General data protection regulations and consent on the use of data by Plan.One
Last update: April 2020
Data protection is a matter of trust and your trust is important to us. We respect your privacy. Plan.One therefore takes the collection, processing and use of your personal data in compliance with the law very seriously. So that you feel secure when visiting our websites, we diligently observe legal regulations when processing your personal data and would like to inform you here about how we collect and use data. To download and archive this document in PDF format, click here. To open the PDF file, you will need the free Adobe Reader program, or similar, which runs the PDF format. You can also print this document.
§1 Controller for data collection and processing
The controller in accordance with Art. 4(7) of the General Data Protection Regulation (GDPR) is:
represented by Patric Maximilian Anton de Hair und Dr. Thomas Gustav Schlenker
If you have any questions or remarks about data protection, please e-mail Majid Ciurrouse (firstname.lastname@example.org).
§2 Your rights
(1) You have the following rights with regard to your personal data:
The right to:
- Erasure (right to be forgotten)
- Restriction of processing
- Data portability
- Withdrawal of consent regarding data protection regulations
(2) You also have the right to make a complaint to a data protection supervisory authority about our processing of your personal data.
§3 Collection of personal data when visiting our website without registering
(1) When using the website purely for information purposes i.e. when you do not register or transfer other information, we only collect the personal data which your browser transfers to our server. While you are viewing our website, we collect the following data:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Contents of the request (specific page)
- Access status / HTTP status code
- Amount of data transferred
- Website from which the request originated
- Language and version of the browser software
- Operating system and its user interface
(2) This data is technically necessary for us to be able to show you our website and ensure its stability and security. This data is likewise stored in our system log file.
(3) The legal basis for processing this data is section 15(1) of the German Telemedia Act (Telemediengesetz, TMG) and our legitimate interest according to the first sentence of Art. 6(1)(f) of the General Data Protection Regulation (GDPR). It is in our interests and yours to be able to make our website available as reliably and free of interruption as possible.
(4) The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. When collecting data in order to provide the website, this is when the respective session has been ended. When storing data in log files, this is at most after seven days. Storage exceeding this limit is possible. In this case, the user IP addresses are erased or forgotten so that identification of the client making the request is no longer possible.
§4 Collection of personal data when visiting our website when registered
(1)In order to create a Plan.One user account, the following necessary information is collected in addition to the data cited above in section 3. Without providing this data, a personal account cannot be created.
- First name and surname
- E-mail address
- Professional organisation
- IP address
- Optional photo
The application form remains available in electronic form on the plan.one website. After you have consented to the use of your data, your registration is completed using what is known as the double opt-in procedure. This means your registration is only completed if you first confirm your registration by clicking on a link enclosed in a confirmation e-mail sent to you for this purpose. When you use Plan.One, we store data which is necessary for you to use the website. We also store voluntary data provided by you during your time using Plan.One, unless this has already been erased. If you wish to amend your information or administrator data, please write an e-mail to email@example.com. When you contact Plan.One by e-mail or using the contact form, we store your e-mail address and, if entered, your name and telephone number in order to answer your queries.
(2) If you have created a user account with us, we also collect further information in order to suggest construction products which are relevant for you. We collect and store information that you transmit to us when using your account. In addition to the properties of the products you search for, we evaluate your personal search and usage behaviour. It is only in doing so that we can identify and suggest construction products which are relevant for you. For this reason, we store the following data about your user account:
- Date and time of the request
- Selected product categories
- Selected manufacturers
- Selected additional filters
- Preset values for additional filters
- Course of the search (changes in filters and their values over time)
- Number of viewed pages in the results list
- Date and time of the comparison
- Compared products
- Download of the product comparison
- Clicks on links and buttons
Details pages of manufacturers, products and reference projects
- Distance scrolled on the details page
- File downloads
- Clicks on links and buttons on details pages
(3)If you have created a Plan.One user account, you have access to a so-called “watchlist function” (personalised by you, or personal recommendations). This allows you to create watchlists and sublists as well as save manufacturers, products, product comparisons and reference projects. Doing so allows you to organise your personal content and store it for a later time, or share it with other users who are logged in to Plan.One. This also allows you to access your personal settings on all devices on which you use Plan.One.
