We are committed to protecting your personal data.
Thank you for showing interest in our company. The management of Baufritz (UK) Limited takes data protection very seriously. It is possible to use the website of Baufritz (UK) Limited without disclosing your personal data. However, if you want to use certain services the company offers via our website, it may be necessary for us to process personal data. In the event that it is necessary to process personal data and there is no legal basis for such processing, we will generally write to you to request your consent.
- inform the public about the type, scope and purpose of the personal data collected, used and processed by our company;
- how we collect and process your personal data through your use of this website (regardless of where you visit it from), including any data you may provide through this website when you get in touch to receive further information about our services or give us feedback, engage our services to build a house, subscribe to our newsletter or request marketing to be sent to you, or enter a competition, promotion or survey;
- how we look after your personal data; and
- information on your privacy rights as well as how the law protects you.
This website is not intended for children and we do not knowingly collect data relating to children.
2. IMPORTANT INFORMATION AND WHO WE ARE
NAME AND ADDRESS OF THE CONTROLLER
Baufritz (UK) Limited
NAME AND ADDRESS OF THE DATA PROTECTION OFFICER
The Data Protection Officer assigned by the Controller is:
Baufritz (UK) Limited
You may contact our Data Protection Officer directly at any time if you have questions or suggestions concerning data protection, including any requests to exercise your legal rights.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We will also use third party cookies to enable the service of advertisements, for example, on other websites, including social media providers such as Facebook, Twitter and Instagram. Under some circumstances, your personal data may be recorded and used by the social media providers in order to create user preferences and interests, so that you can be presented with advertisements based on those interests. Please note that we are unable to trace all of the processing operations of those social media providers. You can find out more about the processing activities carried out by the social media providers in their own respective terms and conditions of use and privacy policies.
Please note that we are jointly responsible with the relevant social media providers for the data processing operations triggered by any visit to our social media sites. You may assert your rights against both us and against the respective social media provider. However please note that we do not have any control over these data processing operations of the third party social media providers.
The data collected via our social media sites is deleted as soon as it is no longer required, if you ask us to delete it, or if you revoke your consent to that data being stored. Stored cookies will remain on your device until deleted. Nothing in this paragraph affects the relevant mandatory legal requirements. Please note that we have no influence on the data storage policies of or activities carried out by third party social media providers. To find out more, please refer to their respective privacy policies.
You can avoid the setting of cookies by our website at any time by changing the settings of your browser to permanently prevent cookies from being set. In addition, you can delete cookies that have already been set at any time via a browser or other software programmes. This is possible with all common internet browsers. If you deactivate the setting of cookies in the browser you use, some parts of this website may become inaccessible or not function properly.
4. THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Each time you or an automated system open the website of Baufritz (UK) Limited, the website collects a slew of general data and information. This general data and information are stored in the server log files.
We may collect, use, store and transfer different types of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier, marital status, and title, date of birth and gender.
- Contact Data includes residential address, site address, billing address, email address and telephone numbers.
- Financial Data includes bank account, payment card details, and details on the provision of security such as an advance payment guarantee.
- Transaction Data includes details about quotations, payments to and from you via invoices, and other details of services you have purchased from us.
- Project Data includes the house design, the house specification, the house construction programme, the house sampling, orders to subcontractors, drawings, planning permissions related to your order, and the contact details of external third parties such as Baufritz and client-appointed suppliers involved with the order.
- Technical Data includes accessed pages, anonymous session protocol, your login data, browser type, version, language setting, time zone setting and location, browser plug-in types and versions, the operating system of the accessing system and platform as well as model number of your device, the website from which an accessing system reaches our website (so-called referrer), sub-websites activated via an accessing system on our website, the date and time you access the website, anonymised internet protocol (IP) address (not traceable), the internet service provider of the accessing system, used search items on the site (if applicable), other technology on the devices you use to access this website and any other similar data and information that may be used to avert danger in the event of attacks on our information technology systems.
- Profile Data includes your orders, your interests, preferences, feedback and survey responses, and marketing agreements (if applicable).
- Usage Data includes information about how you use our website and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
We analyse the Technical Data anonymously and do not draw conclusions about any individual data subject. Rather, we use the information to (1) display the content of our website correctly, (2) optimise the content of our website as well as how it is advertised, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the case of a cyber-attack. Therefore, Baufritz (UK) Limited evaluates this anonymous data and information on the one hand for statistical purposes, and on the other with the objective of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files are stored separately from all personal information you provide and they do not allow conclusions about an individual person to be drawn. Your person-specific data and your privacy are protected at any given time.
