We take data security seriously
The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers automatically store the IP address of your internet service provider, the website from which you visit us, the pages you visit on our site, as well as the date and duration of your visit. This information is essential for the technical transmission of the webpages and for the secure operation of the servers. A personalized evaluation of this data does not take place.
If you send us data via a contact form, this data will be stored on our servers as part of data backup. Your data will be used exclusively for processing your request. Your data will be treated with strict confidentiality. It will not be shared with third parties.
Personal Data
Personal data refers to information about you as a person. This includes your name, address, and email address. You do not need to disclose any personal data to visit our website. In some cases, we need your name, address, and other information in order to provide you with the requested service.
The same applies if you request information materials from us or if we respond to your inquiries. In these cases, we will always inform you accordingly. Additionally, we only store the data that you have automatically or voluntarily provided to us.
When you use one of our services, we generally collect only the data necessary to provide you with that service. We may ask for additional information, but providing this is voluntary. Whenever we process personal data, we do so in order to offer you our service or to pursue our commercial objectives.
AUTOMATICALLY SAVED DATA
Server Log Files
The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- Full IP address of the requesting computer
- Amount of data transferred
This data is not combined with other data sources. The processing is carried out in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in improving the stability and functionality of our website.
For technical security reasons, particularly to defend against attempted attacks on our web server, this data is stored by us for a short period. It is not possible for us to draw any conclusions about individual persons based on this data. After a maximum of seven days, the data is anonymized by shortening the IP address to the domain level, so that no connection to individual users can be made. The data is also processed anonymously for statistical purposes; no comparison with other data sets or transfer to third parties, even in part, takes place. Only within the framework of our server statistics, which we publish every two years in our activity report, is the number of page views represented.
Cookies
When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an internet server to your browser and stored on your hard drive. Only the internet protocol address is stored — no personal data. The information stored in the cookies allows us to automatically recognize you on your next visit to our website, making it easier for you to use. The legal basis for the use of cookies is our legitimate interest in accordance with Article 6(1)(f) of the GDPR.
Of course, you can also visit our website without accepting cookies. If you do not want your computer to be recognized on your next visit, you can refuse the use of cookies by changing your browser settings to “reject cookies.” You can find the specific instructions in your browser’s user manual. However, if you refuse the use of cookies, this may result in limitations in the use of some areas of our website.
SECURITY
We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access. All our employees and service providers working for us are committed to complying with the applicable data protection laws.
Whenever we collect and process personal data, it is encrypted before being transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process, and our privacy policies are regularly updated. Please ensure that you have the most recent version.
RIGHTS OF DATA SUBJECTS
You have the right at any time to access, rectify, delete, or restrict the processing of your stored data, the right to object to processing, as well as the right to data portability and the right to file a complaint, in accordance with data protection regulations.
Right to Access:
You may request information from us regarding whether and to what extent we process your data.
Right to Rectification:
If we process data about you that is incomplete or incorrect, you can request its correction or completion at any time.
Right to Deletion:
You can request the deletion of your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, such as legal retention obligations.
Regardless of your right to deletion, we will promptly and completely delete your data as long as there is no legal or contractual obligation to retain it.
Right to Restriction of Processing:
You may request the restriction of the processing of your data if:
- You dispute the accuracy of the data, for a period that allows us to verify the accuracy.
- The processing of the data is unlawful, but you refuse deletion and instead request a restriction on the use of the data.
- We no longer need the data for the intended purpose, but you require it to assert or defend legal claims.
- You have objected to the processing of the data.
Right to Data Portability:
You can request that we provide the data you have given us in a structured, commonly used, and machine-readable format and that we transmit this data to another controller without hindrance, provided:
- We process this data based on your given and revocable consent or for the fulfillment of a contract between us, and
- This processing is carried out using automated procedures.
Where technically feasible, you may request that we transmit your data directly to another controller.
Right to Object:
If we process your data based on legitimate interest, you may object to this data processing at any time; this also applies to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims. You may object to the processing of your data for direct marketing purposes at any time without providing reasons.
Right to Lodge a Complaint:
If you believe that we have violated German or European data protection law in processing your data, we ask that you contact us to clarify any questions. Of course, you also have the right to lodge a complaint with the supervisory authority responsible for you, the respective State Office for Data Protection Supervision.
If you wish to exercise any of the above rights, please contact our Data Protection Officer. In case of doubt, we may request additional information to confirm your identity.
