Privacy Policy

We are very pleased about your interest in our company. Data protection has a particularly high priority for the management of APLEMIS design & build AG i.G. The use of the websites of APLEMIS design & build AG i.G. is generally possible without providing any personal data. However, if a data subject wishes to make use of special services of our company via our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, email address, or telephone number of a data subject, always occurs in accordance with the General Data Protection Regulation (GDPR) and in accordance with the applicable national data protection regulations for APLEMIS design & build AG i.G. Through this privacy policy, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed about their rights through this privacy policy.

APLEMIS design & build AG i.G., as the controller responsible for processing, has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can generally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example, by telephone.

1. Definitions

The privacy policy of APLEMIS design & build AG i.G. is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be both understandable and accessible for the public, as well as our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

In this privacy policy, we use, among others, the following terms:

a) Personal Data

Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data Subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c) Processing

Processing is any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of Processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not attributed to an identified or identifiable natural person.

g) Controller or Responsible Entity

Controller or responsible entity is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or by the law of Member States, the controller or the specific criteria for its designation may be provided for by Union law or by the law of Member States.

h) Processor

Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient is a natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the course of a particular inquiry under Union law or the law of Member States are not regarded as recipients.

j) Third Party

Third party is a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process personal data.

k) Consent

Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of personal data relating to them.

2. Name and Address of the Controller

Controller within the meaning of the General Data Protection Regulation, other applicable data protection laws in the Member States of the European Union, and other provisions of a data protection nature is:

APLEMIS design & build AG i.G.

Erzgießereistraße 22

80335 Munich

Germany

Tel.: +49 89 244 148 69

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Website: www.aplemis-dnb.com

3. Name and Address of the Data Protection Officer

The Data Protection Officer of the controller is:

APLEMIS design & build AG

Erzgießereistraße 22

80335 Munich

Germany

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Website: www.aplemis-dnb.com

Any data subject may contact our Data Protection Officer at any time with all questions and suggestions regarding data protection.

4. Cookies

The websites of APLEMIS design & build AG i.G. use cookies. Cookies are text files that are stored on a computer system via an internet browser. Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that allows websites and servers to assign the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain different cookies. A specific internet browser can be recognized and identified through the unique cookie ID.

By using cookies, APLEMIS design & build AG i.G. can provide users of this website with more user-friendly services that would not be possible without setting cookies. Through a cookie, the information and offers on our website can be optimized in the sense of the user. Cookies allow us, as mentioned earlier, to recognize the users of our website. The purpose of this recognition is to make it easier for users to utilize our website. For example, a user of a website that uses cookies does not have to enter their login data again each time they visit the website because this is taken over by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online shop remembers the items a customer has placed in the virtual shopping cart via a cookie.

The data subject can prevent the setting of cookies through our website at any time by adjusting the settings of the internet browser used and thereby permanently objecting to the setting of cookies. Furthermore, already set cookies can be deleted at any time through an internet browser or other software programs. This is possible in all common internet browsers. If the data subject disables the setting of cookies in the internet browser used, not all functions of our website may be fully usable.

5. Collection of General Data and Information

The website of APLEMIS design & build AG i.G. collects a series of general data and information with each visit to the website by a data subject or an automated system. This general data and information is stored in the server log files. The following data can be collected: (1) the types and versions of the browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information that serve to avert dangers in the event of attacks on our information technology systems. When using these general data and information, APLEMIS design & build AG i.G. does not draw any conclusions about the data subject. This information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertisements for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement agencies with the information necessary for prosecution in the event of a cyber attack. The anonymized data and information collected in the server log files are, therefore, evaluated statistically and further with the aim of increasing data protection and data security in our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

6. Contact Options via the Website

The website of APLEMIS design & build AG i.G. contains information due to legal requirements that enable rapid electronic contact with our company as well as direct communication with us, including a general address for electronic mail (email address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data transmitted voluntarily by a data subject to the controller will be stored for the purpose of processing or contacting the data subject. There will be no disclosure of this personal data to third parties.