IF YOU FAIL TO PROVIDE PERSONAL DATA
We inform you that you must provide your personal data in some cases as a legal obligation (e.g., tax regulations), or resulting from contractual regulations (e.g., details of contractual partner). In order to conclude a contract, you may also be required to make your personal data available to us, which we will then process. For example, you are obliged to make your personal data available to us in order for our company to conclude a contract with you. Should you fail to make your personal data available to us, we may not be able to conclude the contract and may have to cancel an order you have with us but we will notify you if this is the case at the time.
5. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in the contact form on our website or other forms, or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- place an order with us
- subscribe to our newsletter
- request marketing to be sent to you
- enter a competition, promotion or survey; or
- give us feedback or contact us.
This personal data is automatically stored. Such voluntary transmission of personal data is stored for the purpose of processing your personal data or contacting you. There is no transfer of this personal data to third parties, except to Bau-Fritz GmbH & Co. KG for storage purposes only in accordance with international transfers.
- Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. The anonymous data of the server log files are stored separately from all personal data you provide. As a responsible company, we do not use automatic decision-making or profiling.
- Third parties or publicly available sources. We will receive personal data about you from various third parties as set out below:
Technical Data from the following parties:
- analytics providers such as Google based outside the EU; and
- advertising and social networks such as Google, LinkedIn, Facebook, Instagram, Pinterest, Twitter, and YouTube based outside the EU;
Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
Identity and Contact Data from data brokers or aggregators.
Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
6. LEGAL BASIS FOR PROCESSING
We will only use your personal data when the law allows us to do so.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with all applicable data protection and privacy legislation in force from time to time in the UK, including the UK GDPR; the Data Protection Act 2018; the Privacy and Electronic Communications Directive (2002/58/EC) (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended (UK Data Protection Legislation).
Article 6 (1) (a) of the UK GDPR is the legal basis we rely on for processing data, when we require your consent for a specific purpose.
If we need to process personal data for the performance of a contract to which you are party, as is the case, for example, if processing is necessary for the delivery of goods or providing a certain service or return service, then processing is based on Art. 6 (1) (b) of the UK GDPR. The same applies to processing in order to take measures prior to entering into a contract, for example, in the case of inquiries about our products or services.
If our company is subject to a legal obligation which requires processing of personal data, for example, to fulfil tax obligations, then the legal basis for processing is Article 6 (1) (c) of the UK GDPR.
In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured on our company's site and their name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. In this case, processing is based on Article 6 (1) (d) of the UK GDPR.
Finally, processing can be based on Article 6 (1) (f) of the UK GDPR. This legal basis applies to processing not included in any of the above, when it is necessary for the purpose of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. Such processing is permitted in particular as it is specifically mentioned by UK data protection legislation. This takes the view that a legitimate interest can be assumed when the data subject is a client of the controller (Recital 47 sentence 2 UK GDPR).
Our legitimate interest means i) the interest of our business in conducting and managing our business to enable us to give you the best service/goods and the best and most secure experience; and ii) to carry out our business in favour of the well-being of all our employees and the shareholders.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We may share your personal data with external third parties engaged by us in connection with our contract or that you may appoint to provide services such as architects or kitchen building contractors, in which case we will require those parties to keep that personal data confidential and secure and use it solely for the purpose of providing the specified services.
7. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Type of data
Lawful basis for processing including basis of legitimate interest
To register you as a new customer
Performance of a contract with you
To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
(d) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a prize draw, competition or complete a survey
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(e) Marketing and Communications
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you
(f) Marketing and Communications
Necessary for our legitimate interests (to develop our products/services and grow our business)
PROMOTIONAL OFFERS FROM US
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or engaged our services and you have not opted out of receiving that marketing.
SUBSCRIPTION TO OUR NEWSLETTER
On our website, you have the possibility of subscribing to our company’s newsletter. The personal data you enter in the form for ordering the newsletter are transferred to the Controller.
We regularly inform our customers and business partners about our offers by means of a newsletter. You will only be able to receive our company newsletter if (1) you have a valid e-mail address and (2) you subscribe to our newsletter mailing list. Our double opt-in procedure requires that we first send you a confirmation e-mail to the e-mail address you entered to receive the newsletter. The purpose of this confirmation e-mail is to prove that the owner of the e-mail address is authorised as the data subject to receive the newsletter.
When you register for our newsletter, we also store the IP address assigned by the internet service provider (ISP) of the computer system you used to register, as well as the date and time of registration. Collecting this data is necessary to track any (possible) misuse of your e-mail address at a later date, and therefore provides legal protection for us as the Controller.
The personal data collected during registration for the newsletter will only be used for the purpose of sending our newsletter. They can also be used to inform subscribers to the newsletter by e-mail, to the extent that this is necessary for operating the newsletter service or registering for it, for example in the event of modifications to the newsletter or changes to the technical conditions. No personal data collected in connection with the newsletter service will be transferred to third parties. You may terminate your subscription to our newsletter at any time. Your consent to us storing the personal data given to us in order to send the newsletter may be revoked at any time. A corresponding link for the purpose of revoking your consent can be found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on our website, or by communicating this to us in a different way.
