Data protection

Privacy Policy Elitist GmbH

1. Purpose and scope

This privacy policy provides information about the processing of personal data by Elitist GmbH (hereinafter referred to as the "Company") in accordance with the General Data Protection Regulation (GDPR) and the relevant national data protection laws.

It applies to:

a) Employees and applicants

b) Customers, clients, and business partners

c) Suppliers and subcontractors

d) Visitors to construction sites, business premises, and websites

2. Responsibility

The controller within the meaning of the GDPR is:

Elitist GmbH
Rahmannstraße 11
65760 Eschborn, Germany

Data protection officer:

…………………

3. Principles of data processing

The company only processes personal data to the extent necessary to provide a functional website and our content and services, in accordance with the following principles:

  • Lawfulness, transparency, and purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability
  • Personal data is any data that can be used to personally identify the user.

4. Categories of personal data

Depending on the business relationship, we process in particular:

a) General contact details

  • Name, address
  • Phone number, email address
  • Position, company

b) Contract and project data

  • Contract contents
  • Billing and payment data
  • Project and construction site documentation

c) Employee and applicant data

  • Qualifications and certificates
  • Working hours and assignment data
  • Health data (only to the extent required and permitted by law)

d) Construction site and safety data

  • Access data
  • Video recordings (if available)
  • Accident and safety reports

e) IT and usage data

Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The user's Internet service provider
  • The user's IP address
  • Date and time of access
  • Websites from which the user's system accesses our website
  • Websites accessed by the user's system via our website

Data is also stored in our system's lock files. This data is not stored together with other personal data of the user.

The legal basis for this can be found in Article 6(1)(b) of the GDPR.

f) Hosting

Our website is hosted by (name of hosting provider). The company ………………… automatically collects and stores information in so-called server log files, which the user's browser automatically transmits.

5. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Storage in lock files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

Processing is carried out in particular for the following purposes:

  • Contract execution and project management
  • Personnel management and payroll accounting
  • Occupational safety and construction site organization
  • Compliance with legal obligations (e.g., tax, labor, construction, and safety law)
  • Communication with customers, partners, and authorities
  • IT security and system operation
  • Company organization and quality assurance

6. Legal basis

Processing is carried out on the basis of

  • Article 6(1)(b) GDPR (performance of a contract)
  • Article 6(1)(c) GDPR (legal obligation)
  • Article 6(1)(f) GDPR (legitimate interest)
  • Article 6(1)(a) GDPR (consent, where required)
  • Article 9 GDPR (special categories of personal data, if applicable)

In detail:

a) Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis.

b) When processing personal data that is necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR is the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

c) Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

d) In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR is the legal basis.

e) If processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not override the former interest, Article 6(1)(f) GDPR is the legal basis for processing.

7. Use of cookies

a)
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

b) The following data is stored
and transmitted in the cookies:

  • Search behavior
  • Consent
  • Google Analytics

c)
We also use cookies on our website that enable us to analyze the user's surfing behavior. This allows the following data to be transmitted:

  • Search terms entered
  • Frequency of page views
  • Use of website functions

The user data collected in this way is pseudonymized by technical measures. Therefore, it is not possible to assign the data to the user who accessed the site. The data is not stored together with other personal data of the users.

When visiting our website, users are informed about the use of cookies for analysis purposes via an information banner and referred to this privacy policy.

d)
The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Article 6(1)(a) GDPR, provided that consent has been given.

e)
The purpose of using technically necessary cookies is to simplify the use of websites. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. Analysis cookies are used for the purpose of improving the quality of our website and its content. Analysis cookies tell us how the website is used, enabling us to continuously optimize our offering. These purposes also constitute our legitimate interest in the processing of personal data in accordance with Article 6(1)(f) GDPR.

