PB-Consult Data Protection

Data Protection

Data Protection is of great importance to us

General Information

PB CONSULT offers independent services primarily for the infrastructure and mobility sector. PB CONSULT is thereby responsible for a safe and transparent handling of the data you have provided us with. In the following, we would like to give you a simple overview of what happens to your personal data and to inform you about the claims and rights you are entitled to according to the data protection regulations. Personal data shall mean all information that can be personally identifiable to you. Detailed information about data protection can be found in our privacy policy listed below this text.

1. Who is responsible for the data processing and who can I turn to concerning this matter?
PB-Consult Planungs- und Betriebsberatungsgesellschaft mbh
Rothenburger Straße 5
90443 Nürnberg
Tel. 0911 3 22 39-0
Fax: 0911 3 22 39-10
E-mail: info@pbconsult.com

Company Register: German Commercial Register
Register Number: AG Nürnberg HRB 16 058
Authorized Representatives: Thomas Kahn and Georg Kern
Value Added Tax (VAT) Identification Number: DE 812667347

Data Protection Officer:

Herr Oliver Rothe
Städtische Werke Nürnberg GmbH
Am Plärrer 43
90429 Nürnberg
Tel. 0911 2 71-3220
Fax: 0911 2 71 88-3220

E-mail: datenschutz@stwn.de

2. What sources and data do we use?
We process personal data provided to us by you within your contractual relationship respectively contact with us. This includes, in particular, your company address and company data, your bank details and e-mail addresses as well as your contact information.

3. What do we process your data for and on what legal basis? (Purpose of the processing)
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The data is used for the sole purpose of use within the company, for example, to bring to your attention special offers or new services, to invite you to events as well as to send you any information concerning your existing contractual relationship with us.

4. Who receives your personal data?
Your data is used solely for the purposes of managing your contractual relationship or contact with us. The interoffice access to your data is limited to your contact partner, the respective project manager, the legal department and the company’s management.

5. How long will your data be stored?
We store your data only as long as our contract runs for or a contact between us still exists. This applies also, when we are legally bound by the statutory retention or documentation obligations.

6. Transfer of data to international or superordinate organisations
Your data is transferred to authorities (e.g. auditors, tax authorities, subcontractors, employees, etc.) to meet the essential legal requirements and for the purposes of administration. The respective authorities and institutions use your personal data solely for administrative and accounting purposes.
Data shall not be processed or released for any other purpose.

7. Legal Basis
We process data on following legal basis:
Legal basis for all data processing is the General Data Protection Regulation (GDPR), whereby the lawfulness of the processing is based on the following essential points:

a) Art. 6(1) lit. a GDPR, the data subject (you) has given consent to the processing of his or her personal data for one or more specific purposes, as for example to conclude a contract with us;
b) Art. 6(1) lit. b GDPR, processing is necessary for the performance of a contract to which the data subject (you) is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) Art. 6(1) lit. c GDPR, processing is necessary for compliance with a legal obligation to which the controller is subject, for example tax obligations, to which we are subject;
d) Art. 6(1) lit. d GDPR, processing is necessary in order to protect the vital interests of the data subject or of another natural person. This is indeed a very rare event that hopefully will never occur. Should you, within the scope of our contractual relationship, find yourself in a situation though, where you have been injured, your name, age or any other personal information of vital importance may be disclosed to a doctor, a hospital or other third party;
e) Art. 6(1) lit. f GDPR, this legal ground applies when the above mentioned ones don’t apply and when the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data. Should the processing of personal data be based on this Art. 6(1) lit. f GDPR, our legitimate interest would be to implement our existing contractual relationship with you.

8. What privacy rights do you have?

a) You have the right to obtain confirmation
Any data subject has the right, granted to him by the European legislator, to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she can contact an employee of the data controller at any time. In such a case, please contact the Data Protection Officer.

b) You have the right to obtain information (Right of Access)
Each data subject has the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations have given the data subject access to following information:

• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• where the personal data are not collected from the data subject, any available information as to their source;
• in addition, the data subject has a right to obtain information as to whether personal data was transferred to a third country or to an international organisation. If this is the case, the data subject has the right to be provided with information on the appropriate safeguards relating to the transfer.

