Privacy Protection

We are very delighted that you have shown interest in our company. Data protection is of a particularly high priority for the management of the LASSO Ingenieurgesellschaft mbH. The use of our website is possible without any indication of personal data; however, if a person wants to use special  services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the person.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a person shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

Validity of the data protection statement

The continuous technological further development, changes to the legal situation and our services, as well as other reasons, may require adjustments of our data protection notice. We therefore reserve the right to change this data protection statement at any time and ask you to check the current status periodically. We will not inform you proactively. This data protection declaration shall apply to all of our websites and their sub-sites. These may contain cross-references (links) to third-party companies that this data protection declaration does not cover.

General information on our data protection

Unless presented differently in the following paragraphs, personal data shall generally not be collected, processed or used during use of our websites.

If you access our websites, our web servers will automatically record general information. This includes the type of web browser, the operating system used, the domain name of the internet service provider, the IP address of the computer used, the website from which you visit us, the pages that you visit on our site and the data and duration of your visit. We cannot use these data to identify an individual user. We will only statistically evaluate the information and use it only to improve appeal, contents and functions of our websites and to permanently ensure these.

Definitions

In this data protection declaration, we use, inter alia, the following terms:

1. Personal data

Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data subject

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

3. Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6. Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7. Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8. Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

10. Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11. Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
The term of personal data

Collection of general data and information

The website of the LASSO Ingenieurgesellschaft mbH collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be

- the browser types and versions used
- the operating system used by the accessing system
- the website from which an accessing system reaches our website
- the sub-websites
- the date and time of access to the Internet site
- an Internet protocol address (IP address)
- the Internet service provider of the accessing system
- any other similar data and information that may be used in the event of
  attacks on our information technology systems.

When using these general data and information, LASSO does not draw any conclusions about the data subject. Rather, this information is needed to

- deliver the content of our website correctly
- optimize the content of our website as well as its advertisement
- ensure the long-term viability of our information technology systems and
  website technology
 - provide law enforcement authorities with the information necessary for
   criminal prosecution in case of a cyber-attack.
  
Therefore, LASSO analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Cookies

The Website uses cookies. Cookies are text files that are stored in a computer system via an Internet Browser.

Many Websites and servers use cookies. A lot of cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet Browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

Through the use of cookies, LASSO can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and services on our website can be optimized with the user in mind. Cookies allow us to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user's computer system.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet Browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet Browser or other software programs. This is possible in all popular Internet Browsers. If the data subject deactivates the setting of cookies in the Internet Browser used, not all functions of our website may be entirely usable.

Rights of Data Subject

If personal data concerning you is processed, you are the data subject as defined in the GDPR, and have the following rights against the data controller:

1. Right to information
   You can ask the controller to provide you with confirmation as to whether or     not personal data concerning you is processed by us.
   If such processing is being undertaken, you can ask the controller to provide    you with information concerning the following:
   (1) The purposes for which the personal data is processed;
   (2) The personal data categories which are processed;
   (3) The recipients or categories of recipients to whom the personal data             concerning you has been or will be disclosed;
   (4) The planned storage duration of the personal data concerning you or, if          it is not possible to provide concrete information on this point,                criteria for defining the storage duration;
   (5) The existence of a right to correct or delete the personal data                  concerning you, a right to limit processing by the controller, or a right        to object to such processing;
   (6) The existence of a right to lodge a complaint with a supervisory                 authority;
   (7) All available information concerning the origin of the data, if the              personal data was not acquired from the data subject him or herself;
   (8) The existence of automated decision-making and profiling in accordance           with Art. 22 para. 1 and 4 of the GDPR and at least in these cases               meaningful information on the logic involved and the implications and            intended impact of such processing for the data subject.

   You have the right to request information on whether or not the personal         data concerning you is transmitted to a third country or international           organisation. In this context, you may ask for information on appropriate        guarantees in accordance with Art. 46 of the GDPR relating to the                transmission of data.

2. Right to correction
   You have a right to have the controller correct or complete any personal data    concerning you which, having been processed, is either incorrect or              incomplete. The data controller must carry out any corrections without undue     delay.

3. Right to restrict processing
   Subject to the following conditions, you can request that processing of the      personal data concerning you be restricted:
   (1) If you dispute the accuracy of the personal data concerning you for a            period which allows the controller to check the accuracy of the personal         data;
   (2) the processing is unlawful and you refuse deletion of the personal data,         instead requesting that use of the personal data be restricted;
   (3) the controller no longer needs the personal data for processing purposes,        but you need it in order to establish, exercise or defend legal claims,          or
   (4) if you have filed an objection to the processing of the data in                  accordance with Art. 21 para. 1 of the GDPR, and it is not yet clear             whether the legitimate reasons of the controller outweigh your reasons.