7. Contact Form and Email Contact

Our website contains a contact form that can be used for electronic contact. If a user utilizes this option, the data entered in the input mask will be transmitted to us and stored. This data includes:

Name*
Email Address*
Phone*

The data marked with * are mandatory fields. For the processing of the data, your consent is required during the submission process, and reference is made to this privacy policy. Alternatively, contact can also be made via the provided email address. In this case, the personal data transmitted with the email will be stored.

Please note: When you contact us via contact forms, personal data may be transmitted to service providers in third countries. These third countries do not have an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly having legal remedies. The security of the transmission is regularly secured through so-called standard contractual clauses, which ensure that the processing of personal data is subject to a security level equivalent to that of the GDPR. If the standard contractual clauses or Binding Corporate Rules are insufficient to establish an adequate level of security, your acknowledgment of the privacy policy in the context of the contact forms is deemed consent in accordance with Article 49 (1)(a) GDPR, justifying a data transfer to insecure third countries.

8. Routine Deletion and Blocking of Personal Data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or if this is provided for by the European legislator or another legislator in laws or regulations to which the controller is subject. If the purpose of storage no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely and in accordance with legal regulations blocked or deleted.

9. Rights of the Data Subject

a) Right to Confirmation

Every data subject has the right granted by the European legislator to obtain confirmation from the data controller as to whether or not personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they can contact our data protection officer or another employee of the data controller at any time.

b) Right to Access

Every data subject whose personal data is processed has the right granted by the European legislator to request free of charge information from the data controller about the personal data stored about them, as well as a copy of this information. Furthermore, the European legislator has granted the data subject the right to obtain information about the following:

The purposes of processing
The categories of personal data being processed
The recipients or categories of recipients to whom the personal data has been disclosed or will be disclosed, particularly in the case of recipients in third countries or international organizations
If possible, the planned duration for which the personal data will be stored, or, if not possible, the criteria for determining this duration
The existence of the right to rectification or erasure of personal data concerning them or to restriction of processing by the controller, or the existence of the right to object to such processing
The existence of a right to lodge a complaint with a supervisory authority
If the personal data is not collected from the data subject: all available information about the source of the data
The existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR, and — at least in these cases — meaningful information about the logic involved, as well as the significance and the intended consequences of such processing for the data subject
Furthermore, the data subject has the right to know whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards relating to the transfer.

If a data subject wishes to exercise this right to access, they can contact our data protection officer or another employee of the data controller at any time.

c) Right to Rectification

Every data subject whose personal data is processed has the right granted by the European legislator to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data — also by means of a supplementary statement — taking into account the purposes of the processing. If a data subject wishes to exercise this right to rectification, they can contact our data protection officer or another employee of the data controller at any time.

d) Right to Erasure (Right to be Forgotten)

Every data subject whose personal data is processed has the right granted by the European legislator to request the data controller to erase personal data concerning them without delay, provided that one of the following grounds applies and the processing is not necessary:

The personal data has been collected or otherwise processed for purposes that are no longer necessary.
The data subject revokes their consent on which the processing is based according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
The personal data has been unlawfully processed.
The erasure of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If one of the aforementioned grounds applies and a data subject wishes to request the erasure of personal data stored at APLEMIS design & build AG i.G., they can contact our data protection officer or another employee of the data controller at any time. The data protection officer of APLEMIS design & build AG i.G. or another employee will ensure that the erasure request is complied with promptly.

