Privacy Statement

PRIVACY POLICY ACCORDING TO THE EU-DATA PROTECTION REGULATION


The following privacy policy provides an overview of the collection and processing of your data and your RIGHTS OF OBJECTION

With the following information, we would like to give you an overview of the processing of your personal data by us and your rights under the data protection law. You can find out which data are processed in detail and how they are used in the following explanations.
The following privacy policy applies in particular to clients, interested parties, contractors, and authorised persons/authorised representatives. Therefore, not all parts of this information may apply to you.

1. Who is responsible for this data processing and who can I contact?

a. Who we are
ARCUS Planung + Beratung Bauplanungsgesellschaft mbH, together with affiliated companies and companies with which it has a shareholding, provides architectural and engineering as well as technical planning, plant engineering and environmental and process engineering services on behalf of clients, property owners, plant operators and is also active in the real estate and project development business.
ARCUS Planung + Beratung Bauplanungsgesellschaft mbH, the affiliated companies and companies with which it has a shareholding, are referred to, without further legal significance, only for this document for the sake of simplification jointly as “ARCUS” or “ARCUS Group”. These companies include among others

  • ARCUS Planung + Beratung GmbH & Co. Hochbauplanung KG in Cottbus
  • ARCUS Planung + Beratung GmbH & Co. Projektmanagement KG in Cottbus
  • ARCUS Planung + Beratung GmbH & Co. Infrastrukturplanung KG in Cottbus
  • ARCUS Planung + Beratung GmbH & Co. Ingenieurbau- und Tragwerksplanung KG in Cottbus
  • ARCUS Planung + Beratung GmbH & Co. Service KG in Cottbus
  • ARCUS Planung + Beratung GmbH & Co. Technische Planung KG in Cottbus
  • ARCUS Planung + Beratung GmbH & Co. Umwelttechnik und Vermessung KG
  • ARCUS Planung + Beratung GmbH & Co. Mitteldeutsche Projekt KG
  • ARCUS Planung + Beratung GmbH & Co. Architekten und Ingenieure Essen KG
  • ARCUS Technologie GmbH & Co. GTL Projekt KG
  • ARCUS Planung + Beratung Beteiligungsgesellschaft mbH
  • ARCUS Consult Kiev
  • ARCUS Consult Zielona Gora


And
BSC Bauplanung Sachsen Consult GmbH and associated companies, www.bsc-bauplanung.de
A complete overview of the companies involved in the individual case can be provided if you have a legitimate interest.

b. The data controller is:
ARCUS Planung + Beratung Bauplanungsgesellschaft mbH, Vetschauer Straße 13, 03048 Cottbus
Email: arcus@arcus-pb.de
www.arcus-pb.de

c. Who can I contact:
You can contact our company data protection officer at:

ARCUS Planung + Beratung Bauplanungsgesellschaft mbH, Vetschauer Straße 13, 03048 Cottbus

Data protection officer
Email: datenschutz@arcus-pb.de
www.arcus-pb.de

2. Which sources and data do we use?

We collect your personal data when you contact us, e.g. as an interested party, applicant, client, contractor or authorised representative / agent, meaning: Especially if you are interested in our services, inquire or submit offers or if you want to use or have used our products and services in the context of an existing or existing business relationship. Furthermore, we process personal data, as far as necessary for the provision of our service, which we legitimately obtain from publicly available sources (e.g. debtor directories, land registers, company trade and association registers, press, internet) or which we obtain from other companies of the ARCUS Group or any other third party.
Relevant personal data in the recruitment process, when collecting master data, in the course of an authorisation, etc. may be personal (name, address and other contact details, date and place of birth and nationality), personal data may be used, legitimisation data (e.g. ID data), authentication data (e.g. signature sample), tax ID and data about the assets entrusted to us for processing.
In addition, these can also include order data (e.g. planning order, data about your property, your construction project, your technical equipment, etc.), data from the fulfilment of our contractual obligations (for example, accounting data, payment transaction data), Information about your financial situation (e.g. credit ratings, scoring/rating data, origin of assets), information and logging of knowledge and/or experience, (suitability/adequacy test), advertising and sales data, documentation data (e.g. consulting protocols, emails etc.) and other data comparable to the above categories.