Our newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails that are sent in HTML format in order to enable log files to be recorded and analysed. This makes it possible to carry out a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we can see whether and when the recipient has opened an e-mail, and which links in the e-mail they have activated.
Such personal data collected in the tracking pixels contained in our newsletter are stored by us and analysed in order to optimise the way we send our newsletter, as well as to align the content of future newsletters even better to your interests. This personal data will not be passed on to third parties. You are entitled to revoke the declaration of consent you have given separately as part of the double-opt-in procedure at any time. After revoking your consent, we will delete this personal data. We automatically interpret a submission to unsubscribe from our newsletter as a revocation of consent.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
If you change your mind about receiving marketing materials, you can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us related to an order.
CONTACT OPTIONS VIA THE WEBSITE
In line with legal requirements, Baufritz (UK) Limited’s website contains information that enables you to contact us electronically and communicate with us directly. This information also includes a general address for so-called electronic post (e-mail address). Should you contact us via e-mail or a contact form, the personal data you enter will automatically be stored. Such personal data transferred to us voluntarily by you are stored for the purpose of processing the data or contacting you. These data will not be passed on to third parties.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
8. INTEGRATED COMPONENTS ON OUR WEBSITE AND YOUR PRIVACY RIGHTS
We use a Google service called Google Tag Manager. "Google" is a corporate group comprising Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, as well as other affiliated companies of Google LLC.
We have concluded a data processing agreement with Google. Google Tag Manager is an auxiliary service and only processes personal data for purposes that are technically necessary. Google Tag Manager enables other components to be loaded that may themselves collect data. Google Tag Manager does not have access to these data.
Please note that pursuant to U.S. laws such as the CLOUD Act, U.S. authorities, such as intelligence services, may be able to access personal data, which are inevitably transferred to Google when this service is integrated due to the internet protocol (TCP).
On this website, we have integrated components of Google Analytics (with anonymisation function). Google Analytics is a web analytics service. Web analytics comprises the tracking, collection and evaluation of data about the behaviour of visitors to a website. A web analytics service collects, among other things, data about the website from which a person reached the website (so-called referrer), which sub-pages were visited, and how often and how long a sub-page was viewed. Web analytics are mainly used to improve a website and analyse the costs and benefits of online advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
For web analytics via Google Analytics, we use the application "_gat. _anonymizeIp". This allows Google to abridge and anonymise the IP address of your internet connection when accessing our websites from the UK, a member state of the European Union or another contracting state to the agreement on the European Economic Area.
The purpose of Google Analytics is to analyse the traffic on our website. Google uses the collected data and information to evaluate the use of our website in order to compile online reports for us, which show the activities on our websites, and to provide other services in connection with the use of our website, amongst other things.
Google Analytics places a cookie on your browser or device. The definition of cookies can be found above. Setting the cookie enables Google to analyse traffic to our website. Each time you visit one of the pages of this website, which is operated by us and into which a Google Analytics component has been integrated, the browser on your device is prompted by the Google Analytics component to automatically send data to Google for the purpose of online advertising. In the course of this technical procedure, Google obtains knowledge of personal information, such as your IP address, which Google uses, amongst other things, to track the origin of visitors and clicks, and subsequently calculate its commission.
The cookie stores your personal information, such as the time of your visit to the website, the location from where you accessed the website, and the frequency of your visits. Each time you visit our website, such personal data, including the IP address of your internet connection, will be transmitted to Google in the United States, where they are stored. Google may pass personal data collected through this technical procedure to third parties.
As deemed necessary by applicable law, you will be required to provide positive consent in order for the use of Google Analytics to be activated on our website.
We have integrated Google Remarketing services on this website. Google Remarketing is a feature of Google Ads, which allows a company to display ads to users who have previously visited the company’s website. The integration of Google Remarketing therefore allows a company to create user-based advertising and consequently to show users ads with content that is based on their interests.
The operating company of Google Remarketing services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
The purpose of Google Remarketing is to insert ads with relevant content. Google Remarketing allows us to display ads based on users’ individual needs and interests via the Google Display Network or have them displayed on other websites.
Google Remarketing sets a cookie on your device. The definition of cookies can be found above. Setting the cookie enables Google to recognise visitors to our website if they consequently visit webpages that are also part of Google’s Display Network. Every time you visit a website on which Google Remarketing has been integrated, your browser automatically makes itself known to Google. During the course of this technical procedure, Google receives personal information, such as your IP address or website browsing behaviour pattern, which Google uses, among others, to insert interest-based advertising.
