Website of Wayss & Freytag Ingenieurbau AG

Privacy Notice

§ 1 Information on the collection of personal data

(1) Below, we provide information on the processing of personal data when using our website. Personal data refers to all data that can be related to you personally, e.g. name, address, email addresses, user behaviour. In doing so, we aim to inform you about our processing activities and, at the same time, comply with our legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR).

(2) The data controller pursuant to Article 4(7) of the GDPR is Wayss & Freytag Ingenieurbau AG, Eschborner Landstraße 130-132, 60489 Frankfurt, info@wf-ib.de (see our legal notice). You can contact our Data Protection Officer at info@wf-ib.de or via our postal address, adding “Data Protection Officer” to the address.

(3) When you contact us by email or via a contact form, the data you provide (your email address, your name and telephone number where applicable) will be stored by us in order to answer your questions. We will delete the data collected in this context if the enquiry relates to a contract, in accordance with the retention periods applicable to the contract term; otherwise, we will delete it once storage is no longer necessary, or restrict processing if statutory retention obligations apply.

(4) If we use contracted service providers for individual functions of our service or wish to use your data for marketing purposes, we will always select and monitor these service providers carefully and provide you with detailed information below regarding the respective processes. In doing so, we will also specify the criteria for the storage period.

§ 2 Your rights

(1) You have the following rights vis-à-vis a controller with regard to your personal data:

– Right of access,

– Right to rectification or erasure,

– Right to restriction of processing,

– Right to object to processing,

– Right to data portability.

(2) You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.

§ 3 Processing of personal data when visiting our website

When you use the website for information purposes, i.e. simply viewing it without registering and without providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure its stability and security, and must therefore be processed by us. The legal basis is Article 6(1)(f) of the GDPR. Access to and storage of information on the end device is absolutely necessary in this case and takes place on the basis of the implementing laws of the ePrivacy Directive of the EU Member States; in Germany, this is in accordance with Section 25(2)(2) of the TDDDG.

– IP address

– Date and time of the request

– Time zone difference from Greenwich Mean Time (GMT)

– Content of the request (page visited)

– Access status/HTTP status code

– Amount of data transferred

– Previously visited page

– Browser

– Operating system

– Language and version of the browser software.

§ 4 Contacting us

(1) There are various ways for you to contact us, including via the careers page, by telephone or by email to the relevant contact addresses. In this context, we process your data solely for the purpose of communicating with you.

(2) The legal basis for data processing is Article 6(1)(b) of the GDPR, provided that your details are necessary to respond to your enquiry or to initiate or perform a contract. Furthermore, data processing is based on Article 6(1)(f) of the GDPR, based on our legitimate interest in enabling you to contact us and in responding to your enquiry.

(3) The data collected when you contact us will be automatically deleted once your enquiry has been fully processed, unless we require your enquiry to fulfil contractual or legal obligations (see § 12 Retention period).

§ 5 Our social media presence

(1) We maintain various online presences on social media to communicate with interested parties and provide information about our products and services. These include:

(2) As part of the management of our online presence on these platforms, we may access statistical information provided by the operator of the respective social network. These statistics are aggregated and include, amongst other things, demographic information (e.g. age, gender, region, country), employment-related data (e.g. job, role, industry, professional experience, company size) and data on interaction with our content (e.g. likes, shares, subscriptions, views of images and videos). Such information may also provide insights into users’ interests and which content and topics are of particular interest to them. We use these statistics to optimise our online presence and activities and to better tailor them to our audience. The collection and use of these statistics is carried out under joint responsibility with the operator of the respective social network.

Further information on joint responsibility, the nature and scope of these statistics, and how to contact the social networks can be found via the following links:

- Facebook and Instagram: Information on Page Insights data, Page Insights Addendum regarding responsibility

- LinkedIn: Page Insights Joint Controller Addendum (the “Addendum”)

(3) The legal basis for this data processing is Article 6(1)(b) of the GDPR, to stay in contact with our customers and keep them informed, as well as to carry out pre-contractual measures with prospective customers. In addition, we rely on Article 6(1)(f) of the GDPR, based on our legitimate interest in effective information and communication with users.

