This data protection declaration explains the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the associated websites, functions and content as well as external online presences, such as our social media profile (hereinafter collectively referred to as “online offer”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Name/Organization: PMG Projektraum Management GmbH
Managing Directors: Mike Riegler, Stefan Finkenzeller
Street: Kühbachstraße 7
Zip-Code, City and Country: 81543 München, Deutschland
Telephone: +49 (0) 89 330 37 82-0
Types of data processed:
Basic data (e.g. names, addresses)
Contact data (e.g. e-mail)
Content data (e.g. texts)
Usage data (e.g. websites visited, interest in content, access times)
Meta-/Communications data (e.g. device information, IP addresses)
Categories of persons affected by the processing:
Customers, interested parties, suppliers
Visitors and users of the online offer
In the following, we also refer to these data subjects collectively as “users”.
Purpose of processing:
Provision of the online offer, its content and functions.
Answering contact inquiries and communicating with users.
Marketing, advertising and market research.
This website is hosted by an external service provider (hoster). The personal data recorded on this website is stored on the host’s servers. This can be for example, but not limited to IP addresses, contact requests, meta and communication data, contract data, contact data, names, website access and other data generated via a website.
Usage of the hosting company is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f) GDPR).
The hosting company will only process your data insofar as this is necessary to fulfill its performance obligations and follow our instructions with regard to this data.
Conclusion of a contract for order processing
In order to ensure data protection compliant processing, we have concluded an order processing contract with the hosting company.
Data protection officer:
We have appointed a data protection officer for our company:
Mr. Mario Arndt
Telephone: +49 611 950008-32
1. Relevant statutory foundations
In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 Para. 1 lit. a) and Art. 7 GDPR, the legal basis for processing for the performance of our services and the implementation of contractual measures and answering inquiries is Art. 6 Para. 1 lit. b) GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 lit. c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) GDPR serves as the legal basis.
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
3. Safety/Security measures
3.1. In accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons, we make suitable technical and organizational measures to ensure a level of protection appropriate to the risk; The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, ensuring availability and their separation. Furthermore, we have set up procedures that guarantee the exercise of data subject rights, deletion of data and reaction to data threats. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
3.2. The security measures include, in particular, the encrypted transmission of data between your browser and our server.
4. Cooperation with contract processors and third parties
4.1. If we disclose data to other persons and companies (contract processors or third parties) as part of our processing, transmit data to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if the data is transmitted to third parties, such as to payment service providers, according to Art. 6 para. 1 lit. b) GDPR is required to fulfill the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
4.2. If we commission third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
5. Note on data transfer to the USA and other third countries
Our website includes tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data can be transferred to these third countries and processed there. We would like to point out that no data protection level comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to surrender personal data to security authorities without you as the person concerned being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret service) process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
6. Rights of data subjects
6.1. You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
6.2. You have according to Art. 16 GDPR the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
6.3. In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, in accordance with Art. 18 GDPR the processing be limited.
6.4. You have the right to request that you receive the data concerning you, that you have provided to us in accordance with Art. 20 GDPR and to request that it be transmitted to other controllers.
6.5. In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with the competent supervisory authority.
7. Right of withdrawal
You have the right to revoke your consent in accordance with Art. 7 para. 3 GDPR with effect for the future.
8. Right to object
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection can in particular be made against processing for direct marketing purposes.
9. Deletion of data
9.1. The data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.
9.2. According to legal requirements, the storage takes place in particular for 6 years in accordance with § 257 para. 1 HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
10. Provision of contractual services
10.1. We process inventory data (e.g. names and addresses as well as contact details of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit. b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
11.1. When contacting us (using the contact form, email, telephone or fax), the information provided by the user is processed to process the contact request and to process it in accordance with Art. 6 para. 1 lit. b) GDPR. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries sent to us (Art. 6 para. 1 lit. f) GDPR) or on your consent (Art. 6 para. 1 lit. a) GDPR) if this was requested. We do not pass this data on without your consent.
11.2. User information can be saved in our customer relationship management system (“CRM system”) or a comparable request organization.
11.3. The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
12. Registration on this website
12.1 You can register on this website in order to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be given in full. Otherwise we will refuse the registration. For important changes, for example in the scope of the offer or for technically necessary changes, we will use the e-mail address given during registration to inform you in this way.
12.2 The data entered during registration are processed for the purpose of implementing the user relationship established by the registration and, if necessary, to initiate further contracts (Art. 6 para. 1 lit. b) GDPR). The data recorded during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.
13. Collection of access data and log files
13.1. We collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR. The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
13.2. For security reasons (e.g. to investigate acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been fully clarified.
14.1 Our Internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.
14.2 In some cases, cookies from third-party companies can also be stored on your device when you enter our website (third-party cookies). These enable us or you to use certain third-party services (e.g. cookies for processing payment services). Cookies have different functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or to display advertising.
