Privacy Policy of InfraServ GmbH & Co. Wiesbaden KG

We are delighted that you have shown interest in our company. Data protection is of a particularly high priority for us. It is generally possible to use our website without providing any personal data. However, if a data subject wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject. The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and all other applicable data protection regulations. By means of this data privacy statement, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

 

Further supplementary information on data protection can be found at „www.infraserv-wi.de/de/startseite/datenschutzerklaerungen". In particular, this includes information from the areas of occupational medicine, real estate management, customers and suppliers, emergency management, online meetings and telephony with Microsoft Teams, insurance management and security service.

As the data controller, our company has implemented numerous technical and organizational measures to ensure that the personal data processed via this website are protected as completely as possible. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

Our company is part of the InfraServ Wiesbaden Group, consisting of the following legally independent companies:

InfraServ GmbH & Co. Wiesbaden KG

InfraServ Wiesbaden Technik GmbH & Co. KG

LeBe GmbH

In order to process your request, it may be necessary for us to pass on data, possibly including personal data, within the group of companies and process it for a specific purpose.

1. Definitions

Our data privacy statement is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR hereinafter). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance. We use the following terms, among others, in this privacy policy:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Person concerned

Data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for the processing.

c) Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, search, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his or her nomination may be stipulated by Union or Member State law.

h) Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data within the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the:

InfraServ GmbH & Co. Wiesbaden KG
Kasteler Street 45
65203 Wiesbaden, Germany

3. Name and address of the data protection officer

The data protection officer of the controller is

Mr. Mathias Buchner

InfraServ GmbH & Co. Wiesbaden KG

Kasteler Street 45

65203 Wiesbaden, Germany

E-mail: datenschutz@infraserv-wi.de

Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

 

4. Collection of general data and information

Our website collects a range of general data and information each time it is accessed by a data subject or an automated system. These general data and information are stored in the server log files. The following can be recorded: The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-pages which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used for the averting of danger in the event of attacks on our information technology systems. When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is required to (1) correctly deliver the content of our website, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack. These anonymously collected data and information are therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Our website uses cookies.
Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

We distinguish between strictly necessary cookies, also known as technical cookies, without which the functionality of our website would be limited, and optional cookies (extended functions or analysis) for the purpose of analyzing access to our website and marketing. In the following, we describe the optional cookies used on our website and the associated procedure for selecting or deselecting them.

When you access a website for the first time, a cookie banner appears where you can adjust the settings for cookies. By default, only strictly necessary cookies are used. We only use optional cookies with your prior consent, see Art. 6(1) lit. a GDPR. If you give your consent, we will store a cookie on your computer and the cookie banner will not be displayed again for the lifetime of the cookie. Thereafter, or if you actively delete this cookie beforehand, the cookie banner will be displayed again the next time you visit our website in order to obtain your consent.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. You can object to the use of optional cookies at any time by calling up the cookie settings again at the bottom right of our web pages.

Cookies that are required to carry out an electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6(1) lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically faultless and optimized provision of its services.

5. Routine deletion and blocking of personal data

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is stipulated by the European legislator or other legislators in laws or regulations which the controller is subject to. If the purpose of storage ceases to apply or if a storage period prescribed by the European directives and regulations or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

6. Rights of the data subject

a) Right to confirmation

In accordance with the GDPR, every data subject has the right to request confirmation from the controller as to whether personal data concerning him or her are processed. If a data subject wishes to exercise this right of confirmation, he or she may, at any time, contact any employee of the controller.

b) Right to information

Any person affected by the processing of personal data has the right under the GDPR to receive information free of charge at any time from the controller about the personal data stored about him or her and a copy of this information. Furthermore, the data subject has the right to receive the following information:

  • the purposes of processing

  • the categories of personal data that are processed

  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or to international organizations

  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period

  • the existence of a right to rectification or deletion of personal data concerning him or her or to restriction of processing by the controller or a right to object to such processing

