Data Privacy Declaration
for use of the website www.plantobuild.de
and the login-protected area of PlanToBuild
0. Collection of personal data
Thank you very much for your interest in PlanToBuild. The protection of your personal data is important to us. Therefore, this page provides you with information on topics like how we collect personal data from you when you use this website. Personal data includes all data that can be personally associated with you, such as your name, your address, your e-mail address, and your user behaviour.
This document can be downloaded and archived in PDF form by clicking here. To open the PDF file, you will need the free program Adobe Reader (available at www.adobe.de) or a comparable program that can execute a PDF format. The document can also be printed out.
1. Controller for data collection and processing
The data controller in accordance with Art. 4 para. 7 of the General Data Protection Regulation (GDPR) is
2. Data Protection Officer
We have appointed a Data Protection Officer. You can contact the Data Protection Officer at:
3. Your rights
3.1. You have the following rights with respect to us in relation to your personal data:
a)Right to information
b) Right to rectification
c) Right to deletion (right to be forgotten)
d)Right to restrict processing
e)Right to data portability
f)Right to object
If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reason related to your specific situation. Please see this Data Privacy Declaration for the respective legal bases for processing. If you do submit an objection, we will no longer process your personal data unless we can verify that we have mandatory and protected reasons for processing that outweigh your interests, rights and freedoms, or if processing is carried out to assert, exercise or defend against legal claims (objection in accordance with Art. 21 para. 1 GDPR).
3.2.Right to revoke consent under data privacy law
Many data processing procedures can only be carried out with your express consent. You can revoke the consent you have granted at any time. There are no formal requirements for doing so, and an e-mail to us is sufficient. The legality of data processing carried out up to the point of revocation remains unaffected. You can revoke your consent via e-mail to: email@example.com or via written notification to PlanToBuild GmbH, Kammerratsheide 36, 33609 Bielefeld.
3.3.You also have the right to submit a complaint to a data privacy supervisory authority regarding our processing of your personal data.
4. SSL and TLS encryption
For security reasons, and to protect the transmission of confidential content, such as orders or inquiries you send to us as the website operator, this page uses SSL and TLS encryption. You can recognise an encrypted connection because the address line of your browser will switch from “http://” to “https://” and a lock symbol will appear in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be intercepted by third parties.
5.Collection of personal data when you visit our website
5.1.Informational use of the website: If you simply use our website for informational purposes, and do not register or transmit information in any other manner, we only collect the personal data that your browser transmits to our server. All data collection and processing are carried out for certain purposes. These may include technical necessities, contractual requirements or your express requests. If you use specific services on our website, we will obtain your consent to collect and process your data.
5.2. When you view our website, we collect the following data. We require this data for technical reasons so that we can display the website to you and ensure its stability and security:
b)Date and time of inquiry
c) Time zone difference from Greenwich Mean Time (GMT)
d) Content of the request (specific page)
e) Access status /http- Statuscode
f)Quantity of data transmitted
g)Website from which the request comes
i) Operating system and its interface language and browser software version
6. Website use when utilising additional services
6.1.In addition to the simply informational use of our website, we offer a variety of services you can use if desired. These include, for instance, the newsletter delivery described under clause 10 or the use of the login-protected area as described under clause 8 of this Data Privacy Declaration.
6.2.To do so, you must provide further personal data, which we will use to carry out the specific service or contact you, and to which the basic principles of data processing recorded in this Data Privacy Declaration apply.
6.3.If you send us an inquiry using the contact form, we will save your information from the contact form and the contact data you provide there for the purpose of processing your inquiry and to answer any follow-up questions. We will not transmit this data to any third parties without your consent. Therefore, data entered into the contact form is processed exclusively based on your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke your consent at any time. There are no formal requirements for doing so, and an e-mail to us is sufficient. The legality of data processing carried out up to the point of revocation remains unaffected. We will retain the data you have entered into the contact form until you request that we delete it, until you revoke your consent to save the data, or until the purpose for which data was saved no longer applies (for instance after we finish processing your inquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
6.4.If you contact us via e-mail or telephone, we save and process your inquiry and all personal data it contains (name, inquiry) for the purpose of handling your request or concern. We will not transmit this data to any third parties without your consent. These data are processed on the basis of Art. 6 para. 1 lit. b GDPR, insofar as your inquiry is related to fulfilling a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), since we have a legitimate interest in effectively processing the inquiries submitted to us. We will retain the data you have sent us with your contact inquiry until you request that we delete it, until you revoke your consent to save the data, or until the purpose for which data was saved no longer applies (for instance after we finish processing your question or concern). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.