   If the processing of the personal data concerning you has been                   restricted, then, storage aside, this data may only be processed with your       consent, or to establish, exercise or defend legal claims, or to protect the     rights of another natural or legal person, or for reasons of substantial         public interest on the basis of Union or Member State law.
   If restriction of the processing has been restricted under the                   above-mentioned conditions, you will be informed by the controller before the    restriction is lifted.

4. Right to deletion
   a) Obligation to delete
      You can ask the controller to delete the personal data concerning you            without undue delay, and the controller is obliged to delete this data           without delay if one of the following reasons applies:
      (1) The personal data concerning you is no longer needed for the purposes            for which it was collected or otherwise processed.
      (2) You revoke your consent, which served as the basis for processing in             accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 point a of the           GDPR, and there is no other legal basis for the processing.
      (3) You file an objection to processing in accordance with Art. 21 para. 1           of the GDPR, and there are no overriding legitimate reasons for the              processing, or you file an objection to processing in accordance with            Art. 21 para. 2 of the GDPR.
      (4) The personal data concerning you has been unlawfully processed.
      (5) Deletion of the personal data concerning you is necessary in order to            ensure compliance with a legal obligation under Union or Member State            law to which the data controller is subject.
      (6) The personal data concerning you has been acquired in relation to the            offer of information society services in accordance with Art. 8 para.            1 of the GDPR.
     
   b) Information to third parties
      If the controller has made the personal data concerning you public, and is       obliged to delete such data in accordance with Art. 17 para. 1 of the            GDPR, then, taking into account the technologies available and                   implementation costs, he - the controller - applies appropriate measures,        which may also be of a technical nature, to inform the people responsible        for processing personal data that, as a data subject, you have requested         that they should delete all links to this personal data as well as all           copies or replications of this personal data.
     
   c) Exceptions
      The data subject does not have the right to have his or her data deleted         if processing is necessary
      (1) to exercise the rights to freedom of expression and freedom of                   information;
      (2) to comply with a legal obligation calling for processing on the basis            of Union or Member State law to which the controller is subject, or to           perform a task carried out in the public interest or in the exercise             of official authority vested in the controller;
      (3) for reasons of public interest in the field of public health in                  accordance with Art. 9 para. 2 points h and i and Art. 9 para. 3 of              the GDPR;
      (4) for archiving purposes in the public interest, scientific or                     historical research purposes or statistical purposes in accordance               with Art. 89 para. 1 of the GDPR, insofar as the right set out in                section a) is likely to render impossible or seriously impair the                achievement of the purposes of this processing, or
      (5) to establish, exercise or defend legal claims.

5. Right to information
   If you have exercised your right to have the controller correct, delete or       restrict the processing of your data, then the controller is obliged to          inform all recipients to whom the personal data concerning you has been          disclosed of such correction or deletion of the data or restriction of the       processing, unless it proves impossible to do so or would involve                unreasonable expense and effort.
   You are entitled to have the controller inform you of these recipients.

6. Right to data portability
   You have the right to receive the personal data concerning you with which you    have provided the controller in a structured, commonly used and                  machine-readable format. Further, you have the right to transmit this data to    another controller without hindrance from the controller to whom the personal    data was provided
   (1) the processing is based on consent in accordance with Art. 6 para. 1 p. 1        point a of the GDPR or Art. 9 para. 2 point a of GDPR or on a contract in        accordance with Art. 6 para. 1 p. 1 point b of the GDPR, and
   (2) the processing is carried out by automated means.
  
   In exercising this right, you also have the right to have the personal data      concerning you transmitted directly from one controller to another, where        technically feasible. This shall not adversely affect the rights and freedoms    of others.
   The right to data portability does not apply to processing of personal data      for the performance of a task carried out in the public interest or in the       exercise of official authority vested in the controller.

7. Right to object
   You have the right, on grounds relating to your particular situation, to         object at any time to the processing of personal data concerning you which is    based on Art. 6 para. 1 p. 1 point e or f of the GDPR; this also applies to      profiling based on these provisions.
   The controller will no longer process the personal data concerning you unless    the controller can demonstrate compelling legitimate grounds for the             processing which override your interests, rights and freedoms or the             processing serves to establish, exercise or defend legal claims.
   If personal data concerning you is processed for direct marketing purposes,      you have the right to object at any time to the processing of personal data      concerning you for such marketing purposes; this also applies to profiling,      insofar as it is related to such direct marketing.
   Should you object to processing for direct marketing purposes, the personal      data concerning you will no longer be processed for such purposes.
   In the context of the use of information society services notwithstanding        Directive 2002/58/EG you are entitled to exercise your right to object by        automated means using technical specifications.

