Below please find our statement on the collection of personal data when using our site. Personal data means all data that can be related to you such as name, address, e-mail address, user behaviour.
Name and address of controller
Controller in terms of the GDPR and other national data protection laws or Member State data protection laws and other data protection regulations:
kadawittfeldarchitektur gmbh
aureliusstraße 2
52064 aachen
fon +49(0)241-946 90 0
fax +49(0)241-946 90 20
office@kadawittfeldarchitektur.de
www.kadawittfeldarchitektur.de
statutorily represented by:
Dipl.-Ing. Arch. BDA Gerhard Wittfeld
Mag. Arch. Kilian Kada
Univ. em. Prof. DI Arch. Klaus Kada
General notes on data processing
Extent to which personal data are processed
We collect and use our users’ personal data only for the purpose of providing a properly working site, our contents and services.
When contacting us by e-mail or via our contact form your communicated data (your e-mail address, your name (if necessary) and your phone number) will be stored by us in order to answer your questions. All data produced in this connection will be deleted as soon as a storage thereof will no longer be required or the use thereof will be restricted to discharge statutory storage obligations.
Collection of personal data when visiting our site
When using our site for informational purposes only, i.e. if you do not register or transfer any other information, we will collect only those personal data your browser transfers to our server.
If you want to look at our site, our system automatically collects the following data we need technically in order to show you our site and to ensure both stability and security (legal basis: Art. 6, para. 1, sentence 1 f, GDPR):
– IP address
– date and time of access
– content of request (specific site)
– access status / HTTP status code
– data volume transferred
– site sending request
– information about browser type and version
– operating system and surface
– language and version of browser software
Cookies
In addition to the aforementioned data cookies will be stored on your computer when using our site. Cookies are small text files stored on your hard disk drive and assigned to the browser used. The party (here: we) having placed the cookie will receive certain information. Cookies can’t execute any programmes or infect your computer with viruses. They are used to ensure more user-friendly and more effective web services.
Use of cookies:
a) This site uses the following cookies the extent and functionalities of which are as follows:
– transient cookies (see b)
– persistent cookies (see c)
b) Transient cookies are automatically deleted when closing a browser; this includes session cookies, in particular, storing a so-called session ID that can be used to assign different browser requests to a joint session. This way your computer can be identified when returning to our site. Session cookies will be deleted, if you log out or close your browser.
c) Persistent cookies are automatically deleted after a specific period of time that may vary depending on the respective cookie. You can delete cookies by way of corresponding security settings of your browser.
d) You can configure your browser settings as needed. Please note that depending on specific settings you will not be able to use all functionalities of this site.
Deletion and storage period
Personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to exist. Personal data can also be stored, if this is provided for by European or national legislators, by EU directives, laws or other regulations the controller is subject to. Data will also be blocked or deleted, if the storage period provided for by such standards expires unless there is a need for further storage of data for a contract to be concluded or performed.
Purpose of data storage
A temporary storage of an IP address by the system is required to transfer the site to a user’s computer. For this purpose a user’s IP address must be stored for the respective session.
These purposes constitute our legitimate interest in data processing pursuant to Art. 6, para. 1 f, GDPR.
Storage period
Data will be deleted as soon as they are no longer needed to achieve the purpose of collec-tion. In case of data needed to provide the site this means the end of the respective session.
If data are stored in log files this means after seven days at the latest. Storing beyond that date could be possible. In such case the users’ IP addresses will be deleted or scrambled in a way that they can no longer be assigned to the requesting client.
Objection and removal
Recording data for the purpose of providing the site as well as storing data in log files is ab-solutely necessary to operate the site. Hence a user cannot file any objection in this respect.
E-mail contact
Details and extent of data processing
When visiting our site you may contact us by e-mail. If a user exercises this option, all data sent along with an e-mail will be transferred to us and stored. These data constitute a user’s personal data transferred along with an e-mail.
In this connection no data are transferred to third parties. Data are solely processed for the purpose of conversation.
Legal basis for data processing
Processing of data transferred in the course of sending an e-mail is based on Art. 6, para. 1 f, GDPR. If an e-mail contact aims at the conclusion of a contract, processing is also based on Art. 6, para. 1 b, GDPR.
Purpose of data processing
We exclusively process personal data for the purpose of dealing with a contact. If contacted by e-mail this constitutes a legitimate interest in processing data.
Storage period
Data will be deleted as soon as they are no longer needed for the purpose of the collection thereof. In case of personal data transferred via e-mail this is the end of the respective con-versation with a user. It is terminated if considering the circumstances it can be deduced that the situation was finally clarified.
Objection and removal
If a user contacts us by sending an e-mail, he/she may at any time object to a storage of per-sonal data. In such case a conversation cannot be continued.
All personal data stored in the course of establishing a contact will be deleted in such case.