7. Data recording on our website - Cookies
In addition to the data indicated above, when you use our website cookies are saved on your computer. Cookies are small text files assigned to the browser you use and that are saved on your hard drive. These can be used to send certain information to the entity that sets the cookie (us, in this case). Cookies cannot execute any programs or transmit viruses to your computer. They are used to make our web services more user-friendly and more effective.
· Transient/session cookies (see 7.2)
· Persistent cookies (see 7.3)
7.2. Transient cookies are deleted automatically when you close your browser. These include , in particular, session cookies. These cookies save a so-called session ID, which can be used to associated different queries from your browser to the overall session. This allows us to recognise your computer again when you come back to our website. Session cookies are deleted when you log out or close your browser.
7.3. Persistent cookies remain saved on your device and are automatically deleted after a specified time period, which can differ depending on the cookie in question. You can delete cookies at any time using your security settings.
7.4.You can configure your browser settings according to your specifications, for instance to reject the acceptance of third-party cookies or all cookies. To do so, please see our cookie guidelines , which will be displayed to you the first time you open the website. Please note that you may not be able to use all functions of this website. The Help function in the menu bar of most web browsers explains how you can prevent your browser from accepting new cookies, how your browser informs you when it receives a new cookie, or how you can delete all cookies saved in the past and block saving any future cookies. Cookies required to carry out electronic communication or to provide certain functions you request are saved on the basis of Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in saving cookies to ensure we can provide our services in proper technical condition and free from errors.
8. Personal data in login-protected areas
8.1.You can register on our website to use additional page functions. We will only use entered data for the purpose of using the services for which you have registered.
8.2.You have the option of registering on our website as an external user, on behalf of and as a representative of our customers, as a partner to our customers, or as an employee/agent of our customer's partner. In addition, you can register as a separate user or administrator in the name of the customer.
8.3.PlanToBuild sets up a password-protected access for each user or administrator who registers on the website.
8.4.Personal data: In addition to the data indicated in clause 5.2, PlanToBuild processes data in the scope described in the following for the purpose of operating the login-protected area. If you do not provide this data, no access can be created for the specific administrator or for you or other users.
a) Customer information (company name), for instance by the administrator or user
b) Customer/user address data
c) Administrator salutation
d) Administrator first and last name
e) Administrator e-mail address
f) Any further employees of the client as users
g) User salutation, if applicable
h) User first and last name, if applicable
i) User e-mail address, if applicable
8.5.When you use the login-protected areas of our website, the data required for use are saved.
8.6.When you use the login-protected areas of our website, the personal data provided can be made accessible to other users of the login-protected areas of our website according to your use of the application.
8.7.You can view your personal data at any time in your personal settings.
8.8.Data you enter during registration is processed based on your consent (Art. 6 para. 1 lit. a) GDPR) and/or to fulfil a contract or initiate a contract (Art. 6 para. 1 lit. b) GDPR).
9. Disclosure of data to third parties
9.1. Data are never transmitted to third parties unless we have a legal obligation to do so (such as to pursue a criminal case) or if transmission is required in the course of carrying out a contract. Data processing is based on Art. 6 para. 1 lit. b GDPR, which grants data processing for the purposes of fulfilling a contract or for pre-contractual measures.
9.2. In some cases, PlanToBuild uses external service providers (processors) to process data. PlanToBuild carefully selects these processors and commissions them in writing. They are contractually obligated to follow the instructions of PlanToBuild , and are subject to regular controls. Service providers do not transmit data to third parties. PlanToBuild provides PlanToBuild content via a cloud solution. Data are processed by service providers only within the EU.
10.1. With your consent, you can subscribe to our newsletter, which we use to inform you about our current offers and services.
10.2. We use a double opt-in process for newsletter registration. This means your registration will only be complete once you have clicked the link provided in the confirmation e-mail we send to you for this purpose.
If you do not provide confirmation within 48 hours, the client's registration will be deleted from our database automatically.
10.3. You only need to provide your e-mail address to receive the newsletter. Other specially marked data may be provided on a voluntary basis, and will be used to appeal you personally or to provide you with additional information. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis for doing so is Art. 6 para. 1 clause 1 lit. a GDPR.
10.4. You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation at any time by clicking the link provided in every newsletter e-mail, by sending an e-mail to firstname.lastname@example.org, or by sending a message to the contact information provided in the Legal Notice.
11. Analytic tools and advertisements
11.1. Matomo (formerly Piwik)
This website uses the open source web analytics service Matomo. Matomo uses so-called “cookies”. These are text files saved on your computer which facilitate an analysis of how you use the website. Information generated by the cookie on your use of the website is saved on our server. Your IP address is anonymised before data are saved. Matomo cookies remain on your device until you delete them.
11.2. Matomo cookies are saved, and this analytic tool is used, on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour to optimise both its web services and its advertisements.
