1.1 Data controller

1.2 Data protection coordinator

1.3 Joint data protection officer

1.4 Responsibilities of data controller, data protection coordinator and data protection officer

2.1 Types of processed personal data

- Basic user data (e.g. name, address, date of birth, place of birth)
- Contact details (e.g. e-mail, telephone numbers)
- Content data (e.g. text input, images, graphics)
- Contractual data (e.g. subject of contract, term, payment details)
- Usage data (e.g. websites visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP address)

2.2 Storage of personal data

We store the personal data you transfer to us such as name, e-mail address, address and other personal data with a time stamp and IP address and only use them for the relevant purpose. These data are stored securely and – apart from managed disclosure to processors – are not passed on to any third party. We therefore use your personal data for communication with those users who explicitly request contact and for supplying the services and products offered on our website. You may withdraw your consent to the storage of the personal data we receive from you at any time – it is sufficient to send an informal e-mail to the address indicated in the legal information and we will erase your data.

2.3 Processing of personal data

We process personal data that we receive from you in the context of a business relationship or with your consent to data processing. We also process data that we have legitimately received from publicly accessible sources such as the commercial register or which have been legitimately transferred to us by other companies. Furthermore, we process data (tracking data) that are result from your visit to our website. The collection of these data is automated and they generally come from your input or via cookies.

2.4 Categories of data subjects affected by data processing

- Customers/prospects/suppliers
- Visitors to and users of the website
- Employees, job applicants

2.5 Purposes of data processing

- Development of our online offering, its contents and functions
- Provision of contractual services, assistance and customer support
- Responding to enquiries and communication with users
- Marketing, advertising and market research
- Services for prospects
- Arranging meetings and visits
- Credit checks
- Conclusion and performance of purchase, rental and leasing agreements, and agreements for consulting, architectural services, project management, project development, design and property development
- Information from notaries and banks that is in the customer’s interest
- Acceptance and handover of residential or commercial units
- Invoicing
- Improving security and protecting against fraud and the misuse of personal data

2.6 Legal basis for data processing

Legislation specifies various legal bases for the processing of personal data. Legal basis of contractual obligation

- Contract initiation
- Contract performance
- Warranty
- Contractual obligations with regard to liability, information provision and accountability

We require personal data to initiate business relationships and meet contractual obligations. We have to use these data to be able to perform the tasks resting with us vis-à-vis our prospects and customers. Details of the contractual obligations may arise from the relevant agreement concluded with you. We are also obliged to store your data after the performance of agreements so that we are able to meet any claims for warranty, information and accountability that you may raise.

- Interest in the analysis, optimisation and commercial operation of our online offering
- Marketing and advertising for our services and products for members of our customer base
- Improving information security and data protection in general, preventing fraud, uncovering and preventing criminal threats and activities

We process personal data of users and customers for a legitimate interest. In accordance with the judgement of the State of California Department of Justice, we only assume this if the consideration of your constitutional right to data protection is guaranteed. https://oag.ca.gov/privacy/ccpa

- As a matter of principle, we obtain your consent prior to processing your personal data
- Consent is stored in a retrievable form to ensure substantiation
- We provide a consent banner when our website is first called prompting for a legal data protection declaration of consent to be given

- Information obligations
- Tax law obligations
- Obligations arising from social legislation

2.7 Your particular rights

Persons whose data we process enjoy particular rights that we are duty-bound to comply with.

You are entitled to request confirmation as to whether personal data are processed and to information about these data as well as to additional information and a copy of the data.

You are entitled to request that you be given the relevant data that you provided to us and to request their transmission to a different controller provided that the technical prerequisites for this exist.

You are entitled to request the completion of the data relating to you or the rectification of inaccurate data relating to you.

You can object to the future processing of personal data relating to you at any time. Objection can be made in particular to processing for the purposes of direct marketing.

You can withdraw your consent to the processing of your personal data by us at any time.

You are entitled to request that data relating to you be immediately erased or, as an alternative, that the processing of your data be restricted.

You are entitled to submit a complaint to the relevant supervisory authority.

2.8 Special areas of data protection

Below we provide information about data protection in the various communication and working areas of our company:

- Data protection and the use of our website – see section 3
- Data protection for e-mails and online communications – see section 4
- Data protection for internal data processing by employees – see section 5

3.1 Automatic data storage

When you visit our website, certain information is automatically generated and stored. Our webserver stores the following data in files (webserver logfiles):

4.1 E-mail communication

We guarantee you the confidentiality, integrity and availability of the personal data in e-mail communication. Confidentiality Enforcement of confidentiality through access restrictions and encryption in our computer networks. We use established software in e-mail communication. Integrity We ensure the accuracy of data processing through the use of powerful data processing systems. As a result, there is no possibility of your personal data being manipulated. Availability The systems we use for data processing are – from a technical perspective – available and operational at all times. Only authorised employees are permitted to process your personal data.

4.2 Online communication / e-mail marketing

We make great efforts to maintain contact with you, our customers and prospects. This is why we send you e-mails with information and invitations to our events. Our mailing lists contain persons who had explicitly consented to receiving marketing e-mails prior to 25 May 2018 – the date the GDPR came into force. We may continue to send them news provided they maintain their consent. We may assume in their case that legitimate interests exist for future communication by e-mail. We will only send such messages to persons included in our mailing lists after the GDPR came into force if we have received explicit consent to do so. Furthermore, our customers and prospects have the possibility to object to future communication at any time, for example by sending an e-mail. Our marketing e-mails include an unsubscribe link that you only need to click on: “I do not wish to receive any further information”. If you click on the link, we will delete your contact details and all other e-mail marketing data, and you will receive no further e-mails.

4.3 Newsletter

We send out the newsletter in particular in direct marketing by e-mail. We store the subscription data you send us for this purpose and only use it for newsletter communication. If we had sent you the newsletter prior to 25 May 2018 – the date the GDPR came into force – we may justifiably assume that you consent to continuing to receive the newsletter in future. We store your consent to receiving our newsletter for subscriptions after 25 May 2018 so that we able to prove your consent to receiving it. You can find a corresponding template for the subscription and consent to newsletter information on our website. You can subscribe to the BiLumix(3DDEX, LLC) newsletter without obligation. We herewith explicitly confirm that your data will not be disclosed to any third party and will only be used to personalise the newsletter intended for you. Futhermore You can unsubscribe from this service at any time, for example by clicking on the link included at the end of our newsletter e-mail: “I do not wish to receive any further information”. We will then delete your data from the list of newsletter recipients and no longer send you the newsletter.

5.1 Formal obligation of our employees

Our employees have signed declarations of commitment explicitly undertaking to observe our customers’ data secrecy, confidentiality and data protection.

5.2 Applications

Our HR management adheres strictly to data protection regulations with regard to applications. An applicant’s personal data may only be processed where this is required in connection with a decision regarding the recruitment process.