14.3 Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions you want (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring the web audience) on the basis of Art. 6 para. 1 lit. f) GDPR, unless a different legal basis is given. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the relevant will be saved.
14.4 Cookies exclusively on the basis of a consent (Art. 6 para. 1 lit. a) GDPR); the consent can be revoked at any time.
14.5 You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted. Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you of this separately in the context of this data protection declaration and, if necessary, request your consent.
15. Google Analytics
15.1 This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their device. Google Analytics uses technologies that enable the user to be recognized for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.
15.2 This analysis tool is used on the basis of Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6 para. 1 lit. a) GDPR; the consent can be revoked at any time.
15.3. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the internet. In doing so, pseudonymous user profiles can be created from the processed data.
15.4 We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
15.5 You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can find more information on how Google Analytics handles user data in Google’s data protection declaration: https://support.google.com/analytics/answer/6004245?hl=de.
15.6 Data stored by Google at user and event level that are linked to cookies, user IDs (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymized after 26 months or deleted. You can find details on this under the following link: https://support.google.com/analytics/answer/7667196?hl=de
15.7. You can find more information on the use of data by Google, setting and objection options on the Google website here: https://www.google.com/intl/de/policies/privacy/partners (“Google uses data when you use websites or apps of our partners”), https://policies.google.com/technologies/ads (“Data usage for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information that Google uses to show you advertisements”).
15.8 The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.
16. Google Tag Manager
16.1 We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tool with the help of which we can integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not save cookies and does not carry out any independent analyzes. It is only used to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which can also be transferred to the parent company of Google in the United States.
16.2 Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on this website. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a) GDPR; the consent can be revoked at any time.
17.1 If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
17.2 The processing of the data entered in the newsletter registration form takes place exclusively on the basis of your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
17.3 The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the framework of our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.
17.4 After you have been removed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. The storage in the blacklist is not limited in time. You can object to the storage provided that your interests outweigh our legitimate interests.
18.1 This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter: “CleverReach”). CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) will be stored on CleverReach’s servers in Germany or Ireland.
18.2 Our newsletters sent with CleverReach enable us to analyze the behavior of newsletter recipients. Among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) has taken place after clicking the link in the newsletter. Further information on data analysis by the CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
18.3 The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
18.4 If you do not want an analysis by CleverReach, you have to unsubscribe from the newsletter. We provide a link for this in every newsletter message.
18.5 The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. This does not affect data that we have saved for other purposes.
After you have been removed from the newsletter distribution list, your email address will be stored in a blacklist by us or the newsletter service provider, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. The storage in the blacklist is not limited in time. You can object to the storage provided that your interests outweigh our legitimate interests.
For more information, see the CleverReach data protection policy at: https://www.cleverreach.com/de/datenschutz/.
18.6 Conclusion of an order processing contract
We have concluded an order processing contract with the provider of CleverReach and fully implement the strict requirements of the German data protection authorities when using CleverReach.
19. Google Web Fonts
19.1 This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
19.2 For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that this website has been accessed via your IP address. The use of Google WebFonts is based on Art. 6 para. 1 lit. f) GDPR.
19.3 The website operator has a legitimate interest in the uniform representation of the typeface on his website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6 para. 1 lit. a) GDPR; the consent can be revoked at any time.
If your browser does not support web fonts, a standard font will be used by your computer. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s data protection declaration: https://policies.google.com/privacy?hl=de.
20. Audio and video conferencing
20.1. Data processing
We use online conference tools for communication with our customers. The individual tools we use are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be recorded and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide / use to use the tools (email address and / or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data that are required to process online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.
If content is exchanged, uploaded or made available in any other way within the tool, it is also stored on the server of the tool provider. Such content includes in particular cloud recordings, chat / instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information that is shared while using the service.
Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely based on the company policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed under this text.
20.2. Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR). If consent has been requested, the relevant tools are used on the basis of this consent; the consent can be revoked at any time with effect for the future.
20.3. Storage period
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete them, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
20.4 Conference tools used
We use the following conference tools:
21. Handling of applicant data
21.1 If you send us an application, we process your related personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.), insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 of the Federal Data Protection Act according to German law (initiation of an employment relationship), Art. 6 para. 1 lit. b) GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a) GDPR. The consent can be revoked at any time. Your personal data will only be passed on to persons within our company who are involved in processing your application. If the application is successful, the data you submit will be stored in our data processing systems on the basis of § 26 of the Federal Data Protection Act and Article 6 para. 1 lit. b) GDPR for the purpose of carrying out the employment relationship.
21.2 If we cannot make you a job offer, you reject a job offer or withdraw your application, we reserve the right to store the data you have transmitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f) GDPR) for up to 6 months to be kept with us from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular for evidence purposes in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), it will only be deleted when the purpose for further storage no longer applies. Longer storage can also take place if you have given your consent (Art. 6 para. 1 lit. a) GDPR) or if statutory retention requirements prevent deletion.
Last update: 06/2021