(4) Your personal information is processed for the purposes of operating and providing the Plan.One portal. The processing purposes are:
- The provision, error-correction and improvement of Plan.One. We use your personal information to provide functions, analyse performance, correct errors and improve the user-friendliness and effectiveness of Plan.One.
- Recommendations and personalisation. We process your personal information to recommend functions, products and services which might be of interest to you, to learn your preferences and to personalise your experience with Plan.One.
- Complying with legal obligations. In certain cases, we are subject to legal obligations to collect and process your personal information. For example, we collect information from vendors about their place of business and bank account for the purpose of confirming identities and concluding contracts.
- Communicating with you. We use your personal information to communicate with you through various channels (e.g. by phone, e-mail, chat) about Plan.One.
- Purposes for which we obtain your consent. We will inform you if we require your consent to process your personal information for a specific purpose in the future. If you consent to the processing of your personal information for a specific purpose, you may revoke your consent at any time for any reason, and we will cease processing your information for this purpose.
(5)The legal basis for processing your data is the fulfilment of an agreement according to the first sentence of Art. 6(1)(b) GDPR. This data is necessary to fulfil the use agreement, concluded when registering for our online service, to provide you with a platform described therein. This processing is also based on the legal principle of legitimate interest (that is, interest in the analysis, optimisation and economic operation of our website) within the meaning of Art. 6(1)(f) GDPR.
(6)We have permission to pass your personal data on to third parties if you wish to contact consultants or product suppliers (communication network). In this case, you will be advised separately about the transmission to third parties before your data is passed on, and your consent to this will be obtained. If you are registered with Plan.One, your data can be made available to other Plan.One users. Unregistered users will not receive any information about you. For all other registered users your name and, if uploaded by you, your personal photo will be visible, irrespective of whether you have shared this data. To prevent unauthorised third parties from accessing your personal data, the connection is encrypted by SSL technology.
We sometimes make use of external service providers to process your data for the purposes mentioned above. These providers are carefully chosen and contracted in writing by us. They are bound to our instructions and are regularly inspected by us. The service providers shall not forward this data to third parties. Some of our service providers are located in the USA. In this case we have agreed standard contractual clauses with the service provider in question that are approved by the European Commission. These oblige the provider in question to comply with European data protection standards. (A copy of the standard contractual clauses can be viewed here:
https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087) Your data will not otherwise be passed on unless there is a legal right or obligation on our part to do so.
§5 Cookies and services from third-party providers
(1) Cookies are small files which are stored on your computer or mobile device when you visit a website. Cookies are frequently used by website operators so that their websites function or do so more efficiently, as well to provide information for reporting. Cookies installed by the operator of a website are called “first-party cookies”. Cookies installed by parties other than the website operator are called “third-party cookies”. Third-party cookies allow third parties to provide functions or facilities on or via the website (e.g. advertisement, interactive content and analytical options). Your user device can be recognised using third-party cookies when visiting this website and certain other websites.
(2) If we request your consent on our cookie banner, the legal basis for this processing is consent within the meaning of Art. 6(1)(a) GDPR. In the other cases, this processing is also based on the legal principle of legitimate interest (that is, interest in the analysis, optimisation and economic operation of our website) within the meaning of Art. (6)(1)(f) GDPR. A list of the cookies we use, and the option to change your cookie settings and revoke your consent, can be found here: https://plan.one/cookie-erklaerung.
(3)An explanation of the services provided by third-parties affiliated with Plan.One, including those that use third-party cookies, can be found in the appendix to this data protection declaration.
§6 Deletion and blocking of your data
(1) If you make a deletion request your personal data is deleted, provided that legal obligations to retain data do not prevent this and if it is no longer necessary to store the data to fulfil the purpose for its storage, or if the storage is inadmissible for other legal reasons. The data is instead blocked if legal or practical obstacles prevent us from erasing it.