The cookie is used to store personal information, e.g., the websites you have visited. Each time you visit our website, personal data, including the IP address of your internet connection, are transmitted to Google in the United States and stored there. Google may pass this personal data collected through this technical procedure to third parties.
You may, as stated above, avoid the placing of cookies by our website at any time by adjusting the settings of your browser accordingly, and thus permanently prevent the placing of cookies. Adjusting your browser in this way would also prevent Google from setting a cookie on your device. In addition, cookies already in use by Google Remarketing may be deleted at any time via a browser or another software programme.
In addition, you have the possibility of objecting to interest-based advertising by Google. For this purpose, you must visit www.google.de/settings/ads from each browser you use and make the desired settings.
We have integrated Google Ads on this website. Google Ads is a web advertising service that allows the advertiser to place ads in Google search engine results and the Google Display Network. Google Ads allows advertisers to pre-define specific keywords. An ad is then only displayed on Google’s search results when the user retrieves a search result that matches the keyword using the search engine. In the Google Display Network, the ads are distributed on relevant webpages using an automatic algorithm, taking into account the previously defined keywords.
The operating company of Google Ads is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
The purpose of Google Ads is to promote our website by including interest-based advertising on the websites of third parties and in the search engine results of the Google search engine, as well as inserting third-party advertising on our website.
If you visit our website via a Google ad, a so-called conversion cookie is stored on your browser or device by Google. The definition of cookies can be found above. A conversion cookie loses its validity after 30 days and is not used for the purpose of identifying you. As long as the conversion cookie has not expired, it is used to check whether you visited certain sub-pages, e.g., the shopping cart of an online shop system, on our website. Through the conversion cookie, both Google and Baufritz (UK) Limited can track whether a data subject who reached our website via a Google Ads ad generated sales, or in other words, executed or cancelled a purchase.
Google uses the data and information collected as a result of using the conversion cookie to create visit statistics for our website. We use these visit statistics to determine the total number of users who visited our website via a Google Ads advertisement to ascertain the success or failure of each ad and to optimise our ads in the future. Neither our company nor other Google Ads advertisers receive information from Google that could identify you.
The conversion cookie is used to store personal information, e.g., the webpages you have visited. This means that each time you visit our website, personal data, including your IP address, are transmitted to Google in the United States and stored there. Google may pass these personal data collected through this technical procedure to third parties.
You may, as stated above, avoid the placing of cookies by our website at any time by adjusting the settings of your browser accordingly, and thus permanently prevent the placing of cookies. Adjusting your browser in this way would also prevent Google from setting a cookie on your device. In addition, cookies already in use by Google Ads may be deleted at any time via a browser or another software programme.
In addition, you have the possibility of objecting to interest-based advertising by Google. For this purpose, you must visit www.google.com/settings/ads from each browser you use and make the desired settings.
This website uses Google Maps API, a map service offered by Google Inc. ("Google"), to show an interactive map. With Google Maps, information about your use of this website (including your IP address) can be transmitted to Google in the United States and stored there.
As deemed necessary by applicable law, you will be required to provide positive consent in order for the use of Google Maps to be activated on our website.
We use Google reCAPTCHA (referred to in the following as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether data entered on this website (e.g., in a contact form) has been done by a human or an automated programme. To this end, reCAPTCHA analyses the behaviour of the visitor to the website based on various characteristics. This analysis starts automatically as soon as the visitor accesses the website.
reCAPTCHA evaluates various kinds of information for this analysis (e.g., IP address, length of time the visitor spends on the website, or mouse movements made by the user). The data collected for the analysis is passed on to Google. reCAPTCHA analysis runs completely in the background. Visitors to the website will be required to provide positive consent in order for the use of reCAPTCHA to be activated on our website.
This website uses the cookie consent management technology of Usercentrics to obtain your consent to us storing certain cookies on your device or using certain technologies and documenting them in accordance with data protection laws. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany; website: https://usercentrics.com (referred to in the following as “Usercentrics”).
Whenever you visit our website, the following personal data are transmitted to Usercentrics:
- Your consent or withdrawal of your consent
- Your IP address
- Information about your browser
- Information about your device
- Time of your visit to the website
In addition, Usercentrics sets a cookie on your browser to assign the consent you have granted or the withdrawal of such consent to you. The data recorded in this way is stored until you tell us to delete it, delete the Usercentrics cookie yourself, or the purpose of storing the data ceases to apply. This does not affect any mandatory legal storage obligations.
Our website uses the functions of CloudFlare. The provider is CloudFlare, Inc. 665 3rd St. #200, San Francisco, CA 94107, United States.
We have integrated components of Facebook on this website. Facebook is a social network.
