were performed)
    – Type of end device used if you click on images or links in the newsletter
    – Behaviour on our Website if you access this via a link in our newsletter (as well as the time when these actions were performed)
    – The place where access was made if you click on images or links in the newsletter (by matching your IP address, although we do not store this)
    We save this data in your user profile, which is matched to the data entered when you register for the newsletter. We use this data to analyse and optimise our email marketing as well as for purposes of personalised advertising and market research. This enables us to provide you with personal information on products, services and offers that are of particular interest to you via our newsletter. You can revoke your consent to this data processing at any time with future effect by unsubscribing from the newsletter. It is not (currently) technically possible to deactivate newsletter tracking in isolation. We delete the tracking data when you unsubscribe from our newsletter. This has no bearing on data stored by us for the other purposes.
  4. We use MailChimp, a service of the provider Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (“MailChimp”) to send and analyse the emails. When sending and analysing the emails, data is processed on MailChimp’s servers in the USA. MailChimp acts as a processor for us within the meaning of Art. 4 (8) GDPR.
    If you unsubscribe from our newsletter, your data (including the tracking data) is also deleted on MailChimp’s servers.
    For further information, refer to MailChimp’s Privacy Policy (https://mailchimp.com/legal/privacy/).

3.2 Advertising to existing customers

  1. If you have bought services from us in the past, we may notify you about similar services (especially new construction projects) by email or letter, provided you have not objected to this.
  2. The legal basis for data processing is Art. 6 (1) (1) (f) GDPR. We have a legitimate interest in direct advertising (recital 47 GDPR). You may object to your email address and postal address being used for advertising purposes at any time at no extra cost with future effect.

3.3 Responding to enquiries about projects

In the event of enquiries about developers’ projects, we shall pass the data communicated in your enquiry to the developer or broker of the project in question, provided this is necessary or expedient in order for your enquiry to be answered and/or contractual or precontractual measures to be performed.

4 Cookie policy

4.1 General information

  1. Cookies comprise information that is transferred from our web server or third-party web servers to the Users’ web browser and stored there to be retrieved subsequently. Cookies may constitute small files or other types of information storage.
  2. If Users do not wish cookies to be saved on their computer, they are requested to deactivate the corresponding option in their browser’s system settings. Stored cookies may be deleted in the browser’s system settings. The exclusion of cookies may result in the functionality of this online service being limited.

4.2 Overview of cookies

NameProviderPurposeDuration
_gaGoogleRegisters a unique ID used to generate statistical data on how the visitor uses the website.1 month
_gatGoogleUsed by Google Analytics to throttle the request rate.Browser session
_gid GoogleRegisters a unique ID used to generate statistical data on how the visitor uses the website.1 day

4.3 Options to object

You can object to the use of cookies that are used to measure reach and for advertising purposes via:
a. the deactivation page of the Network Advertising Initiative: http://optout.networkadvertising.org/
b. the US website http://www.aboutads.info/choices
c. the European website http://www.youronlinechoices.com/uk/your-ad-choices/

5 Amendments to the Privacy Policy

  1. We reserve the right to modify this Privacy Policy in respect of data processing in order to adapt it to changes in legal circumstances, changes to the Online Services or to the data processing.
  2. If the Users’ consent is required or components of the Privacy Policy contain provisions of the contractual relationship with the Users, the amendments shall only be made with the Users’ consent.
  3. The Users are requested to regularly update themselves regarding the content of this Privacy Policy.

Last revised: 19 February 2021