What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the Federal Data Protection Act:
a. To fulfil contractual obligations (Article 6 para. 1 lit. b of the GDPR)
The processing of data takes place for the provision of architectural and engineering services as well as services in real estate and real estate matters, including letting and leasing in the context of the execution of our contracts with our clients or for the performance of pre- or post-contractual measures, which arise on request (e.g. of interested parties). The purposes of the data processing depend primarily on the specific service (e.g. planning monitoring, appraisal, renting, leasing, sale) and may include, but are not limited to, needs analysis, consulting and the execution of transactions. Further details on the data processing purposes can be found in the relevant contract documents and terms and conditions.

b. In the context of the balance of interests (Article 6 para. 1 lit. f of the GDPR)


Insofar as it is required, we shall process your data beyond the actual fulfilment of the contract in order to protect our legitimate interests or those of third parties. Examples:

  • Consultation of credit bureaus (e.g. SCHUFA or CREDITREFORM) to identify credit and default risks
  • Examination and optimisation of needs analysis procedures for direct customer approach
  • Advertising or market and opinion research, provided that you have not objected to the use of your data
  • Assertion of legal claims and defence in legal disputes,
  • Ensuring IT security and IT operations or our company;
  • Prevention and investigation of criminal offenses,
  • Video surveillance to safeguard the access rights of the premises, to collect evidence in case of robbery and fraud
  • Measures for building and system safety (e.g. access control)
  • Measures to ensure the access rights of the premises,
  • Measures for the control of the company and further development of services and products,
  • Risk control in the ARCUS Group


c. On the basis of your consent (Article 6 para. 1 lit.a of the GDPR)
Insofar as you have given us consent to the processing of personal data for specific purposes (e.g. disclosure of data in the ARCUS Group, evaluation of order, accounting and payment transaction data), the legality of this processing is based on your consent. You may revoke your consent at any time. This also applies to the revocation of consent given us before the coming into effect of the GDPR, therefore before 25 May 2018. The revocation of consent does not affect the lawfulness of the data processed until the revocation.

d. On the basis of legal requirements (Article 6 para. 1 lit. c of the GDPR) or in the public interest (Article 6 para. 1 lit. e of the GDPR)
In addition, we are subject to various legal obligations, i.e. legal requirements (e.g. protection laws in relation to our services, labour and social laws, money laundering law, tax laws) as well as accident prevention regulations and building authority regulations. The purposes of the processing include, among others, identity and age checks, fraud and money laundering prevention, the fulfilment of labour and tax law controls and reporting obligations as well as the evaluation and management of risks in the company and in the ARCUS Group.

4. Who will receive my data?

Within the company, those persons gain access to your data, who need them to fulfil our contractual and legal obligations. Also, service providers and vicarious agents contracted by us may also receive data for these purposes, provided they keep banking secrecy. These are companies in the categories of architectural and engineering services, technical planning. Plant engineering and process engineering as well as real estate service and project development, IT services, logistics, printing services, telecommunications, consulting and consulting as well as sales and marketing.
With regard to the data transfer to recipients outside our company, it should first be noted that we are generally obligated within the scope of the contract to maintain confidentiality regarding client related facts and assessments, which we are aware of.
We shall only pass on information about you if legal regulations require it, if you have given your consent or if we are authorised to provide information. Under these conditions, recipients of personal data, may be for example:

  • Public authorities and institutions (e.g. tax authorities, social authorities and insurance companies, law enforcement authorities) in the presence of a legal, regulatory or contractual obligation.
  • Other persons involved in the processing of your affairs, companies, government agencies or similar entities to whom we provide personal information in order to conduct the business relationship with you (depending on the contract, e.g. building supervisory authorities, registration authorities and agencies, insurance companies, in particular with regard to the company liability insurance concluded and maintained in your interest as well as the vicarious agents named by you)
  • Other companies in the ARCUS Group for the purpose of order processing, risk control or due to legal or regulatory obligations.