Information on the collection and storage of personal data as well as the type and purpose of use when using the form kadawittfeldarchitektur Materialkataster
On our website, under the navigation point ‘About Us’, there is the possibility to enter products into our material register. For this purpose, an Office 365 form is linked via Microsoft Forms. The provider is Microsoft Corporation (“Microsoft”), One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft declares that it has complied with the requirements under the GDPR since May 2018. Data processed within Microsoft Forms is encrypted both at rest and in transit. Your data (name, email address and note) may be transferred to Microsoft servers in the EU as part of the processing. For more information about privacy for Microsoft Forms, click here. For more information about your data handling rights under the GDPR at Microsoft, click here.
Our social media services
We provide online presences in social media and on platforms in order to communicate with active customers, prospective customers and users and to inform them about our services.
In this context user data may be processed outside the European Union which may involve risks to users (for example, it could be more difficult to enforce user rights). In regard to US providers certified under the Privacy Shield it is pointed out that they undertake to comply with EU data protection standards.
Networks and platforms generally process user data for market research and advertising purposes and they create user profiles on the basis of a user’s behaviour and the resulting interests. Such profiles could be used to place customized advertisements inside and outside platforms. For this purpose cookies containing a user’s behaviour and interests are stored on a user’s computer. In usage profiles, data can be stored irrespective of the device used by a user (if a user is registered on the respective platforms and logged in, in particular).
Our legitimate interest in an effective information of users and communication with them is the legal basis for the processing of personal data of users (Art. 6, point 1f, GDPR). If platform operators ask users for their consent to data processing (i.e. if users consent e.g. by ticking a control box or by clicking on a button) Art. 6, point 1 a, GDPR, is the legal basis for processing.
Please note the following linked data protection regulations and privacy statements of the following providers and the respective ways of data processing and opt-outs.
As regards information requests and an enforcement of user rights it is pointed out that they can be enforced most effectively by contacting the respective providers as they have access to user data thus being able to take corresponding action and furnish information. If you need help, don’t hesitate to contact us.
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Statement:
https://www.facebook.com/about/privacy/
Opt-Out:
https://www.facebook.com/settings?tab=ads
and
http://www.youronlinechoices.com
Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Instagram (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2) – Privacy Statement/ Opt-Out: http://instagram.com/about/legal/privacy/.
Embedded YouTube videos and Vimeo videos
(1) We embed YouTube videos and Vimeo videos in our online services. They are stored at http://www.YouTube.com und http://www.vimeo.com and can be viewed directly on our site. All YouTube videos are subject to the “extended data protection mode”, i.e. no user data will be transmitted to YouTube, if you don’t play the video. If you play the video, the data referred to in par. 2 will be transmitted. We don’t have any influence on such data transmission.
(2) By playing videos and visiting the respective site YouTube and/or Vimeo will be informed that you accessed the respective sub-page of our site. Furthermore, the personal data referred to in this statement will be transmitted irrespective of whether YouTube or Vimeo provide a user account you are logged in or whether there is no such account. If you have logged into Google, your data will be assigned directly to your account when accessing YouTube videos. If you don’t want such assignment, you will have to log out before clicking on the button. YouTube and Vimeo store your data as usage profiles and they are used for marketing purposes, market research and/or an adequate design of their site. Such analysis is used, in particular, for customised advertising (also for users not logged in) and in order to inform other social network users about your activities on our site. You have the right to object to the creation of such usage profiles. You are required to contact YouTube and/or Vimeo in this respect.
(3) Additional information about purpose and extent of data collection and data processing by YouTube are included in the respective privacy statement. There you will also find information about your rights and settings to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and submitted itself to the EU-US Privacy Shield
https://www.privacyshield.gov/EU-US-Framework
Additional information about purpose and extent of data collection and data processing by Vimeo can be found in the respective privacy statement. There you will also find information about your rights and settings to protect your privacy. Vimeo also processes your personal data in the USA and submitted itself to the EU-US Privacy Shield; according to Vimeo an adequate data protection level is provided by meeting the Privacy Shield requirements (https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active).
Rights of person concerned
If your personal data are processed, you are a person concerned in terms of the GDPR and you can exercise the following rights towards the controller:
Right of information
You may require the controller to confirm whether personal data concerning you are pro-cessed by us.
If such data are processed, you can require the controller to furnish the following infor-mation:
(1) purposes for which personal data are processed;
(2) categories of personal data processed;
(3) recipients and/or categories of recipients to which the respective personal data were / will be disclosed;
(4) intended period of storage of personal data concerning you or, lacking specific infor-mation, storage period criteria;
(5) existing rights to correct or delete personal data concerning you, the right to restrict processing by the controller or the right to object to such processing;
(6) right of objection that can be filed with a supervisory authority;
(7) all available information about the origin of the data, if personal data are not collected from the person concerned;
(8) existing automatic individual decision-making including profiling pursuant to Art. 22, pa-ra. 1 and 4, GDPR and – at least in such cases – meaningful information about the logic involved and the consequences and intended effects of such processing for the person concerned.