A social network is a social meeting place on the internet, an online community which generally allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for exchanging opinions and experiences, or enable the online community to provide personal or business-related information. Facebook allows social network users to, amongst other things, create private profiles, upload photos, and network through friend requests.
Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If you live outside of the United States or Canada, the Controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time you visit an individual page on our website that is operated by us and has a Facebook component (Facebook plug-in) integrated in it, the browser on your device is automatically prompted by the Facebook component to download a display of the corresponding Facebook component from Facebook. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/. In the course of this technical procedure, Facebook gains knowledge about which specific sub-page of our website you visited.
If you are logged into Facebook at the same time, Facebook detects each time you visit our website—and for the entire duration of your stay on our website—which specific sub-page of our website you visited. This information is collected by the Facebook component and associated with your Facebook account by Facebook. If you click on one of the Facebook buttons integrated into our website, e.g., the "Like" button, or if you submit a comment, then Facebook matches this information with your Facebook account and stores the personal data.
Facebook receives information about your visit to our website through the Facebook component whenever you are logged into Facebook at the same time as you visit our website. This occurs regardless of whether you click on the Facebook component or not. If you do not wish this information to be transmitted to Facebook, then you may prevent this by logging off from your Facebook account before you visit our website.
On our website, we use the so-called Facebook pixel by the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, United States, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
The Facebook pixel allows Facebook to identify you, as a visitor to our website, as a target group for displaying ads ("Facebook ads"). Accordingly, we use the Facebook pixel to only show our Facebook ads to those Facebook users who have shown an interest in our website or who have certain characteristics (e.g., an interest in certain topics or products as determined by the websites they visit), which we impart to Facebook (“custom audiences”). The Facebook pixel helps to ensure that our Facebook ads correspond to users’ potential interests and are not irritating. The Facebook pixel furthermore enables us to track the effectiveness of Facebook ads for statistical and marketing purposes by seeing if users are referred to our website after clicking on a Facebook ad (“conversion”).
You can object to your data being collected by the Facebook pixel and used to display Facebook ads. To determine what kind of ads are shown to you within Facebook, open the page set up by Facebook and follow the instructions on user-based advertising: https://www.facebook.com/adpreferences/ad_settings/?entry_product=account_settings_menu
We point out that according to the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the United States. Data processing mainly occurs via the Facebook pixel. This may result in data not being processed and stored in an anonymised form. In addition, U.S. state authorities may be able to gain access to individual data. Furthermore, these data may be linked with data from other Facebook services where you have a user account.
We have embedded Facebook Login on our website. This practical tool allows you to log into our website with your Facebook account without having to set up an additional user account. If you decide to register via Facebook Login, you will be routed to the social media network Facebook, where you can log in using your Facebook user data. Through this log-in procedure, data about you or your user behaviour are stored and transferred to Facebook.
On the one hand, Facebook Login offers you a quick and easy way to register, and on the other, it gives us the possibility to share data with Facebook. That way, we can adapt our offers and advertising campaigns better to your interests and needs. The data we receive from Facebook in this way is public data such as
- your Facebook name
- your profile picture
- an e-mail address
- lists of friends
- information about buttons (e.g., “Like” button)
- your date of birth
- your language
- where you live
In return, we give Facebook information about your activities on our website. This includes information about the device you use, which sub-pages you visited on our website, or what products you have bought from us.
If you are registered with Facebook, you can change your settings for ads yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
We have integrated components of Instagram on this website. Instagram is a service that can be classified as an audio-visual platform that allows users to share photos and videos, as well as disseminate such data in other social networks.
The services of Instagram are operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, United States.
Each time you visit an individual page on our website that is operated by us and has an Instagram component (Insta button) integrated in it, the browser on your device is automatically prompted by the Instagram component to download a display of the corresponding Instagram component. During the course of this technical procedure, Instagram gains information about which specific sub-page of our website you visited.
If you are logged into Instagram at the same time, Instagram detects each time you visit our website—and for the entire duration of your stay on our website—which specific sub-page of our website you visited. This information is collected by the Instagram component and associated with your Instagram account by Instagram. If you click on one of the Instagram buttons integrated in our website, Instagram matches this information with your Instagram account and stores the personal data.
Instagram receives information about your visit to our website through the Instagram component whenever you are logged into Instagram at the same time as you visit our website. This occurs regardless of whether you click on the Instagram component or not. If you do not wish this information to be transmitted to Instagram, you may prevent this by logging out of your Instagram account before visiting our website.
We have integrated components of Pinterest Inc on this website. Pinterest is a so-called social network. A social network is a social meeting place on the internet, an online community which generally allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for exchanging opinions and experiences, or enable the online community to provide personal or business-related information. Pinterest enables users of the social network to publish, among others, picture collections and individual pictures as well as descriptions on virtual pinboards (so-called pins), which can then be shared by other users (so-called re-pins) or commented on.
