Data Protection

Privacy Policy

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on privacy, please refer to our privacy policy provided below this text.

Data Collection on This Website

Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find their contact details in the section "Note on the Responsible Entity" of this privacy policy.

How do we collect your data?
Your data is collected in part by you providing it to us. For example, this may involve data you enter into a contact form.

Other data is automatically or, with your consent, collected by our IT systems when you visit the website. This includes mainly technical data (e.g., internet browser, operating system, or time of the page view). The collection of this data is automatic as soon as you enter this website.

What do we use your data for?
Some of the data is collected to ensure the proper functioning of the website. Other data may be used for analyzing your user behavior.

What rights do you have regarding your data?
You have the right to request information free of charge about the origin, recipients, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time for the future. Additionally, you have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to file a complaint with the relevant supervisory authority.

For these and any other questions regarding data protection, you can contact us at any time.

2. Hosting

We host the content of our website with the following provider:

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the provider's servers. This mainly includes IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website access data, and other data generated via a website.

External hosting is done for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of providing a secure, fast, and efficient delivery of our online services by a professional provider (Art. 6 Para. 1 lit. f GDPR). If consent has been obtained, processing will be carried out solely based on Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Our host will process your data only to the extent necessary to fulfill its performance obligations and follow our instructions concerning these data.

We use the following host:

ALL-INKL.COM - Neue Medien Münnich
Hauptstraße 68
02742 Friedersdorf

Order Processing
We have concluded a data processing agreement (DPA) to use the aforementioned service. This legally required contract ensures that the personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

3. General Information and Mandatory Information

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains which data we collect and how we use it. It also explains how and for what purpose this occurs.

Please note that data transmission over the internet (e.g., communication via email) can have security vulnerabilities. A complete protection of data from access by third parties is not possible.

Note on the Responsible Entity

The responsible entity for data processing on this website is:

Pro Haus Plus GmbH
Dreischeibenhaus 1
40211 Düsseldorf

Email: info@prohausplus.de

Managing Director: John Bothe
Company headquarters: Düsseldorf
Register court: HRB 90260

The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

If no specific storage duration is mentioned within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you submit a legitimate request for deletion or withdraw your consent for data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will occur once these reasons no longer apply.

General Information on the Legal Bases of Data Processing on This Website

If you have consented to data processing, we process your personal data based on Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR, if special categories of data are processed according to Art. 9 Para. 1 GDPR. In case of explicit consent to the transfer of personal data to third countries, data processing also occurs based on Art. 49 Para. 1 lit. a GDPR. If you consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing will also be carried out based on § 25 Para. 1 TTDSG. Consent can be revoked at any time.

If your data is necessary for contract fulfillment or to perform pre-contractual measures, we process your data based on Art. 6 Para. 1 lit. b GDPR. Furthermore, we process your data if required to fulfill a legal obligation, based on Art. 6 Para. 1 lit. c GDPR. Data processing may also be based on our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR. The applicable legal bases are further explained in the subsequent sections of this privacy policy.

Data Protection Officer

We have appointed a Data Protection Officer.

LUTOP Data-Compliance GmbH
Marcel Paes
Heinrich-Held-Str. 33
45133 Essen
Phone: +49 201219694-72
Email: paes@lutop.de

Recipients of Personal Data

As part of our business operations, we collaborate with various external entities. This may also require the transfer of personal data to these external entities. We only transfer personal data to external entities if this is necessary to fulfill a contract, if we are legally obligated to do so (e.g., passing data to tax authorities), if we have a legitimate interest under Art. 6 Para. 1 lit. f GDPR in transferring the data, or if another legal basis allows the data transfer. When using processors, we transfer personal data of our customers only based on a valid contract for data processing. In the case of joint processing, a contract for joint processing is concluded.

Revocation of Your Consent to Data Processin

Many data processing operations are only possible with your explicit consent. You can revoke any consent given at any time. The lawfulness of data processing carried out prior to the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Specific Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. YOU CAN FIND THE RELEVANT LEGAL BASIS FOR THE PROCESSING IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING, INCLUDING PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 PARA. 2 GDPR).

Right to File a Complaint with the Relevant Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to file a complaint with a supervisory authority, in particular in the member state of their usual residence, place of work, or the place of the alleged infringement. This right is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to request that data we process based on your consent or in the fulfillment of a contract be provided to you or a third party in a structured, commonly used, and machine-readable format. If you request the direct transfer of data to another controller, this will only be done to the extent technically feasible.