(2)If you have an account as described in section 4 request for it to be cancelled and want your data to be erased, please send an e-mail to firstname.lastname@example.org
(1) You can subscribe to our newsletter, which we use to inform you about our current offers, on our website or when creating an account.
(2) We use the double opt-in procedure for subscribing to our newsletter. This means that after you have subscribed we send an e-mail to the e-mail address you have provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your subscription within 48 hours, your information will be blocked and automatically deleted after one month. We additionally store your IP address and the time of registration and confirmation. The purpose of the procedure is to confirm your subscription and, if necessary, to be able to determine potential misuse of your personal data.
(3) The only mandatory information required to send the newsletter is your e-mail address. Providing separately marked data is voluntary and is used to be able to address you personally or to allow you to receive further information. Once you have confirmed, we save your e-mail address for the purpose of sending the newsletter.
(4) The legal basis for the registration data is your consent within the meaning of the first sentence of Art. 6(1)(a) GDPR. You can revoke your consent to receive the newsletter at any time and unsubscribe from it. To revoke your consent, click on the link in any newsletter e-mail, in yourProfile on the website send an e-mail to email@example.com, or send a message to the contact details on the legal notice. The legal basis for the temporary storage of the IP address is our legitimate interest within the meaning of the first sentence of Art. 6(1)(f) GDPR to prevent misuse and fulfil our obligations to provide proof.
(5) Our newsletter is sent via external service providers who we have carefully selected and regularly monitor. These service providers are located in the USA, so your data is also transmitted there. We have agreed standard contractual clauses with these providers that are approved by the European Commission. These oblige the providers to comply with European data protection standards.
§8 Making contacts
(1) On our website, we offer registered users the option to make contact with selected manufacturers through Plan.One. If a user makes use of this option, the data they enter in the contact form is forwarded to us. When the request to make contact is submitted, in addition to the information entered on the input screen, the data listed under § 3 (1) of this privacy statement is stored, including the date and time of registration, the date and time of the request, the IP address for the request, the date and time of the confirmation, and an anonymised hash value of the IP address.
(2) Processing the data from the input screen helps us to make the necessary contact(s). To do this, we amalgamate the information entered by the user on the input screen with the profile data they have given (company, form of address, first name, surname, e-mail address and any additional information given voluntarily) and pass this on to the manufacturer. We also use the data collected for making contacts in order to recommend to registered users any functions, products and services that may be of interest to them, to ascertain user preferences and to personalise the user experience with our services. We also use the data to analyse our services and to improve the usability and effectiveness of our services. In order to process the data, the express consent of the user is obtained when the information is submitted and reference is made to this privacy statement. The miscellaneous data processed when information is submitted is used to guarantee the stability and security of our information systems. It also follows that we have a legitimate interest within the meaning of Art. 6(1)(f) of the GDPR.
(3) Where the user has given their consent, the legal basis for processing the data is Art. 6(1)(a) of the GDPR. The legal basis for processing any other data that is collected when the content of the contact form is sent is Art. 6(1)(f) of the GDPR.
(4) The data will be deleted as soon as it is no longer required for the purposes described above or for providing the benefits guaranteed for the registered user. At the very latest, this will be when the registration expires or the customer relationship established through registration is terminated. Any additional personal data collected when the request is submitted will be deleted after a period of seven days at the latest.
(5) As a user, you have the option at any time to revoke your consent to having your personal data processed. To revoke your consent, send an e-mail to firstname.lastname@example.org or send a message to the contact details given on the legal notice. In this case, all personal data that has been saved in the course of making contacts will be deleted. In such cases, no further contact can be made.
(6) We have no knowledge of or influence over how the manufacturer – to which we forward your contact enquiry with your consent – processes your personal data. If you would like more information about how the manufacturer processes your personal data, we kindly ask you to refer to the privacy statement of the respective manufacturer or contact the manufacturer directly.
(7) If you would like to exercise the option, whilst making contact(s), to subscribe to our newsletter at the same time, then we refer you to § 7 of this privacy statement with regard to the related processing of your personal data.