Pinterest is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, United States.
Each time you visit an individual page on this website that is operated by us and has a Pinterest component (Pinterest plug-on) integrated in it, the browser on your device is automatically prompted by the Pinterest component to download a display of the corresponding Pinterest component. For more information on Pinterest, see https://pinterest.com/. During the course of this technical procedure, Pinterest gains information about which specific sub-page of our website you visited.
If you are logged into Pinterest at the same time, Pinterest detects each time you visit our website—and for the entire duration of your stay on our website—which specific sub-page of our website you visited. This information is collected by the Pinterest component and associated with your Pinterest account by Pinterest. If you click on one of the Pinterest buttons integrated in our website, Pinterest matches this information with your Pinterest account and stores the personal data.
Pinterest receives information about your visit to our website through the Pinterest component whenever you are logged into Pinterest at the same time as you visit our website. This occurs regardless of whether you click on the Pinterest component or not. If you do not wish this information to be transmitted to Pinterest, you may prevent this by logging out of your Pinterest account before visiting our website.
The Pinterest tag is a piece of code that allows us and Pinterest to track your user behaviour when you visit our website. Pinterest uses this information to form target groups with the aim of improving the display of ads, assessing and improving the effectiveness of ads, and determining what kind of ads users should be shown. To this end, Pinterest sets cookies. The information generated by the cookies about your use of this website (including your IP address) is transmitted to a Pinterest server in the United States and stored there. We rely on Pinterest’s reliability and its IT and data security. Similar to above, according to the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the United States. This may result in data not being processed and stored in an anonymised form. In addition, U.S. state authorities may be able to gain access to individual data. Furthermore, these data may be linked with data from other Pinterest services where you have a user account.
On this website, we have integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called 'tweets,' e.g. short messages, which are limited to 280 characters. These short messages are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user's tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States.
With each visit to one of the individual pages of this website, which is operated by us and on which a Twitter component (Twitter button) is integrated, your browser is automatically prompted to download a display of the corresponding Twitter component of Twitter. Further information about the Twitter buttons is available under https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our website you visited. The purpose of the integration of the Twitter component is a retransmission of the contents of this website to allow our users to introduce this website to the digital world and increase our visitor numbers.
If you are logged in at the same time on Twitter, Twitter detects with every one of your visits to our website and for the entire duration of your stay on our website which specific sub-page of our website you visited. This information is collected through the Twitter component and associated with your Twitter account. If you click on one of the Twitter buttons integrated on our website, then Twitter assigns this information to your Twitter user account and stores the personal data.
Twitter receives information via the Twitter component that you have visited our website, provided that you are logged in on Twitter at the time of your visit to our website. This occurs regardless of whether you click on the Twitter component or not. If such a transmission of information to Twitter is not desirable, then you may prevent this by logging off from your Twitter account before a visit to our website is made.
The applicable data protection provisions of Twitter may be accessed under https://twitter.com/privacy?lang=en.
We have integrated components of YouTube on this website. YouTube is an internet video portal that enables video publishers to post video clips free of charge, and other users to view, review and comment on them, also free of charge. As YouTube allows all kinds of videos to be published, not only full movies and TV broadcasts can be accessed via the internet portal but also music videos, trailers, and users’ home-made videos.
YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, United States. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
Each time you visit an individual page on this website that is operated by us and has a YouTube component (YouTube video) integrated in it, the browser on your device is automatically prompted by the YouTube component to download a display of the corresponding YouTube component. For more information on YouTube, see https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google are informed about which specific sub-page of our website you visited.
If you are logged into YouTube, YouTube detects each time you visit a sub-page that contains a YouTube video, which specific sub-page of our website you visited. This information is collected by YouTube and Google and assigned to your YouTube account.
YouTube and Google receive information about your visit to our website through the YouTube component whenever you are logged into YouTube at the same time as you visit our website. This occurs regardless of whether you click on the YouTube component or not. If you do not wish this information to be transmitted to YouTube and Google, then you may prevent this by logging out of your YouTube account before visiting our website.
This data is encoded, anonymised within seven days, and the anonymised data deleted within 90 days. LinkedIn does not share personal data with us, but only sends us summarised reports about the website’s target group and the performance of our ads.
LinkedIn also offers the possibility of retargeting visitors to the website. This allows us to use this data to show targeted ads outside of our website without identifying members. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
We use the LinkedIn Insight Tag for the purpose of obtaining detailed campaign reports and information about visitors to our website and therefore regarding our advertising and marketing interests. As a customer of LinkedIn Marketing Solutions, we use the LinkedIn Insight Tag to track conversions, retarget website visitors and gain additional insights into LinkedIn members that see our ads.
