GRAFT
Gesellschaft von Architekten mbH
Heidestraße 50
10557 Berlin

Lars Krückeberg, Architekt
Wolfram Putz, Architekt
Thomas Willemeit, Architekt

Phone: +49 (0)30 30645103-0
Fax: +49 (0)30 30645103-34
E-Mail: berlin@graftlab.com

Registration in the commercial register.
Register court: Amtsgericht Charlottenburg
Registration number: HRB 92453 B

Tax-ID according to §27 a Added Tax Act: DE237362038
Job title: Freelancing architects
Responsible association: Architektenkammer Berlin
Awarded by: Berlin
The following professional regulations apply: Berliner Architekten- und Baukammergesetz (ABKG)

Name and location of the insurer:
VHV Allgemeine Versicherung AG
Constantinstraße 90
30177 Hannover, Germany
Scope of insurance: worldwide

Lars Krückeberg, Wolfram Putz, Thomas Willemeit
GRAFT Gesellschaft von Architekten mbH
Heidestraße 50
10557 Berlin, Germany

According to § 5 TMG

GRAFT
Gesellschaft von Architekten mbH
Heidestraße 50
10557 Berlin

Represented by

Lars Krückeberg, Architekt
Wolfram Putz, Architekt
Thomas Willemeit, Architekt

Contact

Phone: +49 (0)30 30645103-0
Fax: +49 (0)30 30645103-34
E-Mail: berlin@graftlab.com

Incorporation

Registration in the commercial register.
Register court: Amtsgericht Charlottenburg
Registration number: HRB 92453 B

Tax-ID

Tax-ID according to §27 a Added Tax Act: DE237362038
Job title: Freelancing architects
Responsible association: Architektenkammer Berlin
Awarded by: Berlin
The following professional regulations apply: Berliner Architekten- und Baukammergesetz (ABKG)

Informations relating to the duty

Name and location of the insurer:
VHV Allgemeine Versicherung AG
Constantinstraße 90
30177 Hannover, Germany
Scope of insurance: worldwide

Responsible for the contents to § 55 paragraph 2 RSTV

Lars Krückeberg, Wolfram Putz, Thomas Willemeit
GRAFT Gesellschaft von Architekten mbH
Heidestraße 50
10557 Berlin, Germany

As a service provider, we are responsible for our own content on these pages according to the general laws according to § 7 Abs.1 TMG. According to §§ 8 to 10 TMG, however, we as service providers are not obliged to monitor transmitted or stored third-party information or to search for circumstances which indicate an illegal activity.

Obligations to remove or block the use of information according to general laws remain unaffected. Liability in this respect, however, is only possible from the time of knowledge of a specific infringement. If we become acquainted with such infringements, we will promptly make these contents available remove.

Our offer contains links to external websites of third parties on whose content we have no influence. Therefore, we can not assume any liability for these third-party content. The respective provider or operator of the pages is always responsible for the contents of the linked pages. The linked pages were checked for possible legal violations at the time of linking. Illegal contents were not recognizable at the time of linking.

A permanent control of the content of the linked pages is, however, without concrete evidence of an infringement is unreasonable. We will remove such links immediately if we become aware of any legal infringements.

The European Commission offers a platform for online dispute settlement. GRAFT GmbH is neither prepared nor obliged to participate in dispute resolution proceedings before consumer protection authorities.

The content and works created by the site operators on these pages are subject to German copyright law. The copying, processing, distribution and any kind of exploitation outside the limits of copyright require the written consent of the respective author or creator. Downloads and copies of this site are only permitted for private, non-commercial use.

