Data Privacy Declaration for use of the website www.plantobuild.de and the software PlanToBuild.

Thank you for your interest in PlanToBuild. The protection of your personal data is important to us. We would therefore like to take this opportunity to inform you about what personal data we collect from you when you use this site. Personal data is any data relating to you as an individual, e.g. your name, your address, your e-mail addresses and your user behaviour.

This document can be downloaded as a PDF and archived.

To open the PDF file, you will need the free Adobe Reader (www.adobe.com), or a similar software which can process the PDF format. The document can also be printed.

The data controller in accordance with Art. 4 para. 7 of the General Data Protection Regulation (GDPR) is

PlanToBuild GmbH
Kammerratsheide 36
33609 Bielefeld
Germany

E-mail: info@plantobuild.de
Website: www.plantobuild.de

We have appointed a Data Protection Officer. You can contact the Data Protection Officer at:

Attorney Nina Pofalla
Lanterstraße 36
46539 Dinslaken
Germany
E-mail: nh@rechtsanwalt-hebisch.de

3.1  You have the following rights with respect to us in relation to your personal data: 

a)    Right to information
b)    Right to rectification 
c)    Right to deletion (right to be forgotten)
d)    Right to restrict processing
e)    Right to data portability
f)    Right to object

If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reason related to your specific situation. Please see this Data Privacy Declaration for the respective legal bases for processing. If you do submit an objection, we will no longer process your personal data unless we can verify that we have mandatory and protected reasons for processing that outweigh your interests, rights and freedoms, or if processing is carried out to assert, exercise or defend against legal claims (objection in accordance with Art. 21 para. 1 GDPR).

3.2.    Right to revoke consent under data privacy law

Many data processing procedures can only be carried out with your express consent. You can revoke the consent you have granted at any time. There are no formal requirements for doing so, and an e-mail to us is sufficient. The legality of data processing carried out up to the point of revocation remains unaffected. You can revoke your consent via e-mail to: widerruf@plantobuild.de or via written notification to PlanToBuild GmbH, Kammerratsheide 36, 33609 Bielefeld.

3.3.    You also have the right to submit a complaint to a data privacy supervisory authority regarding our processing of your personal data. 

For security reasons, and to protect the transmission of confidential content, such as orders or inquiries you send to us as the website operator, this page uses SSL and TLS encryption. You can recognise an encrypted connection because the address line of your browser will switch from “http://” to “https://” and a lock symbol will appear in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be intercepted by third parties.

5.1.    Informational use of the website: If you simply use our website for informational purposes, and do not register or transmit information in any other manner, we only collect the personal data that your browser transmits to our server. All data collection and processing are carried out for certain purposes. These may include technical necessities, contractual requirements or your express requests. If you use specific services on our website, we will obtain your consent to collect and process your data. 

5.2.    When you view our website, we collect the following data. We require this data for technical reasons so that we can display the website to you and ensure its stability and security: 

a)    IP address
b)    Date and time of inquiry
c)    Time zone difference from Greenwich Mean Time (GMT)
d)    Content of the request (specific page) 
e)    Access status /http-Statuscode
f)    Quantity of data transmitted
g)    Website from which the request comes
h)    Browser
i)    Operating system and its interface language and browser software version

6.1   In addition to the simply informational use of our website, we offer a variety of services you can use if desired. These include, for instance, the newsletter delivery described under clause 10 or the use of the login-protected area as described under clause 8 of this Data Privacy Declaration.

6.2.    To do so, you must provide further personal data, which we will use to carry out the specific service or contact you, and to which the basic principles of data processing recorded in this Data Privacy Declaration apply.

6.3.    If you send us an inquiry using the contact form, we will save your information from the contact form and the contact data you provide there for the purpose of processing your inquiry and to answer any follow-up questions. We will not transmit this data to any third parties without your consent. Therefore, data entered into the contact form is processed exclusively based on your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke your consent at any time. There are no formal requirements for doing so, and an e-mail to us is sufficient. The legality of data processing carried out up to the point of revocation remains unaffected. We will retain the data you have entered into the contact form until you request that we delete it, until you revoke your consent to save the data, or until the purpose for which data was saved no longer applies (for instance after we finish processing your inquiry). Mandatory legal provisions – in particular retention periods – remain unaffected. 

