Start widescreen image

Data privacy statement

Data Privacy Policy

Privacy policy of the Wayss & Freytag Ingenieurbau AG website

§ 1 Information on the collection of personal data

(1) In the following, we provide information about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour. In doing so, we would like to inform you about our processing procedures and at the same time fulfil our legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR).

(2) The controller pursuant to Art. 4 (7) GDPR is Wayss & Freytag Ingenieurbau AG, Eschborner Landstraße 130-132, 60489 Frankfurt, info@wf-ib.de (see our legal notice). You can contact our data protection officer at info@wf-ib.de or at our postal address with the addition ‘data protection officer’.

(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions. If the enquiry is assigned to a contract, we delete the data arising in this context after the contract period, otherwise after the storage is no longer required, or restrict the processing if there are statutory retention obligations.

(4) If we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you in detail below about the respective processes. In doing so, we also specify the defined criteria for the storage period.

§ 2 Your rights

(1) You have the following rights vis-à-vis the controller with regard to your personal data:

  • Right of access,
  • Right to rectification or erasure,
  • Right to restriction of processing,
  • Right to object to processing,
  • right to data portability.

(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

§ 3 Processing of personal data when visiting our website

When using the website for information purposes, i.e. simply viewing it without registering and without providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. In this case, access to and storage of information in the end device is absolutely necessary and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 no. 2 TDDDG.

  • IP address- Date and time of the enquiry
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (page visited)
  • Access status/HTTP status code
  • amount of data transferred in each case
  • previously visited page
  • browser
  • operating system
  • Language and version of the browser software.

§ 4 Making contact

(1) You have various options for contacting us, including the careers page, a telephone call or an e-mail to the relevant contact addresses. In this context, we process your data exclusively for the purpose of communicating with you.

(2) The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, insofar as your data is required to answer your enquiry or to initiate or execute a contract. In addition, the data processing is based on Art. 6 para. 1 lit. f GDPR, out of our legitimate interest in enabling you to contact us and answer your enquiry.

(3) The data collected when you contact us will be automatically deleted after your enquiry has been fully processed, unless we need your enquiry to fulfil contractual or legal obligations (see § 12 Storage period).

§ 5 Our presence on social networks

(1) We maintain various online presences in social networks in order to communicate with interested parties and provide information about our products and services. These presences include:

Name

Adress

Links to our profiles

Privacy Policy

Xing

New Work SE
Am Strandkai 1
20457 Hamburg

www.xing.com/pages/wayss-freytagingenieurbauag

XING

LinkedIn

LinkedIn IRL Unlimited Company
Wilton Place,
Dublin 2, Ireland

www.linkedin.com/company/wayss-&-freytag-ingenieurbau-ag/mycompany/

LinkedIn

Facebook

Meta Platforms Ireland Ltd
Hanover Reach
5-7 Hanover Quay
Dublin 2, Ireland

www.facebook.com/people/Wayss-Freytag-Ingenieurbau-AG/100064232971751/

Facebook

Instagram

Meta Platforms Ireland Ltd
Hanover Reach
5-7 Hanover Quay
Dublin 2, Ireland

www.instagram.com

wayssundfreytagingenieurbauag/?hl=de

Instagram

YouTube

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Irland

www.youtube.com/channel/UCIdoBIfXgPl32F6aF9iBrqA

Youtube

(2) As part of the management of our online presence on these platforms, we may access statistical information provided by the operator of the respective social network. These statistics are aggregated and include demographic information (e.g. age, gender, region, country), employment-related data (e.g. job, function, industry, professional experience, company size) and data on interaction with our content (e.g. likes, shares, subscriptions, views of images and videos). Such information can also provide insight into the interests of users and which content and topics are of particular interest to them. We use these statistics to optimise our online presence and activities and to better target them to our audience. The collection and use of these statistics is a joint responsibility with the operator of the respective social network.

Further information on the joint responsibility, the nature and scope of these statistics and the contact options of the social networks can be found under the following links:

(3) The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR in order to stay in contact with our customers and to inform them as well as to carry out pre-contractual measures with interested parties. In addition, we rely on Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in effective information and communication with users.

(4) We have no influence on the data processed by the social network in accordance with its terms of use under its own responsibility. We would like to point out that when you visit our online presences, data about your usage behaviour may be transmitted to the operator of the social network. The operators of the social networks may use this information to compile more detailed statistics and for their own market research and advertising purposes, over which we have no control. Cookies and other identifiers are stored on the end devices of the data subjects for this purpose. These usage profiles are used, for example, to display adverts within the social network and on third-party websites. For more information on this, please refer to the privacy policies of the respective social networks, which we have linked in the table above.

(5) If we receive your personal data as part of our online presence on social networks, you are entitled to the rights set out in this privacy policy. If you also wish to assert your rights against the operator of the social network, please contact them directly. The operator knows both the details of the technical operation of the platforms and the associated data processing as well as the specific purposes of the data processing and can take appropriate measures on request. As far as possible, we will be happy to support you in asserting your rights.

§ 6 Use of social media plug-ins

(1) We use social media plugins from various social networks (e.g. LinkedIn). The plugins are deactivated by default and therefore do not send any data to other websites. If you click on the symbol of the respective social network on wf-ib.de and then tick ‘OK’ with a second click on the banner and thus give your consent to the processing of your personal data in this context, the plugins are activated (the so-called 2-click solution).