If the content on this site is not created by the operator, the copyrights of third parties are respected. Photographs, videos and visualizations on this page are from Tobias Hein / Hiepler Brunier / Kevin Fuchs / DONE Studio – Ulf Saupe / Ricky Ridecos / Jan Bitter / Kevin Scott / Fang Zhen Ning / Jeff Granberry / Airteam, Thomas Gorski, Marc Heinzelmann / CD Deutsche Eigenheim / Robert Sprang / L2 Studio / LOSH Mr. Mitsutaka Yokota / Golf Tattler: Lai Xuzhu / Oak Taylor Smith / Zumtobel / Kanera / Trockland / Studio Hamm / ip design / SOLARKIOSK / Georg Schaumberger / Platoon.org / Michael Moser / Stefan Müller-Naumann / BBTR GmbH / Pablo Castagnola /

Studio Es, Visual Communication
studio-es.at

Development Max Schmitt
maxschmitt.me

Liability for content

As a service provider, we are responsible for our own content on these pages according to the general laws according to § 7 Abs.1 TMG. According to §§ 8 to 10 TMG, however, we as service providers are not obliged to monitor transmitted or stored third-party information or to search for circumstances which indicate an illegal activity.

Obligations to remove or block the use of information according to general laws remain unaffected. Liability in this respect, however, is only possible from the time of knowledge of a specific infringement. If we become acquainted with such infringements, we will promptly make these contents available remove.

Liability for links

Our offer contains links to external websites of third parties on whose content we have no influence. Therefore, we can not assume any liability for these third-party content. The respective provider or operator of the pages is always responsible for the contents of the linked pages. The linked pages were checked for possible legal violations at the time of linking. Illegal contents were not recognizable at the time of linking.

A permanent control of the content of the linked pages is, however, without concrete evidence of an infringement is unreasonable. We will remove such links immediately if we become aware of any legal infringements.

Online disposal and consumership

The European Commission offers a platform for online dispute settlement. GRAFT GmbH is neither prepared nor obliged to participate in dispute resolution proceedings before consumer protection authorities.

Copyright

The content and works created by the site operators on these pages are subject to German copyright law. The copying, processing, distribution and any kind of exploitation outside the limits of copyright require the written consent of the respective author or creator. Downloads and copies of this site are only permitted for private, non-commercial use.

If the content on this site is not created by the operator, the copyrights of third parties are respected. Photographs, videos and visualizations on this page are from Tobias Hein / Hiepler Brunier / Kevin Fuchs / DONE Studio – Ulf Saupe / Ricky Ridecos / Jan Bitter / Kevin Scott / Fang Zhen Ning / Jeff Granberry / Airteam, Thomas Gorski, Marc Heinzelmann / CD Deutsche Eigenheim / Robert Sprang / L2 Studio / LOSH Mr. Mitsutaka Yokota / Golf Tattler: Lai Xuzhu / Oak Taylor Smith / Zumtobel / Kanera / Trockland / Studio Hamm / ip design / SOLARKIOSK / Georg Schaumberger / Platoon.org / Michael Moser / Stefan Müller-Naumann / BBTR GmbH / Pablo Castagnola /

DESIGNCONCEPT AND CODING

Studio Es, Visual Communication
studio-es.at

Development Max Schmitt
maxschmitt.me

Data Policy

As the operator of these pages, GRAFT takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

GRAFT Gesellschaft von Architekten mbH
Heidestr. 50
10557 Berlin
T: +49 (0)30 30645103-0
E: berlin@graftlab.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

The data protection declaration of GRAFT Gesellschaft von Architekten mbH is based on the terms used by the European Directive and Ordinance when issuing the Data Protection Regulation (DS-GVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms, among others, in this data protection declaration:

Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Controller or person responsible for processing
The controller or data processor is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

Processor
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.

Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

Third Party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

Consent
Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

Right of access
The data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed; if this is the case, he or she has a right of access to such personal data and to the following information:
- the purposes of processing;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- the existence of a right to obtain the rectification or erasure of personal data concerning him or her or to obtain the restriction of processing by the controller, or of a
- Right to object to such processing;
- The existence of a right of appeal to a supervisory authority;
- if the personal data are not collected from the data subject, any available information on the origin of the data;
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) and, at least in such cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 in connection with the transfer.

[1]The controller shall provide a copy of the personal data that are the subject of the processing. [2]For any further copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. [3]If the data subject makes the request electronically, the information shall be provided in a commonly used electronic format, unless otherwise specified by the data subject.

The right to receive a copy under paragraph 3 shall not affect the rights and freedoms of other persons.

Right to rectification
The data subject has the right to obtain from the controller the rectification without undue delay of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to request that incomplete personal data be completed, including by means of a supplementary declaration.