If the personal data has been made public by APLEMIS design & build AG i.G. and our company is obligated as a controller pursuant to Article 17(1) GDPR to erase the personal data, APLEMIS design & build AG i.G. will take reasonable measures, including technical measures, to inform other controllers processing the published personal data that the data subject has requested the erasure of all links to such personal data or of copies or replications of such personal data, unless the processing is necessary. The data protection officer of APLEMIS design & build AG i.G. or another employee will arrange for the necessary actions on a case-by-case basis.

e) Right to Restriction of Processing

Every data subject whose personal data is processed has the right granted by the European legislator to request the restriction of processing from the controller if one of the following conditions is met:

The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful, and the data subject opposes the erasure of the personal data and requests instead the restriction of its use.
The controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the establishment, exercise, or defense of legal claims.
The data subject has objected to the processing pursuant to Article 21(1) GDPR, and it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met and a data subject wishes to request the restriction of personal data stored at APLEMIS design & build AG i.G., they can contact our data protection officer or another employee of the data controller at any time. The data protection officer of APLEMIS design & build AG i.G. or another employee will arrange for the restriction of processing.

f) Right to Data Portability

Every data subject whose personal data is processed has the right granted by the European legislator to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data has been provided, provided that the processing is based on consent according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract according to Article 6(1)(b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, the data subject has the right, in exercising their right to data portability according to Article 20(1) GDPR, to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others. To exercise the right to data portability, the data subject can contact the data protection officer appointed by APLEMIS design & build AG i.G. or another employee at any time.

g) Right to Object

Every data subject whose personal data is processed has the right granted by the European legislator to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them, which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

APLEMIS design & build AG i.G. will no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or the processing is for the establishment, exercise, or defense of legal claims.

If APLEMIS design & build AG i.G. processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing purposes. This also applies to profiling, insofar as it is related to such direct marketing. If the data subject objects to the processing for the purposes of direct marketing, APLEMIS design & build AG i.G. will no longer process the personal data for these purposes. Furthermore, the data subject has the right, on grounds relating to their particular situation, to object to the processing of personal data concerning them that is processed by APLEMIS design & build AG i.G. for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject can directly contact the data protection officer of APLEMIS design & build AG i.G. or another employee. The data subject is also free to exercise their right to object by automated means in relation to the use of information society services, notwithstanding Directive 2002/58/EC, using technical specifications.

h) Automated Decisions in Individual Cases Including Profiling

Every data subject whose personal data is processed has the right granted by the European legislator not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the controller, or (2) is permitted by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the explicit consent of the data subject.

If the decision (1) is necessary for entering into or performance of a contract between the data subject and the controller, or (2) is based on the explicit consent of the data subject, APLEMIS design & build AG i.G. will implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and contest the decision.

If a data subject wishes to exercise rights concerning automated decisions, they can contact our data protection officer or another employee of the data controller at any time.

i) Right to Withdraw Data Protection Consent

Every data subject whose personal data is processed has the right granted by the European legislator to withdraw consent to the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they can contact our data protection officer or another employee of the data controller at any time.

10. Data Protection in Applications and the Application Process

The data controller collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing may also occur electronically. This is particularly the case when an applicant submits corresponding application documents electronically, for example, via email or through a web form available on the website. If the data controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with legal regulations. If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that there are no other legitimate interests of the data controller opposing deletion. Other legitimate interests in this sense include, for example, an obligation to provide evidence in a procedure according to the General Equal Treatment Act (AGG).

11. Web Analysis through HubSpot

We use HubSpot's services on this website for various purposes. HubSpot is a software company based in the USA with a branch in Ireland.

Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

HubSpot is an integrated software solution with which we cover various aspects of our online marketing. This includes, among other things: email marketing, social media publishing & reporting, reporting, contact management (e.g., user segmentation & CRM), landing pages, and contact forms.

Our registration service allows visitors to our website to learn more about our company, download content, and provide their contact information along with other demographic information. This information, as well as the contents of our website, are stored on the servers of our software partner HubSpot. They can be used by us to contact visitors to our website and to determine which services of our company are of interest to them. All information collected by us is subject to this privacy policy. We use all collected information solely to optimize our marketing measures.

