Data Privacy Notice
Name and address of company
The responsible party as defined by the General Data Protection Regulation (hereinafter "GDPR") and other national data protection laws of the member states as well as other data protection regulations is:
GRAEF GmbH
Nikolsburger Str. 8/9
10717 Berlin
Fon: +49 30 8848350
https://graef-office.de
hallo@graef-office.de
General data processing
Extent and permission of the processing of personal data
We collect and use our users' personal data only to the extent necessary to ensure the functionality of our website and to provide our content and services. The collection and use of personal data of our users is only performed with the consent of the user.
Exceptions apply in cases where it is not possible to obtain prior consent due to certain circumstances and data processing is permitted by legal regulations.
For processing operations of personal data with prior consent of the data subject, the legal basis is Art. 6 para. 1 lit. a DSGVO. For the processing of personal data that is necessary for the performance of a contract or for the implementation of pre-contractual measures, the legal basis is Art. 6 (1) lit. b DSGVO. For the processing of personal data for the fulfillment of a legal obligation, the legal basis is Art. 6 para. 1 lit. c DSGVO. In the event that vital interests of the data subject or another individual make processing of personal data necessary, Art. 6 (1) (d) DSGVO serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and if these interests outweigh the interest of the data subject, taking into account the fundamental rights and freedoms of the data subject, Art. 6 (1) lit. f DSGVO is the legal basis for the processing of the data in this case.
Deletion of data and storage duration
The personal data of the data subject will be deleted or blocked as soon as there is no longer any need to store it. Storage may also take place if we are required by law to process the data. In this case, the data will be blocked or deleted when the legally required storage term expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Processing of data through the use of our website
Visiting our website
When you visit our website, the browser used on your end device automatically sends information to our server. This information is temporarily stored in a log file. The following information is stored without your intervention until it is automatically deleted: IP address of the requesting computer, date and time of access, name and URL of the accessed file, website from which the access is made (referrer URL), browser used and, if applicable, the operating system of your computer and the name of your internet access provider.
We process the aforementioned data for the purposes of ensuring smooth connectivity of the website and comfortable use of our website, evaluating system security and stability, as well as for other administrative purposes.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our authorized interest is derived from the purposes of data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
Use of our contact form
Our website provides a contact form that can be used to contact us electronically. If a user chooses this option to contact us, the data entered in the contact form as well as the IP address, the date and the time will be sent to us and stored. For the processing of the data, your consent is obtained during the submission process and this privacy policy is referenced. The legal basis for the processing of the data in this case is Art. 6 para. 1 lit. a DSGVO.
Another option is to contact us via the email address provided. In this case, the personal data of the user transmitted with the e-mail will be stored but will not be passed on to third parties. The legal basis for the processing of this data is Art. 6 para. 1 lit. f DSGVO. If the email contact is about the completion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO.
Data processing for establishing contact with us is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO upon the basis of your voluntarily given consent. The personal data collected by us for the use of the contact form will be automatically deleted after the request you have made has been resolved.
Data sharing
We do not transfer your personal data to third parties for any purpose other than those listed below. We will only disclose your personal data to third parties if you have given your explicit consent to do so in accordance with Art. 6 (1) sentence 1 lit. a DSGVO, the disclosure is necessary for the assertion, exercise or defense of legal claims in accordance with Art. 6 (1) sentence 1 lit. f DSGVO as well as if there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data. This applies if there is a legal obligation for the disclosure in accordance with Art. 6 para. 1 p. 1 lit. c DSGVO, and it is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.
Use of cookies
We use cookies to run our website in order to make it more user-friendly. Some elements of our website require the identification of the user’s browser even after a page change.
Cookies are small files that enable specific information related to the device to be stored on the user's access device (PC, smartphone etc.). On the one hand, they are designed to improve the user-friendliness of websites (e.g. storage of login data). On the other hand, they serve to collect statistical data on website usage and allow it to be analyzed to improve the website’s usability. Users can decide on the use of cookies. Most browsers have an option to restrict or completely prevent the storage of cookies. However, it should be noted that the use and especially the user experience will be limited without cookies.
In this way, the user data collected is anonymized by technical precautions. Therefore, an assignment of the data to the accessing user is no longer possible. The data is not stored together with other personal data of the users.
For the processing of personal data using cookies, the legal basis is Art. 6 (1) lit. f DSGVO. For the processing of personal data using technically necessary cookies, the legal basis is Art. 6 para. 1 lit. f DSGVO. If the user has given his consent, the legal basis for the processing of personal data using cookies for analytics is Art. 6 para. 1 lit. a DSGVO.
The reason for the use of technically necessary cookies is to simplify the experience of the website for the user. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
The analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly update and optimize our services.
Regarding these purposes, we also have the authorized interest in processing the personal data according to Art. 6 Para. 1 lit. f DSGVO.
