Data Privacy

We take data protection seriously.

The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers automatically store the IP address of your internet service provider, the website from which you visit us, the pages you visit on our site, as well as the date and duration of your visit. This information is essential for the technical transmission of the web pages and the secure operation of the server. A personalized evaluation of this data does not take place.

Controller / Responsible Party

RENNER Gebäudetechnik GmbH
Theatinerstr. 14
80333 Munich

Tel.: +4989 – 55 922 684
Mail: info@renner-holding.de

Personal Data

Personal data refers to information about your person. This includes your name, address, and email address. You do not need to provide personal data to visit our website. However, in some cases, we may require your name, address, and additional information to provide the requested service.

The same applies if you request informational material from us or if we respond to your inquiries. In these cases, we will always inform you accordingly. Additionally, we only store the data that you have provided to us either automatically or voluntarily.

When you use one of our services, we generally collect only the data necessary to provide the service to you. We may ask for additional information, but providing it is entirely voluntary. Whenever we process personal data, we do so either to offer you our service or to pursue our commercial objectives.

Contact

When you contact us (e.g., via contact form, email, phone, or social media), the information provided by the inquiring person is processed as necessary to respond to the inquiry and any requested actions.

The response to contact inquiries within the scope of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre-)contractual inquiries. Otherwise, it is based on our legitimate interest in responding to such inquiries.

Processed types of data:
Inventory data (e.g., first name, last name, addresses), contact data (e.g., email, phone numbers).

Affected persons:
Communication partners.

Purposes of processing:
Contact inquiries and communication.

Legal bases:
Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR), consent (Art. 6(1)(a) GDPR).

Automatically stored data:
Server log files. The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Used web browser and operating system
  • Full IP address of the requesting computer
  • Transferred data volume

These data are not merged with other data sources. Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website.

For technical security reasons, particularly to prevent attacks on our web server, these data are temporarily stored. It is not possible for us to identify individual persons based on this data. After a maximum of seven days, the data are anonymized by shortening the IP address to the domain level, making it impossible to associate them with individual users. In anonymized form, the data are also processed for statistical purposes; no comparison with other data sets or sharing with third parties, even in part, takes place.

Cookies

When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID, which is a unique identifier. This ID consists of a string of characters that allows websites and servers to associate the cookie with a specific internet browser in which it was stored. This enables the visited websites and servers to distinguish the individual browser of the affected person from other internet browsers that contain different cookies. A specific internet browser can thus be recognized and identified via its unique cookie ID.

By using session cookies, the controller can provide users of this website with a user-friendly service that would not be possible without cookies. Without consent, we only use technically necessary cookies based on our legitimate interest in accordance with Art. 6(1)(f) GDPR.

We use personal cookies to improve our website or for marketing and advertising purposes only with your consent. During your first visit, you can voluntarily agree to tracking and analysis via the displayed cookie banner. If applicable, your data may be shared with partners or third-party providers. These cookies are only stored if you explicitly consent, with the legal basis being your consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG.

You can change your cookie settings at any time here:

Borlabs Cookie

Our website uses the Borlabs Cookie consent technology to obtain your consent for storing certain cookies in your browser and to document this in compliance with data protection regulations. The provider of this technology is Borlabs GmbH – Benjamin A. Bornschein, Hamburger Str. 11, 22083 Hamburg (hereinafter referred to as Borlabs).

When you visit our website, a Borlabs cookie is stored in your browser, recording your granted consents or the withdrawal of such consents. These data are not shared with the provider of Borlabs Cookie. The collected data are stored until you request their deletion, delete the Borlabs cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected.
For details on Borlabs Cookie data processing, please visit:
https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

The use of the Borlabs Cookie consent technology is necessary to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.
We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with the provider mentioned above. This is a legally required contract that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR:
https://de.borlabs.io/datenschutz/

Brevo (formerly Sendinblue)

Email Service Provider: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin
Website: https://www.brevo.com/de/
Privacy Policy: https://www.brevo.com/de/legal/privacypolicy/

Google reCAPTCHA

We use Google reCAPTCHA (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to determine whether data input on this website (e.g., in a contact form) is made by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of website visitors based on various characteristics. This analysis begins automatically as soon as the visitor enters the website.
For the analysis, reCAPTCHA evaluates different types of information (e.g., IP address, the visitor’s time spent on the website, or mouse movements performed by the user). The data collected during this analysis is transmitted to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of data are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated surveillance and spam.
If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TTDSG.
Consent can be revoked at any time.

The information generated by cookies about the use of our website (e.g., the IP address of the accessing computer, time of access, referrer URL, as well as information about the browser and operating system used) is transmitted to and processed on Google servers in the USA.
Google relies on the Transatlantic Data Privacy Framework (TADPF) of July 10, 2023, for the transfer of data to recipients based in the USA. In cases where data is transferred to other third countries, Google uses EU Commission-approved Standard Contractual Clauses (SCCs) as a guarantee to ensure a level of data protection comparable to that of the EU.
You can obtain a copy of the Standard Contractual Clauses here. We transmit data to Google only based on your consent.

You can withdraw or adjust your consent at any time with effect for the future.
For more information about Google reCAPTCHA, please refer to Google’s Privacy Policy and Terms of Use at the following links:
https://policies.google.com/privacy?hl=de
https://policies.google.com/terms?hl=de

For what purposes and on what legal basis are the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 in its applicable version.

