Privacy policy in accordance with the General Data Protection Regulation (GDPR)
Privacy Policy | SSF Ingenieure AGStatus 25/03/2025 Who we areThe controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is: SSF Ingenieure AG Contacting the data protection officerThe controller’s data protection officer is: DataCo GmbH This page sets out how we process your personal data on the website. How we collect and use your personal data depends on how you interact with us or which services you use. We will only collect, use or share your personal data where we have a legitimate interest and a lawful basis for doing so. What do we mean by lawful basis?Consent (Art. 6[1][a] GDPR) – you have given your consent to the processing of your personal data for the specific purpose that we have explained to you. You have the right to withdraw your consent at any time. For more information on how you can withdraw your consent, please refer to the ‘Exercising your rights’ subsections in the following sections of this Privacy Policy. Contract (Art. 6[1][b] GDPR) – We need to use your data to fulfil a contract you have with us. We need to process your data for the performance of a contract that you have entered into with us. Alternatively, it is necessary to use your data because we have asked you whether we can do so or you have taken certain steps yourself prior to entering into this contract. Legal obligation (Art. 6[1][c] GDPR) – We have to use your data in order to comply with the law. Vital interests (Art. 6[1][d] GDPR) – The processing of your data is necessary to protect your vital interests or those of another person. For example, to protect you from serious physical harm. Public interest (Art. 6[1][e] GDPR) – The processing of your data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, such as for a statutory role. Legitimate interests (Art. 6[1][f] GDPR) – The processing of your data is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where these interests are overridden by your own interests. Please note that we may not be able to provide you with our website services if your data is to be processed for the purposes of fulfilling a contract or legal obligation and you do not provide the requested data. Data sharing and international transferAs explained in this Privacy Policy, we use various service providers to help us provide our services and ensure the security of your data. When we use these service providers, it is necessary for us to pass on your personal data to them. We have signed agreements with all service providers to whom we pass on your data, obliging them to protect your data. If your personal data is to be transferred outside of the EU, we will ensure that your personal data is given an equivalent level of protection, either through the country to which your data is being transferred having an ‘adequate’ standard of data protection as defined by the European Commission, or through adopting another safeguard, such as an enhanced contractual arrangement, i.e. the Standard Contractual Clauses (SCCs) adopted by the European Commission. For example, when we use US service providers, we rely on either the SCC or the EU-US Data Privacy Framework, depending on the provider. You can request a copy of the SCCs that we have agreed with our service providers by sending an e-mail to the e-mail address specified in this Privacy Policy. Your rightsWhenever your personal data is being processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller: Right of access (Art. 15 GDPR)You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed. Where that is the case, you are entitled to access this data and the following information:
Right to rectification (Art. 16 GDPR)If your personal data is inaccurate or incomplete, you have the right to request rectification or completion of the personal data without undue delay. Right to restriction of processing (Art. 18 GDPR)If one of the following conditions is satisfied, you will have the right to request that the processing of your personal data be restricted:
Right to erasure (‘right to be forgotten’) (Art. 17 GDPR)If one of the following grounds applies, you will have the right to request the erasure of your personal data without undue delay:
Please note that the above grounds shall not apply to the extent that processing is necessary:
Right to data portability (Art. 20 GDPR)You have the right to receive your personal data in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller. Right to object to certain data processing (Art. 21 GDPR)You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR. This includes profiling based on those provisions. If your personal data is being processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. Right to lodge a complaint with a supervisory authorityWithout prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR. You can view a list of the competent supervisory authorities in your area of Germany on the website of the Federal Commissioner for Data Protection at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html Provision of the website and creation of log filesDescription and scope of data processingEach time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