This website uses Google Analytics, a web analysis service from Google Inc. (“Google”). The information generated by the cookie regarding your use of this website is generally transferred to a Google server in the USA and saved there. However, if IP anonymisation is activated on this website, in member states of the European Union or within other European Economic Area signatory states Google will initially abbreviate your IP address. Only in exceptional cases will the full IP address will be transferred to a Google server in the US and abbreviated there. Google will use this information on behalf of the website operator to analyse how you use the website, so that it can create reports on website activity and provide additional services related to the website use and internet use to the website operator.
Your browser IP address transmitted in the context of Google Analytics is not linked with other data by Google.
You may furthermore prevent Google collecting data (including your IP address) relating to your use of the website generated by the cookie, and the processing of this data by Google, by downloading and installing the browser plugin available through the following link.
This website uses Google Analytics with the extension “_anonymizelp()”. This causes IP addresses to continue to be processed in an abbreviated format, so that they cannot be directly linked to an individual.
Google Analytics is used in compliance with the prerequisites agreed upon by German data protection authorities with Google.
Together with Google Analytics, we use Google Ads to display advertisements in the Google advertising network (for instance in Google search or on websites). This enables us to display ads on Plan.One and in the Google advertising network in a targeted fashion, and tailor them to your interests.
To do this, we use what is known as remarketing and conversion-tracking. Remarketing allows you to be shown an ad for a product, which you have previously shown interest in during a visit to Plan.One, on another website. For this purpose, a so-called web beacon is attached when visiting our website or other websites which are part of the Google advertising network. This is a specific code from Google that uses a cookie on your device to record which websites you visit, what content you show interest in, and which offers you click on. Information on the operating system, browser, previously visited websites, time spent on websites and other information about usage is also recorded. A so-called conversion cookie is also used. Using this cookie we are able to determine how many visitors have clicked on one of our ads. However, we are only shown a total figure, and we do not receive any information that personally identifies a user. Your data is handled under a pseudonym in the framework of the Google advertising network. No data from cookies is linked to a name or an e-mail address, unless a user has given Google other permissions in their Google settings.
If we request your consent on our cookie banner, the legal basis for this processing is consent within the meaning of Art. 6(1)(a) GDPR. Otherwise, the processing of personal data is based on the legal principle of legitimate interest within the meaning of Art. 6(1)(a) GDPR, specifically the interest in improved analysis, optimisation and economic implementation of our range.
Where data is processed in the USA, we point out that Google is certified under the Privacy Shield Framework and thereby guarantees its compliance with European data protection law
Further information on how Google uses data, as well as settings and means to object to this use, can be found in Google’s data protection declaration (https://policies.google.com/technologies/ads) as well as in the settings for displaying Google advertising overlays https://adssettings.google.com/authenticated.
For more information about Google, see above.
This site uses the marketing service of the LinkedIn social network. This allows us to display targeted ads on the LinkedIn website itself and on the online offerings of LinkedIn’s advertising partners. It allows us to display, for example, an ad for a product that you have already seen on the Plan.One platform (so-called remarketing). It also allows us to measure whether our ads were successful by showing us anonymous statistics of how many internet users have clicked on our ads.
This is made possible by so-called web beacons in the form of invisible graphics or cookies, which are included in our platform and other websites which participate in this process. This allows us to determine which websites a user has visited, what content is relevant for them and which ads they have clicked on. Technical data such as the browser, operating system, time spent on websites, or websites you have previously clicked on, is additionally gathered. However, this data is only used by LinkedIn under a pseudonym, so that LinkedIn can only see a cookie ID, which is not linked to the person behind it. This does not apply if the respective internet user has given LinkedIn express permission to process this data without a pseudonym. If you are registered with LinkedIn, it is possible for LinkedIn to link your interaction with our website to your user account.
The data is transferred to the LinkedIn server in the USA. LinkedIn has been certified in accordance with the Privacy Shield Framework. This guarantees that LinkedIn complies with European data protection standards.
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
You can find additional information on how LinkedIn uses data in LinkedIn’s data protection declaration
and the cookie guidelines on Linkedin
https://www.linkedin.com/legal/cookie_policy above on LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
The data is transferred to the HubSpot server in the USA. We have agreed standard contractual clauses with HubSpot that are approved by the European Commission. The conclusion of this agreement guarantees that HubSpot complies with European data protection standards.