8. Right to withdraw declaration of consent under data protection law
   You have the right to withdraw your declaration of consent to the processing     of personal data at any time. The withdrawal of consent shall not affect the     lawfulness of processing based on your consent before its withdrawal.

9. Automated individual decision-making, including profiling
   You have the right not to be subject to a decision based solely on automated     processing - including profiling - which produces legal effects that concern     you or significantly affects in a similar way. This does not apply if the        decision
   (1) is necessary for entering into or the performance of a contract between          you and the data controller,
   (2) is authorised by Union or Member State law to which the controller is            subject and which also lays down suitable measures to safeguard your             rights and freedoms and your legitimate interests, or
   (3) is made with your explicit consent.
  
   These decisions must not, however, be based on special categories of personal    data referred to in Art. 9 para. 1 of the GDPR, unless Art. 9 para. 2 point a    or g applies, and suitable measures have been undertaken to safeguard your       rights and freedoms and your legitimate interests.
   With regard to the cases described in points (1) and (3), data controller        will implement suitable measures to safeguard your rights and freedoms and       your legitimate interests, including at least the right to obtain human          intervention on the part of the controller, to express his or her point of       view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority
    Without prejudice to any other administrative or judicial remedy, you have       the right to lodge a complaint with a supervisory authority, in particular       in the Member State of your habitual residence, place of work or place of        the alleged infringement if you consider that the processing of personal         data concerning you infringes the GDPR.
    The supervisory authority with which the complaint has been lodged will          inform the complainant on the progress and the outcome of the complaint          including the possibility of a judicial remedy in accordance with Art. 78        of the GDPR.

Google Analytics

On our Website we use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.

Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Of course you may also visit our website without cookies. Most browsers accept cookies by default. You can block cookies from being saved on your hard drive by selecting the 'do not accept cookies' option in your browser settings. For specific instructions, please refer to the user's guide from your browser provider. You can also delete previously saved cookies from your computer at any time. If you do not accept any cookies, this may result in reduced functionality in our offers.

IP-Anonymization

Please note that on this website, Google Analytics code is supplemented by anonymizeIp(), to ensure an anonymized collection of IP addresses (so called IP-masking). In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA.

On behalf of the website provider Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google.

Browser Plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore you can prevent Google collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under tools.google.com/dlpage/gaoptout.

Further information concerning the terms and conditions of use and can be found at www.google.com/analytics/terms/gb.html. 

Google Maps

Our website is using map services provided by Google Maps via API, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Using the services of Google Maps, your IP address will be transmitted to and stored by Google on servers in the United States. The provider therefore has no influence at all on the scope of the data collected by Google. According to Google, no personal data is collected unless the user clicks the corresponding Button.

Further information concerning the terms and conditions of use and can be found at policies.google.com/privacy

Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require an email address, as well as information proving that you are the owner of the indicated email address and/or that its owner consents to receiving the newsletter. Other data will only be collected if volunteered. We will only use these data to send the requested information. We will not disclose them to third parties.

The data entered in the newsletter subscription form are processed exclusively based on your consent (Article 6(1)(a) GDPR). You may withdraw your consent for storage of the data and the email address and for their use to send newsletters at any time, such as by using the unsubscribe link in the newsletter. The legality of the data processing operations already completed shall remain unaffected by the withdrawal.

We will store the data received from you, in order to provide the newsletter, until you unsubscribe from the newsletter, and will delete them after you cancel the newsletter. This does not apply to data that we store for other purposes (such as email addresses for the membership area).

Legal framework

Data processing is based on your consent (Article 6.1. (a) GDPR). You may withdraw this consent at any time. The legality of the data processing operations already completed shall remain unaffected by the withdrawal.

Storage period

We will store the data received from you, in order to provide the newsletter, until you unsubscribe from the newsletter, and we will delete the data after you cancel the newsletter from our server. This does not apply to data that we store for other purposes (such as email addresses for the membership area).

Contact form

If you send us an inquiry through our contact form, we store your form entries, including the contact details you enter in the form, in order to process your inquiry and in case of follow-up questions. We will not disclose these data without your permission.

Thus, the data entered in the contact form are processed exclusively based on your consent (Article 6(1)(a) GDPR). You may withdraw this consent at any time. You can do so with a simple informal email to us. The legality of the data processing operations prior to withdrawal of consent shall remain unaffected by the withdrawal.

We will retain the data you entered on the contact form until you request their deletion or withdraw your consent for storage or until the purpose for their storage no longer applies (such as after completion of inquiry processing). Mandatory provisions of the law in particular the storage periods remain unaffected.

Cookies collect information about your use of the site, e.g. your connection speed, details of your operating system, time and duration of your visit or your IP address.

Accept