This data is stored in our system’s log files. This data is not stored in combination with other personal data of the user. Purpose of data processingTemporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session. Storage in log files is done to ensure the website’s functionality. We also use the data to optimise the website and to ensure the security of our information technology systems. In that respect, the data is not analysed for marketing purposes. Legal basis for data processingThe legal basis for the temporary storage of data and log files is Art. 6(1)(f) of the GDPR. Duration of storageThe data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this will be when the session concerned has ended. If the data is stored in log files, this will be no more than seven days later. Storage beyond this period is possible. In such cases, users’ IP addresses will be deleted or anonymised so that it is no longer possible to identify the accessing client. Exercising your rightsThe collection of data for the provision of the website and the storage of data in log files are absolutely necessary for the operation of the website. The user can object to this. Whether or not the objection will be successful must be determined as part of a balancing of interests. Use of cookiesDescription and scope of data processingWhen you visit our website, we use technical tools for various functions, in particular cookies, which can be stored on your device. When you access our website and at any time thereafter, you have the choice between giving blanket permission to cookies being placed or instead selecting additional functions individually. You can make changes in your browser settings or via our consent manager. Cookies are text files or information in a database stored on your hard drive and assigned to the browser you are using so that certain information can flow to the organisation placing the cookie. A description of the types of cookies that we use is provided below: We place technically necessary cookies that are required for the technical architecture of the website. Without these cookies, our website cannot be displayed (or cannot be displayed completely correctly) or the support functions will not be possible. The following data is stored and transmitted by the technically necessary cookies:
We use cookies on our website that are not technically necessary. Cookies regarded as technically unnecessary are text files that are not only used for the functionality of the website but also collect other data. The following data is processed through the placement of cookies that are not technically necessary:
Purpose of data processingThe purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be provided without the use of cookies. These functions need the browser to be recognised again even after a change of page. We require technically necessary cookies for the following forms of use:
Technically unnecessary cookies are used for the purpose of improving the quality of our website, its content and thus our reach and cost-effectiveness. Placing these cookies enables us to learn how the website is being used and thus to continuously optimise our provision. These cookies are used for the following purposes in particular: Technically unnecessary cookies are used for statistical purposes. Legal basis for data processingThe provisions of the Telecommunications Telemedia Data Protection Act (TTDSG) apply to the storage of information in the end user’s device and/or to access to information already stored in the end user’s device. If the placement and reading of cookies is technically necessary, these will be done to ensure the functionality of our website. In such cases, storage of and access to cookies on your device will be done on the basis of Section 25(2)(2) of the TTDSG. The purpose of storing and accessing the information on your device is to make it easier for you to use our website and to be able to offer you our services as you have requested. Some functions of our website would not work without the use of these cookies and hence could not be provided. The cookies are generally deleted after the end of the session (e.g. logging out or closing the browser) or after a specified period has elapsed. Information on different storage periods for cookies can be found in the following sections of this Privacy Policy. Insofar as technically unnecessary cookies are being used, this will be done on the basis of your express consent, which you can give via the cookie banner. In such cases, the basis for the storage of and access to information will be Section 25(1) of the TTDSG in conjunction with Art. 6(1)(a) and Art. 7 of the GDPR. You can withdraw your consent at any time with effect for the future or give your consent again at a later date by configuring your cookie settings accordingly. Alternatively, you can block the storage of cookies by adopting the appropriate settings in your browser software. In that regard, please note that the browser settings that you set will only apply to the browser you are using. If personal data is processed subsequent to the storage of and access to the information on your device, the provisions of the GDPR will apply. Information on this can be found in the following sections of this Privacy Policy. Exercising your rightsYou can withdraw your consent to the use of cookies at any time and manage your consent preferences under the ‘Consent’ tab at the bottom of the website. E-mail contactDescription and scope of data processingYou can contact us via the e-mail address provided on our website. In such cases, the user’s personal data transmitted with the e-mail will be stored. The data is used exclusively for the purposes of handling the communication. Purpose of data processingIn the case of e-mail communication, this also constitutes the necessary legitimate interest in the processing of the data. Legal basis for data processingThe legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1)(f) of the GDPR. Our legitimate interest is to provide the best possible response to your query which you have submitted by e-mail. If the purpose of the e-mail communication is to sign an agreement, the additional legal basis for the processing will be Art. 6(1)(b) of the GDPR. Duration of storageThe data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data sent by e-mail, this will be the case when the relevant communication with the user has ended. The communication will be deemed to have ended when it can be inferred from the circumstances that the matter in question has been clarified conclusively. Additional personal data collected during the sending process will be deleted after a maximum period of seven days. Exercising your rightsIf the user contacts us by e-mail, they can object to the storage of their personal data at any time. If this happens, it will not be possible to continue the communication. In that case, all personal data stored in the course of contacting us will be deleted. Job applications by e-mail and by application formAn application form which can be used for electronic job applications is available on our website. If an applicant avails himself or herself of this option, the data entered into the input screen will be transmitted to us and stored. This data will encompass:
Alternatively, you can also send us your application by e-mail. In you do so, we will collect your e-mail address and the data provided by you in the e-mail. After sending your application, we will e-mail you confirmation of receipt of your application documents. Your data will not be passed on to third parties. The data is used exclusively for the purposes of processing your application. Purpose of data processingWe process the personal data from the job application form solely for the purposes of processing your application. In the case of e-mail communication, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process is used to prevent misuse of the application form and to ensure the security of our information technology systems. Legal basis for data processingThe legal basis for the processing of your data is the initiation of a contract at the request of the data subject, Art. 6(1)(b) of the GDPR and Section 26(1)(1) of the Federal Data Protection Act (BDSG). Duration of storageAfter completion of the application process, the data will be stored for up to 2 months. Your data will be deleted after no more than 2 months. In the case of a legal obligation, the data will be stored in accordance with the applicable provisions. Additional personal data collected during the sending process will be deleted after a maximum period of seven days. Company pages on social network sitesInstagram:Instagram, Part of Meta Platforms Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland On our company page, we provide information and offer Instagram users the opportunity to communicate. If you perform an action on our Instagram page (e.g. comment, post, like, etc.), you may be making personal data (e.g. real name or profile picture) public. However, as we generally or for the most part have no influence on the processing of your personal data by Instagram, we are not in a position to make any binding statements on the purpose and scope of the processing of your data. We use our company presence in social networks to communicate and exchange information with customers or prospective customers. In particular, we use our company pages on such sites for: We use our company pages on such sites to showcase our projects, events, internal company events and job adverts. This enables us to inform interested parties about our company and provide an opportunity for reciprocal interaction. The content of the publications presented on the company’s pages could include:
In that regard, all users are free to publish personal data through activities. Insofar as we process your personal data in order to analyse your online behaviour, offer you competitions or run lead campaigns, this will be done on the basis of your express consent, Art. 6(1)(a), Art. 7 of the GDPR. The legal basis for the processing of personal data for the purposes of communicating with customers and interested parties is Art. 6(1)(f) of the GDPR. Our legitimate interest in that respect is to provide the best possible response to your query and to be able to provide the requested information. If the purpose of the communication aim is to sign an agreement, the additional legal basis for the processing will be Art. 6(1)(b) of the GDPR. The data generated by the company’s pages on such sites is not stored in our own systems. For the purposes of processing your personal data in third countries, we have provided appropriate guarantees in the form of standard data protection clauses in accordance with Art. 46(2)(c) of the GDPR. A copy of the standard data protection clauses can be requested from us. You can object to the processing of your personal data that we collect in the context of your use of our corporate pages on such sites at any time and assert your rights as a data subject as set out in the ‘Your rights’ section of this Privacy Policy. Please send us an informal e-mail to datenschutz@ssf-ing.de. You can find more information on the processing of your personal data by Instagram and the corresponding objection options here: Instagram: https://help.instagram.com/519522125107875 YouTube:YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, United States We provide information on our company page and offer YouTube users the opportunity to communicate with us. If you perform an action on our company’s YouTube channel (e.g. comment, post, like, etc.), you may be making personal data (e.g. real name or profile picture) public. However, as we generally or for the most part have no influence on the processing of your personal data by YouTube, we are not in a position to make any binding statements on the purpose and scope of the processing of your data. We use our company presence in social networks to communicate and exchange information with customers or prospective customers. In particular, we use our company pages on such sites for: The content of the publications presented on the company’s pages could include:
In that regard, all users are free to publish personal data through activities. Insofar as we process your personal data in order to analyse your online behaviour, offer you competitions or run lead campaigns, this will be done on the basis of your express consent, Art. 6(1)(a), Art. 7 of the GDPR. The legal basis for the processing of personal data for the purposes of communicating with customers and interested parties is Art. 6(1)(f) of the GDPR. Our legitimate interest in that respect is to provide the best possible response to your query and to be able to provide the requested information. If the purpose of the communication aim is to sign an agreement, the additional legal basis for the processing will be Art. 6(1)(b) of the GDPR. For the purposes of processing your personal data in third countries, we have provided appropriate guarantees in the form of standard data protection clauses in accordance with Art. 46(2)(c) of the GDPR. A copy of the standard data protection clauses can be requested from us. You can object to the processing of your personal data that we collect in the context of your use of our corporate pages on such sites at any time and assert your rights as a data subject as set out in the ‘Your rights’ section of this Privacy Policy. Please send us an informal e-mail to datenschutz@ssf-ing.de. You can find more information on the processing of your personal data by YouTube and the corresponding objection options here: YouTube: https://policies.google.com/privacy?gl=DE&hl=en Use of company pages in professional networksScope of data processingThe company’s page is used for job applications, information/PR and active sourcing. We have no information on the processing of your personal data by the companies that are jointly responsible for the company’s page. Further information can be found in the privacy policy of: We provide information on our website and offer users the opportunity to communicate with us. The company’s page is used for job applications, information/PR and active sourcing. We have no information on the processing of your personal data by the companies that are jointly responsible for the company’s page. Further information can be found in the privacy policy of: LinkedIn: https://www.linkedin.com/legal/privacy-policy XING: If you perform an action on our company’s page (e.g. comment, post, like, etc.), you may be making personal data (e.g. real name or profile picture) public. Legal basis for data processingThe legal basis for the processing of personal data for the purposes of communicating with customers and interested parties is Art. 6(1)(f) of the GDPR. Our legitimate interest in that respect is to provide the best possible response to your query and to be able to provide the requested information. If the purpose of the communication aim is to sign an agreement, the additional legal basis for the processing will be Art. 6(1)(b) of the GDPR. Purpose of data processingOur corporate page serves to inform users about our services. In that regard, all users are free to publish personal data through activities. Duration of storageThe data generated by the company’s pages on such sites is not stored in our own systems. Exercising your rightsYou can object to the processing of your personal data that we collect in the context of your use of our corporate pages on such sites at any time and assert your rights as a data subject as set out in the ‘Your rights’ section of this Privacy Policy. To do so, please send us an informal e-mail to the e-mail address specified in this Privacy Policy. Further information on exercising your rights can be found here: LinkedIn: https://www.linkedin.com/legal/privacy-policy XING: HostingThe website is hosted on the servers of a service provider enlisted by us. Our service provider is: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany Further information on the processing of personal data by Hetzner can be found at: https://www.hetzner.com/legal/privacy-policy The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored encompasses:
This data is not merged with other data sources. This data is collected on the basis of Art. 6(1)(f) of the GDPR. Our legitimate interest in processing this data is to display our website without errors and to optimise its functions. From a geographical perspective, the website server is located in Germany. Integrated third-party servicesWe use various service providers to provide the services that we offer on the website. In general, we have a legitimate interest in sharing your data with the relevant service providers if these services are essential for the provision of the basic service offered on the website in order to provide the relevant website service. If such services are required for additional services, advanced functionality or additional purposes, your personal data will only be passed on to service providers subject to your consent. You can withdraw your consent to the use of integrated third-party services at any time and manage your consent settings here: https://www.ssf-ing.de/ Use of Wordfence SecurityScope of the processing of personal dataOur online presence uses functions provided by Defiant Inc, 800 5th Ave, Suite 4100, Seattle, WA 98104, USA (hereinafter: Defiant). Wordfence Security secures our online presence and thus protects visitors to our online presence from viruses and malware. When you visit a page with a plug-in, a direct connection is established between your computer and the Defiant server. The plug-in uses cookies to ascertain whether the visitor is a human or a bot. This allows further personal data to be stored and analysed, primarily device and browser information (especially IP address and operating system). It is possible to analyse behaviour from notifications sent (e.g. how often a page is accessed). IP addresses are stored on the Wordfence servers for the purposes of protecting against brute force and DDoS attacks or comment spam. IP addresses classified as harmless are placed on a white list. Further information on Defiant’s data processing can be found here: https://www.wordfence.com/privacy-policy/ Purpose of data processingThe online presence uses the plug-in to protect against viruses and malware and to defend against attacks by computer criminals. Legal basis for the processing of personal dataIn general, the legal basis for the processing of users’ personal data is user consent in accordance with Art. 6(1)(a) of the GDPR. Duration of storageYour personal information will be stored for as long as is necessary to fulfil the purposes set out in this Privacy Policy or as required by law, e.g. for tax and accounting purposes. Exercising your rightsYou have the right to withdraw your consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal. You can prevent the collection and processing of your personal data by Wordfence Security by disabling the storage of third-party cookies on your computer using the ‘Do not track’ function of a supporting