SSL AND TLS ENCRYPTION
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the change in the address bar of your browser from “http://” to “https://” and by the padlock symbol in your browser’s address bar.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Use of Cookies and Third-Party Services (ClickUp)
We use cookies to improve your experience on our website. Forms provided by the external service ClickUp are only loaded after you give explicit consent. By clicking “Accept All,” you allow a connection to ClickUp to be established, and their form to be displayed. This may transmit personal data (e.g., your IP address and form inputs) to ClickUp’s servers. ClickUp is based in the United States, which means your data may be transferred to a country outside the EU. Your decision is saved in a cookie: full consent is stored for 14 days, essential-only consent for 7 days. You can withdraw your consent anytime on our data protection page. Without your consent, no data is sent to ClickUp and no external content is loaded. For more information, please see ClickUp’s Privacy Policy.
INFORMATION ON DATA PROTECTION ACCORDING TO ARTICLE 13 OF THE GDPR
Here you will find our specific information in accordance with Article 13 of the GDPR:
INFORMATION DUTIES ACC. TO ART. 13 GDPR
The protection of your personal data is of utmost importance to us. We therefore process your personal data (“data” for short) exclusively in accordance with legal regulations. We hereby wish to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled within the meaning of Art. 13 of the European General Data Protection Regulation (GDPR).
1. Who is responsible for data processing and whom can you contact?
Responsible is:
Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-Mail: c.volkmer@projekt29.de
Tel.: 0941-2986930
2. Which data is processed and from which sources do these data originate?
We process the data which we have received from you within the framework of contract initiation or processing, based on consents or within the framework of your application to us or within the framework of your staff. The collection of your data generally takes place with you. The processing of the data you provide is necessary to fulfill contractual or pre-contractual obligations in accordance with Art. 6 Para. 1 Sentence 1 lit. b GDPR. Therefore, you are required to provide personal data, as we would otherwise be unable to fulfill our contractual or pre-contractual obligations. In order toprovide our services, it may also be necessary to process data that we have received from other third parties, such as your service providers, for the respective purpose of processing.
Personal data includes:
Your master/contact data, for example first and last name, address, contact data (e-mail address, phone number, fax), bank data for investors.
For applicants and employees, this includes for example first and last name, address, contact data (e-mail address, phone number), date of birth, data from curriculum vitae and job references, bank data, religious affiliation.
For business partners, this includes for example the name of their legal representative, company, commercial register number, VAT number, company number, address, contact data of the contact person (e-mail address, phone number, fax), bank details.
In addition, we also process the following other personal data:
- Information on the type and content of contract data, order data, sales and document data, customer and supplier history and consulting documents,
- advertising and sales data,
- information from your electronic dealings with us (e.g. IP address, log-in data),
- other data that we have received from you within the framework of our business relationship (e.g. in discussions with customers),
- data we generate ourselves from master data, contact data and other data, e.g. by means of customer demand and customer potential analyses,
- the documentation of your declaration of consent for the receipt of e.g. newsletters.
3. For what purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the Data Protection Basic Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:
- to fulfil (pre-)contractual obligations (Art. 6 para. 1lit.b GDPR): The processing of your data takes place for the contract winding up online or in one of our branches, for the contract winding up of your coworkers in our enterprise. The data will be processed in particular during the initiation of business transactions and the execution of contracts with you.
- to fulfil legal obligations (Art. 6 para. 1 lit.c GDPR): A processing of your data is necessary for the purpose of the fulfilment of different legal obligations, e.g. from the commercial code or the tax code.
- to safeguard legitimate interests (Art. 6 para. 1 lit.f GDPR): Based on a weighing of interests, data processing may take place beyond the actual fulfilment of the contract in order to safeguard the legitimate interests of us or third parties. Data processing to safeguard legitimate interests is carried out in the following cases, for example:
- advertising or marketing (see No. 4),
- measures for business management and the further development of services and products;
- manage a group-wide customer database to improve customer service
- in the context of legal proceedings.
- within the scope of your consent (Art. 6 para. 1lit.a GDPR): If you have given us your consent to process your data, e.g. to send our newsletter to you.
4. Processing of personal data for advertising purposes
You may at any time object to the use of your personal data for advertising purposes in whole or for individual measures without incurring any costs other than the transmission costs according to the basic tariffs.