Right to erasure ("right to be forgotten").
Every data subject has the right to demand from the controller that personal data concerning him or her be erased without undue delay. The controller is obliged to erase personal data without undue delay if one of the following reasons applies:
The personal data were collected or otherwise processed for purposes for which they are no longer necessary. The data subject withdraws his or her consent on which the processing was based pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO and there is no other legal basis for the processing. The data subject objects to the processing pursuant to Article 21(1) DSGVO and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) DSGVO. The personal data have been processed unlawfully. The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject. The personal data has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR. If the controller has made the personal data public and is obliged to erase it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that a data subject has requested that they erase all links to or copies or replications of that personal data.

Right to restriction of processing
The data subject shall have the right to obtain from the controller the restriction of processing where one of the following conditions is met:
- the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data,
- the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the establishment, exercise or defense of legal claims; or
- the data subject has objected to the processing pursuant to Article 21(1) of the GDPR, as long as it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.

Right to data portability
The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format, and shall have the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and that the processing is carried out using automated means.

When exercising his or her right to data portability pursuant to paragraph 1 of the GDPR, the data subject shall have the right to obtain that the personal data be transferred directly from one controller to another controller where technically feasible.

The exercise of the right is without prejudice to Article 17 of the GDPR. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right to data portability shall not affect the rights and freedoms of other persons.

Right to object
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f) of the DSGVO, including to any profiling based on those provisions.

The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes. The data subject must be expressly informed of the right referred to in Article 21(1) and (2) of the GDPR at the latest at the time of the first communication with him or her; this information must be provided in a comprehensible form that is separate from other information.

In the context of the use of information society services, notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by means of automated procedures using technical specifications.

The data subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

Automated decisions in individual cases (including profiling).
The data subject shall have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning him or her or similarly significantly affects him or her. This does not apply if the decision
(a) is necessary for the conclusion or performance of a contract between the data subject and the controller,
(b) is permitted by Union or Member State law to which the data controller is subject and that law contains suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject; or
(c) is carried out with the express consent of the data subject.

In cases (a) and (c), the controller shall take reasonable steps to safeguard the data subject's rights and freedoms and legitimate interests, which include at least the right to obtain the data subject's involvement on the part of the controller, to express his or her point of view and to contest the decision. Decisions shall not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as the legitimate interests of the data subject.

Right of withdrawal for consent under data protection law
The data subject has the right to withdraw consent to the processing of personal data at any time. If the data subject wishes to exercise his or her right to withdraw consent, he or she may do so by contacting the controller. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

Right of appeal to the competent supervisory authority
In the event of violations of data protection law, the person concerned has a right of appeal to the competent supervisory authority. The competent supervisory authority in matters of data protection law is the state data protection commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found here.

Legal basis of processing
Art. 6 I lit. a DS-GVO serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, Sentence 2 DS-GVO).

Legitimate interests in the processing pursued by the controller or a third party.

If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.

Duration for which the personal data are stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the performance of the contract or the initiation of the contract.

Legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision.

We inform you that the provision of personal data is sometimes required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of the personal data is required by law or by contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

Objection to advertising mails
The use of contact data published within the framework of the imprint obligation for the transmission of advertising and information material not expressly requested is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

We have appointed a data protection officer for our company.
Justin Loebe
Society Solutions GmbH
Widdersdorfer Straße 190
50825 Cologne, Germany
Tel: +49 (0) 221 33 77 590
Mail:datenschutz@graftlab.com

4. DATA COLLECTION ON OUR WEBSITE

Who is responsible for data collection on this website?
The data processing on this website is carried out by GRAFT Gesellschaft von Architekten mbH. You can find our contact details in the imprint of this website.

What do we use your data for?
Part of the data is collected to ensure error-free provision of the website, to protect us against cyber attacks or to be able to track them if necessary, or to obtain statistical information about visitors to our website.

Cookies
This website partly uses so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for the analysis of your surfing behavior) are stored, these are treated separately in this privacy policy.

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- browser type and browser version
- operating system used
- location (country, region, city)
- screen resolution
- device
- time of visit
- IP address (anonymized)
- Web pages and sub-websites visited
- Duration of visit
- Number of visits (returning visitors)

Other similar data and information used to avert danger in the event of cyber attacks on our systems.