Third party services
Within the website, the responsible controller has integrated content, services and performances of other providers. These include maps provided by Google Maps, YouTube videos, and graphics and images from other websites. In order for this data to be called up and displayed in the user's browser, the transmission of the IP address is mandatory. The providers (hereinafter referred to as "third-party providers") are therefore able to see the IP address of the respective user.
Even though we strive to use third-party providers that only require the IP address to deliver content, we have no influence on whether the IP address may be stored. In this case, this procedure is used for statistical purposes, among other things. If we have knowledge that the IP address is stored, we inform our users of this.
Use and application of Facebook
The responsible for the processing has integrated components of the company Facebook on this website. Facebook is a social network.
A social network is a social meeting place operated on the Internet, an online community that generally enables users to communicate and interact with each other in virtual space. A social network can serve as a platform for sharing opinions and experiences or enables the online community to provide personal or company-related information. Facebook allows users of the social network to create private profiles, upload photos and network via friend requests and more.
The operator of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the responsible party for the processing of personal data is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With every visit to one of the individual pages of this website operated by the responsible controller on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the IT system of the data subject is automatically prompted by the respective Facebook component to download a version of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE . Within the context of this specific technical procedure, Facebook is informed which specific sub-page of our website is visited by the data subject.
Whenever the data subject is logged in to Facebook while visiting our website, Facebook recognizes which specific sub-page of our website the data subject is viewing for the entire duration of the time spent on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated on our website, for example the "Like" button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.
Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged into Facebook at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, they can prevent the transmission by logging out of their Facebook account before accessing our website.
Facebook's published data policy, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the data subject. There are also various applications available that make it possible to suppress data transmission to Facebook, for example the Facebook Blocker from the provider Webgraph, which can be acquired from http://webgraph.com/resources/facebookblocker/. Applications of this kind can be used by the data subject to suppress data transmission to Facebook.
Use and application of Google Analytics (with anonymization)
The party responsible for processing has integrated the Google Analytics component (with anonymization) on this website. Google Analytics is a web analysis service, which enables the collection, compilation and analysis of data about the behavior of visitors to websites. A web analysis service collects the information about which website a data subject came to a website from (referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is predominantly used for the optimization of a website and for the cost-benefit analysis of online advertising.
Google Analytics is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The responsible party uses the addition "_gat._anonymizeIp" for the web analysis through Google Analytics. With this addition, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if access to our Internet pages is from a member state of the European Union or from another state party of the Agreement on the European Economic Area.
The purpose of the Google Analytics service is to analyze the flow of visitors to our website. Google uses the data and information obtained to evaluate the use of our website, and among other things, to compile online reports for us that show the level of activity on our website, and to provide other services related to the use of our website.
Google Analytics places a cookie on the information technology system of the data subject. What cookies are has already been explained above. By placing the cookie, Google is permitted to analyze the use of our website. Whenever one of the individual pages of this website operated by the data processor is accessed and a Google Analytics component is integrated on it, the internet browser on the data subject's information technology system is automatically prompted by the respective Google Analytics component to forward data to Google for the purpose of online analysis. As part of this technical process, Google will receive knowledge of personal data, such as the IP address of the data subject, which Google uses to track the origin of visitors and page views, which subsequently enables it to calculate commissions.
Through the cookie, personal information, like the access time, the place from which an access was initiated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.
The data subject can refuse the use of cookies on our website at any time by selecting the appropriate settings on the respective internet browser, thereby permanently rejecting the use of cookies. This setting of the Internet browser used would also prevent Google from placing a cookie on the IT system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
The data subject also has the option of opposing and preventing the collection of data generated by Google Analytics and related to the use of this website, as well as the processing of this data by Google. For this purpose, the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analytics through JavaScript that no data and information about visits to Internet pages may be shared with Google Analytics. The installation of this browser add-on is considered as a refusal by Google. If the IT system of the data subject is deleted, formatted or reinstalled at a later point in time, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within the data subject's sphere of control, it is possible to reinstall or reactivate the browser add-on at any time.
Further information and the applicable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is outlined here: https://www.google.com/intl/de_de/analytics/genauer.
Use and application of YouTube and YouTube components with advanced data protection mode
On our website we use components (videos) provided by YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a Google Inc. company, Amphitheatre Parkway, Mountain View, CA 94043, USA.
Here, we use the "advanced privacy mode" option provided by YouTube.
When you visit a page that has an embedded video, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.
According to the information provided by YouTube in the "- extended data protection mode -“ only some data is transmitted to the YouTube server, in particular which of our Internet pages you visited when you watch the video. If you are logged into YouTube at the same time, this information will be assigned to your member account on YouTube. You can prevent this by logging out of your member account before visiting our website.
Further information on the YouTube privacy policy is provided by Google at the following link: https://www.google.de/intl/de/policies/privacy/
Use and application of Vimeo
On our website, we use components of Vimeo. Vimeo is a service of Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA. With each individual visit to our website, this component causes the browser you are using to download a corresponding representation of the component from Vimeo. If you visit our site and are logged in to Vimeo during this time, Vimeo recognizes which specific page you are visiting through the information collected by the component and associates this information with your personal account with Vimeo. For example, if you click on the "Play" button or leave a comment, this information is transmitted to your personal user account at Vimeo and stored there. In addition, the fact that you have visited our site is passed on to Vimeo. This happens regardless of whether you click on the component/leave a comment or not.
