Data Security

Name and Address of the Controller:

ingenhoven associates gmbh
Plange Mühle 1
40221 Düsseldorf
Phone +49 211 30101 01
Fax +49 211 30101 31
Email: info@ingenhovenarchitects.com
Website: www.ingenhovenarchitects.com

is the controller in accordance with the EU General Data Protection Regulation (GDPR) and other national data protection laws.

The responsible party for data processing on this website is:

datenschutz@bkw.de

General Information on Data Processing

Scope of Processing of Personal Data
We generally collect and use personal data of the users of our homepage only to the extent necessary to provide a functional website, our content, and services.

The collection and use of personal data of our users regularly occurs only with the user’s consent. An exception applies in cases where data processing is permitted by legal regulations or where obtaining prior consent is not possible for practical reasons.

Legal Basis for the Processing of Personal Data
The legal bases for the processing of personal data are generally derived from:

- Article 6(1)(a) GDPR when obtaining the consent of the data subject.
- Article 6(1)(b) GDPR when processing is necessary for the performance of a contract to which the data subject is a party, including processing required for pre-contractual measures.
- Article 6(1)(c) GDPR when processing is necessary for compliance with a legal obligation.
- Article 6(1)(d) GDPR when processing is necessary to protect the vital interests of the data subject or another natural person.
- Article 6(1)(f) GDPR when processing is necessary for the purposes of legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests, rights, or freedoms of the data subject.

Data Deletion and Storage Duration
The personal data of users will be deleted or blocked as soon as the purpose for storage ceases to apply. Data may be stored beyond this if required by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned regulations expires, unless there is a necessity for further storage of the data for a contract conclusion or fulfillment.

Usage of Our Website, General Information

Description and Scope of Data Processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing user. The following information may be collected:

- Information about the browser type and version used
- The user’s operating system
- The user’s Internet service provider
- The user’s IP address
- Date and time of access
- Websites from which the user’s system reaches our website
- Websites accessed by the user’s system via our website

The described data is stored in our system’s log files. This data is not stored together with other personal data of the user.

Purpose and Legal Basis for Data Processing
Temporary storage of the IP address by our system is necessary to deliver the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. Additionally, the data helps us optimize the website and ensure the security of our information technology systems. Data is not evaluated for marketing purposes in this context.

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

The collection of personal data for providing our website and storing the data in log files is essential for operating the website. Therefore, the user cannot opt-out.

Duration of Storage
Your data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. If your data is collected to provide the website, it will be deleted when the respective session is terminated.

If your data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible, where IP addresses are anonymized or altered to prevent the identification of the accessing client.

General Information on the Use of Cookies
We use cookies on our website. Cookies are text files stored in the Internet browser or by the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system, containing a characteristic string that allows for the unique identification of the browser when the website is accessed again.

We use cookies to make our homepage more user-friendly. Some elements of our website require the browser to be identifiable even after a page change.

TTDSG:
The legal basis for storing cookies, device identifiers, and similar tracking technologies, or for storing information on the user’s end device and accessing this information, is the European ePrivacy Directive in conjunction with the German Telecommunication-Telemedia Data Protection Act (TTDSG).

Please note that the legal basis for processing personal data collected in this context is derived from GDPR (Article 6(1) GDPR). The specific legal basis for processing personal data in each case can be found below in the respective cookie or processing itself.

The primary legal basis for storing information on the end user’s device – particularly for storing cookies – is your consent, § 25(1) TTDSG. Consent is given when you visit our website – although it is not required – and can be withdrawn at any time in the cookie settings.

According to § 25(2) TTDSG, consent is not required if storing information on the end user’s device or accessing information already stored on the end user’s device is essential for the provider to offer a telemedia service explicitly requested by the user. The cookie settings indicate which cookies are considered essential (often referred to as “technically necessary cookies”) and thus fall under the exception rule of § 25(2) TTDSG and do not require consent.