6.4.    If you contact us via e-mail or telephone, we save and process your inquiry and all personal data it contains (name, inquiry) for the purpose of handling your request or concern. We will not transmit this data to any third parties without your consent. These data are processed on the basis of Art. 6 para. 1 lit. b GDPR, insofar as your inquiry is related to fulfilling a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), since we have a legitimate interest in effectively processing the inquiries submitted to us. We will retain the data you have sent us with your contact inquiry until you request that we delete it, until you revoke your consent to save the data, or until the purpose for which data was saved no longer applies (for instance after we finish processing your question or concern). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

In addition to the data indicated above, when you use our website cookies are saved on your computer. Cookies are small text files assigned to the browser you use and that are saved on your hard drive. These can be used to send certain information to the entity that sets the cookie (us, in this case). Cookies cannot execute any programs or transmit viruses to your computer. They are used to make our web services more user-friendly and more effective.

7.1.    Use of cookies: This website uses the following types of cookies. Their scope and function are explained in the following:
    • Transient/session cookies (see 7.2)
    • Persistent cookies (see 7.3)

7.2.    Transient cookies are deleted automatically when you close your browser. These include, in particular, session cookies. These cookies save a so-called session ID, which can be used to associated different queries from your browser to the overall session. This allows us to recognise your computer again when you come back to our website. Session cookies are deleted when you log out or close your browser.

7.3.    Persistent cookies remain saved on your device and are automatically deleted after a specified time period, which can differ depending on the cookie in question. You can delete cookies at any time using your security settings.

7.4.    You can configure your browser settings according to your specifications, for instance to reject the acceptance of third-party cookies or all cookies. To do so, please see our cookie guidelines1, which will be displayed to you the first time you open the website. Please note that you may not be able to use all functions of this website. The Help function in the menu bar of most web browsers explains how you can prevent your browser from accepting new cookies, how your browser informs you when it receives a new cookie, or how you can delete all cookies saved in the past and block saving any future cookies. Cookies required to carry out electronic communication or to provide certain functions you request are saved on the basis of Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in saving cookies to ensure we can provide our services in proper technical condition and free from errors. 

8.1.    You can register on our website to use additional page functions. We will only use entered data for the purpose of using the services for which you have registered. 

8.2.    You have the option of registering on our website as an external user, on behalf of and as a representative of our customers, as a partner to our customers, or as an employee/agent of our customer's partner. In addition, you can register as a separate user or administrator in the name of the customer. 

8.3.    PlanToBuild sets up a password-protected access for each user or administrator who registers on the website. 

8.4.    Personal data: In addition to the data indicated in clause 5.2, PlanToBuild processes data in the scope described in the following for the purpose of operating the login-protected area. If you do not provide this data, no access can be created for the specific administrator or for you or other users.

a)    Customer information (company name), for instance by the administrator or user 
b)    Customer/user address data
c)    Administrator salutation 
d)    Administrator first and last name 
e)    Administrator e-mail address 
f)    Any further employees of the client as users 
g)    User salutation, if applicable
h)    User first and last name, if applicable 
i)    User e-mail address, if applicable 
    
8.5.    When you use the login-protected areas of our website, the data required for use are saved. 

8.6.    When you use the login-protected areas of our website, the personal data provided can be made accessible to other users of the login-protected areas of our website according to your use of the application. 

8.7.    You can view your personal data at any time in your personal settings. 

8.8.    Data you enter during registration is processed based on your consent (Art. 6 para. 1 lit. a) GDPR) and/or to fulfil a contract or initiate a contract (Art. 6 para. 1 lit. b) GDPR). 

9.1.    Data are never transmitted to third parties unless we have a legal obligation to do so (such as to pursue a criminal case) or if transmission is required in the course of carrying out a contract. Data processing is based on Art. 6 para. 1 lit. b GDPR, which grants data processing for the purposes of fulfilling a contract or for pre-contractual measures.

9.2.    In some cases, PlanToBuild uses external service providers (processors) to process data. PlanToBuild carefully selects these processors and commissions them in writing. They are contractually obligated to follow the instructions of PlanToBuild, and are subject to regular controls. Service providers do not transmit data to third parties. PlanToBuild provides PlanToBuild content via a cloud solution. Data are processed by service providers only within the EU. 

10.1.    With your consent, you can subscribe to our newsletter, which we use to inform you about our current offers and services.

10.2.    We use a double opt-in process for newsletter registration. This means your registration will only be complete once you have clicked the link provided in the confirmation e-mail we send to you for this purpose. If you do not provide confirmation within 48 hours, the client's registration will be deleted from our database automatically.

