Data protection declaration

Responsible person

The department named in the imprint is responsible for the data collection and processing outlined below. .

Data protection officer

Wolfgang Barkemeyer / wolfgang.barkemeyer@boskalis.com

Data protection declaration

1. 1. Fundamental information about data processing and the legal basis

  1. This data protection declaration informs you of the type, extent and purpose of the processing of personal data within our online offer and the websites, functions and content (hereinafter referred to as “online offer” or “website”) connected with it. The data protection declaration applies irrespective of the domains, systems, platforms and devices (e.g. Desktop or mobile) where the online offer is made.
  2. With regard to the terms used, such as “personal data” or its "processing", we refer to the definitions in Art. 4 General Data Processing Regulation (GDPR).
  3. The users’ personal data processed within the framework of this online offer includes information data (names, addresses and contact details of customers) and usage data (e.g. the websites of our online offer visited, interest in our services) and content data (entries in the application form). The term “User” covers all categories of persons affected by the data processing. These include our business partners, customers, potential customers and other visitors to our online offer. The terms used, such as “User”, are gender-neutral.
  4. We process users’ personal data only in accordance with the applicable data protection conditions. This means the users’ data is only processed with statutory permission. I.e., particularly if the data processing is necessary in order to provide our contractual services (e.g. processing orders) and online services, or is statutorily prescribed, user consent has been granted, as well as on the basis of our justified interests (i.e. interest in the analysis, optimisation and economic operation and security of our online offer as defined in Art. 6 (1) lit. f. GDPR, notably for range management, creation of profiles for advertising and marketing purposes, as well as in order to record access data and the use of services from third parties.
  5. Please note that the legal basis for collecting consent is Art. 6(1) lit. a. and Art. 7 GDPR, the legal basis for processing in order to fulfil our work and services and to realise contractual measures Art. 6(1) lit. b. GDPR, the legal basis for processing in order to fulfil our legal obligations is Art. 6(1) lit. c. GDPR, and the legal basis for processing in order to safeguard our justified interests is Art. 6(1) lit. f. GDPR.

2. Security measures

  1. We take organisational, contractual and technical security measures corresponding to the state of technology in order to ensure that the provisions of data protection legislation are complied with and so that the data processed by us is protected against accidental or malicious manipulation, loss, destruction and access by unauthorised persons.
  2. The security measures include, in particular, encrypted transmission of data between your browser and our server.

3. Forwarding data to third parties and third-party providers

  1. Data is only forwarded to third parties within the framework of the statutory provisions. We only forward user data to third parties if this is necessary for contractual purposes, e.g. on the basis of Art. 6 (1) lit. b) GDPR or on the basis of justified interests according to Art. 6 (1) lit. f) GDPR in the economic and effective operation of our business.
  2. Insofar as we engage subcontractors in order to provide our services, we take appropriate legal measures and corresponding technical and organisational measures to ensure the protection of personal data according to the applicable legal provisions.
  3. Insofar as content, tools or other media from other providers are used within the framework of this data protection declaration (hereinafter referred to jointly as “third-party providers”) and their named place of domicile is in a third country, it must be assumed that data transmission takes place to the countries of these third-party providers. Third countries are countries where the GDPR is not a directly applicable law, i.e. generally all countries outside the EU or the European Economic Area. The transmission of data to third countries takes place either if there is an appropriate level of data protection, consent from the user or other statutory permission.

4. Provision of contractual services

  1. We process information data (e.g. names and address as well as contact details of users), contractual data (e.g. services used, names of contact persons, payment information) in order to fulfil our contractual obligations and services in accordance with Art. 6 (1) lit. b) GDPR.
  2. We process usage data (e.g. the websites of our online offer visits, interest in our products) and content data (entries in contact forms) for advertising purposes in a user profile, e.g. Product information based on those previously used.
  3. When contacting us (by contact form or email), the user's details are processed according to Art. 6 (1) lit. b) GDPR in order to process and handle the enquiry.The user information may be stored in our customer relationship management system ("CRM System") or equivalent enquiry organisation.
  4. We use the CRM system “Name folgt” from the provider “Angaben folgen” on the basis of our justified interests (efficient and fast processing of user enquiries). To this end, we have concluded a so-called standard contract clause with the provider, in which the provider commits to processing the user data only in accordance with our instructions and in compliance with the EU-level of data protection.

