Data Protection Statement

Use of cookies

Our website uses cookies and other technologies to improve your web experience and to help us understand how guests use our website.

Check cookie settings.

Data Protection Statement
1. Subject of this Data Protection Statement

We appreciate your interest in our website and our offers on this website.

The protection of your personal data (hereinafter referred to as “data”) is a very important concern for us. Below, we would like to inform you in detail about the data collected during your visit to our website, the use of our offers there, and how these are processed by us. Additionally, we would like to inform you about your rights and the technical and organisational protective measures we have taken concerning the processing of your data.

2. Name and address of the data controller and service provider

The party responsible in the sense of the General Data Protection Regulation (GDPR) and at the same time service provider within the meaning of the German Telemedia Act (TMG) is the thinkproject Deutschland GmbH, Mühldorfstraße 8, 81671 München, Germany (below also referred to in short as “thinkproject” or “we”).

If you have any questions or comments about this privacy statement or general data protection, please contact the data protection contact persons at thinkproject. They are:

thinkproject Deutschland GmbH and tp Holding GmbH
Name: Peter Mezger, Data Protection Officer (DPO)
Name: Andreas Blücher, Data Protection Manager
Address: Mühldorfstraße 8, 81671 München, Germany
Phone: +49 89 930839 300
Email: [email protected]; [email protected]

3. Collection and use of your data

The extent, nature of the collection and use of your data differs depending on whether you visit our website only to retrieve information or whether you use offers on our website that require the disclosure of additional data about you, e.g. when ordering the newsletter, registering a user account or using a contact form:

a. Informational use

For the purely informative use of our website, you are generally not required to provide personal data.

Rather, in this case, we only collect and use your data that your internet browser automatically transmits to us, such as:

  • Date and time of retrieval of one of our websites
  • Your browser type
  • The browser settings
  • The operating system used
  • The page you visited last
  • The amount of data transferred and the access status (file transfer, file not found etc.) as well as
  • your IP address

We process this data during an informational visit exclusively in non-personal form. This is done to enable the use of the websites you have accessed and to check whether our web pages are displayed to you in the best possible way. The processing is carried out on the legal basis of Art. 6 para. 1 f) GDPR and in our interest in order to be able to display our website as reliably and as trouble-free as possible to you.

We store the IP address only for the duration of your visit; a personal evaluation does not take place and there are only statistical evaluations of the website usage as described below in this data protection statement. We store the remaining data resulting from the informational use for a period of 3 years, provided that there is no deletion order from you.

b. Use of the contact form

If you decide to contact us via our contact form, we collect the following data from you:

  • Title
  • Name
  • Email address
  • Phone (optional)
  • Company
  • Country
  • Your message

We use this information to respond to your request via email and, if necessary, over the phone. In addition, we can use your information to personally tailor our response to you and provide you with specific information for your business.

Insofar as your inquiry relates to an existing contractual relationship with you or you are interested in concluding a contract, the data processing takes place on the legal basis of Art. 6 para. 1 b) GDPR (execution of contract).

Otherwise, the processing of data will be done on the legal basis of Art. 6 para. 1 f) of the GDPR (balance of interests) and in our interest in order to be able to answer your request with the information that is relevant to you.

We save the data collected via the contact form and the communication to answer your request for 3 years, provided there is no deletion order from you.

c. Registration of a user account

If you would like to register an account on our website for our platform thinkproject, we will process the following data from you:

  • Gender (optional)
  • First name (optional)
  • Surname
  • Title (optional)
  • Communication language
  • User name
  • E-mail address
  • Mobile number (optional)
  • Telephone number (optional)
  • Company name
  • Address (optional)
  • Postcode (optional)
  • City (optional)
  • Country (optional)

We use the mandatory information to process your request for a new user account and create the account. We will use the optional information for statistical purposes or to get in contact with you personally.

The data obtained when registering a user account is held until the user de-registers (via the thinkproject platform) or gives us a deletion order.

The processing takes place on the legal basis of Art. 6 para. 1 p. 1 b) GDPR for the fulfilment of the user relationship via the user account. Without specifying the mandatory data, the opening of a user account is not possible.

4. Consent to receive news/newsletters

a. Signing up for the newsletter

When you subscribe to our newsletter, we will periodically email you information on construction and engineering trends and tips on topics such as digitalisation, collaboration, BIM, and more.