More information about HubSpot's privacy policies
More information from HubSpot regarding EU data protection regulations
More information about cookies used by HubSpot

As part of optimizing our marketing measures, the following data may be collected and processed through HubSpot:

Geographical location
Browser type
Navigation information
Referrer URL
Performance data
Information on how often the application is used
Mobile app data
Login credentials for the HubSpot subscription service
Files displayed on-site
Domain names
Viewed pages
Aggregated usage
Operating system version
Internet service provider
IP address
Device identification
Duration of the visit
Source from which the application was downloaded
Operating system
Events occurring within the application
Access times
Clickstream data
Device model and version

In addition, we also use HubSpot to provide contact forms. Further information on this can be found in subsection VIII of this privacy policy.

The legal basis for processing is your consent pursuant to Article 6(1)(a) GDPR. If you do not wish for the aforementioned data to be collected and processed through HubSpot, you may refuse your consent or revoke it at any time with effect for the future.

Personal data will be retained as long as it is necessary to fulfill the processing purpose. The data will be deleted as soon as it is no longer required for the purpose.

As part of processing via HubSpot, data may be transferred to the USA. The security of the transfer is secured through so-called standard contractual clauses, which ensure that the processing of personal data is subject to a security level equivalent to that of the GDPR. If the standard contractual clauses are insufficient to establish an adequate level of security, your consent under Article 49(1)(a) GDPR may serve as the legal basis for the transfer to third countries. Please refer to subsection Contact Form and Email Contact for more information.

12. Data Protection Provisions on the Use and Application of Facebook

The data controller has integrated components from the company Facebook on this website. Facebook is a social network. A social network is an online social meeting point, a virtual community that typically allows users to communicate with each other and interact in the virtual space. A social network can serve as a platform for exchanging opinions and experiences or allows the online community to provide personal or business-related information. Facebook enables users of the social network, among other things, to create personal profiles, upload photos, and network through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

For the processing of personal data, the data controller is, if a data subject resides outside the USA or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With every call to one of the individual pages of this website operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. An overview of all Facebook plug-ins can be retrieved at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical procedure, Facebook becomes aware of which specific subpage of our website is being visited by the data subject.

If the data subject is simultaneously logged into Facebook, Facebook recognizes with each call of our website by the data subject and during the entire duration of the respective stay on our website, which specific subpage of our website the data subject is visiting. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated on our website, for example, the "Like" button, or comments, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook receives information about the visit of the data subject to our website whenever the data subject is logged into Facebook at the time of the call to our website; this occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of this information to Facebook is not desired by the data subject, they can prevent the transmission by logging out of their Facebook account before accessing our website. The data policy published by Facebook, which can be accessed at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. Furthermore, it explains what settings Facebook offers to protect the privacy of the data subject. Additionally, various applications are available that allow the suppression of data transmission to Facebook, such as the Facebook Blocker from the provider Webgraph, which can be obtained at http://webgraph.com/resources/facebookblocker/. Such applications can be used by the data subject to suppress data transmission to Facebook.

Additional details regarding Google’s data protection practices can be found on their privacy policy pages.

13. Data Protection Provisions Regarding the Use of Google Analytics (with Anonymization Function)

The data controller has integrated Google Analytics (with anonymization) into this website. Google Analytics is a web analytics service that collects, gathers, and analyzes data about visitors' behaviors on websites. This service captures data such as the referring website from which a user arrived, the subpages accessed, and the frequency and duration of views on specific pages. Web analysis primarily aims to optimize the website and conduct cost-benefit analyses of online advertising.

The operator of the Google Analytics component is Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

To ensure privacy compliance, the data controller employs the “gat.anonymizeIp” add-on for Google Analytics. This add-on shortens and anonymizes the IP address of the user's internet connection when accessing our website from a member state of the European Union or from another signatory of the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor traffic on our website. Google uses the collected data to evaluate website usage and generate online reports detailing activities on our site, along with other related services. When a user visits a page that contains a Google Analytics component, their web browser is automatically prompted to send data to Google for online analysis. This process allows Google to collect personal data, such as the user's IP address, which helps track visitor origins and clicks for commission calculations.