  • the existence of a right of appeal to a supervisory authority

    The Hessian Data Protection Officer
    Gustav-Stresemann-Ring 1
    65189 Wiesbaden, Germany

  • if the personal data are not collected from the data subject: All available information about the origin of the data

  • the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

  • Furthermore, the data subject has a right to information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer. If a data subject wishes to exercise this right of access, he or she may, at any time, contact any employee of the controller.

c) Right to rectification

Any person affected by the processing of personal data has the right under the GDPR to request the immediate rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing. If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.

d) Right to deletion (right to be forgotten)

Any person affected by the processing of personal data has the right under the GDPR to obtain from the controller the deletion of personal data concerning him or her without undue delay where one of the following grounds applies and insofar as the processing is not necessary

  • The personal data were collected or otherwise processed for purposes for which they are no longer necessary.

  • The data subject withdraws consent on which the processing is based according to point (a) of Art. 6(1) of the GDPR, or point (a) of Art. 9(2) of the GDPR, and where there is no other legal ground for the processing.

  • The data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR.

  • The personal data were processed unlawfully.

  • The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States which the controller is subject to.

  • The personal data were collected in relation to information society services offered in accordance with Art. 8(1) GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the deletion of personal data stored by us, he or she may, at any time, contact any employee of the controller. The employee will ensure that the request for deletion is met immediately. If we have made the personal data public and our company is obliged to delete the personal data in accordance with Art. 17(1) GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data that the data subject has requested the deletion of all links to these personal data or of copies or replications of these personal data from such other data controllers, insofar as the processing is not necessary. Our employee will take the necessary steps in individual cases.

e) Right to restriction of processing

Any person affected by the processing of personal data has the right under the GDPR to demand from the controller restriction of processing where one of the following applies

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

  • The processing is unlawful and the data subject opposes the deletion of the personal data and requests the restriction of their use instead.

  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.

  • The data subject has objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by us, he or she may at any time contact any employee of the controller. Our employee will arrange for the restriction of processing.

f) Right to data portability

Any person affected by the processing of personal data has the right under the GDPR to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Art. 6(1) GDPR or point (a) of Art. 9(2) GDPR or on a contract pursuant to point (b) of Art. 6(1) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, in exercising his or her right to data portability pursuant to Art. 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others. To assert the right to data portability, the data subject can contact one of our employees at any time.

g) Right to to object

Any person affected by the processing of personal data has the right under the GDPR to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Art. 6(1) lit. (e) or (f) GDPR. This also applies to profiling based on these provisions. In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. If we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to the processing for direct marketing purposes, we will no longer process the personal data for these purposes. In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to the processing of personal data concerning him or her by us for scientific or historical research purposes, or for statistical purposes pursuant to Art 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest. To exercise the right to object, the data subject may contact any employee directly. The data subject is also free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise his or her right to object by automated means using technical specifications.

h) Automated decisions in individual cases including profiling
Any person affected by the processing of personal data has the right under the GDPR not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision (1) is not necessary for entering into, or performance of, a contract between the data subject and the controller, or (2) is authorized by Union or Member State law which the controller is subject to and these legal provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or (3) with the express consent of the data subject. If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, we shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision. If the data subject wishes to exercise the rights concerning automated decision-making, he or she may, at any time, contact any employee of the controller.

i) Right to withdraw consent under data protection law

Any person affected by the processing of personal data has the right under the GDPR to withdraw consent to the processing of personal data at any time. If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the controller.

7. Data protection for applications and in the application process

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests of the controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

We expressly point out that we may have to pass on your application documents to the following member companies of our Group due to central functions within the application process:

InfraServ GmbH & Co. Wiesbaden KG
InfraServ Wiesbaden Technik GmbH & Co. KG
LeBe GmbH

We will be happy to include your application documents in our applicant pool for future vacancies. In this case, please give us your written consent (in writing or by e-mail). We also have the option of passing on your documents to companies at the industrial park that have commissioned us to provide recruitment services if they have a need for personnel. In this case, please also give us your written consent (in writing or by e-mail).