When you register for the newsletter, we collect the following data:

  • Title
  • First name (optional)
  • Last name
  • Company
  • Country
  • Email address
  • Phone (optional)

To register for our email newsletter as a website visitor, we only need your email address to which the newsletter is to be sent in addition to your data protection consent. Any further information is voluntary and will be used to address you personally and to be able to design the content of the newsletter based on the country and individually for your company. You can give us your phone number in case you want to be contacted by us personally.

Processing is carried out on the legal basis of Art. 6 para. 1 a) GDPR in conjunction with your consent to the receipt of the newsletter.

We save and use the information collected when you sign up for the newsletter until you unsubscribe from the newsletter. If the email address given by you is not available for a long time, we will delete your data without explicit deregistration.

b. Registration confirmation and verification of your email address

For security reasons, we use the double opt-in procedure for the registration for our email newsletter: After you have registered for our newsletter, you will receive an activation email at your specified email address. Only when you have confirmed your registration by clicking on a link contained there will you receive the desired email newsletter. This is to ensure that only you as the owner of the specified email address can subscribe to the newsletter. If you did not confirm your registration after receiving the activation email, you will not receive any email newsletters from us.

c. Unsubscribing from the newsletter

If you no longer wish to receive email newsletters from us, you can unsubscribe from our newsletter at any time by clicking on the unsubscribe link at the end of each newsletter email.

5. Use of cookies

a. Which cookies do we use?

We use cookie technology for our website. Cookies are small text files that are sent from our web server to your browser as part of your visit to our website and are held there on your computer, tablet computer or smartphone for later retrieval.

On our websites we use the following cookies:

[cookieConsent] Function: This cookie stores your decision about tracking cookies from Google Analytics and Marketo (see below). It contains your decision (yes/no) and will be stored for two years. The cookie is a first-party cookie, which is controlled from our website.

[NID and SID] Function: These cookies are to select advertising based on what’s relevant to you; to improve reporting on campaign performance; and to avoid showing you ads that you have already seen. Cookies like NID and SID are used to help customize ads on Google properties, like Google Search. They can be used to remember your most recent searches, your previous interactions with our ads or search results, and your visits to our website. This helps us to show you customized ads on Google.

[IDE and ANID] Function: These cookies are for advertising we serve across the web. One of the main advertising cookies on non-Google sites is named ‘IDE‘ and is stored in browsers under the domain doubleclick.net. Another is stored in google.com and is called ANID.

[__gads and __gac] Function: Sometimes advertising cookies may be set on the domain of the site you’re visiting. In the case of advertising we serve across the web, cookies (e.g., cookies named ‘__gads’ or ‘__gac’) may be set on the domain of the site you’re visiting. Unlike cookies that are set on Google’s own domains, these cookies can’t be read by Google when you’re on a site other than the one on which they were set. They serve purposes such as measuring interactions with the ads on that domain and preventing the same ads from being shown to you too many times.

[__gcl] Function: This cookie helps us determine how many times people who click on our ads end up taking an action on our site. These cookies allow Google and the us to determine that you clicked the ad and later visited our site. Conversion cookies are not used by Google for personalized ad targeting and persist for a limited time only. Some of our other cookies may be used to measure conversion events as well. For example, Google Analytics cookies may also be used for this purpose.

[AID, TAID and DSID] Function: These cookies are used to link your activity across devices if you’ve previously signed in to your Google Account on another device. We do this to coordinate the ads you see across devices and measure conversion events. These cookies may be set on the domains google.com/ads, google.com/ads/measurement, or googleadservices.com. If you don’t want the ads you see to be coordinated across your devices, you can opt out of Ads Personalization using Ads Settings.