(2) After activating a plugin, your browser establishes a direct connection with the servers of the respective social network as soon as you access the provider's website. The content of the corresponding plugin is transmitted directly from the social network to your browser and integrated into the website.

(3) By integrating the plugins, the social network receives the information that you have visited the corresponding page of the provider. If you are logged in to the relevant network, it can assign the visit to your account. By interacting with the plugins, the corresponding information is transmitted directly from your browser to the social network and stored there.

(4) Even if you are not logged in to social networks, websites with active social media plugins can send data to these networks. With an active plugin, a cookie with an identifier is placed each time you access the website. As your browser sends this cookie every time you connect to a network server without being asked, the network could in principle use it to create a profile on the websites visited by the user if this is associated with the identifier. It would also be possible to reassign this identifier to a person later - for example, when logging in to a social network at a later date. Detailed information on the purpose and scope of data collection and the further processing or use of the data by the social media networks, as well as your rights and options for protecting your privacy and, in particular, the right to withdraw your consent, can be found in the data protection notices published by the respective networks.

§7 Online meetings, conference calls and webinars via ‘Microsoft Teams’

(1) We use the Microsoft Teams tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: online meetings). Microsoft Teams is a service of Microsoft Ireland Operations Limited.

(2) Various types of data are processed when using Microsoft Teams. The scope of the data also depends on the data you provide before or when participating in an online meeting. The following personal data is processed:

  • User details: e.g. display name (‘Display Name’), e-mail address if applicable, profile picture (optional), preferred language
  • Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location
  • Text, audio and video data: You may have the option of using the chat function in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the Microsoft Teams applications

(3) We use Microsoft Teams to conduct online meetings. If we want to record online meetings, we will inform you transparently in advance and - if necessary - ask for your consent. The chat content is logged when Microsoft Teams is used. We store the chat content for a period of one month. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

(4) Insofar as personal data of WF employees is processed, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of ‘Microsoft Teams’, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of Microsoft Teams, Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, we are interested in the effective organisation of online meetings.
Otherwise, the legal basis for data processing when conducting online meetings is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here, too, we have an interest in the effective organisation of online meetings.

(5) Personal data processed in connection with participation in online meetings will not be passed on to third parties unless they are specifically intended to be passed on. Please note that content from online meetings and face-to-face meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider of Microsoft Teams necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with Microsoft Teams.

(6) Data processing outside the European Union (EU) does not generally take place, as we have limited our storage location to data centres in the European Union. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU. This may be the case in particular if participants in online meetings are located in a third country.
However, the data is encrypted during transport via the Internet and thus protected against unauthorised access by third parties.
Further information can be found in Microsoft's privacy policy.

§ 8 Career

(1) If you apply to WF via the website, you will be redirected to our careers page.

(2) The associated data protection information can be found at:

https://karriere.wf-ib.de/datenschutz.html

§ 9 Disclosure of data

(1) The data collected by us will only be passed on under the following conditions:

  • You have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR.
  • The disclosure is necessary pursuant to Art. 6 para. 1 lit. f GDPR for the establishment, exercise or defence of legal claims and there is no overriding legitimate interest on your part that would prevent the disclosure of your data.
  • We are legally obliged to pass on the data in accordance with Art. 6 para. 1 lit. c GDPR.
  • Disclosure is permitted by law and is required pursuant to Art. 6 para. 1 lit. b GDPR in order to fulfil contractual relationships with you or to carry out pre-contractual measures that are taken at your request.

(2) Some of the data processing may be carried out by our service providers. In addition to the service providers named in this privacy policy, these include in particular computer centres that host our website and databases, IT service providers that maintain our systems and consulting companies. Our service providers may only use the data provided by us to fulfil their tasks. These service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.

(3) In addition, data may be passed on in connection with official enquiries, court orders or legal proceedings if this is necessary for legal prosecution or enforcement.

§ 10 Data transfer to third countries

(1) As explained in this privacy policy, we use services whose providers are partly based in so-called third countries (e.g. the USA), i.e. in countries whose level of data protection does not correspond to that of the European Union. In such cases and insofar as the European Commission has not issued an adequacy decision for these countries in accordance with Art. 45 GDPR, we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. These measures include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.

(2) If this is not possible, we base the data transfer on the exceptions of Art. 49 GDPR, in particular on your express consent or on the necessity of the transfer for the fulfilment of the contract.

(3) If a data transfer to a third country is planned and neither an adequacy decision nor suitable guarantees exist, there is a risk that authorities in the third country in question (e.g. intelligence services) may access the transferred data in order to collect and analyse it and that your data subject rights may not be enforceable. If we obtain your consent to the transfer of data via the consent banner, you will also be informed of this.

§ 11 Storage period

(1) Personal data will only be stored by us for as long as is necessary to fulfil the purposes for which it was collected. Once these purposes have been achieved, the data will be deleted immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for civil law claims or due to statutory retention obligations.

(2) For evidence purposes, we are obliged to retain contractual data for three years from the end of the year in which the business relationship with you ends. Any claims expire at the earliest at this time in accordance with the standard statutory limitation period.

(3) In addition, we must store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations, which may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act and the German Money Laundering Act, among others. The retention periods stipulated there are generally two to ten years.

§ 12 Updating this data protection notice

From time to time it is necessary to adapt the content of this data protection notice. We therefore reserve the right to amend it at any time. We will publish the amended version of the data protection notice in the same place as this data protection notice.

Version: July 2024