Right to Information, Correction, and Deletion

You have the right, in accordance with the applicable legal provisions, to obtain free information at any time about your stored personal data, its origin, recipients, and the purpose of the data processing, and if applicable, the right to rectification or deletion of this data. For this purpose, and for any further questions regarding personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to exercise this right. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. During the verification period, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was unlawful, you may request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
If you have filed an objection under Article 21(1) GDPR, a balance must be struck between your and our interests. As long as it is not clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data may only be processed – apart from their storage – with your consent or for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the browser address line changes from "http://" to "https://" and by the lock symbol in your browser's address bar.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to Advertising Emails

The use of contact details published as part of the legal notice for sending unsolicited advertising and informational materials is hereby objected to. The operators of the sites expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.

4. Data Collection on this Website

Cookies

Our websites use so-called "cookies." Cookies are small data packages and do not cause any harm to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them or until your web browser automatically deletes them.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies allow the integration of specific services from third parties within websites (e.g., cookies for payment services).

Cookies serve various purposes. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or video display). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are necessary for the execution of the electronic communication process, to provide specific features requested by you (e.g., for the shopping cart function), or to optimize the website (e.g., cookies for measuring web traffic) are stored based on Article 6(1)(f) GDPR, unless another legal basis is provided. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to store cookies and similar recognition technologies has been requested, the processing is based solely on this consent (Article 6(1)(a) GDPR and § 25(1) TTDSG); consent can be withdrawn at any time.

You can configure your browser to inform you when cookies are set and to allow cookies only on a case-by-case basis, exclude the acceptance of cookies for specific cases or in general, and enable the automatic deletion of cookies when closing the browser. Deactivating cookies may restrict the functionality of this website.

The cookies and services used on this website can be found in this privacy policy.

Server Log Files

The provider of the pages collects and stores information automatically in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address

A merger of these data with other data sources does not take place.

The collection of this data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, server log files must be collected.

Contact Form

If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact details you provide, will be stored by us for the purpose of processing the inquiry and for any follow-up questions. We will not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR, provided your inquiry is related to the fulfillment of a contract or is necessary for pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries directed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR) if this was requested; consent can be withdrawn at any time.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after processing your request). Mandatory legal provisions – in particular, retention periods – remain unaffected.

Request via Email, Telephone, or Fax

If you contact us by email, telephone, or fax, your inquiry, including all personal data arising from it (name, inquiry), will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent.

The data you send us through contact inquiries will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after processing your request). Mandatory legal provisions – especially statutory retention periods – remain unaffected.

5. Own Services

Handling of Applicant Data

We offer you the opportunity to apply to us (e.g., by email, post, or via online application form). Below we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data will be in accordance with applicable data protection laws and other legal regulations, and your data will be treated confidentially.

Scope and Purpose of Data Collection

If you send us an application, we process your personal data associated with it (e.g., contact and communication details, application documents, notes during interviews, etc.), as far as this is necessary for deciding on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Article 6(1)(b) GDPR (general contract initiation), and – if you have given consent – Article 6(1)(a) GDPR. Consent can be withdrawn at any time. Your personal data will only be shared within our company with persons involved in processing your application.

If the application is successful, the data you submitted will be stored in our data processing systems based on § 26 BDSG and Article 6(1)(b) GDPR for the purpose of conducting the employment relationship.

Retention Period of Data

If we cannot make you a job offer, if you reject the job offer, or if you withdraw your application, we reserve the right to retain the data you submitted based on our legitimate interests (Article 6(1)(f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). After this period, the data will be deleted, and physical application documents will be destroyed. The retention serves as evidence in case of a legal dispute. If it becomes apparent that the data will be required after the 6-month period (e.g., due to a pending or ongoing legal dispute), deletion will only occur when the purpose for further retention no longer applies.

A longer retention may also occur if you have given corresponding consent (Article 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the Applicant Pool

If we cannot make you a job offer, there may be the possibility of including you in our applicant pool. In the event of inclusion, all documents and information from your application will be transferred to the applicant pool in order to contact you in case of suitable vacancies.

Inclusion in the applicant pool takes place solely on the basis of your explicit consent (Article 6(1)(a) GDPR). Giving consent is voluntary and not related to the ongoing application process. The affected person can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool unless there are statutory retention reasons.

Data from the applicant pool will be irrevocably deleted no later than two years after the consent is given.