If a data subject wishes to avail himself of this right of information, he or she may contact an employee of the controller at any time. In this regard, please contact the Data Protection Officer.

c) You have the right to rectification of personal data
The data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Furthermore, taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, he or she may at any time contact an employee of the controller. Please contact the Data Protection Officer in this matter.

d) You have the right to erasure of personal data (“right to be forgotten”)
Any data subject has the right, granted to him by the European legislator, to obtain from the controller the erasure of personal data concerning him or her without undue delay, as long as the processing is not necessary and where one of the following grounds applies:

• the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
• the data subject withdraws consent on which the processing is based according to Art. 6(1) lit. a GDPR , or Art. 9(2) lit. a GDPR, and where there is no other legal ground for the processing;
• the data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR;
• the personal data has been unlawfully processed;
• the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• the personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

If one of the aforementioned reasons applies, and the data subject wishes to request the erasure of personal data stored by PB CONSULT, he or she may at any time contact an employee of the controller. Please also contact the Data Protection Officer.

e) You have the right to restriction of data processing
Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

• the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
• the data subject has objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the above mentioned legal grounds exists and the data subject has requested the restriction of the processing of his or her personal data stored by PB CONSULT, he or she can contact the Data Protection Officer at any time.

f) You have the right to data portability
The data subject has the right granted by the European legislator to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. In addition to this, he or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, as long as the processing is based on consent pursuant to Art. 6(1) lit. a GDPR or Art. 9(2) lit. a GDPR, or on a contract pursuant to point Art. 6(1) lit. b GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Art. 20(1) GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible, and when this right does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject can contact the Data Protection Officer at any time.

g) You have the right to object
Each data subject shall have the right granted by the European legislator to object on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her based on point (e) or (f) of Article 6(1) GDPR.
We shall no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or this processing is necessary for the establishment, exercise or defence of legal claims.
In order to exercise his or her right to object, the data subject can directly contact the Data Protection Officer. Furthermore, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.

h) You have the right to lodge a complaint with a supervisory authority
If you consider that the processing of your personal data is unlawful, you have the right to lodge a complaint with a competent supervisory authority in your place of residence, place of work or place of the alleged infringement.

i) You have the right to withdraw your consent to data processing
Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.
If the data subject wishes to exercise this right, he or she may at any time directly contact the Data Protection Officer. An informal message by e-mail to us is sufficient. The lawfulness of data processing operations carried out before withdrawal remains unaffected.
We hope that we have provided you with all the information you need. However, should you have any questions, please do not hesitate to contact the Data Protection Officer or the legal department. Please feel also free to contact the Data Protection Officer or the Legal department, if you have any suggestions or if you need further information on the implementation of the General Data Protection Regulation (GDPR).
Please note that we collect only as few data as possible. However, the data we obtain from you and respectively process is needed to manage our mutual contractual relationship properly and to comply with other legal requirements, e.g. tax requirements.

 

Data Protection in Surveys

PB CONSULT places greatest value on the compliance with the principle rules of data protection.
PB CONSULT works in accordance with the currently applicable legal provisions of the European and German data protection law and with all other data protection regulations. All personnel are obliged to the data protection compliance. Also the technical and organizational measures, taken to secure and protect personal data, are regulated in accordance with the statutory requirements.

The participation in the surveys is always voluntary. No disadvantages will result in the event of non-participation. The anonymity of the survey participant is top priority. There is no transfer of personal data, which may allow any inference to individuals. The results of the survey are presented solely in anonymized and summarized form. This means that no one can draw conclusions from the results and identify the person who supplied the data. Personal data is strictly separated from the survey results.

This is also applicable for repeat or follow-up surveys, where it is important, when need be after a certain period of time to question the same individual or household once again and to perform statistical evaluations, that the data from multiple surveys is interlinked through a code number (participant number), without any use of name and address.
Personal data is only stored for as long as necessary to achieve the purpose of the project. All data is collected and processed for internal use only and exclusively for the intended purpose. After completion of the study all data is deleted.

All individuals contacted within the inquiry have the right to free information about their personal data stored, as well as the right to correction, blocking or erasure of this data, insofar as not opposed by any statutory requirement to preserve records. The agreement to participation in the study can be revoked at any time. There is also the right of complaint with a supervisory authority.

 

Website Privacy Policy

The protection of your privacy in the processing of your personal data is an important concern to which we pay special attention. When you visit our website, our web servers record automatically the standard internet protocol (IP) address of your internet service provider, the website from which you visit us, the websites you actually visit by us and the date and length of your visit. This information is absolutely necessary for the technical transmission of the websites and the safe operation of the server. No personalized analysis of data takes place.

Should you send us data via the contact form, these data will be stored on our servers in the course of data backup. Your data will be used only for the purposes of processing your request. Your data will be treated in strict confidentiality. No data will be passed on to a third party.

Controller:
PB-Consult GmbH
Managing directors:
Graduate economist Thomas Kahn
Graduate engineer Georg Kern
Planungs- und Betriebsberatungsgesellschaft mbH
Rothenburger Str. 5
90443 Nürnberg
Telephone: +49-911 32239-0
Telefax: +49-911 32239-10

Personal Data

Personal data is any personal information about you. This includes your name, address and email-address. You must disclose no personal data in order to use our website. In some cases, however, we will need your name and address as well as further information so that we can provide you with the services you require.

