Privacy Policy

Preamble

The following privacy policy is to inform you about which types of your personal data (hereinafter also abbreviated as "data") we process for which purposes and in which scope. The privacy statement applies to all processing of personal data on your part, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").

The terms used are not gender-specific.

Lastest update: 6. October 2022

Table of contents

• Preamble
• Controller
• Overview of processing operations
• Legal bases for processing
• Security precautions
• Provision of online services and web hosting
• Rights of data subjects

Controller

HARDEGGER ARCHITECTS GMBH
HARDEGGER ENGINEERING GMBH
Neuer Wall 75
20354 Hamburg, Germany

Authorised representatives:
Alexander Hardegger, Shareholder
office@hardegger-architects.com
office@hardegger-engineering.com
Phone: +494032509170

Overview of processing operations

The following table summarizes of processed, the purposes for which they are processed and the concerned data subjects.

Categories of processed data

• Usage data.
• Meta/communication data.

Categories of data subjects

• Users.
• Purposes of processing
• Provision of contractual services and customer support.
• Security measures.
• Provision of our online services and usability.
• Information technology infrastructure.

Legal bases for the processing

Below please will find an overview of the legal basis of the General Data Protection Regulation (GDPR) on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions of your or our country of residence or domicile may apply. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

Legitimate interests (Article 6 (1) (f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In addition to the data protection regulations of the GDPR, national regulations apply to data protection in Germany. They include in particular the Law on Protection against Misuse of Personal Data in Data Processing (Bundesdatenschutzgesetz - BDSG). In particular, the BDSG contains special provisions on the right to access, the right to erase, the right to object, on the processing of special categories of personal data, processing for other purposes and transmission as well as on automated individual decision-making, including profiling. Furthermore, it regulates data processing for enployment-related purposes (§ 26 BDSG), in particular with regard to the establishment, execution or termination of employment relationships as well as the consent of employees. Furthermore, data protection laws of the individual federal states may apply.

Security precautions

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, posed by the processing, in order to ensure a level of security appropriate to the risk involved.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of the data by controlling the physical and electronic access to the data as well as the related storage, the input, transmission, securing the availability of and separation of the data. In addition, we have established procedures to ensure that the rights of the data subjects are respected, that data is erased and that we are prepared to respond to data threats rapidly. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and service providers, in accordance with the principle of privacy by design and privacy by default.

TLS encryption (https): To protect your data transmitted via our online services, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Provision of online services and web hosting

We process user data in order to be able to provide them with our online services. For this purpose, we process the user's IP address of the user, which is necessary to transmit the content and functions of our online services to the user's browser or terminal device.

• Processed data types: usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
• Data subjects: users (e.g. website visitors, users of online services).
• Purposes of processing: provision of our online services and usability; information technology infrastructure (operation and provision of information systems and technical devices, such as computers, servers, etc.).); security measures; provision of contractual services and customer support.
• Legal basis: legitimate interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

• Provision of online offer on rented hosting space: For the provision of our online services, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also referred to as a "web hoster"); Legal basis: legitimate Interests (Article 6 (1) (f) GDPR).
• Collection of access data and log files: Access to our online services is logged in the form of so-called "server log files". Server log files may include the address and name of the web pages and files accessed, the date and time of access, the data volumes transferred, the notification of successful access, the browser type and version, the user's operating system, the referrer URL (the previously visited page) and, as a general rule, the IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability and optimal load balancing of the servers; legal basis: legitimate interests (Article 6 (1) (f) GDPR); retention period: log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidence purposes is excluded from deletion until the respective incident has been finally clarified.
• IONOS by 1&1: services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacities); service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; legal basis: legitimate interests (Article 6 (1) (f) GDPR); website: https://www.ionos.com; Privacy Policy: https://www.ionos.com/terms-gt...; Data Processing Agreement: https://www.ionos.de/hilfe/dat....

Rights of data subjects

As data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

• Right to object: You have the right, on grounds arising from your particular situation, to object at any time to the processing of your personal data which is based on letter (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.
• Right of withdrawal for consents: You have the right to revoke your consents at any time.
• Right of access: You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with the provisions of the law.
• Right to rectification: You have the right, in accordance with the law, to request the completion of the data concerning you or the rectification of any incorrect data concerning you.
• Right to erasure and right to restriction of processing: In accordance with the statutory provisions, you have the right to demand that the relevant data be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.
• Right to data portability: You have the right to receive data concerning you which you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transmission to another controller.
• Complaint to the supervisory authority: In accordance with the law and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State where you habitually reside, the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Supervisory authority competent for us:

The Hamburg Commissioner for Data Protection and Freedom of Information
Thomas Fuchs
Ludwig-Erhard-Str. 22, 7.OG
20459 Hamburg
Phone: +49 (0)40 42 854 - 4040
mailbox@datenschutz.hamburg.de
www.datenschutz-hamburg.de