browser, deactivating the running of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser. Further information on objection and deletion options vis-à-vis Wordfence Security can be found at: https://www.wordfence.com/privacy-policy/ Use of YouTubeScope of the processing of personal dataWe use the YouTube plug-in operated by Google, YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA and its representative in the European Union Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google). We use the YouTube plug-in to embed videos from YouTube on our online presence. When you visit our online presence, your browser establishes a connection with the YouTube servers. This allows personal data to be stored and analysed, primarily the user’s activity (in particular which pages have been visited and which elements have been clicked on) as well as device and browser information (in particular IP address and operating system). Purpose of data processingThe use of the YouTube plug-in serves to improve user-friendliness and the aesthetic appeal of our online presence. Legal basis for the processing of personal dataIn general, the legal basis for the processing of users’ personal data is user consent in accordance with Art. 6(1)(a) of the GDPR. Duration of storageYour personal information will be stored for as long as is necessary to fulfil the purposes set out in this Privacy Policy or as required by law, e.g. for tax and accounting purposes. Exercising your rightsYou have the right to withdraw your consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal. Use of WPMLScope of the processing of personal dataWe use WPML from OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong (hereinafter: WPML). WPML is a multilingual plug-in for WordPress. We use WPML to display our online presence in different languages. When you visit our online presence, WPML stores a cookie on your device to save the language setting you have selected. This allows personal data to be stored and analysed, primarily the user’s activity (in particular which pages have been visited and which elements have been clicked on) as well as device and browser information (in particular IP address and operating system). Purpose of data processing of personal dataThe purpose of using WPML is to be able to display our online presence in multiple languages. Legal basis for the processing of personal dataThe legal basis for data processing is Art. 6(1)(f) of the GDPR. Our legitimate interest lies in addressing visitors to our online presence in their native language. Duration of storageWPML stores cookies on your device. Information on the storage duration of cookies can be found at: https://wpml.org/documentation/privacy-policy-and-DSGVO-compliance Exercising your rightsYou can prevent the collection and processing of your personal data by WPML by disabling the storage of third-party cookies on your computer using the ‘Do not track’ function of a supporting browser, deactivating the running of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser. Use of etrackerScope of the processing of personal dataWe use the etracker analysis service provided by etracker GmbH, Erste Brunnenstraße 1, 20459, Hamburg, Germany (hereinafter: etracker). In that respect, cookies are used to statistically analyse use of this website by visitors to it and to display usage-related content or advertising. This allows personal data to be stored and analysed, primarily the user’s activity (in particular which pages have been visited and which elements have been clicked on) as well as device and browser information (in particular IP address, login and device ID and operating system). etracker processes and stores the data generated in this way exclusively in Germany and is therefore subject to strict German and European data protection laws and standards. Purpose of data processingThe processing of users’ personal data by etracker enables us to analyse the surfing behaviour of our users. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our online presence and in that regard to increase user-friendliness as well. Legal basis for the processing of personal dataIn general, the legal basis for the processing of users’ personal data is user consent in accordance with Art. 6(1)(a) of the GDPR. Duration of storageYour personal information will be stored for as long as is necessary to fulfil the purposes set out in this Privacy Policy or as required by law, e.g. for tax and accounting purposes. Exercising your rightsYou have the right to withdraw your consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal. Use of Borlabs CookieScope of the processing of personal dataWe use functionalities of the cookie consent solution Borlabs Cookie from the provider Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereinafter: Borlabs). Borlabs enables us to obtain and manage user consent for data processing and to document it in a legally compliant manner. To this end, Borlabs places cookies on the user’s device. The following data is processed:
Further information on the processing of data by Borlabs can be found here: Purpose of data processingThe processing of personal data serves to ensure compliance with the legal obligations of the GDPR and the BDSG.
Legal basis for the processing of personal dataThe legal basis for the processing of users’ personal data is Art. 6(1)(f) of the GDPR. Our legitimate interest lies in the purposes cited under 2.
Duration of storageYour personal information will be stored for as long as is necessary to fulfil the purposes set out in this Privacy Policy or as required by law.
Objection and deletion optionYou can prevent the collection and processing of your personal data by Borlabs by disabling the storage of third-party cookies on your computer using the ‘Do not track’ function of a supporting browser, deactivating the running of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser. Further information on objection and deletion options vis-à-vis Borlabs can be found at: https://de.borlabs.io/datenschutz/
This Privacy Policy was created with the support of DataGuard . |