10.3.    You only need to provide your e-mail address to receive the newsletter. Other specially marked data may be provided on a voluntary basis, and will be used to appeal you personally or to provide you with additional information. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis for doing so is Art. 6 para. 1 clause 1 lit. a GDPR.

10.4.    You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation at any time by clicking the link provided in every newsletter e-mail, by sending an e-mail to widerruf@plantobuild.de, or by sending a message to the contact information provided in the Legal Notice.

11.1.  The log-in protected area uses the open source web analytics service Matomo. Matomo uses so-called “cookies”. These are text files saved on your computer which facilitate an analysis of how you use the website. Information generated by the cookie on your use of the website is saved on our server. Your IP address is anonymised before data are saved. Matomo cookies remain on your device until you delete them.

11.2.    Matomo cookies are saved, and this analytic tool is used, on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour to optimise both its web services and its advertisements.

11.3.    Information generated by the cookie on your use of the website is not transmitted to third parties. You can prevent cookies from being saved by changing the settings in your browser software; however, please note that if you do so, you may not be able to use all functions of this website in full.

11.4.    If you do not consent to the saving and use of your data, you can deactivate the storage and use after login here. In this case, an opt-out cookie will be saved on your browser to prevent Matomo from saving usage data. When you delete your cookies, the Matomo opt-out cookie will also be deleted. You will have to reactivate your opt-out the next time you visit our page. 

12. Google Analytics

12.1 This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies; these are text files that are saved on your computer, allowing us to analyse your use of the website. The information generated by cookies on your use of this website will generally be transferred to a Google server in the USA and stored there. If IP anonymisation has been activated on this website, however, Google will truncate your IP address before transferring data within Member Sates of the European Union or other Contracting States to the Agreement on the European Economic Area. Your full IP address will only be transferred to a Google server in the USA and then truncated there in exceptional circumstances. Google will use this information on behalf of the website operator to analyse your use of the website, to compile reports on website activities, and to provide the website operator with other services related to the use of this website and the Internet.

12.2 The IP address transmitted by your browser via Google Analytics will not be merged with other Google data.

12.3 You may prevent the storage of cookies by configuring your browser software accordingly; however, please note that this might prevent you from fully using all the features of our website.

12.4 You can also stop the data generated by the cookie on your use of this website (incl. your IP address) from being transferred to Google for processing by downloading and installing the following browser add-on:

12.5 This website uses Google Analytics with the extension “_anonymizeIp()”. This means IP addresses are truncated before processing, making direct personal identification impossible.

12.6 We use Google Analytics in accordance with the requirements agreed between Google and the German data protection authorities. Information on third-party provider: Google Dublin, Google Ireland Ltd. Gordon House, Barrow Street, Dublin 4, Ireland. Fax: +353 (1) 436 1001 Conditions of Use Overview on Data Protection and Privacy Statement.

12.7 The legal basis for this form of processing is your consent, as described in point (a) of Art. 6 (1) GDPR.

13. Google Ads (formerly AdWords)

In addition to Google Analytics, we use Google Ads to show ads in the Google advertising network (e.g. in the Google search or on websites). This enables us to display more targeted advertising that matches your interests on our website and in the Google advertising network. We use remarketing and conversion tracking for this purpose. Thanks to remarketing, any products you find interesting on our website can be advertised on another website. For this purpose, a web beacon will be embedded
whenever you access our website and other websites in the Google advertising network. A web beacon is a special code generated by Google that uses a cookie to save data on your device regarding the websites you visit, the content you are interested in and the offers you have clicked on. The cookie also saves information about your operating system, your browser, the website you visited before accessing our website, the length of time you spend on our website, and other details about your use of our website. A conversion cookie will also be placed on your device, enabling us to record the number of visitors who have clicked on one of our ads. However, we are only shown the total and do not receive any information that might allow us to personally identify a user. Your data will only ever be processed in a pseudonymous form within the Google advertising network. Therefore, no data collected by cookies will be linked to your name or email address, unless you allow Google to do this in your Google settings. Whenever we ask for your consent in our cookie banner, the legal basis for data processing will be point (a) of Art. 6 (1) GDPR. Otherwise, your personal data will be processed on the basis of our legitimate interest in accordance with point (a) of Art. 6 (1) GDPR; we have a legitimate interest in optimising our analysis, improving our services and developing a more cost-effective business. If data is processed in the USA, please note that Google is certified under the Privacy Shield agreement and therefore assures compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). More information on Google’s use of data, possible settings and your right to object to data processing can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and ad settings (https://adssettings.google.com/authenticated). More information on Google is provided above.