The cookie stores personal information, such as access times, the location of access, and the frequency of visits to our website by the user. Each time a user visits our website, this personal data, including the user's IP address, is transmitted to Google in the United States and stored there.

Google may share the personal data collected through this technical process with third parties. Users can prevent the setting of cookies by adjusting their browser settings to permanently refuse cookies. This action would also prevent Google from placing a cookie on the user's device. Additionally, users can delete any cookies already set by Google Analytics through their browser or other software programs.

Users can also object to the collection and processing of their data by Google Analytics. To do this, they must download and install a browser add-on available at this link. This add-on communicates with Google Analytics via JavaScript, indicating that no data should be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the user's device is later deleted, formatted, or reinstalled, they must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or disabled by the user or someone under their control, it can be reinstalled or reactivated.

Further information and the applicable privacy policies of Google can be accessed at this link and this link. More details on Google Analytics can be found at this link.

14. Data Protection Provisions Regarding the Use of Google AdWords

The data controller has integrated Google AdWords into this website. Google AdWords is an online advertising service that allows advertisers to display ads in Google’s search results as well as across the Google advertising network. Advertisers can set specific keywords to ensure that their ads only appear when users search for those keywords. Within the Google advertising network, ads are distributed to relevant websites using an automated algorithm that considers the predefined keywords.

The operator of the Google AdWords services is Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to promote our website by displaying relevant ads on third-party websites and in Google’s search results, along with displaying third-party ads on our website.

When a user arrives at our website via a Google ad, Google places a so-called conversion cookie on the user’s device. Cookies were explained earlier. The conversion cookie expires after thirty days and does not identify the individual user. If the cookie is still valid, it helps track whether specific subpages, such as the shopping cart of an online store, have been accessed. Both we and Google can track whether a user who visited our site through an AdWords ad generated a sale, such as completing or abandoning a purchase.

The data and information collected through the conversion cookie are used by Google to create visit statistics for our website. We use these statistics to determine the total number of users referred to us via AdWords ads, allowing us to evaluate the success or failure of each AdWords campaign and optimize future ads.

Neither our company nor other Google AdWords advertisers receive information from Google that would allow the identification of an individual user. The conversion cookie stores personal information such as the pages visited by the user. Therefore, personal data, including the IP address of the user's internet connection, are transmitted to Google in the United States with each visit to our website.

This personal data is stored by Google in the United States. Google may share the personal data collected through this technical process with third parties. Users can prevent cookies from being set by adjusting their browser settings, thereby permanently opposing the use of cookies. This adjustment will also prevent Google from placing a conversion cookie on the user's device. Additionally, any cookies already set by Google AdWords can be deleted at any time using the browser or other software programs.

Furthermore, users can opt out of interest-based advertising by Google. To do this, they need to access this link from each browser they use and adjust the desired settings.

Further information and applicable privacy policies from Google can be found at this link.

15. Data Protection Provisions Regarding the Use of LinkedIn

The data controller has integrated components from LinkedIn Corporation into this website. LinkedIn is an internet-based social network that allows users to connect with existing business contacts and establish new ones. With over 400 million registered users across more than 200 countries, LinkedIn is currently the largest platform for business connections and one of the most visited websites globally.

The operating company of LinkedIn is LinkedIn Corporation, located at 2029 Stierlin Court, Mountain View, CA 94043, USA. For data protection matters outside the USA, LinkedIn Ireland is responsible, located at Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Whenever a user accesses our website equipped with a LinkedIn component (LinkedIn plug-in), this component prompts the user's browser to download the corresponding representation of the LinkedIn component. More information about LinkedIn plug-ins can be found at LinkedIn Developer. Through this technical process, LinkedIn becomes aware of which specific page of our website the user is visiting.