GDPR:
The following data is stored and transmitted when using cookies:

- Session ID

The legal basis for processing personal data using cookies is Article 6(1)(f) GDPR. The purpose of using technically necessary cookies is to simplify the use of our website.

We point out that some functions of our website can only be offered through the use of cookies.

These include the following applications:
- Technical functionality of the website

User data collected through technically necessary cookies is not used to create user profiles.

Cookies are stored on the user’s computer and transmitted to our site. Therefore, as a user, you have control over the use of cookies. You can restrict or disable the transmission of cookies by changing the settings in your Internet browser. Stored cookies can also be deleted in your Internet browser. Please note that if you disable cookies, you may not be able to use all functions of our website.

The legal basis for processing personal data using cookies for analysis and advertising purposes is Article 6(1)(a) GDPR, given the user’s consent.

Your Rights / Rights of the Data Subject

Right to Information
You have the right to obtain information from us, as the controller, about whether and which personal data concerning you is being processed, and further information according to legal requirements under Articles 13 and 14 GDPR. You can assert your right to information at:

datenschutz@bkw.de

Right to Rectification
If the personal data we process concerning you is inaccurate or incomplete, you have the right to rectification and/or completion. The correction will be made without delay.

Right to Restriction
You have the right to restrict the processing of your personal data according to legal requirements (Article 18 GDPR).

Right to Erasure
You can request the immediate deletion of personal data concerning you if the reasons outlined in Article 17 GDPR apply.

We point out that the right to deletion does not exist if the processing is necessary for one of the exceptions listed in Article 17(3).

Right to Notification
If you have asserted the right to rectification, erasure, or restriction of processing, we are obliged to inform all recipients to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You also have the right to be informed about these recipients.

Right to Data Portability
According to GDPR, you have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, or to request the transmission to another controller.

Right to Withdraw Consent
You have the right to withdraw your consent to data protection at any time. We point out that the withdrawal of consent does not affect the legality of the processing carried out based on the consent until the withdrawal.

Right to Object
You also have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out based on Article 6(1)(e) or (f) GDPR.

Automated Decision-Making Including Profiling
Under the GDPR, you also have the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or significantly affects you similarly.

Right to Lodge a Complaint with a Supervisory Authority
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, workplace, or place of the alleged infringement.

Data Transfers Outside the EU
The GDPR ensures a uniformly high level of data protection within the European Union. Therefore, we prefer to work with European partners whenever your personal data needs to be processed. Only in exceptional cases will we process data outside the European Union by using third-party services. We only allow your data to be processed in a third country if the special requirements of Articles 44 ff. GDPR are met. This means that the processing of your data is only permissible based on special guarantees, such as the officially recognized determination of an adequate level of data protection by the European Commission or the observance of officially recognized special contractual obligations, the so-called “standard data protection clauses.”

EU-US Trans-Atlantic Data Privacy Framework
As part of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the data protection level for certain US companies as secure within the framework of the adequacy decision of July 10, 2023. You can find the list of certified companies and more information about the DPF on the US Department of Commerce website at https://www.dataprivacyframework.gov/s/participant-search (in English).

Data Processing Under Swiss DPA
In principle, the use of our website is subject to the legal regulations of the GDPR. If you also visit our website from Switzerland, and to the extent that the related data processing also affects you as a Swiss citizen, these data protection regulations apply analogously to the GDPR under the Swiss Federal Act on Data Protection (“Swiss DPA” as amended on September 1, 2023).

The Swiss DPA generally does not specify a legal basis. Therefore, we only process your data from Switzerland if the processing is lawful, conducted in good faith, and proportionate according to Art. 6(1) and (2) of the Swiss DPA. Furthermore, we only collect and process your data for specific and recognizable purposes and only in a manner consistent with those purposes according to Art. 6(3) of the Swiss DPA.