In Germany we are entitled under the legal requirements of § 7 Abs.3 UWG (law against unfair competition) to use the email address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter or not.
If you do not wish to receive such recommendations by e-mail from us, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic tariffs. A text message is sufficient for this purpose. Of course, every e-mail always contains a unsubscribe link.
5. Who receives my data?
If we use a service provider in the sense of an order processing, we remain nevertheless responsible for the protection of your data. All contract processors are contractually obliged to treat your data confidentially and to process it only within the scope of the service provision. The contract processors commissioned by us will receive your data insofar as they require the data for the performance of their respective services. These are, for example, IT service providers that we need for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.
Your data will be processed in our customer database. The customer database supports the improvement of the data quality of the existing customer data (duplicate cleansing, spoilage/deadness flags, address correction) and enables the enrichment with data from public sources.
This data is made available to the group companies if necessary for the execution of the contract. Customer data is stored separately for each company, with our parent company acting as a service provider for the individual participating companies.
If there is a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.
In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and fulfilling contracts.
6. How long will my data be stored?
We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention periods (e.g. from national commercial laws, tax laws); furthermore,until the termination of any legal disputes in which the data is required as evidence.
7. Is personal data transferred to a third country?
In principle, we do not transfer any data to a third country. A transfer will only take place on a case-by-case basis based on an adequacy decision of the European Commission, standard contractual clauses, appropriate safeguards or your express consent. The transfer is carried out based on the GDPR.
8 Which data protection rights do I have?
At any time, you have the right to information, rectification, deletion or restriction of the processing of your stored data, a right of objection to the processing as well as a right to data transfer and a right of complaint in accordance with the requirements of data protection law.
Right to information: You can request information from us as to whether and to what extent we process your data.
Right to rectification: If we process your data that is incomplete or inaccurate, you may request that we correct or complete it at any time.
Right to deletion: You can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent an immediate deletion, e.g. in the case of legally regulated storage obligations.
Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
Right to limit the processing: You can ask us to restrict the processing of your data if
- you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse to delete it and instead request a restriction on the use of the data,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- you have objected to the processing of the data.
Right to data transferability:
You may request that we provide you with the information you have provided to us in a structured, common and machine-readable format and that you may provide that information to another responsible person without our interference, provided that
- we process this data on the basis of a consent given and revocable by you or for the fulfilment of a contract between us, and
- this processing is carried out using automated procedures.
If technically feasible, you may request us to transfer your data directly to another responsible person.
Right of objection:
If we process your data for legitimate reasons, you may object to such processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defense of legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right of appeal:
If you are of the opinion that we violate German or European data protection law when processing your data, we ask you to contact us in order to clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
9. am I obliged to provide data?
The processing of your data is necessary to conclude or fulfil your contract with us. If you do not provide us with this data, we will generally have to refuse to enter the contract or will no longer be able to perform an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data which is not relevant for the fulfilment of the contract, or which is not required by law.
Information on data protection in applicant management in accordance with Art. 13 GDPR
Personal data is collected from you in the employment relationship. Due to the new regulations in the General Data Protection Regulation (GDPR), we are therefore obliged to inform you in accordance with Art. 13 et seq. GDPR to inform you of the following:
Responsible for the collection and processing of your data is:
BonVenture Management GmbH
Ridlerstr. 33
Phone: +49/89/2000125-30
Fax: +49/89/2000125-39
The contact details of our data protection officer are:
Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-Mail: c.volkmer@projekt29.de
Phone: 0941-2986930
Your data will be collected and processed as part of the recruitment process and for the purposes of the employment relationship.
The required data includes, in particular, your master data (especially first and last name, name affixes, nationality), your contact data (especially private address, mobile and landline number, e-mail address), other data from the employment relationship, such as time recording data, vacation periods, periods of incapacity for work, skills data, social data, bank details, social security number, pension insurance number, salary data, tax identification number, special health data and, if applicable, criminal records) as well as log data that is generated when using the IT systems.
Your personal data is mainly collected directly from you. However, due to legal regulations, some of your data will also be collected from other sources, such as the tax office to obtain tax-related information, the health insurance company to obtain information about periods of incapacity for work or, if necessary, from other third parties, such as a job placement agency or from publicly accessible sources (e.g. professional networks).
Within our company, your personal data will only be received by those persons who need it to fulfill our contractual and legal obligations, such as the HR department, the accounting department and the specialist department.