If the user is logged into LinkedIn at the time of accessing our website, LinkedIn recognizes which specific page the user is viewing during their entire visit. This information is collected by the LinkedIn component and linked to the user's LinkedIn account. If the user interacts with a LinkedIn button integrated into our website, LinkedIn associates this information with the user’s personal LinkedIn account and stores this personal data.

LinkedIn receives information about the user visiting our website whenever the user is logged into LinkedIn, regardless of whether the user clicks on the LinkedIn component. If the user does not wish for this information to be transmitted to LinkedIn, they can prevent the transmission by logging out of their LinkedIn account before visiting our website.

LinkedIn provides options to unsubscribe from email notifications, SMS messages, and targeted ads, as well as to manage ad settings at LinkedIn Guest Controls. LinkedIn also partners with companies like Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may set cookies. Users can decline these cookies by visiting LinkedIn’s Cookie Policy. The applicable privacy policy from LinkedIn can be found at LinkedIn Privacy Policy.

16. Retargeting with LinkedIn

We utilize LinkedIn’s retargeting tool and conversion tracking through LinkedIn Ireland, located at Wilton Plaza, Wilton Place, Dublin 2, Ireland.

To this end, our website incorporates the LinkedIn Insight Tag, which allows LinkedIn to collect statistical data about your visit and use of our website, providing us with corresponding aggregated statistics.

Additionally, this service displays interest-specific and relevant offers and recommendations after you have explored certain services, information, and offers on the website. Related information is stored in a cookie. Further details about data processing can be found in LinkedIn’s privacy policy.

Typically, the following data is collected and processed:

IP address
Device information
Browser information
Referrer URL
Timestamp

The legal basis for processing is your consent according to Article 6(1)(a) of the GDPR. If you do not want the mentioned data to be collected and processed through LinkedIn, you may refuse your consent or withdraw it at any time for the future.

Personal data will be retained as long as necessary to fulfill the processing purpose. Data will be deleted once it is no longer required for this purpose.

Data may be transferred to the USA and Singapore during processing via LinkedIn. The security of the transmission is regularly ensured through standard contractual clauses, which guarantee that the processing of personal data adheres to a security level that corresponds with GDPR standards. If the standard contractual clauses are insufficient to ensure an adequate security level, consent will be obtained in advance through the consent management system Usercentrics, in accordance with Article 49(1)(a) of the GDPR.

17. Data Protection Provisions Regarding the Use of Xing

The data controller has integrated components from Xing into this website.

Xing is an internet-based social network that enables users to connect with existing business contacts and establish new ones. Individual users can create personal profiles, and companies can create business profiles or post job offers on Xing.

The operating company of Xing is XING AG, located at Dammtorstraße 30, 20354 Hamburg, Germany.

Each time a user accesses one of the individual pages of this website, which includes a Xing component (Xing plug-in), the user's browser is automatically prompted by the Xing component to download the corresponding representation from Xing. More information about the Xing plug-ins can be found at Xing Developer. Through this technical process, Xing becomes aware of which specific page of our website is being visited by the user.

If the user is logged into Xing at the time of visiting our website, Xing recognizes which specific page the user is viewing throughout their entire visit. This information is collected by the Xing component and linked to the user's Xing account. If the user clicks on an integrated Xing button on our website, such as the "Share" button, Xing associates this information with the user's personal Xing account and stores this personal data.

Xing receives information about the user visiting our website whenever the user is logged into Xing, regardless of whether they interact with the Xing component. If the user does not want this information to be transmitted to Xing, they can prevent transmission by logging out of their Xing account before visiting our website.

The privacy policy published by Xing, which can be accessed at Xing Privacy Policy, provides insights into the collection, processing, and use of personal data by Xing. Additionally, Xing has published privacy information regarding the XING Share Button at Xing Share Button Data Protection.