14.-17. External Plugins

14. YouTube with privacy-enhanced mode

14.1 Our website uses plug-ins from the website YouTube. The page operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. We use YouTube in the privacy-enhanced mode. According to YouTube, this mode prevents YouTube from saving information on website visitors before they view a video. However, privacy-enhanced mode does not necessarily exclude the transmission of data to YouTube partners. No matter whether you view a video, YouTube creates a connection to the Google DoubleClick network.

14.2 Once you start a YouTube video on our website, a connection is created to YouTube servers. The YouTube server is informed which of our pages you visited. If you are logged into your YouTube account, you allow YouTube to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of you YouTube account.

14.3 In addition, after you start the video YouTube can save a variety of cookies on your device. YouTube can use these cookies to obtain information on our website visitors. This information is used, for instance, to record video statistics, improve user-friendliness, and prevent attempted fraud. The cookies remain on your device until you delete them. It is possible that further data processing procedures may be triggered after you start a YouTube video, over which we have no influence. We use YouTube in the interest of creating an attractive design for our online services. This is part of our legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.

14.4 Further information on data privacy at YouTube is available in the YouTube Data Privacy Declaration at: https://policies.google.com/privacy?hl=de.

15. Google Web Fonts

In order to ensure a uniform display of fonts, this page uses Web Fonts provided by Google. Google Fonts are installed locally. No connection is formed to Google servers.

16. Integration of Google Maps

16.1 We use the Google Maps service on our website. This allows us to display interactive maps directly on the website, and allows you to easily use the map function.

16.2 When you visit our website, Google receives information that you accessed a specific sub-page on our website. In addition, the data indicated under clause 3 of this declaration are also transmitted. These data are transmitted independent of whether Google provides a user account, whether you are logged in, or whether there is no user account. If you are logged in to Google, your data are associated directly with your account. If you do not want this data to be associated with your Google profile, you must log out before activating the button. Google saves your data as a usage profile, and uses this profile for purposes of advertisement, market research, and/or to design its website according to your needs. Such analyses are carried out in particular (even for users who are not logged in) to provide advertisements that relate to user needs and inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, although you must contact Google to exercise that right.

16.3 Further information on the purpose and scope of data collection and processing by the plug-in provider is available in the provider's Data Privacy Declaration. It also provides further information on your rights in this respect and settings you can change to protect your privacy: www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well, and is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

17.4 We use Google Maps in the interest of designing our online services in an attractive manner and to make it easier to find the locations described on our website. This is part of our legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.


18. Google reCAPTCHA

18.1 We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

18.2 reCAPTCHA is used to check whether the data entered on our website (for instance into a contact form) was entered by a human or an automated program. To do so, reCAPTCHA analyses the behaviour of the website visitor based on different features. The analysis starts automatically once the website visitor accesses the website. To analyse user behaviour, reCAPTCHA evaluates a variety of information (such as IP address, dwell time the website user spends on the website, or mouse movements made by the user). Data recorded during the analysis is transmitted to Google.

18.3 reCAPTCHA analyses run fully in the background. Website visitors are not informed that an analysis is being carried out.

18.4 Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web services from fraudulent automated spying and spam.

18.5 Further information on Google reCAPTCHA and the Google Data Privacy Declaration are provided at the following links: policies.google.com/privacy;https://www.google.com/recaptcha/intro/android.html.

Legal basis of processing

Art. 6 I lit. a GDPR serves as the legal basis for processing carried out by PlanToBuild if we obtain your consent for the specific purpose of processing. If we need to process personal data to fulfil a contract to which the data subject is a contractual party, such as in the case of processing required to provide a certain service or return service, then processing is based on Art. 6 I lit. b GDPR. The same applies to processing necessary to carry out pre-contractual measures, for instance in the case of inquiries on our products or services. If PlanToBuild is subject to a legal obligation requiring the processing of personal data, for example to fulfil tax-related obligations, then processing is based on Art. 6 I lit. c GDPR. Finally, processing may be carried out based on Art. 6 I lit. f GDPR. Processing not covered by any of the above legal bases is carried out on this basis, if processing is necessary to safeguard our legitimate interests or those of a third party, insofar as the interests, basic rights and basic freedoms of the data subject do not outweigh our interests.

As of: July 2020