(4) We have no influence over the data processed by the social network under its own responsibility in accordance with its terms of use. Please note that when you visit our online presence, data regarding your usage behaviour may be transmitted to the operator of the social network. The operators of the social networks may use the aforementioned information to compile more detailed statistics and for their own market research and advertising purposes, over which we have no influence. For this purpose, cookies and other identifiers are stored on the end devices of the data subjects. Based on these usage profiles, for example, advertisements are displayed within the social network and on third-party websites. For further information on this, please refer to the privacy policies of the respective social networks, which we have linked to in the table above.

(5) Insofar as we receive your personal data through our online presence on social networks, you are entitled to the rights set out in this privacy policy. If you wish to exercise your rights against the operator of the social network, please contact them directly. The operator is familiar with the technical operation of the platforms, the associated data processing and the specific purposes of the data processing, and can take appropriate measures upon request. Where possible, we will be happy to assist you in exercising your rights.

§ 6 Use of social media plugins

(1) We use social media plugins from various social networks (e.g. LinkedIn). The plugins are disabled by default and therefore do not send any data to other websites. If you click on the icon of the respective social network on wf-ib.de and then click on the ‘OK’ banner to give your consent to the processing of your personal data in this context, the plugins will be activated (the so-called ‘two-click’ solution).

(2) Once a plugin has been activated, your browser establishes a direct connection with the servers of the respective social network as soon as you access the provider’s website. The content of the relevant plugin is transmitted directly from the social network to your browser and integrated into the website.

(3) Through the integration of the plugins, the social network receives the information that you have visited the provider’s relevant page. If you are logged in to the relevant network, it can associate the visit with your account. Through interaction with the plugins, the relevant information is transmitted directly from your browser to the social network and stored there.

(4) Even if you are not logged into social networks, websites with active social media plugins can send data to these networks. With an active plugin, a cookie containing an identifier is placed every time you access the website. As your browser sends this cookie to a network server without asking every time you connect, the network could in principle use it to create a profile of the websites visited by the user, provided this is linked to the user’s identification. It would also be possible to reassign this identifier to a specific person at a later date – for example, when the user subsequently logs in to a social network. Detailed information on the purpose and scope of data collection and the further processing or use of the data by the social media networks, as well as your rights and options for protecting your privacy and, in particular, the right to withdraw your consent, can be found in the privacy policies published by the respective networks.

§7 Online meetings, telephone conferences and webinars via “Microsoft Teams”

(1) We use the Microsoft Teams tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: online meetings). Microsoft Teams is a service provided by Microsoft Ireland Operations Limited.

(2) Various types of data are processed when using Microsoft Teams. The scope of the data also depends on what information you provide before or during your participation in an online meeting. The following personal data is subject to processing:

- User details: e.g. display name, email address (if applicable), profile picture (optional), preferred language

- Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location

- Text, audio and video data:You may have the option to use the chat function during an online meeting. In this respect, the text you enter is processed in order to display it in the online meeting. To enable video display and audio playback, data from your device’s microphone and any video camera on the device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the Microsoft Teams application

(3) We use Microsoft Teams to conduct online meetings. If we wish to record online meetings, we will inform you of this transparently in advance and – where necessary – ask for your consent. Chat content is logged when using Microsoft Teams. We store chat content for a period of one month. If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will not usually be the case.

(4) Insofar as personal data of WF employees is processed, Section 26 of the Federal Data Protection Act (BDSG) forms the legal basis for data processing. Should personal data be processed in connection with the use of “Microsoft Teams” which is not necessary for the establishment, performance or termination of the employment relationship, but is nevertheless an essential component of using Microsoft Teams, then Article 6(1)(f) of the GDPR is the legal basis for the data processing. In such cases, our interest lies in the effective conduct of online meetings.

Furthermore, the legal basis for data processing when conducting online meetings is Article 6(1)(b) of the GDPR, provided that the meetings are held within the framework of contractual relationships.

If no contractual relationship exists, the legal basis is Article 6(1)(f) of the GDPR. Here too, our interest lies in the effective conduct of online meetings.