This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. f DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

Contact possibility via the website
Due to legal requirements, this website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address).

If you, as a data subject, contact the controller by e-mail, the personal data transmitted by you will be stored automatically. This personal data transmitted on a voluntary basis by you as a data subject will be stored for the purpose of processing or contacting you.

The processing of transmitted data is thus based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you provide will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

Data protection during applications and the application process
This website collects and processes the personal data of applicants for the purpose of handling the application process. The processing may also take place electronically. This is particularly the case if an applicant sends corresponding application documents to the controller by electronic means, for example by e-mail.

If an employment contract is concluded between GRAFT Gesellschaft von Architekten mbH and the applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

If no employment contract is concluded between GRAFT Gesellschaft von Architekten mbH and the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of GRAFT Gesellschaft von Architekten mbH oppose deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Simple Analytics
To get critical information about the behavior of our visitors, we use Simple Analytics. This analytics software gives us insight about our visitors only in general, but not about individuals by itself, as it does not track visitors and does not store any personal identifiable information. Go to their documentation to find out what Simple Analytics collects (and most importantly what they don’t).

6. CHANGES TO OUR PRIVACY POLICY

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

Note on the responsible body

GRAFT Gesellschaft von Architekten mbH
Heidestr. 50
10557 Berlin
T: +49 (0)30 30645103-0
E: berlin@graftlab.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

1. Definition

The data protection declaration of GRAFT Gesellschaft von Architekten mbH is based on the terms used by the European Directive and Ordinance when issuing the Data Protection Regulation (DS-GVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms, among others, in this data protection declaration:

Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Controller or person responsible for processing
The controller or data processor is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

Processor
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.

Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

Third Party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

Consent
Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

 
 
2. General notes and mandatory information

Right of access
The data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed; if this is the case, he or she has a right of access to such personal data and to the following information:
- the purposes of processing;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- the existence of a right to obtain the rectification or erasure of personal data concerning him or her or to obtain the restriction of processing by the controller, or of a
- Right to object to such processing;
- The existence of a right of appeal to a supervisory authority;
- if the personal data are not collected from the data subject, any available information on the origin of the data;
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) and, at least in such cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 in connection with the transfer.

[1]The controller shall provide a copy of the personal data that are the subject of the processing. [2]For any further copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. [3]If the data subject makes the request electronically, the information shall be provided in a commonly used electronic format, unless otherwise specified by the data subject.

The right to receive a copy under paragraph 3 shall not affect the rights and freedoms of other persons.

Right to rectification
The data subject has the right to obtain from the controller the rectification without undue delay of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to request that incomplete personal data be completed, including by means of a supplementary declaration.

Right to erasure ("right to be forgotten").
Every data subject has the right to demand from the controller that personal data concerning him or her be erased without undue delay. The controller is obliged to erase personal data without undue delay if one of the following reasons applies:
The personal data were collected or otherwise processed for purposes for which they are no longer necessary. The data subject withdraws his or her consent on which the processing was based pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO and there is no other legal basis for the processing. The data subject objects to the processing pursuant to Article 21(1) DSGVO and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) DSGVO. The personal data have been processed unlawfully. The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject. The personal data has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR. If the controller has made the personal data public and is obliged to erase it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that a data subject has requested that they erase all links to or copies or replications of that personal data.

Right to restriction of processing
The data subject shall have the right to obtain from the controller the restriction of processing where one of the following conditions is met:
- the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data,
- the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the establishment, exercise or defense of legal claims; or
- the data subject has objected to the processing pursuant to Article 21(1) of the GDPR, as long as it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.

Right to data portability
The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format, and shall have the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and that the processing is carried out using automated means.

When exercising his or her right to data portability pursuant to paragraph 1 of the GDPR, the data subject shall have the right to obtain that the personal data be transferred directly from one controller to another controller where technically feasible.

The exercise of the right is without prejudice to Article 17 of the GDPR. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right to data portability shall not affect the rights and freedoms of other persons.

Right to object
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f) of the DSGVO, including to any profiling based on those provisions.