Please note that certain terms under the GDPR, although formulated differently, have the same legal meaning as under the Swiss DPA. For example, the terms “processing” of “personal data” and “legitimate interest” under the GDPR correspond to the terms “processing” of “personal data,” “overriding interest,” and “particularly sensitive personal data” under the Swiss DPA.

The rights of data subjects outlined in Articles 12 ff. GDPR can also be asserted by Swiss data subjects analogously to the provisions of Articles 25 ff. Swiss DPA.

Minors Under 16 Years
Our website and offers on this website are explicitly not directed at minors under 16 years. We point out that parents must accompany their children’s online activities. Minors under 16 years should not transmit personal data to us without parental consent. We do not explicitly request personal data from minors under 16 years, do not knowingly collect it, and do not pass it on to third parties.

Newsletter

General Information
You can subscribe to a free newsletter on our homepage, through which we inform you about our current interesting offers. The goods and services advertised are specified in the consent declaration. The data you enter in the input mask during registration will be transmitted to us.

We collect the following data based on the consent obtained during the registration process:
Last name, first name, email address, language (German/English).

Additionally, the following data is stored at the time of transmission:
IP address of the accessing computer, date and time of registration.

Your data will not be disclosed to third parties in connection with data processing for sending newsletters. The data is used exclusively for sending the newsletter.

Double-Opt-In and Logging
Registration for our newsletter follows a double-opt-in procedure. After registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with external email addresses.

Newsletter registrations are logged to prove the registration process following legal requirements. This includes storing the registration and confirmation times and the IP address.

Legal Basis
The legal basis for processing the data is Article 6(1)(a) GDPR, given the user’s consent. The collection of the user’s email address serves to deliver the newsletter.

Deletion, Withdrawal, and Objection
Your data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. Your email address will therefore be stored as long as the newsletter subscription is active. You can terminate the newsletter subscription at any time by withdrawing your consent. A corresponding link can be found in each newsletter.

We also point out that you can object to the future processing of your personal data at any time following legal requirements under Article 21 GDPR. The objection can particularly be made against processing for direct marketing purposes.

Service Provider
The newsletter is sent using “Brevo,” a newsletter dispatch platform provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin.

The email addresses of our newsletter recipients and other data described in these notices are stored on Brevo’s servers. Brevo uses this information to send and evaluate the newsletter on our behalf. Additionally, Brevo may use this data to optimize or improve its services, e.g., for technical optimization of the dispatch and presentation of the newsletter or for economic purposes to determine from which countries the recipients come. Brevo does not use the data of our newsletter recipients to write to them themselves or pass it on to third parties.

We trust Brevo’s reliability and IT and data security. We have also concluded a data processing agreement with Brevo, in which Brevo commits to protecting our users’ data, processing it according to its data protection regulations on our behalf, and not disclosing it to third parties. You can view Brevo’s data protection regulations here: https://www.brevo.com/de/legal/privacypolicy/.

Electronic Contact
If you want to contact us, contact information is available on our homepage, which you can use for electronic contact.

You can contact us via the provided email address. In this case, the personal data of the user transmitted with the email will be stored.

Your data will not be disclosed to third parties in this context and will be used exclusively for processing the communication.

The legal basis for processing and handling the contact request is usually Article 6(1)(b) GDPR.

Your data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For personal data from the contact form input mask and those sent by email, this is the case when the respective conversation with the user ends. The conversation ends when it can be inferred from the circumstances that the relevant matter has been conclusively clarified.

Content Delivery Networks (CDN)
This site uses content delivery networks to provide popular online libraries and web fonts. Access is made directly to the operators’ servers, where data such as the accessing IP address, referrer, browser information, etc., is collected.

The legal basis is our legitimate interests under Article 6(1)(f) GDPR to present our site in a user-friendly manner and optimize the user experience.

You can prevent data collection and processing by CDNs by disabling the execution of script code in your browser or installing a script blocker in your browser (e.g., under www.noscript.net).

