Book a demo
Book a demo now

Privacy Policy

A. Data Controller

EDGITAL GmbH
Alfredstraße 236
45133 Essen

info@hochtief.de

B. Data Protection Officer

You can reach the Data Protection Officer at datenschutz@hochtief.de or by mail at the above address, with the addition “Data Protection.”

C. Purposes and Legal Bases of Processing

In the course of our activities, we process personal data of different data subjects (e.g., website and app users, customers, contract partners) as far as is legally permissible. We inform you about the purposes and legal bases as well as further details of each processing in an orderly manner according to the different processing situations in the lower part of this privacy policy.

D. Recipients

Depending on the respective processing situation, your personal data is not only processed by the controller but also by third parties. Possible recipients include especially processors (e.g., web hosting, software providers, and other technical service providers) as well as third-party providers of online services and content. You can find details in the notes on the respective processing.

E. Third Country Transfer

We generally process your personal data only within the EU. You will be informed separately about possible third-country transfers during the respective processing operation.

If a transfer is based on an adequacy decision according to Art. 45 GDPR, you can find an overview of existing EU adequacy decisions under this link (https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/…
If a transfer is based on the EU Commission’s standard contractual clauses according to Art. 46 para. 2 lit. c GDPR, you can find the related implementation decision, which contains the contractual clauses, under this link (https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=de).

F. Storage Duration

Personal data is stored as long as required by the purpose, we are legally obliged to retain it, or other legal reasons justify further processing. Personal data is deleted as soon as the purpose of processing ceases to exist or another deletion ground according to Art. 17 para. 1 GDPR arises (e.g., revocation of consent) and no exception to the deletion obligation according to Art. 17 para. 3 GDPR applies. Data in a user account is usually stored as long as the respective project lasts and the customer needs the corresponding access. When a user account is deleted, all immediately personal data is removed. The user account is technically retained in a locked form for 30 days after a deletion request until a final deletion occurs. Internal reference IDs (e.g., creator ID) may be retained in existing objects. These cannot be related to a person after the user account has been deleted.

G. Data Subject Rights

As a data subject, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restrict processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)

H. Right to Object (Art. 21 GDPR)

You have the right to object at any time, for reasons arising from your special situation, against the processing of your personal data based on Art. 6 para. 1 sentence 1 lit. f GDPR. We will then no longer process your personal data, unless there are compelling legitimate grounds that outweigh your protection interests, or the processing serves to assert, exercise, or defend legal claims.

You can object to the processing of your data for direct marketing purposes and any associated profiling without giving reasons.

I. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority according to Art. 77 GDPR.

J. Withdrawal of Consent

You have the right, according to Art. 7 para. 3 sentence 1 GDPR, to withdraw a given consent for data processing under Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR at any time with effect for the future informally (e.g., by email, phone). The lawfulness of processing until the withdrawal is not affected by this.

K. Obligation to Provide

You are not obligated to provide your personal data.

If the legal basis of the respective processing is Art. 6 para. 1 sentence 1 lit. b GDPR, your personal data is necessary for contract fulfillment or concluding a contract. Without providing your personal data, contract conclusion and its fulfillment in such cases are not possible.

If personal data is not made available in cases where processing according to Art. 6 para. 1 sentence 1 lit. a GDPR (consent) or Art. 6 para. 1 sentence 1 lit. f GDPR (balancing of interests) is concerned, the use of respective services and offers is not possible.

L. Automated Individual Decision-Making Including Profiling

Automated individual decision-making including profiling does not occur.

M. Processing Operations

a. Provision of the Website or (Web-)App “Datahub”

  • Processing purpose: Provision, functionality, and optimization of the website, information security, contract performance.
  • Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR, Art. 6 para. 1 sentence 1 lit. b, f GDPR
  • Legitimate interests, if applicable: Communication and interaction with contract partners, provision of various data within contract performance, integrity of digital systems (IT security)
  • Data categories: Connection data (e.g., IP address, connection time), usage data (e.g., access times)
  • Data recipients: IT service providers
  • Intended third-country transfer: no

b. Contact and Communication

  • Processing purpose: Customer and user support
  • Legal basis: Art. 6 para. 1 sentence 1 lit. b, f GDPR
  • Legitimate interests, if applicable: User support
  • Data categories: Master data, contact data, content data (of emails), usage data (e.g., contact history) and connection data (e.g., IP address)
  • Data recipients: IT service providers
  • Intended third-country transfer: no

c. User Account

  • Processing purpose: Creation and maintenance of a user account
  • Legal basis: Art. 6 para. 1 sentence 1 lit. b, f GDPR
  • Legitimate interest, if applicable: Optimized provision of the user account environment
  • Data categories: Master data, contact data, email address, connection data, content data, usage data
  • Data recipients: IT service providers
  • Intended third-country transfer: no

d. Documentation and Storage

  • Processing purpose: Legal matters and compliance
  • Legal basis: Art. 6 para. 1 sentence 1 lit. b, f GDPR
  • Data categories: Master data, contact data, connection data, content data
  • Data recipients: IT service providers, authorities and public bodies, legal and tax advisers, if applicable
  • Intended third-country transfer: no

e. Content-Delivery-Network (CDN) and Data Hosting

  • Processing purpose: Provision of content of the (web-)app
  • Legal basis: Art. 6 para. 1 sentence 1 lit. b, f GDPR
  • Legitimate interests, if applicable: Proper provision of content data in the (web-)app (e.g., maps and evaluations for customers).
  • Data categories: Connection data, content data, login data
  • Data recipients: IT service providers
  • Intended third-country transfer: In individual cases USA (adequacy decision and additional standard contractual clauses).

f. Crash Reporting, Technical Logging

  • Processing purpose: Ensuring functionality and integrity of the application (mobile and browser), troubleshooting
  • Legal basis: Art. 6 para. 1 sentence 1 lit. b, f GDPR
  • Legitimate interests, if applicable: Maintaining app functionality, error checking and troubleshooting
  • Data categories: Connection data, content data, device ID, information about used app version, operating system (Android version, iOS version) and display data such as screen resolution
  • Data recipients: IT service providers
  • Intended third-country transfer: no
  • Storage duration: App logs are stored for 31 days.

g. Microsoft Clarity (cookie-based)

  • Processing purpose: Ensuring functionality of the app, identifying optimization potential
  • Legal basis: Art. 6 para. 1 sentence 1 lit. b, f GDPR
  • Data categories: Access times, IP addresses, cursor/scroll movements
  • Data recipients: IT service providers
  • Intended third-country transfer: In individual cases USA (adequacy decision and additional standard contractual clauses between data exporter and data recipient).

h. Openstreetmap (Map Retrieval)

  • Processing purpose: Provision of map material through download (“Tiles”)
  • Legal basis: Art. 6 para. 1 sentence 1 lit. b, f GDPR
  • Legitimate interest, if applicable: Optimized provision of map services
  • Data categories: IP address
  • Data recipients: IT service providers
  • Third-country transfer: In individual cases USA (adequacy decision and additional standard contractual clauses between data exporter and data recipient).

EDGITAL GmbH
Alfredstraße 236
45133 Essen
GERMANY

Information
About EDGITAL
Legal matters
Contact us

© All Rights Reserved.

Newsletter registration

Stay in contact.

Register now for the free EDGITAL newsletter and receive all the latest news about EDGITAL.

Register now

Newsletter registration