Data Protection Statement

I. Name and address of data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Messe City Köln GmbH & Co. KG
Heegbarg 30
22391 Hamburg
Germany

Tel. +49(0)40 60606-0
Fax +49(0)40 60606-19229
Email: info@messecity-koeln.de
Website: www.messecity-koeln.de

II. Name and address of data protection officer

The data controller’s data protection officer is:

Volker Springer
CML Construction Services GmbH
Siegburger Strasse 241
50679 Koeln
Deutschland

Tel. +49(0)221 824 – 2471
data-protection-de@strabag.com

III. General information on data processing

1. Scope of processing of the personal data

In principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website and our content and services. The processing of our users’ personal data generally occurs only following receipt of the user’s consent. An exception is made in cases where it is not possible to obtain consent in advance for practical reasons and where the processing of the data is permitted by statutory regulations.

2. Legal basis for the processing of personal data

Insofar as we obtain consent from the data subject for the processing of personal data, Art. 6 (1) a of the EU’s General Data Protection Regulation (GDPR) shall serve as the legal basis.

Where the processing of personal data is required for the fulfilment of a contract to which the data subject is party, Art. 6 (1) b of the GDPR shall serve as the legal basis. This shall also appl to all processing operations required for the performance of pre-contractual measures.

Insofar as the processing of personal data is required for the fulfilment of a legal obligation (statutory conditions) to which our company is bound, Art. 6 (1) c of the GDPR shall serve as the legal basis.

If processing is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6 (1) d of the GDPR shall serve as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or of a third party, and the interests, basic rights and fundamental freedoms of the data subject do not outweigh the aforementioned legitimate interest, Art. 6 (1) f of the GDPR shall serve as the legal basis for processing.

3. Deletion of data and storage duration

The personal data of the data subject are deleted or blocked as soon as the purpose for their storage no longer applies. Storage beyond this point may take place if this is provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. Data will also be blocked or deleted once the storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time this website is accessed, our system records data and information from the computer system of the accessing computer by means of an automated system.

The following data are collected as part of this process:

  • Information about the browser type and version used (user agent)
  • The user’s operating system
  • The user’s Internet service provider
  • The user’s IP address
  • Date and time of access
  • Websites from which the user’s system has come to our website (referrer)
  • Websites accessed by the user’s system via our website
  • Directory protection user
  • Sites accessed and protocols
  • Status code
  • Data volume
  • Hostname accessed

The information stored in the log files can contain the IP address, the browser type, the date and time of the visit, and the system that the visitors use. We only store pseudonymised IP addresses of visitors to the website. For this, the last three digits are removed, so 127.0.0.1 becomes 120.0.*.IPv6 addresses are also anonymised. It is no longer possible to establish the true identity of the visitor.

These data are also stored in our system’s log files. These data are not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) f of the GDPR.

3. Purpose of data processing

The system temporarily stores the user’s IP address in order to make the website available on the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.

The storage in log files is carried out to ensure the functional capability of the website. The data also help us to optimise the website and ensure the security of our IT systems. No data are evaluated for marketing purposes in this context.

This is also the reasoning behind our legitimate interest in data processing under Art. 6 (1) f of the GDPR.

4. Storage duration

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. When data are collected in order to make the website available, this is the case when the respective session ends.

The anonymised IP addresses are stored for 60 days. Details of the directory protection users are anonymised after one day.

Error logs that log erroneous page visits are deleted after seven days. As well as error reports, these contain the accessing IP address and depending on the error the website accessed.

5. Possibility of objection and elimination

The collection of data for the provision of the website and the storage of data in log files is necessary for operating the website. Therefore there is no possibility for the user to object.

V. Contact form and email contact

1. Description and scope of data processing

A contact form is provided on our website which may be used to make contact electronically. Should a user contact us via the contact form, the data entered in the input template are transferred to us and then stored. These data are:

  • Name
  • Email
  • Company
  • Business address
  • Town/city
  • Postcode
  • Phone number (business)

At the time of sending the message the following data are also stored:

  • The user’s IP address
  • Date and time of registration

To process the data, your consent is obtained during this process and you will be referred to this data protection statement.

As an alternative, it is also possible to contact us using the email address provided. In this case, personal data of the user which are transmitted along with the email will be stored.

No data will be disclosed to third parties in this context. Data will be used exclusively for the purposes of correspondence.

2. Legal basis for data processing

The legal basis for the processing of data with the user’s consent is Art. 6 (1) a of the GDPR.

The legal basis for the processing of data that are transmitted by email is Art. 6 (1) f of the GDPR. If the purpose of making email contact is to conclude a contract, then an additional legal basis for the processing of the data is Art. 6 (1) b of the GDPR.

3. Purpose of data processing

We only process personal data taken from the input template of the contact form for the purposes of making contact. If we are contacted by email, we also have a necessary legitimate interest to process data.

Other personal data processed during this sending process serve to prevent misuse of the contact form and to guarantee the security of our IT systems.

4. Storage duration

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data taken from the input template of the contact form and sent by email, data are deleted when the respective correspondence with the user has ended. Correspondence concludes when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

The email logs associated with sending emails from the Internet environment are anonymised after one day and then retained for 60 days. Anonymisation removes all the data of the sender/recipient etc.. The only data that remain are those for the time of sending and information on how the email was processed (queue ID or not sent).

Email logs for transmission via our mail server are deleted after four weeks. The longer retention period is required to safeguard the functionality of the email services and combat spam.

5. Possibility of objection and elimination

The user can withdraw his/her consent for the processing of personal data at any time. Users can contact us by email at any time to withdraw their consent for storing the personal data. In this case, correspondence cannot be continued.

If you wish to make use of your right to object, please write us an email at data-protection-de@strabag.com

In this case, all personal data stored at the time of making contact will be deleted.

VI. Transmission of data to third parties

In principle your personal data will not be transmitted to third parties. Exceptions to this only apply insofar as this is necessary for processing the orders agreed with you. This includes in particular the intervention of service providers instructed by us (so-called commissioned processors) or third parties whose intervention or activity is necessary for the performance of a contract. The data transmitted must only be used by third parties for the stated purposes.

VII. Google Maps

This website uses the product Google Maps from Google Inc.. By using this website you declare your agreement to the recording, processing and use of the data automatically collected by Google Inc., its representatives and third parties. The terms of use of Google Maps can be found at https://www.google.com/intl/de_de/help/terms_maps.html.

VIII. Vimeo

We use the external supplier Vimeo to incorporate videos. For technical reasons, when videos are played a direct link is created with the supplier’s servers. In association with this, the supplier might use browser or end device data. For further information on the collection and use of such data, you will find the data protection information from Vimeo by means of the following link: https://vimeo.com/privacy

IX. Panomax

We use the external supplier Panomax to incorporate webcam images. For technical reasons, when these images are accessed a direct link is created with the supplier’s servers. In association with this, the supplier might use browser or end device data. For further information on the collection and use of such data, you will find the data protection information from by means of the following link: https://www.panomax.com/datenschutz.html

X. Rights of data subjects

When your personal data are processed, you become the data subject within the meaning of the GDPR and you have the following rights in relation to the data controller:

  1. Right to information
  2. Right to rectification
  3. Right to restriction of processing
  4. Right to erasure
  5. Right to be informed
  6. Right to data portability
  7. Right to object
  8. Right to withdraw declaration of consent
  9. Right to non-automated individual decision-making, including profiling
  10. Right to lodge a complaint with a supervisory authority