f)
Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

g)
A cookie is a small data packet (text file) that your browser stores on your device on the instructions of a visited website in order to remember information about you, such as your language settings or login information. These cookies are set by us and are referred to as first-party cookies. We also use third-party cookies, which originate from a domain other than the website you are visiting. We use these cookies to support our advertising and marketing activities.

h)
There are strictly necessary cookies that are required for our website to function; these cannot be disabled in your systems. These cookies are usually only set in response to actions you take that correspond to a service request, such as setting your privacy preferences and filling out forms. You can set your browser to block these cookies or to notify you about them. However, some areas of the website will then not function. These cookies do not store any personal data.

i)
Cookies for marketing purposes may be set through our website by our advertising partners. They may be used by these companies to create a profile of your interests and show you relevant ads on other websites. They do not directly store personal data, but are based on a unique identifier for your browser and internet device. If you do not allow these cookies, you will see less targeted advertising, for example YouTube videos. These are integrated into our website. When loading or playing the videos, cookies may be set by YouTube/Google and data (e.g. IP address) may be transferred to Google. We then use cookies for advertising analysis, marketing purposes, and performance cookies, which are also operated by Google. These may transfer the collected data to another country, in particular the USA, which does not offer a level of data protection in accordance with the GDPR. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal recourse. Furthermore, it is expressly pointed out that Google may link this data to other data originating from you, such as search history, personal accounts, or usage data.

 

8. Disclosure of data

Data will only be disclosed if:

  • it is necessary for the fulfillment of the contract
  • there is a legal obligation
  • external service providers (processors) are involved
  • consent has been given

Recipients may include:

  • Tax advisors, lawyers
  • IT service providers
  • Insurance companies
  • Government agencies
  • Subcontractors and project partners

All processors have GDPR-compliant contracts.

9. Data transfer to third countries

Data will only be transferred to countries outside the EU if:

  • an adequacy decision has been made, or
  • there are appropriate safeguards (e.g., standard contractual clauses).

10. Google Analytics

We use the web analysis software Google Analytics to compile access statistics, analyze general usage behavior on the website, and optimize our web presence. The legal basis for this is Article 6(1)(f) GDPR. Google Analytics is integrated into our website. Cookies are set for this purpose, which are used, among other things, to recognize visitors, analyze user behavior, and measure reach. Depending on the configuration, processing may be carried out with IP anonymization. Data processing is carried out by Google, potentially also outside the EU.

11. Google Fonts (locally integrated)

The Google Fonts used are integrated locally on the server. There is no connection to Google servers and no personal data is transferred to third parties in this context.

12. Leaflet map

Leaflet is used for the map display. Leaflet itself does not set any cookies. If map tiles are loaded from external providers (e.g., OpenStreetMap or other tile servers), your IP address may be transferred to these providers when you call up the map.

13. Storage period

The personal data of the data subjects will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may take place if this is provided for by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject. The files will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

After expiry, the data will be deleted or anonymized.

14. Technical and organizational measures

The company implements appropriate measures, including:

  • Access restrictions
  • Encryption
  • Authorization concepts
  • Data backup
  • Employee training
  • Protection of construction site IT and mobile devices

15. Video surveillance (if applicable)

Video surveillance is carried out exclusively:

  • to protect property rights
  • for the safety of persons and property

The recordings are stored for a limited period of time and are not evaluated without authorization.

16. Rights of data subjects

Data subjects have the right to:

  • Information (Article 15 GDPR)
  • Rectification (Article 16 GDPR)
  • Erasure (Article 17 GDPR)
  • Restriction of processing (Article 18 GDPR)
  • Data portability (Article 20 GDPR)
  • Objection (Article 21 GDPR)
  • Withdrawal of consent

Corresponding requests should be addressed to the company's controller or data protection officer.

17. Right to lodge a complaint

Data subjects may lodge a complaint with a competent data protection supervisory authority.

18. Updating the privacy policy

This privacy policy will be updated in the event of legal or organizational changes.

Status: January 1, 2026

Matomo Webanalyse