The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes. The data subject must be expressly informed of the right referred to in Article 21(1) and (2) of the GDPR at the latest at the time of the first communication with him or her; this information must be provided in a comprehensible form that is separate from other information.

In the context of the use of information society services, notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by means of automated procedures using technical specifications.

The data subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

Automated decisions in individual cases (including profiling).
The data subject shall have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning him or her or similarly significantly affects him or her. This does not apply if the decision
(a) is necessary for the conclusion or performance of a contract between the data subject and the controller,
(b) is permitted by Union or Member State law to which the data controller is subject and that law contains suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject; or
(c) is carried out with the express consent of the data subject.

In cases (a) and (c), the controller shall take reasonable steps to safeguard the data subject's rights and freedoms and legitimate interests, which include at least the right to obtain the data subject's involvement on the part of the controller, to express his or her point of view and to contest the decision. Decisions shall not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as the legitimate interests of the data subject.

Right of withdrawal for consent under data protection law
The data subject has the right to withdraw consent to the processing of personal data at any time. If the data subject wishes to exercise his or her right to withdraw consent, he or she may do so by contacting the controller. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

Right of appeal to the competent supervisory authority
In the event of violations of data protection law, the person concerned has a right of appeal to the competent supervisory authority. The competent supervisory authority in matters of data protection law is the state data protection commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found here.

Legal basis of processing
Art. 6 I lit. a DS-GVO serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, Sentence 2 DS-GVO).

Legitimate interests in the processing pursued by the controller or a third party.

If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.

Duration for which the personal data are stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the performance of the contract or the initiation of the contract.

Legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision.

We inform you that the provision of personal data is sometimes required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of the personal data is required by law or by contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

Objection to advertising mails
The use of contact data published within the framework of the imprint obligation for the transmission of advertising and information material not expressly requested is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

3. Data Protection Officer

We have appointed a data protection officer for our company.
Justin Loebe
Society Solutions GmbH
Widdersdorfer Straße 190
50825 Cologne, Germany
Tel: +49 (0) 221 33 77 590
Mail:datenschutz@graftlab.com

4. DATA COLLECTION ON OUR WEBSITE

Who is responsible for data collection on this website?
The data processing on this website is carried out by GRAFT Gesellschaft von Architekten mbH. You can find our contact details in the imprint of this website.

What do we use your data for?
Part of the data is collected to ensure error-free provision of the website, to protect us against cyber attacks or to be able to track them if necessary, or to obtain statistical information about visitors to our website.

Cookies
This website partly uses so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for the analysis of your surfing behavior) are stored, these are treated separately in this privacy policy.

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- browser type and browser version
- operating system used
- location (country, region, city)
- screen resolution
- device
- time of visit
- IP address (anonymized)
- Web pages and sub-websites visited
- Duration of visit
- Number of visits (returning visitors)

Other similar data and information used to avert danger in the event of cyber attacks on our systems.

This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. f DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

Contact possibility via the website
Due to legal requirements, this website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address).

If you, as a data subject, contact the controller by e-mail, the personal data transmitted by you will be stored automatically. This personal data transmitted on a voluntary basis by you as a data subject will be stored for the purpose of processing or contacting you.

The processing of transmitted data is thus based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you provide will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

Data protection during applications and the application process
This website collects and processes the personal data of applicants for the purpose of handling the application process. The processing may also take place electronically. This is particularly the case if an applicant sends corresponding application documents to the controller by electronic means, for example by e-mail.

If an employment contract is concluded between GRAFT Gesellschaft von Architekten mbH and the applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

If no employment contract is concluded between GRAFT Gesellschaft von Architekten mbH and the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of GRAFT Gesellschaft von Architekten mbH oppose deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

5. Analysis Tool

Simple Analytics
To get critical information about the behavior of our visitors, we use Simple Analytics. This analytics software gives us insight about our visitors only in general, but not about individuals by itself, as it does not track visitors and does not store any personal identifiable information. Go to their documentation to find out what Simple Analytics collects (and most importantly what they don’t).

6. CHANGES TO OUR PRIVACY POLICY

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

Newsletter