Cookie use for Google Analytics (see below in detail):

[__utma] Function: This cookie is part of Google Analytics and is used for the statistical evaluation of user behaviour on our websites. This cookie is used to determine how many times a person has visited our website. It typically contains individual identification numbers and is stored for two years. The cookie is a first-party cookie, which is controlled from our website.
[__utmb] Function: This cookie is part of Google Analytics and is used for the statistical evaluation of user behaviour on our websites. This cookie records new website views and visits. It typically contains a number and is stored for 30 minutes. The cookie is a first-party cookie, which is controlled from our website.
[__utmc] Function: This cookie is part of Google Analytics and is used for the statistical evaluation of user behaviour on our websites. This cookie records new website views and visits. It typically contains a number and is saved until the end of the session. The cookie is a first-party cookie, which is controlled from our website.
[__utmt] Function: This cookie is part of Google Analytics and is used for the statistical evaluation of user behaviour on our websites. This cookie controls the query rate of website usage. It typically contains a number and is stored for 10 minutes. The cookie is a first-party cookie, which is controlled from our website.
[__utmz] Function: This cookie is part of Google Analytics and is used for the statistical evaluation of user behaviour on our websites. The cookie contains information on how you got to our website. The cookie is a first-party cookie, which is controlled from our website.
[_gat] Function: This cookie is part of Google Analytics and is used for the statistical evaluation of user behaviour on our websites. This cookie controls the query rate of website usage. It typically contains a number and is stored for 10 minutes. The cookie is a first-party cookie, which is controlled from our website.
[_tpcollect] Function: This cookie is part of Google Analytics and is used for the statistical evaluation of user behaviour on our websites. It contains an individual Google Analytics identification number and is stored for 2 years. The cookie is a first-party cookie, which is controlled from our website
[_tpcollect_gid] Function: This cookie is part of Google Analytics and is used for the statistical evaluation of user behaviour on our websites. It contains an individual Google Analytics identification number and is stored for 24 hours. The cookie is a first-party cookie, which is controlled from our website

Cookie use for Marketo (see below in detail):

[_mkto_trk] Function: This cookie is part of Marketo (see below) and is used to track lead information about visited websites and clicked links on websites. This information is deleted after 730 days at the latest. The cookie is a first-party cookie, which is controlled from our website.
Additional cookies can be set by third-party providers via their plugins. Information about these cookies can be found at the respective sub-item of this data protection statement and in the privacy statements of the respective third-party providers linked there.

b. Disabling cookies

Via our cookie policy you can decide on your own whether you accept the usage of cookies for Google Analytics and Marketo on our websites. If you select no, cookies from Google Analytics and Marketo will be deactivated. Your decision will be stored in a functional cookie for 2 years. You can change your decision anytime in our cookie policy.

In your browser you may also disable cookies altogether, restrict them to certain websites, or configure your browser to automatically notify you when a cookie is about to be placed and ask for your feedback. You can block or delete individual cookies. For technical reasons however, this may result in some features of our website being impaired and no longer functioning completely.

6. Use of Google Analytics

It is important to us to make our websites as optimal as possible and to make them attractive to our visitors. For this it is necessary for us to know how the different parts of it resonate with our visitors.

This website uses Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”). Google Analytics also uses cookies, text files that are stored on your computer and enable us to analyse how you use the website. The information generated by the cookie about your use of this website is usually sent to a Google server in the US and stored there. IP anonymisation has been activated on our website so that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and be shortened there. On our behalf, Google will use this information to evaluate your use of the site, to compile reports about website activity and to provide the website operator with other services regarding to the use of this website and the internet.

The IP address transmitted from your browser as part of Google Analytics is not associated with any other data held by Google.

We only process your data via Google Analytics if you accepted the setting of the Google Analytics cookies in our cookie policy before. You can change your settings in the cookie policy at any time and therefore prevent a future tracking.

You can also prevent the storage of cookies by selecting the appropriate settings on your browser software; please note however, that in this case not all the features of this website will be fully usable.

You can also prevent the capture of the data related to your use of the website generated by the cookie (including their IP address) on Google and the processing of this data by Google by downloading and installing the browser plugin available at this link: tools.google.com/dlpage/gaoptout

Google’s privacy policy can be found here: policies.google.com/technologies/partner-sites

The current state of Google certification under the EU-US Privacy Shield Agreement can be found here: https://www.privacyshield.gov/… processing of your data is done on the legal basis of Art. 6 para. 1 f) of the GDPR (balance of interests) if you accepted the processing of your data via Google Analytics within our cookie policy.

You have the right to revoke the permission given to us at any time with effect for the future.

Your Google Analytics data will be deleted after 26 months at the latest.