Below is a list of the CDNs used:

Fonts
Based on our legitimate interests under Article 6(1)(f) GDPR, we include the font service “fonts.com” provided by Monotype GmbH, Werner-Reimers-Straße 2-4, 61352 Bad Homburg (www.fonts.com). The goal is to optimize and economically operate our homepage by loading a specific font from a “fonts.com” server. In doing so, your IP address may be transmitted to a “fonts.com” server and stored as part of the usual weblog. Further processing of this information is the responsibility of “fonts.com,” and corresponding data protection information can be found at https://www.monotype.com/legal/privacy-policy.

Social Media

Facebook
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy Policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

Instagram
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy Policy/Opt-Out: http://instagram.com/about/legal/privacy/.

Twitter
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy Policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/settings/account/personalization

LinkedIn
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Social Media Presence
We maintain fan pages within various social networks and platforms to communicate with customers, interested parties, and users and inform them about our services.

We point out that your personal data may be processed outside the European Union, which could pose risks for you (e.g., in enforcing your rights under European/German law).

User data is generally processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and interests, which can be used to display advertisements within and outside the platforms that presumably correspond to user interests. Cookies are typically stored on the users’ computers for these purposes, where usage behavior and user interests are stored. Data can also be stored in user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in).

The processing of personal data of users is based on our legitimate interests in effectively informing users and communicating with users under Article 6(1)(f) GDPR. If users are asked by the respective providers for consent to data processing (i.e., if they declare their consent, e.g., by checking a box or confirming a button), the legal basis for processing is Article 6(1)(a) GDPR.

Further information on the processing of your personal data and your opt-out options can be found in the links provided by each provider. You can also assert your rights to access and other rights of data subjects with the providers, as only they have direct access to the users’ data and relevant information. We are, of course, available for questions and will support you if you need help.

Embedding YouTube Videos
We have embedded YouTube videos on our online offer, stored on http://www.youtube.com, and playable directly from our website. These are all embedded in “extended data protection mode,” meaning that no data about you as a user is transmitted to YouTube if you do not play the videos. Data is only transmitted when you play the videos. We have no influence on this data transmission.

When visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data is directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for advertising, market research, and/or needs-based design of its website. Such evaluation is carried out (even for non-logged-in users) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact YouTube to exercise this right.

If we obtain your consent, the legal basis for using the plugin is your consent under Article 6(1)(a) GDPR. You can find information on how the respective social media providers process your data in their respective privacy policies. We are not responsible under the GDPR for the data processing of social media providers.

Further information on the purpose and scope of data collection and processing by YouTube can be found in the privacy policy. You will also find further information about your rights and settings options to protect your privacy: https://www.google.de/intl/de/policies/privacy

Opt-Out: https://support.google.com/ads/answer/10261289?hl=de&ref_topic=7048998

Vimeo Player
We have embedded Vimeo videos on our online offer, stored on https://vimeo.com/de/ and playable directly from our website. The provider is Vimeo, Inc., New York City, United States.

These are all embedded in “extended data protection mode,” meaning that no data about you as a user is transmitted to Vimeo if you do not play the videos. Data is only transmitted when you play the videos. We have no influence on this data transmission.

When visiting the website, Vimeo receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Vimeo provides a user account through which you are logged in or whether there is no user account. Vimeo stores your data as usage profiles and uses it for advertising, market research, and/or needs-based design of its website. Such evaluation is carried out (even for non-logged-in users) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact Vimeo to exercise this right.

If we obtain your consent, the legal basis for using the plugin is your consent under Article 6(1)(a) GDPR. You can find information on how the respective social media providers process your data in their respective privacy policies. We are not responsible under the GDPR for the data processing of social media providers.

Further information on the purpose and scope of data collection and processing by Vimeo can be found in the privacy policy. You will also find further information about your rights and settings options to protect your privacy: https://vimeo.com/privacy. Vimeo also processes your personal data in the USA.