5. Collecting access data and logfiles

  1. We collect data about every access to the server on which this service is saved (known as server logfiles) on the basis of our justified interest as defined in Art. 6(1) lit. f. GDPR. The access data includes the name of the website accessed, file, data and time of access, data quantity transmitted, message about successful call up, browser type plus version, the user's operating system, referrer URL (site previously visited), IP address and requesting provider.
  2. For security reasons (e.g. to investigate misuse or fraudulent actions) logfile information is saved for a maximum of seven days and then deleted. Data, the further retention of which is necessary as evidence, is excluded from deletion until the conclusive clarification of the respective incident.

6. Cookies & range measurement

  1. Cookies are information that is transferred from our web server or from third-party webservers to the user's web browser and saved there for subsequent recall. Cookies can be small files or other types of information storage.
  2. This data protection declaration informs users of the use of cookies as part of pseudonymised range measurement.
  3. If the users do not want cookies to be saved on their computer, they are asked to disable the corresponding option in their browser's system settings. Saved cookies can be deleted in the browser's system settings. Excluding cookies can lead to function restrictions of this online offering.
  4. They can reject the use of cookies, which serve range measurement and advertising purposes, via the deactivation website of the network advertising organisation (http://optout.networkadvertising.org/) and also the American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

7. Google Analytics

  1. On the basis of our justified interests (i.e. the interest in analysis, optimisation and economic operation of our online offer as defined in Art. 6 (1) lit. f) GDPR), we use Google Analytics, a web analysis service from Google Inc. (“Google”). Google uses cookies. The information generated by the cookie about the users’ use of the online offer is typically transmitted to a Google server in the USA and saved there.
  2. Google is certified under the Privacy Shield treaty and as a result guarantees to comply with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information on our behalf in order to evaluate the use of our online offer by users, to collate reports about the activities within this online offer and in order to provide us with additional services connected to the use of this online offer and internet use. Pseudonymous use profiles of the users can be created from the processed data.
  3. We use Google Analytics in order to display adverts activated within the web services of Google and its partners only to those users, which have indicated an interest in our online offer or who have the specific features (e.g. interest in certain topics or products identified on the basis of the websites visited), which we provide to Google (so-called “Remarketing” or “Google-Analytics-Audiences”). Using the Remarketing Audiences, we also want to ensure that our adverts correspond to the potential interests of the users and are not irritating.
  4. We only use Google Analytics with enabled IP anonymisation. This means the IP address of the users is shortened within the Member States of the European Union or in other signatory countries to the Treaty on the European Economic Area. The full IP address is transmitted to a Google server in the USA and abbreviated there only in exceptional cases.
  5. The IP address transmitted by the user's browser is not collated by Google with other data. The users can prevent cookies being stored through a corresponding setting in their browser software; users can also prevent the data generated by the cookie about their use of the online offer being collected and can prevent the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout.
  6. More information about data use by Google, about possible settings and objections, can be found on Google websites: www.google.com/intl/de/policies/privacy/partners (“data use by Google about your use of our partners’ websites or Apps”), www.google.com/policies/technologies/ads (“Data use for advertising purposes”), www.google.de/settings/ads (“Manage information that Google uses to show you advertising”).