HubSpot Inc. c/o Design Offices Koppenstrasse 93, 10243 Berlin (German site)
We use Hotjar to better understand the requirements of our users and optimise the services offered on our website. Using technology from Hotjar, we gain a better understanding of the experiences of our users (e.g. the amount of time users spend on particular sites, which links they click on, what they like and dislike, etc.) and this helps us to target our offers according to the feedback from our users.
Hotjar works using cookies and other technologies to collect information about the behaviour of our users and their devices (in particular device IP addresses (only collected and stored in anonymised form), screen size, device type (unique device identifiers), information on the browser being used, location (country only), and to report the preferred language of our website).
Hotjar stores this information in a user profile under a pseudonym. The information is not used by Hotjar or us to identify individual users and is not linked to other data about individual users. You can find more information in Hotjar’s data protection declaration here.
This personal data is processed in accordance with the first sentence of Art. 6(1)(f) GDPR. If your data is processed in order to protect the legitimate interest of the responsible party in accordance with the first sentence of Art. 6(1)(f) GDPR, the legitimate interest is the permanent analysis and improvement our internet presence and the optimisation of its user-friendliness.
You may object to the storage of a user profile and information about your visit to our website by Hotjar, and the placement of tracking cookies on other websites by Hotjar, by clicking this opt-out link.
Some functions and content from Xing are included on this platform. This includes content such as images, videos and text, as well as buttons with which you can share content from Plan.One on Xing. If you have a Xing account, Xing can link interaction with the content and functions mentioned above with your profile.
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Xing data protection declaration:
Some functions from Facebook are included on this platform. This includes content such as images, videos and text, as well as buttons with which you can share content from Plan.One on Facebook. The list of Facebook social plugins and their appearance can be viewed here:
When you visit a page on Plan.One which contains one of these plugins, your device creates a direct connection with the Facebook servers. The plugin content is transmitted from Facebook directly to the user device and included by the device on the website. This allows usage profiles for a user to be created from the processed data. We therefore have no influence over the scope of the data which Facebook collects with this plugin and thus inform the user of the knowledge available to us.
By including the plugin, Facebook receives information that you have visited a specific page on Plan.One. If you are logged in on Facebook, it can link the visit to your Facebook account. If users interact with the plugins, for example by clicking on the “like” button or posting a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a Facebook member, there is still the possibility that Facebook will encounter and store your IP address. Facebook states that only anonymised IP addresses are stored in Germany.
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can view Facebook’s data protection policy here:
https://www.facebook.com/about/privacy/update. Facebook is certified under the Privacy Shield Framework and thereby promises to guarantee its compliance with European data protection law
If you have a Facebook account and do not wish for Facebook to gather data about you via Plan.One and link it with data stored directly on Facebook, you must log out of Facebook and delete the cookies prior to using our platform. Further settings and objections to the use of data for advertising purposes are available within your Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices or the EU page http://www.youronlinechoices.com/. These settings apply across all platforms, i.e. they are carried over to all devices, such as desktop computers or mobile devices.
Some functions and content from Instagram are included on this platform. This can include content such as images, videos or text, as well as buttons with which users can share content from this website on Instagram. If you have an Instagram account, Instagram can link interaction with the content and functions mentioned above to you.
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Instagram’s data protection declaration:
Some functions and content from Pinterest are included on this platform. This includes content such as images, videos and text, as well as buttons with which you can share content from our platform on Pinterest. If you have a Pinterest account, Pinterest can link interaction with the content and functions mentioned above to you.
Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. Pinterest’s data protection declaration:
Some functions and content from Twitter are included on this platform. This can include content such as images, videos and text, as well as buttons with which you can share content from our platform on Twitter. If you have a Twitter account, Twitter can link interaction with the content and functions mentioned above with your profile.
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter is certified under the Privacy Shield Framework and thereby guarantees its compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Data protection declaration: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization.