PRIVACY

Wir freuen uns sehr über Ihr Interesse an unserem Unternehmen. Datenschutz hat einen besonders hohen Stellenwert für die Geschäftsleitung der Gravning GmbH. Eine Nutzung der Internetseiten der Gravning GmbH ist grundsätzlich ohne jede Angabe personenbezogener Daten möglich. Sofern eine betroffene Person besondere Services unseres Unternehmens über unsere Internetseite in Anspruch nehmen möchte, könnte jedoch eine Verarbeitung personenbezogener Daten erforderlich werden. Ist die Verarbeitung personenbezogener Daten erforderlich und besteht für eine solche Verarbeitung keine gesetzliche Grundlage, holen wir generell eine Einwilligung der betroffenen Person ein.
Die Verarbeitung personenbezogener Daten, beispielsweise des Namens, der Anschrift, E-Mail-Adresse oder Telefonnummer einer betroffenen Person, erfolgt stets im Einklang mit der Datenschutz-Grundverordnung und in Übereinstimmung mit den für die Gravning GmbH geltenden landesspezifischen Datenschutzbestimmungen. Mittels dieser Datenschutzerklärung möchte unser Unternehmen die Öffentlichkeit über Art, Umfang und Zweck der von uns erhobenen, genutzten und verarbeiteten personenbezogenen Daten informieren. Ferner werden betroffene Personen mittels dieser Datenschutzerklärung über die ihnen zustehenden Rechte aufgeklärt.


Die Gravning GmbH hat als für die Verarbeitung Verantwortlicher zahlreiche technische und organisatorische Maßnahmen umgesetzt, um einen möglichst lückenlosen Schutz der über diese Internetseite verarbeiteten personenbezogenen Daten sicherzustellen. Dennoch können Internetbasierte Datenübertragungen grundsätzlich Sicherheitslücken aufweisen, sodass ein absoluter Schutz nicht gewährleistet werden kann. Aus diesem Grund steht es jeder betroffenen Person frei, personenbezogene Daten auch auf alternativen Wegen, beispielsweise telefonisch, an uns zu übermitteln.

Data protection

As of May 2022

 

Table of Contents
  1. Name and address of the person responsible
  2. Contact details of the data protection officer
  3. General information on data processing
  4. rights of the data subject
  5. contact form
  6. Application by email
  7. corporate appearances
  8. Use of company appearances in job-oriented networks
  9. hosting

I. Name and address of the person responsible

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Gravning GmbH

Lutterothstraße 50

20255 Hamburg

Germany

04046773240

office@gravning.de

www.gravning.de

    II. Contact details of the data protection officer

    The data protection officer of the person responsible is:

    DataCo GmbH

    Dachauer Strasse 65

    80335 Munich

    Germany

    +49 89 7400 45840

    www.dataguard.de

      III. General information on data processing

      1. Scope of processing of personal data
      In principle, we only process the personal data of our users to the extent that this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in such cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is required by statutory provisions.

      2. Legal basis for processing personal data
      Insofar as we obtain the consent of the person concerned for the processing of personal data, Art. 6 para. 1 p. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis.

      When processing personal data that is required to fulfill a contract to which the data subject is a party, Art. 6 para. 1 p. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

      Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 p. 1 lit. c GDPR as the legal basis.

      In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 p. 1 lit. d GDPR as the legal basis.

      If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Art. 6 para. 1 p. 1 lit. f GDPR as the legal basis for processing.

      3. Data Erasure and Storage Duration
      The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

        IV. Rights of the data subject

        If personal data is processed by you, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

        1. Right to information
        You can request confirmation from the person responsible as to whether personal data relating to you is being processed by him.

        If such processing is present, you can request information from the person responsible for the following information:

            1. the purposes for which the personal data are processed;
            2. the categories of personal data being processed;
            3. the recipients or categories of recipients to whom your personal data has been or will be disclosed;
            4. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
            5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing;
            6. the existence of a right of appeal to a supervisory authority;
            7. all available information about the origin of the data if the personal data are not collected from the data subject;
            8. the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

            You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request information about the appropriate guarantees in accordance with Art. 46 GDPR to be informed in connection with the transfer.

            2. Right to Rectification
            You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

            3. Right to restriction of processing
            Under the following conditions, you can request the restriction of the processing of your personal data:

            • if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;
            • the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
            • the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
            • if you object to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

            If the processing of the personal data concerning you has been restricted, this data – apart from its storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed.

            If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

            4. Right to erasure
            a) Obligation to delete
            You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

              1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
              2. You revoke your consent, on which the processing pursuant to Art. Art. 6 para. 1 p. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for processing.
              3. You lay acc. Art. 21 para. 1 DSGVO objection to the processing and there are no overriding legitimate reasons for the processing, or you submit acc. Art. 21 para. 2 DSGVO objection to the processing.
              4. The personal data concerning you have been processed unlawfully.
              5. The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
              6. The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

              b) Information to third parties
              Has the person responsible made the personal data concerning you public and is he/she acc. Art. 17 para. 1 GDPR, he shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you, as the person concerned, want them to delete it all links to such personal data or copies or replications of such personal data.

              c) Exceptions
              The right to erasure does not exist if processing is necessary

                1. to exercise the right to freedom of expression and information;
                2. to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the controller;
                3. for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;
                4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes acc. Art. 89 para. 1 GDPR, insofar as the right mentioned under section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or
                5. to assert, exercise or defend legal claims.

              5. Right to Information
              If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

              You have the right vis-à-vis the person responsible to be informed about these recipients.

              6. Right to data portability
              You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance by the person responsible for providing the personal data, provided that

                1. the processing is based on consent acc. Art. 6 para. 1 p. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract acc. Art. 6 para. 1 p. 1 lit. b GDPR is based and
                2. the processing is carried out using automated procedures.

              In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this.

              The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.

              7. Right to Object
              You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 para. 1 p. 1 lit. e or f GDPR to file an objection; this also applies to profiling based on these provisions.

              The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

              If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

              If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

              In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.

              8. Right to revoke the declaration of consent under data protection law
              You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

              9. Automated individual decision-making including profiling
              You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

                1. is necessary for the conclusion or performance of a contract between you and the person responsible,
                2. is permitted on the basis of legal provisions of the Union or the Member States to which the person responsible is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests or
                3. takes place with your express consent.

              However, these decisions must not be based on special categories of personal data according to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or b GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

              With regard to the cases referred to in 1. and 3., the person responsible shall take appropriate measures to protect your rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to contest belongs to the decision.

              10. Right to lodge a complaint with a supervisory authority
              Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to violates the GDPR.

              The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

              V. Contact form

              1. Description and scope of data processing

              There is a contact form on our website which can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

              At the time the message is sent, the following data is stored:

                • E-mail address
                • Surname
                • Date and time of contact
                • Subject
                • messages

              Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration.

              Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.

              The data will only be used to process the conversation.

              2. Purpose of data processing

              The processing of the personal data from the input mask serves us solely to process the contact. If contact is made by email, this is also the necessary legitimate interest in the processing of the data.

              The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

              3. Legal basis for data processing

              The legal basis for processing the data is Art. 6 para. 1 p. 1 lit. a GDPR.

              The legal basis for the processing of data that is transmitted in the course of sending an email is Art. 6 para. 1 p. 1 lit. f GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.

              4. Duration of storage

              The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.

              The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

              5. Possibility of objection and elimination

              The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

              All personal data that was saved in the course of making contact will be deleted in this case.

              VI. Application by email

              1. Scope of processing of personal data

              You can send us your application by email. We record your e-mail address and the data you have provided in the e-mail.

               

              • First name
              • Surname
              • address
              • Telephone / mobile number
              • E-mail address

                2. Purpose of data processing

                The processing of the personal data from your application email serves us solely to process your application.

                3. Legal basis for data processing

                The legal basis for the processing of your data is the initiation of a contract, which takes place at the request of the person concerned, Art. 6 para. 1 p.1 lit. b Alt. 1 GDPR and § 26 para. 1 p. 1 BDSG.

                4. Duration of storage

                After completion of the application process, the data will be stored for up to six months. Your data will be deleted after six months at the latest. In the event of a legal obligation, the data will be stored within the framework of the applicable provisions.

                5. Possibility of objection and elimination

                The applicant has the option to object to the processing of personal data via e-mail at any time. In such a case, the application can no longer be considered.

                All personal data stored in the course of electronic applications will be deleted in this case.

                VII. Corporate Appearances

                Use of company appearances in social networks

                Instagram:

                Instagram, Part of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland

                We provide information on our company website and offer Instagram users the opportunity to communicate. If you carry out an action on our Instagram company website (e.g. comments, posts, likes, etc.), it may be that you have personal data (e.g . Real name or photo of your user profile).Since we usually or to a large extent have no influence on the processing of your personal data by the companies responsible for Gravning GmbH – Instagram company appearance, we can determine the purpose and scope of the processing Your data do not make any binding statements. Our company presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the corporate identity for:

                Presentation of our consulting offer and publication of technical articles

                The publications about the company’s appearance can contain the following content:

                • Information about Services
                • technical article

                Every user is free to publish personal data through activities.