(5) Personal data processed in connection with participation in online meetings is generally not disclosed to third parties, unless it is specifically intended for disclosure. Please note that, as with face-to-face meetings, content from online meetings often serves precisely to communicate information to customers, prospective customers or third parties and is therefore intended for disclosure.

Other recipients: The provider of Microsoft Teams necessarily gains knowledge of the aforementioned data, insofar as this is provided for under our data processing agreement with Microsoft Teams.

(6) Data processing outside the European Union (EU) does not generally take place, as we have restricted our storage locations to data centres within the European Union. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU. This may be the case in particular if participants in online meetings are located in a third country.

However, the data is encrypted during transmission over the internet and is therefore protected against unauthorised access by third parties.

Further information can be found in Microsoft’s privacy policy.

§ 8 Careers

(1) If you apply to WF via the website, you will be redirected to our careers page.

(2) The relevant privacy policy can be found at: https://karriere.wf-ib.de/datenschutz.html

§ 9 Disclosure of data

(1) The data we collect will generally only be disclosed under the following conditions:

- You have given your explicit consent in accordance with Article 6(1)(a) of the GDPR.

- The disclosure is necessary pursuant to Article 6(1)(f) of the GDPR for the establishment, exercise or defence of legal claims, and there is no overriding legitimate interest on your part that would prevent the disclosure of your data.

- We are legally obliged to disclose the data in accordance with Article 6(1)(c) of the GDPR.

- The disclosure is permitted by law and required under Article 6(1)(b) of the GDPR to fulfil contractual obligations with you or to carry out pre-contractual measures taken at your request.

(2) Some of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these include, in particular, data centres that host our website and databases, IT service providers that maintain our systems, and consultancy firms. Our service providers may use the data provided by us exclusively for the purpose of fulfilling their tasks. These service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects, and are regularly monitored by us.

(3) In addition, data may be disclosed in connection with requests from public authorities, court orders or legal proceedings where this is necessary for the purposes of legal proceedings or the enforcement of the law.

§ 10 Data transfer to third countries

(1) As explained in this privacy notice, we use services whose providers are in some cases based in so-called third countries (e.g. in the USA), i.e. in countries whose level of data protection does not correspond to that of the European Union. In such cases, and provided that the European Commission has not issued an adequacy decision for these countries in accordance with Article 45 of the GDPR, we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. These measures include, amongst others, the European Union’s standard contractual clauses or binding internal data protection regulations.

(2) If this is not possible, we base the data transfer on the exceptions set out in Article 49 of the GDPR, in particular on your explicit consent or on the necessity of the transfer for the performance of a contract.

(3) If a data transfer to a third country is planned and neither an adequacy decision nor appropriate safeguards are in place, there is a risk that authorities in the third country concerned (e.g. intelligence services) may access the transferred data in order to collect and analyse it, and that your data subject rights may not be enforceable. Should we seek your consent to the data transfer via the consent banner, you will also be informed of this.

§ 11 Retention period

(1) As a general rule, we store personal data only for as long as is necessary to fulfil the purposes for which it was collected. Once these purposes have been achieved, the data will be deleted immediately, unless we still require the data until the expiry of the statutory limitation period for the purposes of providing evidence in civil law claims or due to statutory retention obligations.

(2) For evidential purposes, we are obliged to retain contractual data for a further three years from the end of the year in which our business relationship with you ends. Any claims become time-barred at the earliest at this point, in accordance with the standard statutory limitation period.

(3) In addition, we must retain some of your data for accounting purposes. We are obliged to do so due to statutory documentation requirements, which may arise from, amongst other things, the German Commercial Code, the German Fiscal Code, the German Banking Act and the Money Laundering Act. The retention periods specified therein are generally between two and ten years.

§ 12 Updating this Privacy Policy

From time to time, it is necessary to amend the content of this privacy notice. We therefore reserve the right to change it at any time. We will publish the amended version of the privacy notice in the same place as this privacy notice.

As of July 2024

Privacy policy regarding the handling of data from external partners.

PDF download