Other data recipients may be those for whom you have given us your consent for the data transfer or for whom you have released us from the data protection according to the agreement or consent.

5. Are data transmitted to a third country or to an international organisation?

A transfer of data to offices in countries outside the European Economic Area (so-called third countries) takes place, insofar as

  • it is necessary for the execution of your orders (e.g. orders abroad or with reference to other countries),
  • it is required by law (e.g. labour social or tax reporting obligations)
  • or

  • you have given us your consent.


In addition, ARCUS does not provide any personal information to third country or international organisations. ARCUS, however, uses service providers for certain tasks, most of whom also use service providers who may have their headquarters, parent company or data centre in a third country. Transmission is permitted if the European Commission has decided that an adequate level of protection exists in a third country (Article 45 of the GDPR). If the Commission has not made such a decision, ARCUS or the service provider may only transfer personal data to service providers in a third country, insofar as appropriate safeguards are provided for (standard data protection clauses adopted by the Commission or the supervisory authority in a given procedure) and enforceable rights and effective remedies are available. ARCUS has also contractually agreed with its service providers that the bases for data protection shall always be concluded with their contractual partners in compliance with the European data protection level.
Upon request, ARCUS will provide you with a copy of the standard data protection clauses with the named service providers.

6. How long will my data be stored?

We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations or as long as you are authorised to represent the respective (natural/legal) person towards us. It should be noted that our business relationship can be a contractual obligation, which may last for years.
If the data are no longer required for the fulfilment of contractual or legal obligations, they shall be deleted on a regular basis, unless their temporary retention is necessary for the following purposes:

  • Fulfilment of supervisory, commercial, social and tax retention obligations: These are the Building Code (BauGB) and the Building regulations (BauO), the Commercial Code (HGB), the Social Code (SGB), the Tax Code (AO), the Money Laundering Act (GwG). The retention periods for storage and documentation specified there are two to ten years, in individual cases also 30 years
  • Preservation of evidence in the context of the legal statute of limitations. According to §§ 195 ff. of the Civil Code (BGB), these statutes of limitation can be up to 30 years, whereas the regular limitation period is 3 years.

7. What data protection rights do I have?

You have different rights under the General Data Protection Regulation. Details can be found in particular in Articles 15 to 18 and 21 of the General Data Protection Regulation.
Any data subject is entitled to disclosure pursuant to Article 15 of the GDPR, has the right of correction pursuant to Article 16 of the GDPR, the right to erasure pursuant to Article 17 of the GDPR, the right to limitation of data processing pursuant to Article 18 of the GDPR, the right to objection pursuant to Article 21 of the GDPR, as well as the right to data portability pursuant to Article 20 of the GDPR. The right to disclosure and erasure is limited by the terms of §§ 34 and 35 of the Federal Data Protection Act. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 of the GDPR in connection with § 19 of the Federal Data Protection Act). Regarding the individual rights.
Right to information
You can request information about your personal data processed by us. In your request for information, you should specify your request in order to facilitate the compilation of the necessary data. Therefore, the application should contain as much information as possible on the specific cause (type and period of the data collection) and the procedural stage (e.g. initiation, order execution, closure).
Right to rectification
If the data concerning you are no longer correct, you may request a rectification. If your data are incomplete, you may request that they should be completed.
Right of erasure
You can request the deletion of your personal data. Your claim to deletion depends on whether the data concerning you are still needed by us to fulfil our statutory duties (see “How long do we store your data?”).
Right of restriction of processing
You have the right to request a limitation of the processing of the data concerning you. The restriction does not preclude processing insofar as there is an important public interest in the processing (e.g. legal and uniform taxation).
Right to object
You have the right, at any time, to object to the processing of your data for reasons that arise from your particular situation. However, we can not comply with this if there is an overriding public interest in the processing or a legal obligation requires us to process them (e.g. carrying out the taxation procedure, labour or social law proceedings, etc.).
Right to complain
If you believe that we have not or not fully fulfilled your request, you may lodge a complaint with the relevant data protection supervisory authority. The contact details of the data protection authorities of the federal and state governments can be found at www.datenschutz.de
General information about these rights
In some cases, we can not or are not allowed to fulfil your request. Insofar as this is legally permissible, we shall always inform you of the reason for the refusal.
However, we shall respond to you within one month of receiving your request. If we need more than a month for a final clarification, you will receive an interim message.