                The legal basis for data processing is Art. 6 Para.1 S.1 lit. a GDPR.

                The data generated by the company’s website is not stored in our own systems.

                Instagram has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has been certified. As a result, Instagram undertakes to comply with the standards and regulations of European data protection law. You can find more information in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

                You can object to the processing of your personal data that we collect as part of your use of our Instagram corporate presence at any time and assert your data subject rights mentioned under IV. of this data protection declaration. To do this, send us an informal email to office@gravning.de. You can find more information about the processing of your personal data by Instagram and the corresponding objection options here: Instagram: https://help.instagram.com/519522125107875

                Twitter:

                Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

                We provide information on our company website and offer Twitter users the opportunity to communicate. If you carry out an action on our Twitter company website (e.g. comments, posts, likes, etc.), it may be that you have personal data (e.g . Real name or photo of your user profile) public. However, since we usually or to a large extent have no influence on the processing of your personal data by the companies responsible for Gravning GmbH – Twitter, we can determine the purpose and scope of the processing Your data do not make any binding statements. Our company presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the corporate identity for:

                Presentation of our consulting offer and publication of technical articles

                The publications about the company’s appearance can contain the following content:

                • Information about Services
                • technical article

                Every user is free to publish personal data through activities.

                The legal basis for data processing is Art. 6 Para.1 S.1 lit. a GDPR.

                The data generated by the company’s appearance is not stored in our own systems.

                Twitter has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has been certified. As a result, Twitter undertakes to comply with the standards and regulations of European data protection law. You can find more information in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

                You can object to the processing of your personal data that we collect as part of your use of our Twitter corporate presence at any time and assert your data subject rights mentioned under IV. of this data protection declaration. To do this, send us an informal email to office@gravning.de. You can find more information about the processing of your personal data by Twitter and the corresponding objection options here: Twitter: https://twitter.com/de/privacy

                    VIII. Use of company appearances in job-oriented networks

                    1. Scope of data processing
                    We use the possibility of company appearances on job-oriented networks. We maintain a corporate presence on the following professional networks:

                    LinkedIn:

                    LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland

                    Xing:

                    XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany

                    On our site we provide information and offer users the opportunity to communicate.

                    The company website is used for applications, information/PR and active sourcing.

                    We have no information on the processing of your personal data by the companies jointly responsible for the company’s appearance. Further information can be found in the data protection declaration of:

                    LinkedIn:

                    https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

                    Xing:

                    https://privacy.xing.com/de/datenschutzerklaerung

                    If you carry out an action on our company website (e.g. comments, posts, likes, etc.), you may make personal data (e.g. real name or photo of your user profile) public.

                    2. Legal basis for data processing
                    The legal basis for the processing of your data in connection with the use of our company website is Art.6 Paragraph 1 S. 1 lit.f GDPR .

                    3. Purpose of data processing
                    Our corporate identity serves to inform users about our services. Every user is free to publish personal data through activities.

                    4. Duration of storage
                    We store your activities and personal data published on our company website until you revoke your consent. In addition, we comply with the statutory retention periods.

                    5. Possibility of objection and elimination
                    You can object to the processing of your personal data that we collect as part of your use of our company website at any time and assert your data subject rights mentioned under IV. of this data protection declaration. To do this, send us an informal email to the email address given in this data protection declaration.

                    In addition, LinkedIn has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has been certified. As a result, LinkedIn undertakes to comply with the standards and regulations of European data protection law. You can find more information in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

                    Further information on objection and removal options can be found here:

                    LinkedIn:

                    https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

                    Xing:

                    https://privacy.xing.com/de/datenschutzerklaerung

                        IX. hosting

                        The website is hosted on servers by a service provider commissioned by us.

                        Our service provider is:

                        Host Europe GmbH, Hansestrasse 111, 51149 Cologne, Germany

                        The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

                        • Browser type and browser version
                        • Operating system used
                        • Referrer URL
                        • Host name of the accessing computer
                        • Date and time of the server request
                        • IP address

                        This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website – the server log files must be recorded for this purpose.

                        The location of the server of the website is geographically in Germany.

                        This privacy statement was created with the support of DataGuard .