We have incorporated functions of the music streaming service Spotify in our website. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden.
Spotify plug-ins can be identified by the green logo on our website. For an overview of Spotify plug-ins, please see https://developer.spotify.com If you visit our website via the plug-in, a direct connection can be established between your browser and the Spotify server. As a result, Spotify receives the information that you have visited our website with your IP address. If you click on the Spotify button while you are logged into your Spotify account, you can link the content of our website on your Spotify profile. This allows Spotify to assign your visit to our website to your user account.
9. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the following parties for the purposes set out in the table ‘Purposes For Which We Will Use Your Personal Data’ above:
- Internal Third Parties:
Bau-Fritz GmbH & Co. KG, based in Germany at Alpenweg 25, D-87746 Erkheim, acting as processor and who create working drawings and manufacture the timber frame of houses, as well as have access to our accounts and information with regard to issuance of invoices/amounts/annual accounts.
- External Third Parties (save for Identity, Contact and Financial Data in accordance with the section titled ‘How Is Your Personal Data Collected?’):
- Service providers or suppliers that are engaged by us to provide services or goods to us.
- Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the UK who require reporting of processing activities in certain circumstances.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
10. INTERNATIONAL TRANSFERS
We share your personal data with Bau-Fritz GmbH & Co. KG, based in Germany at Alpenweg 25, D-87746 Erkheim. Although we store your personal data electronically on our servers and as hard copies in our UK offices, we also store your personal data on Bau-Fritz GmbH & Co. KG's servers which are based in Germany. This will involve transferring your data outside of the UK.
Some of our external third parties are based in the European Union and the United States. This means their processing of your personal data will involve a transfer of data outside the UK to the European Union and/or the United States.
Whenever we transfer your personal data outside of the UK, we ensure a similar degree of protection is afforded to it by ensuring that we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. The UK has deemed the European Union to provide an adequate level of protection for personal data. For further details, see https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/.
However, as mentioned above, in relation to transfers of personal data to the United States, according to the European Court of Justice, there is currently no adequate level of protection for such a transfer. This may also result in data not being processed and stored in an anonymised form. In addition, U.S. state authorities may be able to gain access to individual data. In light of these facts, details have been provided above in relation to either i) how you will be required to provide positive consent; or ii) how you can opt out of your personal data being transferred to the United States (as applicable).
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the UK.
11. DATA SECURITY
As the Controller responsible for your personal data, Baufritz (UK) Limited has numerous technical and organisational security measures in place to ensure that your personal data processed via this website is protected to the greatest possible extent, from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Although we have implemented numerous technical and organisational measures there is always the risk that data transmitted via the internet may be affected by security gaps, which makes it impossible to guarantee absolute protection. For this reason, you may transfer your personal data to us by alternative means, e.g., by telephone.
12. DATA RETENTION, ROUTINE DELETION AND BLOCKING OF PERSONAL DATA
We only process and store your personal data for as long as reasonably necessary to fulfil the purpose for which it was collected (such as for the fulfilment of a contract or the initiation of a contract) or for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
If the purpose of storing the data is no longer applicable, or if a storage period prescribed by UK Data Protection Legislation expires, personal data is routinely blocked or deleted in accordance with legal requirements.
In some circumstances you can ask us to delete your data: see Section 13 – Your Legal Rights below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
13. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under UK Data Protection Legislation in relation to your personal data. Please see below to find out more about these rights.
If you wish to exercise any of the rights set out below, please contact us.
You have the right to:
a) Right of confirmation
You are granted the right by UK Data Protection Legislation to obtain confirmation from us as to whether or not your personal data is being processed. If you wish to exercise this right of confirmation, you may, at any time, contact our DPO or any employee of Baufritz (UK) Limited.
b) Right of access
You are granted the right by UK Data Protection Legislation to obtain information from us, free of charge, at any time, about your personal data stored with us and to receive a copy of this information. In addition, UK Data Protection Legislation grants you access to the following information:
- the purposes of processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the Controller rectification or erasure of personal data, or restriction of processing of personal data by the Controller, or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data is not collected from you, any available information as to its source.
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Furthermore, you have a right to obtain information as to whether your personal data has been transferred to a third country or to an international organisation. Where this is the case, you have the right to be informed of the appropriate safeguards relating to the transfer, which must have been put in place prior to any transfer of your personal data.
If you wish to exercise this right of access, you may, at any time, contact our DPO or any employee of Baufritz (UK) Limited.
c) Right to rectification
You are granted the right by UK Data Protection Legislation to demand, without undue delay, the rectification of inaccurate personal data. Taking into account the purposes of processing, you also have the right to demand the completion of incomplete personal data, including by means of a supplementary statement, although we may need to verify the accuracy of the new data you provide to us.