In the case of applications from minors under the age of 16, we require the written consent of the parent or legal guardian in a signed version in order to be able to process the data. In addition, contract data processors that we use for the operation and maintenance of our systems may have access to your data. The EU GDPR-compliant handling of your data is ensured with these processors by concluding contracts for commissioned data processing.

Please also note the data protection information for WhatsApp if you have selected this communication channel to communicate with us or to be informed by us: https://www.whatsapp.com/legal/privacy-policy-eea?lang.

8. Data protection through Heise Shariff

Our social media buttons have been integrated with the Heise Shariff. Data are only transmitted to third parties when you click on the button of the respective network. Further information can be found on the heise.de website. The following provisions and guidelines apply when using the social media functions.

9. Data protection provisions about the application and use of Facebook

Plugins of the social network Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the "Like" button on our site.

You can find an overview of the Facebook plugins here:

developers.facebook.com/docs/plugins/

When you visit our website, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook "Like" button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook.

Further information on this can be found in Facebook's privacy policy at:

de-de.facebook.com/policy.php.
Further information on the joint processing of personal data with Facebook can be found at: https://www.facebook.com/legal/terms/page_controller_addendum

If you do not want Facebook to be able to associate your visit to our website with your Facebook user account, please log out of your Facebook user account.

10. Data protection provisions about the application of Matomo (formerly Piwik)

This website uses the open source web analysis service Matomo. Matomo uses so-called "cookies". These are text files that are stored on your computer and enables an analysis of your use of the website. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before storage. Matomo cookies remain on your end device until you delete them. Matomo cookies are stored on the basis of Art. 6(1) lit. f GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising.

The information generated by the cookie about the use of this website is not passed on to third parties. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this, you may not be able to use the full functionality of this website.

If you do not agree to the storage and use of your data, you can also deactivate the storage and use in our cookie banner (point 4). In this case, an opt-out cookie is stored in your browser that prevents Matomo from storing usage data. If you delete your cookies, the Matomo opt-out cookie will also be deleted. The opt-out must be reactivated when you visit our site again.

11. Data protection provisions about the application of Leadlab

Our website uses the pixel-code technology of wiredminds GmbH (www.wiredminds.de) to analyze visitor behavior. Data may be collected, processed and stored, from which usage profiles are created under a pseudonym. Where possible and appropriate, these user profiles are completely anonymized. Cookies may be used for this purpose. Cookies are small text files that are stored in the visitor's Internet browser and are used to recognize the Internet browser. The data collected, which may also include personal data, are transmitted to wiredminds or collected directly by wiredminds. wiredminds may use information that is left behind by visits to the web pages to create anonymized user profiles. The data obtained in this way will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym. If IP addresses are recorded, they are immediately anonymized by deleting the last block of numbers.

Information on data protection at wiredminds can be found on their website: https://www.wiredminds.de/datenschutz/

If you do not want your user behavior to be recorded and analyzed, you can deactivate this in our cookie banner (point 4). An opt-out cookie will be set to prevent the future recording of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Your visit to this website is currently being tracked by wiredminds web analytics. Click here so that your visit is no longer recorded:
Installation OPT-OUT Link

12. Data protection provisions about the application of Leadinfo

We use the lead generation service of Leadinfo B.V., Rotterdam, Netherlands. This recognizes visits from companies to our website based on IP addresses and shows us publicly available information, such as company names or addresses. In addition, Leadinfo sets two first-party cookies to evaluate user behavior on our website and processes domains from form entries (e.g. “leadinfo.com”) in order to correlate IP addresses with companies and improve the services. You can find more information at www.leadinfo.com. On this page you have an opt-out option: www.leadinfo.com/en/opt-out. If you opt out, your data will no longer be collected by Leadinfo."