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of consent given us before the coming into effect of the GDPR, therefore before May 25 2018. Please note that such revocation is only with future effect. Processing that took place before the revocation is not affected by this.

8. Is there an obligation for me to provide data?

In the context of our business relationship you must provide the personal information necessary to enter into a business relationship and perform its contractual obligations, or that we are required to collect by law. Without these data we will generally not be able to conclude or execute the contract with you.

In particular, according to the money laundering regulations, we are obligated to identify you prior to establishment of the business relationship or establishment
of the right of representation/authorisation or during the current business relationship by means of your identity document and to collect and record the name, place of birth, date of birth, nationality, address and identity card data.
In order to comply with this legal obligation, you must provide us with the necessary information and documents upon request in accordance with the Money Laundering Act and immediately notify us of any changes resulting during the business relationship. If you do not provide us with the necessary information and documents, we may not take up or continue the business relationship you have requested or not establish or continue the right to representation/ authorisation desired by the respective person.

9. To what extent is there an automated decision making process?

We do not use fully automated decision making pursuant to Article 22 of the GDPR to establish and implement the business relationship. If we use these procedures in individual cases, we shall inform you about this separately, if this is required by law.

10. Does profiling take place?

We sometimes process your data automatically to evaluate certain personal aspects better. This data processing can be included under the technical term of profiling. For example, profiling can be used in the following cases:

  • Due to legal and regulatory requirements, we are committed to combating money laundering, the financing of terrorism and offenses endangering assets. Accordingly data evaluations (among others in payment transactions) are carried out. These measures also serve for your protection.
  • In order to provide you with information and advice on products and services, we use evaluation tools. These enable needs based communication and advertising including market and opinion research.
  • In the context of the assessment of your credit rating, scoring is used by the providers of such information. This calculates the probability that a client will fulfil the payment obligations in accordance with the contract. For example, the calculation may include income, expenses, existing liabilities, occupation, employer, duration of employment, past business experience, past repayment of the loan and information from credit reporting agencies. The scoring is usually based on mathematically statistically recognised and proven procedures. The calculated scores are intended to assist in decision making in the context of contracting and ongoing risk management.

RIGHT TO OBJECT

1. Case-by-case right of objection
You have the right at any time, for reasons arising out of your particular situation, to object to the processing of personal data concerning you pursuant to Article 6 para. 1 lit. e of the GDPR (Data processing in the public interest) and Article 6 para. 1 lit. f of the GDPR (Data processing on the basis of a balance of interests); this also applies to profiling based on the provision of Article 4 para. 4 of the GDPR. If you file an objection, we shall no longer process your data, unless we are able to provide proof of compelling and legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of exercising, enforcing or defending of legal rights.

2. Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data in order to operate direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct advertising purposes, your personal data shall no longer be processed for such purposes.
The objection can be lodged in any form and should be directed to:

ARCUS Planung + Beratung Bauplanungsgesellschaft mbH, Vetschauer Straße 13, 03048 Cottbus

Data protection officer
Email: datenschutz@arcus-pb.de
www.arcus-pb.de