If you wish to exercise this right to rectification, you may, at any time, contact our DPO or any employee of Baufritz (UK) Limited.
d) Right to erasure (right to be forgotten)
You are granted the right by UK Data Protection Legislation to demand from us that we erase your personal data without undue delay where one of the following grounds applies and processing is not required:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw your consent on which processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the UK GDPR, and where there is no other legal ground for processing;
- you object to processing pursuant to Article 21(1) of the UK GDPR and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Article 21(2) of the UK GDPR;
- your personal data has been unlawfully processed;
- your personal data must be erased in order to comply with local law to which the Controller is subject;
- your personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the UK GDPR.
If one of the aforementioned reasons applies, and you wish to request the erasure of personal data stored by Baufritz (UK) Limited, you may, at any time, contact any employee of Baufritz (UK) Limited. Where possible, this employee shall ensure that the erasure request is complied with immediately. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Where we have made personal data public and are obliged to erase the personal data pursuant to Article 17(1) of the UK GDPR, we shall, taking account of the available technology and cost of implementation, take reasonable steps, including technical measures, to inform other controllers that are processing the published personal data that you have requested erasure by such controllers of any links to your personal data, or copies or replication of your personal data, insofar as processing is not required. Our DPO or an employee of Baufritz (UK) Limited will arrange the necessary measures in individual cases.
e) Right to restriction of processing
You are granted the right by UK Data Protection Legislation to request that we restrict the processing of your personal data where one of the following applies:
- the accuracy of the personal data is contested by you, for a period allowing the Controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
- the Controller no longer needs the personal data for the purposes of processing, but they are required by you for establishing, exercising or defending legal claims;
- you have objected to processing pursuant to Article 21(1) of the UK GDPR pending verification as to whether the legitimate grounds of the Controller override yours.
If one of the aforementioned conditions is met, and you wish to request the restriction of the processing of personal data stored by Baufritz (UK) Limited, you may at any time contact our DPO or any employee of Baufritz (UK) Limited. The DPO or an employee will arrange for the processing to be restricted.
f) Right to data portability
You are granted the right by UK Data Protection Legislation to receive your personal data provided to us in a structured, commonly used, and machine-readable format. You also have the right to transfer such data to another Controller without hindrance from the Controller to which the personal data was provided, as long as processing is based on consent pursuant to point (a) of Article 6 (1) or point (a) of Article 9 (2) of the UK GDPR or on a contract pursuant to point (b) of Article 6 (1) of the UK GDPR, and the processing is carried out by automated means. That right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
Furthermore, in exercising your right to data portability pursuant to Article 20 (1) of the UK GDPR, you have the right to have the personal data transmitted directly from one Controller to another, where technically feasible and doing so does not adversely affect the rights and freedoms of others.
In order to assert your right to data portability, you may at any time contact our DPO or any employee of Baufritz (UK) Limited.
g) Right to object
You are granted the right by UK Data Protection Legislation to object at any time on grounds relating to your particular situation to the processing of your personal data based on point (e) or (f) of Article 6 (1) of the UK GDPR. This also applies to profiling based on those provisions.
In the event of such an objection, we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing your information, which override your interests, rights and freedoms, or processing is necessary to establish, exercise or defend legal claims.
If we process your personal data for direct marketing purposes, you also have the right to object to the processing of your personal data for such marketing purposes. This also applies to profiling if this is related to direct marketing. If you object to our processing for direct marketing purposes, we will no longer process your personal data for this purpose.
In addition, you have the right, on grounds relating to your particular situation, to object to our processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) of the UK GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise your right to object, you may directly contact our DPO or any employee of Baufritz (UK) Limited. In addition, in connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you are free to use your right to object by automated means that involve the use of technical specifications.
h) Automated individual decision-making, including profiling
You are granted the right by UK Data Protection Legislation not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern you or affect you significantly in a similar way, unless the decision (1) is necessary for entering into or fulfilling a contract between you and Baufritz (UK) Limited, or (2) is authorised by local law to which we are subject and that also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is based on your explicit consent.
If the decision is (1) necessary for entering into or fulfilling a contract between you and Baufritz (UK) Limited, or is (2) based on your explicit consent, we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to intervene, to express your point of view and to contest the decision.
In order to exercise your right to automated individual decision-making, you may contact our DPO or any employee of Baufritz (UK) Limited at any time.
i) Right to withdraw data protection consent
You are granted the right by UK Data Protection Legislation to withdraw your consent to the processing of your personal data at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise the right to withdraw your consent, you may contact our DPO or any employee of Baufritz (UK) Limited at any time.
NO FEE USUALLY REQUIRED
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
TIME LIMIT TO RESPOND
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.