You are entitled to demand information whether personal data concerning you will be trans-ferred to a third-party country or to an international organization. In this respect you may demand information about suitable safeguards pursuant to Art. 46, GDPR in connection with a transfer.
Right of correction
If personal data concerning you are incorrect or incomplete, you may call upon the control-ler to rectify and/or complete such data. The controller shall do so without delay.
Right of restriction of processing
If the following conditions exist, you may demand a restricted processing of personal data concerning you:
(1) if you contest the correctness of the personal data concerning you for a period allowing the controller to verify the correctness of personal data;
(2) if processing is illegal and if you refuse a deletion of personal data and if in lieu thereof you demand a restriction in the use of personal data;
(3) if the controller no longer needs personal data for the purpose of processing but which you need to establish, exercise or defend legal claims, or
(4) if you have objected to processing pursuant to Art. 21, para. 1, GDPR, and if it is not yet clear whether the controller demonstrates compelling legitimate grounds for the pro-cessing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
If the processing of personal data concerning you is restricted, these data can only be pro-cessed subject to your approval or for the purpose of establishing, exercising or defending legal claims or for the protection of another natural or legal person’s rights or for reasons constituting a substantial public interest of the Union or a member state thereof.
In the event that processing is restricted as defined hereinbefore you will be notified by the controller prior to removing this restriction.
Right of deletion
You may call upon the controller to immediately delete personal data concerning you. The controller is required to immediately delete such data on the following grounds:
(1) Personal data concerning you are no longer needed for the purposes for which they were collected or otherwise processed.
(2) You have revoked your approval on which processing pursuant to Art. 6, para. 1 a or Art. 9, para. 2 a, GDPR, was based and there is no other legal basis of processing.
(3) You have objected to processing pursuant to Art. 21, para. 1, GDPR, and there are no compelling legitimate grounds or you have objected to processing pursuant to Art. 21, para. 2, GDPR.
(4) Personal data concerning you were processed unlawfully.
(5) A deletion of personal data concerning you is required to fulfil a legal obligation accord-ing to Union law or the Member State law the controller is subject to.
(6) Personal data concerning you were collected in relation to the offer of information socie-ty services pursuant to Art. 8, para. 1, GDPR.
Exceptions
There will be no right of deletion, if processing is required
(1) to exercise the right to freedom of expression and information,
(2) to fulfil a legal obligation requiring processing under Union law or the Member State law the controller is subject or to perform duties which are in the public interest or in the ex-ercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9, para. 2 h and i, and Art. 9, para. 3, GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89, para. 1, GDPR, insofar as the right referred to in para. a) presumably makes it impossible or extremely difficult to achieve these objec-tives, or
(5) for the establishment, exercise or defence of legal claims.
Right of information
If you have asserted the right of correction, deletion or restriction of processing against the controller, the controller will be required to notify all recipients to which personal data con-cerning you were disclosed of such correction, deletion or restriction of processing unless this proves to be impossible or involves disproportionate effort.
The controller is required to notify you of such recipients.
Right of data transferability
You are entitled to receive personal data concerning you provided to the controller in a structured, standard and machine-readable format. Furthermore, you are entitled to trans-fer such data to another controller without interference by the controller which personal data were provided to, if
(1) processing is based on a consent pursuant to Art. 6, para. 1 a, GDPR, or Art. 9, para. 2 a, GDPR, or on a contract pursuant to Art. 6, para. 1 b, GDPR, and
(2) processing is based on automatic processes.
When exercising this right you are also entitled to cause personal data concerning you to be transmitted directly from one controller to another controller insofar as this is technically feasible. Another person’s freedom and rights must not be impaired by that.
The right of data transferability does not apply to the processing of personal data concerning you that is required to perform duties which are in the public interest or in the exercise of official authority vested in the controller.
Right of objection
For reasons resulting from your special situation you are entitled to object at any time to the processing of personal data concerning you carried out pursuant to Art. 6, para. 1 e or 1 f, GDPR; this also applies to a profiling based on these regulations.
The controller no longer processes personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of le-gal claims.
If personal data concerning you are processed for the purpose of direct advertising, you are entitled to object at any time to the processing of personal data concerning you for the pur-pose of such advertising; this also applies to profiling if related to such direct advertising.
If you object to the processing for the purpose of direct advertising, personal data concern-ing you will no longer be processed for these purposes.
In connection with the use of information society services and notwithstanding Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) you may exercise your right of objection using automatic procedures based on technical specifications.
Right of objection to supervisory authority
Notwithstanding any other administrative or judicial remedy you are entitled to complain to a supervisory authority (in Member State of your residence, your place of work and place of presumed infringement, in particular), if you are of the opinion that the processing of per-sonal data concerning you infringes the GDPR.
The supervisory authority with which an objection was filed will notify the complainant about the status and the results of the objection including possible judicial remedy pursuant to Art. 78, GDPR.