If we use service providers to fulfill our contractual and legal obligations, they will also receive the necessary data. These include the following service providers: tax consultants, auditors, IT service providers, external data protection officers, lawyers, notaries and other consultants.
Outside the company, we transfer your data to other recipients if this is necessary to fulfill our contractual and legal obligations. These are, in particular, the social insurance institutions, health insurance, pension insurance, professional pension schemes, the employment agency, the employers’ liability insurance association, the tax authorities, accident and liability insurers, courts, banks, competent bodies in order to be able to guarantee claims from the company pension scheme or capital-forming benefits, third-party debtors in the event of wage and salary garnishment or insolvency administrators in the event of personal insolvency.
Your data will not be transferred to a third country.
The primary purpose of data processing is to establish, implement and terminate the employment relationship. The relevant legal basis for this is Art. 6 para. 1 b) GDPR in conjunction with. § Section 26 para. 1 BDSG. In addition, collective agreements (group, general and works agreements as well as collective bargaining agreements) pursuant to Art. 6 para. 1 b) in conjunction with Art. 88 para. 1 GDPR may be used. Art. 88 para. 1 GDPR in conjunction with. § Section 26 (4) BDSG and, if applicable, your separate consents pursuant to Art. 6 (1) a), 7 GDPR in conjunction with Section 26 (2) BDSG. § Section 26 (2) BDSG (e.g. in the case of video recordings) as a data protection permission regulation.
We also process your data in order to fulfill our legal obligations as an employer, in particular in the area of tax and social security law. This is done on the basis of Art. 6 para. 1 c) GDPR in conjunction with. § SECTION 26 BDSG.
If necessary, we also process your data on the basis of Art. 6 para. 1 f) GDPR in order to protect our legitimate interests or those of third parties (e.g. authorities). This applies in particular to the investigation of criminal offenses (legal basis § 26 para. 1 sentence 2 BDSG) or within the Group for the purposes of Group management, internal communication and other administrative purposes.
Insofar as special categories of personal data are processed in accordance with Art. 9 para. 1 GDPR, this serves the exercise of rights or the fulfillment of legal obligations under employment law, social security law and social protection law (e.g. disclosure of health data to the health insurance company, recording of severe disability due to additional leave and determination of the severely disabled levy) within the scope of the employment relationship. This is done on the basis of Art. 9 para. 2 b) GDPR in conjunction with § Section 26 para. 3 BDSG. In addition, the processing of health data for the assessment of your ability to work in accordance with Art. 9 para. 2 h) in conjunction with § 22 para. 1 b) BDSG may be necessary.
In addition, the processing of special categories of personal data may be based on consent in accordance with Art. 9 Para. 2 a) GDPR in conjunction with Section 26 Para. 2 BDSG (e.g. company health management). § Section 26 (2) BDSG (e.g. company health management). If we wish to process your personal data for a purpose not mentioned above, we will inform you in advance.
If your job application is rejected, the data you have submitted will be deleted six months after notification of the rejection. This does not apply if longer storage is necessary due to legal requirements (e.g. the burden of proof under the General Equal Treatment Act) or if you have expressly consented to longer storage in our database of interested parties.
The storage period of the data collected is limited to the employment relationship. We delete your personal data as soon as it is no longer required for the above-mentioned purposes. After termination of the employment relationship, the data will be stored and then deleted in accordance with the statutory or official retention periods, which result from the German Commercial Code and the German Fiscal Code, among others. The storage periods thereafter are up to ten years. In addition, personal data may be stored for the statutory limitation period of three or up to 30 years if claims can be asserted against us.
You have the right to obtain information from your employer about the personal data stored about you. Under certain conditions, you can request the correction or deletion of your data. You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, commonly used and machine-readable format.
Right of objection:
You also have the right to object to the processing of your personal data for direct marketing purposes without giving reasons. If we process your data to protect legitimate interests, you can object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.
You have the right to lodge a complaint regarding the handling of your personal data with the above-mentioned data protection officer or the data protection supervisory authority. The supervisory authority responsible for you is
Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach
Tel.: 0981 180093-0
Fax: 0981 180093-800
Email: poststelle@lda.bayern.de
The provision of personal data is necessary for the establishment, implementation and termination of the employment relationship and constitutes a secondary contractual obligation of the employee. If we do not receive the required data, it will not be possible to carry out the employment relationship with you.