The same applies in order to provide you upon your request with information or to answer your questions. In these cases we will make you aware of that. Furthermore we store only data, automatically or voluntarily provided by you.

When you use one of our services, we usually collect only data, necessary for us to be able to offer you our services. This may include asking you for additional information, which is voluntary in nature. Anytime we process personal data, we do this in order to provide you with our services and to achieve our commercial goals respectively.

Automatically Stored Non-personal Data

When you visit our website, we store certain information for administrative and technical reasons, such as type and version of the used browser, date and time of access as well as IP address.

This data is anonymized and used for statistical purposes only, or to improve our internet and online services.
This anonymized data is stored – separately from personal data – on secure systems and cannot be assigned to any individual persons. This means that your personal data is protected at all times.

Cookies

When you visit our websites, we might save information on your computer in the form of cookies. Cookies are small files or pieces of information sent by an internet server to your web browser and stored on the hard drive of your device. Only the IP address will be saved here and no personal data. The information stored in the cookies makes it possible to automatically recognize you as visitor the next time you access our webpage, whereby the use will be made easier for you.

Of course, you can also visit our webpage without accepting any cookies. If you do not wish your device to be recognized the next time you visit our website, you can also refuse the use of cookies. You can do so by adjusting the current settings of your internet browser to „disable cookies“. The respective approach is described in the instructions for use of your web browser. However, if you decide not to accept the use of cookies, this may lead to certain restrictions on the use of our website and you may not be able to make full use of all the website functions.

Use of Google AJAX Search API

Our website uses Google AJAX Search API. This is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This interface optimizes the loading speed of the website by accessing local libraries and the Google CDN (Content Delivery Network). If you have already used the jQuery library on another website of the Google CDN, your browser will access the copy stored in your cache memory. If this is not applicable, a download will be necessary and data from your browser will be then sent to Google Inc. (“Google”). Your data is transferred to the USA. . Here you can find more information in the data protection notices of the provider..

Use of Xing recommendation components

Our website uses components provided by the network XING.com. These components are a service of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
Each time our website receives an access request equipped with a XING component, the component prompts your web browser to download an image of this component from XING.

To the best extent of our knowledge, XING does not store any personal data from the user, obtained through accessing our website. XING also does not store IP addresses. In addition, no analysis of user activity takes places through the use of cookies in connection with the „XING Share-Button“. Additional information may be found in the data protection provisions for the XING Share-Button, at: https://www.xing.com/app/share?op=data_protection

Online Job Applications

Your application data will be collected by us electronically and processed for the purposes of the application. If your job application leads into an employment contract being concluded, the data transmitted to us may be saved by us in your personnel file for general organizational and administrative processes, taking into account the applicable legal regulations.
If your application is rejected, the data transmitted by you will be deleted automatically two months after you are notified that your application has been unsuccessful.

This does not apply if, due to statutory requirements (for example the obligation to retain proof in accordance with the General Act on Equal Treatment), it is necessary to store the information for a longer period of time, or if you have expressly consented to the information being stored for a longer period.

Security

We have taken technical and organizational measures to protect the data you have provided us from loss, damage, manipulation and unauthorized access. All our employees and third-party service providers are obliged to adhere to the applicable data protection laws.

All your personal data collected or processed by us will be encrypted and therefore protected before being transferred. That means that your data can not be abused by a third party. The security measures taken by us are subject to a constant improvement process and our privacy policies are continuously being revised. Please make sure that you have the most currently released version.

Data Subject Rights

Please contact us at any time, when you need information about your personal data stored or when you want your data to be corrected or deleted. Furthermore you have the right to restriction of processing (Art. 18 GDPR), the right to object to processing (Art. 21 GDPR) as well as the right to data portability (Art. 20 GDPR).
In such cases, please contact us directly.

Changes to this Privacy Policy

We reserve the right to change our privacy policy, if -due to new technologies- necessary. Please make sure that you have the latest version of this policy. If fundamental changes are made to our privacy policy, these will be published on our website.

All interested parties and visitors to our webpage can contact us in all data protection matters at:

Herrn Oliver Rothe
Städtische Werke Nürnberg GmbH
Am Plärrer 43
90429 Nürnberg

Telephone: +49 911 271-3220
Telefax: +49 911 271-883220

e-Mail: datenschutz@stwn.de

Should our data protection officer not be able to answer your concern to your complete satisfaction, for you remains in every case the right of complaint with a supervisory authority.