11.3. Information generated by the cookie on your use of the website is not transmitted to third parties. You can prevent cookies from being saved by changing the settings in your browser software; however, please note that if you do so, you may not be able to use all functions of this website in full.
11.4. If you do not consent to the saving and use of your data, you can deactivate it here . In this case, an opt-out cookie will be saved on your browser to prevent Matomo from saving usage data. When you delete your cookies, the Matomo opt-out cookie will also be deleted. You will have to reactivate your opt-out the next time you visit our page.
12. YouTube with privacy-enhanced mode
12.1. Our website uses plug-ins from the website YouTube. The page operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. We use YouTube in the privacy-enhanced mode. According to YouTube, this mode prevents YouTube from saving information on website visitors before they view a video. However, privacy-enhanced mode does not necessarily exclude the transmission of data to YouTube partners. No matter whether you view a video, YouTube creates a connection to the Google DoubleClick network.
12.2. Once you start a YouTube video on our website, a connection is created to YouTube servers. The YouTube server is informed which of our pages you visited. If you are logged into your YouTube account, you allow YouTube to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of you YouTube account.
12.3. In addition, after you start the video YouTube can save a variety of cookies on your device. YouTube can use these cookies to obtain information on our website visitors. This information is used, for instance, to record video statistics, improve user-friendliness, and prevent attempted fraud. The cookies remain on your device until you delete them. It is possible that further data processing procedures may be triggered after you start a YouTube video, over which we have no influence. We use YouTube in the interest of creating an attractive design for our online services. This is part of our legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.
12.4. Further information on data privacy at YouTube is available in the YouTube Data Privacy Declaration at: https://policies.google.com/privacy?hl=de .
13. Google Web Fonts
In order to ensure a uniform display of fonts, this page uses Web Fonts provided by Google. Google Fonts are installed locally. No connection is formed to Google servers.
14. Integration of Google Maps
14.1. We use the Google Maps service on our website. This allows us to display interactive maps directly on the website, and allows you to easily use the map function.
14.2. When you visit our website, Google receives information that you accessed a specific sub-page on our website. In addition, the data indicated under clause 3 of this declaration are also transmitted. These data are transmitted independent of whether Google provides a user account, whether you are logged in, or whether there is no user account. If you are logged in to Google, your data are associated directly with your account. If you do not want this data to be associated with your Google profile, you must log out before activating the button. Google saves your data as a usage profile, and uses this profile for purposes of advertisement, market research, and/or to design its website according to your needs. Such analyses are carried out in particular (even for users who are not logged in) to provide advertisements that relate to user needs and inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, although you must contact Google to exercise that right.
14.3. Further information on the purpose and scope of data collection and processing by the plug-in provider is available in the provider's Data Privacy Declaration. It also provides further information on your rights in this respect and settings you can change to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well, and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
14.4. We use Google Maps in the interest of designing our online services in an attractive manner and to make it easier to find the locations described on our website. This is part of our legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.
15. Google reCAPTCHA
15.1. We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
15.2. reCAPTCHA is used to check whether the data entered on our website (for instance into a contact form) was entered by a human or an automated program. To do so, reCAPTCHA analyses the behaviour of the website visitor based on different features. The analysis starts automatically once the website visitor accesses the website. To analyse user behaviour, reCAPTCHA evaluates a variety of information (such as IP address, dwell time the website user spends on the website, or mouse movements made by the user). Data recorded during the analysis is transmitted to Google.
15.3. reCAPTCHA analyses run fully in the background. Website visitors are not informed that an analysis is being carried out.
15.4. Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web services from fraudulent automated spying and spam.
15.5.Further information on Google reCAPTCHA and the Google Data Privacy Declaration are provided at the following links: https://policies.google.com/privacy?hl=de und https://www.google.com/recaptcha/intro/android.html .
16. Legal basis of processing
Art. 6 I lit. a GDPR serves as the legal basis for processing carried out by PlanToBuild if we obtain your consent for the specific purpose of processing. If we need to process personal data to fulfil a contract to which the data subject is a contractual party, such as in the case of processing required to provide a certain service or return service, then processing is based on Art. 6 I lit. b GDPR. The same applies to processing necessary to carry out pre-contractual measures, for instance in the case of inquiries on our products or services. If PlanToBuild is subject to a legal obligation requiring the processing of personal data, for example to fulfil tax-related obligations, then processing is based on Art. 6 I lit. c GDPR. Finally, processing may be carried out based on Art. 6 I lit. f GDPR. Processing not covered by any of the above legal bases is carried out on this basis, if processing is necessary to safeguard our legitimate interests or those of a third party, insofar as the interests, basic rights and basic freedoms of the data subject do not outweigh our interests.
As of: December 2018