  • For the fulfillment of (pre-)contractual obligations (Art. 6(1)(b) GDPR):
    Your data are processed for contract execution, either online, at our business location, or at other branches. The data are particularly processed during business initiation and the execution of contracts with you.
  • For the fulfillment of legal obligations (Art. 6(1)(c) GDPR):
    The processing of your data is necessary to comply with various legal obligations, such as those arising from the Commercial Code or the Fiscal Code.
  • For the protection of legitimate interests (Art. 6(1)(f) GDPR):
    Based on a balancing of interests, data processing may take place beyond the actual fulfillment of the contract to protect our or third parties’ legitimate interests.
    Data processing for the protection of legitimate interests may occur in the following cases, for example:
    • Advertising or marketing (see No. 4)
    • Measures for business management and the development of services
    • Maintaining an internal customer database to improve customer service
    • As part of legal enforcement
    • Sending non-promotional information and press releases
  • If you have given us consent to process your data in accordance with Art. 6(1)(a) GDPR or, in the case of special categories of personal data, in accordance with Art. 9(2)(a) GDPR.

Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either entirely or for specific measures, without incurring any costs other than the transmission costs according to the basic rates.
Under the legal provisions of § 7(3) UWG, we are entitled to use the email address you provided when concluding the contract for direct advertising of our own or similar services. You will receive this information from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations via email from us, you can object to the use of your address for this purpose at any time, without incurring any costs other than the transmission costs according to the basic rates. A simple notification in text form is sufficient. Of course, every email also contains an unsubscribe link.

Who receives my data?

If we use a service provider for data processing on our behalf, we remain responsible for protecting your data.
All data processors are contractually obligated to keep your data confidential and to process it only within the scope of their service provision. The processors we engage receive your data only to the extent necessary for the fulfillment of their respective services.

Your data are processed in our customer database. This database helps improve the quality of existing customer data (e.g., duplicate removal, marking of relocated or deceased individuals, address correction) and allows for enrichment with data from public sources.
These data are made available to affiliated companies within the group only if necessary for contract execution. Customer data are stored separately for each company.
If there is a legal obligation or in the context of legal enforcement, authorities, courts, and external auditors may be recipients of your data. Additionally, for the purposes of contract initiation and fulfillment, recipients of your data may include insurance companies, banks, credit agencies, and service providers.

Hosting / External Hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website are stored on the hoster’s servers. This may include, in particular, IP addresses, contact inquiries, metadata and communication data, contract data, contact details, names, website access logs, and other data generated via the website.

The use of the hoster is for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the legitimate interest of ensuring a secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).
If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under the TTDSG.
Consent can be revoked at any time.

Our hoster will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.
We use the following hosting provider:
united-domains AG

Data Processing Agreement (DPA)

We have concluded a Data Processing Agreement (DPA) with the provider mentioned above. This is a legally required contract that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
https://www.united-domains.de/unternehmen/datenschutz/

How long are my data stored?

We process your data until the end of the business relationship or until the expiration of applicable legal retention periods (e.g., under the Commercial Code or Fiscal Code). Beyond that, data may be stored until the conclusion of any legal disputes where they are required as evidence.

Are personal data transferred to a third country?

As a general rule, we do not transfer data to a third country. In exceptional cases, data transfer only occurs based on an adequacy decision by the European Commission, standard contractual clauses, appropriate safeguards, or your explicit consent.

Security

We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access.
All our employees and service providers working for us are obligated to comply with applicable data protection laws.

Whenever we collect and process personal data, they are encrypted before transmission. This ensures that your data cannot be misused by third parties.
Our security measures are subject to a continuous improvement process, and our privacy policies are regularly updated. Please make sure you have access to the latest version.

Rights of Data Subjects

You have the right to access, rectification, deletion, or restriction of processing of your stored data at any time. Additionally, you have the right to object to processing, the right to data portability, and the right to lodge a complaint, in accordance with the requirements of data protection law.

Right of Access

You can request information from us about whether and to what extent we process your data.

Right to Rectification

If we process your data that is incomplete or incorrect, you can request its correction or completion at any time.

Right to Erasure

You can request the deletion of your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection.
Please note that there may be reasons preventing immediate deletion, such as legally mandated retention obligations.

Regardless of your right to erasure, we will promptly and completely delete your data, provided there are no contractual or legal retention obligations preventing this.

Right to Restriction of Processing

You can request the restriction of processing of your data if:

  • You dispute the accuracy of the data, for a period that allows us to verify its accuracy.
  • The processing of your data is unlawful, but you oppose deletion and instead request a restriction on data usage.
  • We no longer need the data for the intended purpose, but you still require them to assert or defend legal claims.
  • You have objected to the processing of your data.

Right to Data Portability


You can request that we provide you with your data, which you have provided to us, in a structured, commonly used, and machine-readable format and that you can transfer these data to another controller without hindrance from us, provided that:

  • We process these data based on your given and revocable consent or for the fulfillment of a contract between us.
  • This processing is carried out using automated procedures.

If technically feasible, you can request that we directly transfer your data to another controller.

Right to Object

If we process your data based on legitimate interest, you can object to this processing at any time; this also applies to profiling based on these provisions. In such a case, we will no longer process your data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims.
You can object to the processing of your data for direct marketing purposes at any time without providing reasons.

Right to Lodge a Complaint

If you believe that our processing of your data violates German or European data protection laws, we encourage you to contact us so that we can clarify any concerns.
You also have the right to lodge a complaint with the relevant supervisory authority, which is the respective State Data Protection Office.
If you wish to exercise any of the rights mentioned above, please contact our Data Protection Officer. In case of doubt, we may require additional information to confirm your identity.

Changes to This Privacy Policy

We reserve the right to modify our privacy policy if required due to new technologies. Please ensure that you have access to the latest version.
If fundamental changes are made to this privacy policy, we will announce them on our website.

All interested parties and visitors to our website can reach us regarding data protection inquiries at:

Mr. Fabian Fromm
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg

Tel.: 0941 2986930
Fax: 0941 29869316
E-Mail: anfragen@projekt29.de
Internet: www.projekt29.de

Version 2024.1