18. Legal Basis for Processing

Article 6(1)(a) of the GDPR serves as the legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfillment of a contract to which the data subject is a party, such as in processing operations required for the delivery of goods or the provision of other services or considerations, the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations required for the performance of pre-contractual measures, for example, in cases of inquiries regarding our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as fulfilling tax obligations, the processing is based on Article 6(1)(c) of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and their name, age, health insurance details, or other vital information needed to be shared with a doctor, a hospital, or other third parties. In such cases, the processing would be based on Article 6(1)(d) of the GDPR. Ultimately, processing operations may be based on Article 6(1)(f) of the GDPR, which covers processing activities that are not captured by any of the aforementioned legal bases, provided the processing is necessary for the protection of legitimate interests pursued by our company or a third party, unless the interests, fundamental rights, and freedoms of the data subject override those interests.

Such processing activities are permitted, particularly because they are specifically mentioned by the European legislator. It is held that a legitimate interest may be presumed when the data subject is a customer of the controller (Recital 47 Sentence 2 of the GDPR).

19. Legitimate Interests in Processing Pursued by the Controller or a Third Party

If the processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest is to conduct our business activities for the benefit of all our employees and stakeholders.

20. Duration of Personal Data Storage

The duration for which personal data is stored is determined by the applicable legal retention periods. Once this period has elapsed, the corresponding data is routinely deleted, provided it is no longer necessary for contract fulfillment or pre-contractual purposes.

21. Legal or Contractual Obligations for Providing Personal Data

The provision of personal data is often necessary for contract formation. The affected person is obligated to provide personal data, which may be required to fulfill legal obligations (e.g., tax regulations) or arise from contractual arrangements (e.g., details about the contractual partner). If a person wishes to enter into a contract with us, they must provide personal data that we subsequently process. Failure to provide the required personal data could result in the inability to enter into a contract with the affected person. Before providing personal data, the affected individual must contact our Data Protection Officer (DPO). The DPO will clarify whether the provision of personal data is legally or contractually required, whether there is an obligation to provide the data, and the consequences of not providing the data.

22. SSL Encryption

This site utilizes SSL encryption to ensure the security and protection of confidential content, such as requests sent to us as the site operator. An encrypted connection is recognizable by the change of the browser address bar from "http://" to "https://" and the padlock symbol in the browser bar.

When SSL encryption is enabled, the data transmitted to us cannot be read by third parties.

23. Objection to Advertising Emails

We hereby object to the use of contact information published as part of the legal notice for the purpose of sending unsolicited advertising and informational materials. The operators of this site expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam emails.

24. Existence of Automated Decision-Making

As a responsible company, we do not engage in automated decision-making or profiling.

25. Credit Check

If we extend credit, such as payment on invoice, we reserve the right to obtain a credit report from a public or private credit agency.

For this purpose, we transmit the necessary personal data and use the information received to assess the statistical likelihood of payment default. This serves to make decisions regarding the establishment, execution, or termination of the contractual relationship.

The legitimate interests are considered in accordance with legal provisions. The data processing serves the purpose of credit assessment for contract initiation and is based on Article 6(1)(f) of the GDPR, which concerns the legitimate interest in protection against payment default when we provide advance payment.

You have the right to object to this processing for reasons related to your specific situation by notifying us.

The processing is necessary for contract formation with payment on invoice. Failure to provide this data may result in the inability to conclude the contract using your chosen payment method.

26. Changes to This Privacy Policy

The evolution of the internet and our online offerings may affect the handling of personal data. Therefore, we reserve the right to amend this privacy policy in accordance with applicable data protection laws and to adapt it to changes in data processing realities.

We recommend that you periodically visit our website to become aware of any updates to our privacy policy.

27. Whistleblower Notice

Our values are the foundation of a good partnership. The whistleblower system of APLEMIS design & build AG i.G. is open to all employees, business partners, customers, and other third parties for reporting concrete or potential legal violations. This allows for the early identification, addressing, and, if necessary, appropriate remedial actions for risks.

Confidentiality and the protection of whistleblowers are our top priorities.

As of January 2024