13. Data protection provisions about the application and use of Xing

We would like to inform you here about the processing of personal data via the XING Share button function.

The "XING Share Button" is used on this website. When you access this website, your browser establishes a short-term connection to the servers of XING SE ("XING" hereinafter), with which the "XING Share Button" functions (in particular the calculation/display of the counter value) are provided. XING does not store any personal data about you when you access this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behavior through the use of cookies in connection with the "XING Share Button". You can access the current data protection information on the "XING Share button" and additional information on this website:

https://www.xing.com/app/share?op=data_protection

14. Data protection provisions about the application of X (formerly Twitter)

The data processor in charge uses the technical platform and services of X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. for the short message service offered here. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for the data processing of persons living outside the United States.

We would like to point out that you use the X short message service offered here and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, rating). Information on what data is processed by X and for what purposes it is used can be found in X's privacy policy: https://x.com/en/privacy.

15. Data protection provisions about the application and use of YouTube

The data controller has integrated YouTube components on its website. YouTube is an Internet video portal that enables video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programs as well as music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Behavior with:
a. Permitted "marketing and tracking cookies" in the cookie banner (point 4)
With each call-up of one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a representation of the corresponding YouTube component from YouTube through the respective YouTube component.
b. "Marketing and tracking cookies" not permitted in the cookie banner (point 4)
A connection to YouTube is only established when a YouTube component (YouTube video) is called up directly and not only when a web page is called up.

Further information about YouTube can be found at www.youtube.com/yt/about/de/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject. If the data subject is logged in to YouTube at the same time, YouTube recognizes which specific sub-page of our website the data subject is visiting when he or she calls up a sub-page that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject. YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is logged in to YouTube at the same time as accessing our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, he or she can prevent the transmission by logging out of their YouTube account before accessing our website. The data protection provisions published by YouTube, which can be accessed at www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.

16. Data protection provisions about the application and use of Google Maps

This site uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6(1) lit. f GDPR.

You can find more information on the handling of user data in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

You can use the settings in the cookie banner (point 4) for marketing and tracking cookies to influence whether cookies are stored by Google when you access the website or only when you use Google Maps.

17. Data protection provisions about the application and use of web fonts

Our web pages may use so-called web fonts provided by Google, Monotype or other providers for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. We prefer to install the web fonts locally, so that no further data are transferred to third parties (Google, Monotype).

If a local installation of web fonts is not possible, it is possible that the browser you are using will connect to the servers of third parties (e.g. Google). As a result, they become aware that our website has been accessed via your IP address.

The use of web fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at:

developers.google.com/fonts/faq

and in Google's privacy policy:

https://www.google.com/policies/privacy/

Further information on Monotype can be found at:

https://www.monotype.com/legal/privarcy-policy/ and at
https://www.fonts.com/info/legal

18. Data protection provisions about the application and use of eTermin

This site uses the service of the company eTermin GmbH for online appointment bookings.

Personal data are only collected and processed to the extent necessary in the context of this online appointment booking. Only the information under the details marked with an asterisk is mandatory; this information is essential for the use of the service, see Art. 6(1) lit. b GDPR. The provision of further data may be helpful, but is not mandatory (voluntary information, Art. 6(1) lit. a GDPR. We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the storage of personal data is no longer necessary for the fulfillment of these obligations, they will be deleted, unless there are legal storage obligations.

19. Data protection provisions on the use of own apps (IPKAAP)

If you wish to interact with us via the app, you must grant the app access to certain functions of your smartphone, which also involves the processing of a small amount of personal data. You can deactivate these functions at any time in the app's notification settings.

We use the Firebase Cloud Messaging service from Google for push notifications. Firebase generates a calculated key that can be used to access the app on the respective end device. This key is stored on the Firebase push platform with the settings you have selected in order to make the content available to you according to your wishes. The Firebase servers cannot draw any conclusions about the requests of users or determine any other data related to a person. Firebase serves exclusively as a transmitter.