8. Embedding services and content from third parties

  1. Within our online offer, on the basis of our justified interests (i.e. interest in the analysis, optimisation and economic operation of our online offer as defined in Art. 6 (1) lit. f) GDPR) we use content or service offers from third-party providers in order to embed their content and services, such as videos or fonts (the following referred to jointly as “content”). The prerequisite here is always that the third-party providers of this content know the IP address of the user, as without the IP address they would not be able to send the content to your browser. The IP address is therefore necessary for this content to be displayed. We try only to use content from respective providers that only use the IP address to provide this content. Third-party providers may also use so-called pixel tags (invisible graphics, also called “Web Beacons”) for statistical or marketing purposes. Information such as visitor traffic to the pages of this website can be evaluated by the pixel tags. The pseudonymised information can also be used in cookies on the user's device, and inter alia and may also be combined with technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer from other sources.
  2. The following representation provides a summary of third-party providers and their content, along with links to their data protection declarations, which contain information about processing data and in part also the refusing possibilities already explained here (so-called opt-outs): Maps from “Google Maps” from the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration:
    • Maps from “Google Maps” from the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/. Videos from the platform “YouTube” of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration:
    • Videos der Plattform “YouTube” des Drittanbieters Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Datenschutzerklärung: www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
    • Webanalysis and optimisation using the services from Hotjar, of the third-party provider Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. Movements on the websites where Hotjar is used can be tracked with Hotjar (so-called heatmaps). For example, how far users scroll and which buttons the users frequently click can be determined. Further, technical data such as language, system, screen resolution and browser type are also recorded. User profiles can be created with this, at least temporarily during the visit to our website. Furthermore, with Hotjar it is also possible to obtain feedback directly from users of the website. In this way we collect valuable information so that our website can be designed more quickly and more customer-friendly. Data protection declaration: www.hotjar.com/privacy. Opt-out: https://www.hotjar.com/legal/compliance/opt-out.
    • Externer Code des JavaScript-Frameworks “jQuery”, bereitgestellt durch den Dritt-Anbieter jQuery Foundation, jquery.org. Die Seite läd jquery von ajax.googleapis.com
    • External code of the JavaScript Framework “jQuery”, provided by the third-party provider jQuery Foundation, jquery.org. The site loads jquery from ajax.googleapis.com. Our online offer uses functions from the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time one of our pages that contains functions from LinkedIn is opened, a connection to the LinkedIn servers is created. LinkedIn is informed that you have visited our websites with your IP address. If you click the “Recommend-Button” from LinkedIn and are logged into your LinkedIn account, it is possible for LinkedIn to attribute your visit to our website to you and your user account. Please note that as a provider of the pages we have no knowledge of the transmitted data and its use by LinkedIn. Data protection declaration: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

9. Social Media PlugIns

  1. Twitter
    Our website uses functions from Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When accessing our pages that have Twitter plug-ins, a connection is created between your browser and the servers of Twitter. Data is already transmitted to Twitter. If you have a Twitter account, this data can be linked back to it. If you do not want this data to be allocated to your Twitter account, please log out of Twitter before visiting our site. Interactions, especially clicking a “Re-Tweet” button, are also forwarded to Twitter. You can find more information about this in the data protection declaration from Twitter at: https://twitter.com/privacy. Opt-out: https://twitter.com/personalization. Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

10. Users’ rights

  1. Users have the right, upon request, to obtain information free of charge about the personal data about you that is saved by us.
  2. In addition, users have the right to correct inaccurate data, to restrict processing and to the deletion of their personal data, insofar as it is correct, to assert their rights to data portability and, in the event of unlawful data processing being assumed, to submit a complaint to the responsible regulatory authority.
  3. Users can also revoke consent, in principle with effect for the future.

11. Deleting data

  1. Data saved by us is deleted as soon as it is no longer required for its purpose and the deletion is not prevented by statutory duties of retention. Insofar as the users’ data is not deleted because it is needed for other and statutorily permitted purposes, its processing is restricted. I.e. the data is frozen and not processed for other purposes. This applies, for example, to users’ data that has to be retained because of commercial or tax law requirements.
  2. According to the statutory provisions, data is retained for 6 years in accordance with s. 257 (1) HGB (trading books, inventories, opening balances, annual statements, commercial correspondence, booking receipts, etc.) and for 10 years in accordance with s. 147 (1) AO (books, records, management reports, booking receipts, commercial and business correspondence, documents relevant for taxation, etc.).

12. Right of refusal

  1. Users can refuse the future processing of their personal data at any time corresponding to the statutory requirements. The refusal can be made, in particular, with regard to the processing for direct marketing purposes.

13. Changes to the data protection declaration

  1. We reserve the right to amend the data protection declaration in order to adjust it to changed legal situations or if the services and data processing change. However, this only applies in respect of declarations regarding data processing. Insofar as consent is required from the users or if components of the data protection declaration contain regulations regarding the contractual relationship with users, the changes shall only be made with consent from the user.
  2. Users are asked to review the contents of the data protection declaration regularly.