If you would like to block this transmission and storage of data about you and your behavior on our website by Vimeo, you must log out of Vimeo before you visit our site. Vimeo's privacy policy provides more detailed information on this, in particular on the collection and use of data by Vimeo: https://vimeo.com/privacy
Use and application of reCAPTCHA
In order to protect input forms on our site, we use the service reCAPTCHA provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, referred to hereinafter as Google. The use of this service makes it possible to distinguish whether the input in question is human or whether it has been abused by automated machine processing.
To our knowledge, the referrer URL, the IP address, the behavior of website visitors, information about the operating system, browser and duration of visit, cookies, display instructions and scripts, the user's input behavior and mouse movements in the area of the reCAPTCHA checkbox are all transferred to Google.
Google uses the information obtained to digitize books and other printed matter and to optimize its services like Google Street View and Google Maps (e.g., house number and street name recognition).
The IP address transmitted as part of reCAPTCHA is not merged with other data from Google, unless you are logged into your Google account at the time of using the reCAPTCHA plug-in. If you want to prevent this transmission and storage of data about you and your behavior on our website by Google, you must log out of your Google account before you visit our site or use the reCAPTCHA plug-in.
The use of the service reCAPTCHA acquired information is carried out in accordance with Google's terms of use: https://www.google.com/intl/de/policies/privacy/.
Data protection during job applications and the application process
We collect and handle the personal data of applicants to process the application procedure. The processing may also take place electronically. If an applicant sends us the relevant application documents electronically, (by email or through the web form on our website), we will collect the personal data for the purpose of processing the application. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with applicable laws. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the denial of the application, provided that no other authorized interests on our part prevent the deletion of the application documents. Other authorized interests in this context include a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
Data subject rights
You have the right to:
(1) request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you may request information about the processing purposes, the category of personal data, the types of recipients to whom your data have been or will be disclosed, the planned storage duration, the existence of a right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the origin of your data if it was not collected by us directly, as well as the existence of automated decision-making including profiling and, if applicable, significant information about its details;
(2) demand the correction of inaccurate or incomplete personal data stored by us promptly in accordance with Art. 16 DSGVO;
(3) request the erasure of your personal data stored by us in accordance with Art. 17 DSGVO, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
(4) demand the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, to the extent that the accuracy of the data is disputed by you, the processing is unlawful, you object to its erasure (and we no longer need the data) and you need it for the assertion, exercise or the defense of legal claims, or you have objected to the processing in accordance with Art. 21 DSGVO;
(5) receive, in accordance with Art. 20 DSGVO, your personal data that you have provided to us in a structured, customary and machine-readable format or to request the transfer to another responsible party;
(6) revoke your consent at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent for the future.
(7) complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your place of residence or place of work or our office for this purpose.
Right to object
You have the right to object to the processing of personal data relating to you that is carried out on the basis of Art. 6(1)(e) or (f) DSGVO at any time for reasons based on your particular situation; this also applies to profiling based on these provisions.
The responsible party will no longer process your personal data unless it can demonstrate compelling and legitimate grounds for the processing which override your rights, interests and privacy, or the processing serves the purpose of asserting, exercising or defending legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to this processing of your personal data within the scope of such marketing; this also applies to profiling, if it is related to this type of direct marketing.
If you object to the processing of your personal data for direct marketing purposes, your personal data will cease to be used for these purposes.
You retain the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to express your right to object by means of automatic procedures involving the use of technical specifications.
Automated decision in particular cases including profiling
You have the right not to be subject to a decision based solely on automated processing (including profiling) which has legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the responsible party,
(2) is permitted by legislation of the Union or the Member States to which the responsible party is subject and that legislation includes appropriate measures to safeguard your rights and freedoms as well as your reasonable interests; or
(3) is done with your express consent.
However, these decisions must not be based on special categories of personal data as defined in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your rightful interests.
Regarding the cases mentioned in (1) and (3), the responsible party will take appropriate measures to safeguard your rights and freedoms as well as your rightful interests, which include, at the very least, the right to request the intervention of a person on the part of the responsible party, to express his or her point of view and to contest the decision.
As a conscientious company, we choose not to use automated decision-making or profiling.
Data security
For visits to our website, we use the common SSL procedure (Secure Socket Layer) in conjunction with the highest encryption level supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also apply appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously being further developed in line with technological developments.
Currentness and modification of this privacy policy
This privacy policy is currently valid and was last updated in May 2018.
Due to the further development of our website and our services, or due to changes in legal or regulatory requirements, it may become necessary to amend this data protection declaration. You can access and print out the current data protection declaration at any time using this address.