Access to local data (e.g. contact data, files), with the exception of image data, does not take place. If access to locally stored images or the built-in camera is desired or necessary, access is carried out by the user him- or herself or his or her consent is obtained prior to access. If it is necessary for data to be stored on an end device when using the app, this is always done in encrypted form. 

20. Data protection provisions for the electronic telephone directory in KANET

By applying for inclusion in the electronic telephone directory in KANET, you agree that the data you provide may be recorded, transmitted and processed for the purpose of publication in a public directory of subscribers and use within telephone systems in the Kalle-Albert Industrial Park. The data will only be passed on to site participants of the Kalle-Albert Industrial Park for a specific purpose. In addition, contract data processors that we use for the operation and maintenance of our systems may have access to your data. The EU GDPR-compliant handling of your data is ensured with these processors through the conclusion of contracts for commissioned data processing.

21. Data protection provisions on the use of video surveillance

To safeguard our property rights, protect our property and prevent and prosecute criminal offenses, see Art. 6(1) lit. f GDPR, the external borders and entrances to the industrial park as well as individual areas within the industrial park are monitored with cameras. In this context, we also collect and process personal data.

Recipients or categories of recipients of the data:

Within our company, those departments or organizational units that need your data to process and implement our legitimate interest will have access to it. Data will only be transferred to third parties (e.g. the police) if this is necessary to investigate criminal offenses. In addition, contract data processors that we use for the operation and maintenance of our systems may have access to your data. The EU GDPR-compliant handling of your data is ensured with these processors by concluding contracts for commissioned data processing.

22. Data protection provisions on the use of a whistleblower system

To implement the requirements of Section 10 of the German Whistleblower Protection Act (HinSchG), our company has decided to set up and operate a whistleblower system. The AdvoWhistle® software is used for this purpose.

The whistleblower system is operated by a specialized company,
iComply GmbH, Große Langgasse 1A, 55116 Mainz, Germany. For this purpose, a contract for commissioned data processing has been concluded between the two parties.

iComply GmbH works exclusively with a German data center operator that is ISO 27001 certified. The data center operator has no access to data of any kind; it is used exclusively to store the application and the data stored in it.

Personal data and information entered into the whistleblower system are stored in a database operated by iComply GmbH. Only our company has access to the data. iComply GmbH and other third parties do not have access to the data. This is guaranteed by comprehensive technical and organizational measures in a certified process. All data are encrypted and stored with multi-level password protection, so that access is restricted to a very narrow circle of expressly authorized persons within the InfraServ Wiesbaden Group.

23. Data protection provisions about the use of Creditreform

Our company regularly checks and monitors your creditworthiness when contracts are concluded and, in certain cases where there is a legitimate interest, also for existing customers. For this purpose, we work together with Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany, from whom we receive the necessary data. For this purpose, we transmit your name, address and date of birth to Creditreform Boniversum GmbH. The information pursuant to Art. 14 of the EU General Data Protection Regulation on the data processing taking place at Creditreform Boniversum GmbH can be found here: https://www.boniversum.de/eu-dsgvo/informationen-nach-eu-dsgvo-fuer-verbraucher/ .

24. Legal basis of the processing

Art. 6(1) lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or the provision of any other service or consideration, the processing is based on Art. 6(1) lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance details or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Art. 6(1) lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).

25. Legitimate interests in the processing pursued by the controller or a third party

If the processing of personal data is based on Art. 6(1) lit. f GDPR, our legitimate interest is the performance of our business activities for the benefit of all our employees and our shareholders.

26. Duration for which the personal data are stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data are routinely deleted, provided that they are no longer required for contract fulfillment or contract initiation.

27. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data to be provided; possible consequences of non-provision

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary, for a contract to be concluded, for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data are provided by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.

28. Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.

Wiesbaden, April 2025