7. Marketo

thinkproject uses a marketing automation tool (“Marketo”) provided by Marketo Inc. (901 Mariners Island Blvd. Suite 500, San Mateo, CA 94404, USA). Marketo uses cookies to track usage of websites and services provided by thinkproject. This is mainly done to provide information tailored to your interests. You can suppress the use of these cookies (see also “Use of Cookies”). We point out, however, that in this case you may not be able to use all functions to the full extent and that an information dispatch that requires the provision of personal data (e.g. name and email address) via a web form may no longer be possible.

Marketo has an EU-US Privacy Shield certification. The EU-US Privacy Shield Agreement is a privacy agreement designed to ensure that data transfers to certified US companies are adequately protected. The EU Commission has determined the appropriateness of the guaranteed data protection level according to the EU-US Privacy Shield Agreement by a decision dated 12.07.2016 (case C (2016) 4176).

You can read the decision of the European Commission here: http://eur-lex.europa.eu/legal… current state of Marketo certification under the EU-US Privacy Shield Agreement can be found here: https://www.privacyshield.gov/… more information on the purpose and extent of the collection and processing by Marketo, please refer to Marketo’s privacy policy: https://documents.marketo.com/legal/privacy/. There you will also find further information about your rights in this regard.

The processing of your data is done on the legal basis of Art. 6 para. 1 f) of the GDPR (balance of interests) if you accepted the processing of your data via Marketo within our cookie policy.

You have the right to revoke the permission given to us at any time with effect for the future.

Your Marketo data will be deleted at your request, but at the latest after 3 years.

8. Mapbox

Our website uses Mapbox Tiles for presenting interactive maps on subpages on our website. Mapbox Tiles API is a map service from Mapbox Inc. (Mapbox). Through the use of Mapbox Tiles API, information pertaining to the use of this website, including your IP address, may be transmitted to Mapbox in the USA.
When you access a site containing Mapbox Tiles maps, your browser establishes a direct connection to the Mapbox servers. The map content will be transmitted by Mapbox directly to your browser and then integrated into the website. As such, we have no influence on the scope or type of data collected by Mapbox.
If you do not wish for Mapbox to gather, process or use data about you via our website, you can deactivate JavaScript in your browser’s settings. However, should you do so you will not be able to use the map function.

Further information concerning the purpose and scope of the data collection, in addition to the further processing and use of the data by Mapbox, as well as your relevant rights and the configuration options for the protection of your private sphere can be gleaned from the Mapbox privacy notice at https://www.mapbox.com/privacy/. There it states that, among other data, the IP address of the visitor, the address of the site visited, the date, time and pages accessed will be stored. Mapbox states that this information will be used exclusively for diagnosis and analysis for the purposes of optimising the service provided. Mapbox will not hand over your personal data to third parties.

In addition, you have the option of disabling cookies from Mapbox by disabling third party cookies in your browser settings.

9. YouTube

Our website uses plugins from YouTube (belonging to Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). If you open our website with the plugin, this will establish a direct connection between your browser and YouTube’s servers. Hereby, the information that you have accessed our website will be transmitted to YouTube. If you are logged in to your YouTube account, your visit to our website, together with your interactions in conjunction with the plugin (e.g. clicking on the YouTube button) can be stored by YouTube and attributed to your YouTube account. Even if you do not have a YouTube account, the possibility that your IP address is saved by YouTube cannot be ruled out. Please be aware of YouTube’s data protection guidelines in this regard: https://policies.google.com/privacy.
To prevent YouTube from gathering data during your visit to our website, log out of YouTube before your visiting our website. To prevent general access by YouTube to your data via websites, you can block YouTube plugins via an add-on for your browser (e.g. https://www.youtube.com/user/disconnecters).

10. MyFonts Web Fonts

For uniform representation of fonts, this page uses web fonts provided by MyFonts. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

This website uses the MyFonts Counter, a web analytics service provided by MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA. Due to the license terms, a page view tracking is performed by counting the number of visits to this website for statistical purposes and transmitting them to MyFonts. MyFonts collects anonymous data.

The use of MyFonts Web Fonts is in the interest of a uniform and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If your browser does not support web fonts, a default font will be used by your computer.

The passing on of the data takes place by the activation of Java Script code in the browser of the user. In order to prevent the execution of Java script code from MyFonts as a whole, the user can install a Java Script Blocker (eg www.noscript.net).

Further information on data protection and the cookies used can be found on the Internet at: http://www.myfonts.com/info/terms-and-conditions/#Privacy.

11. WPML

WPML uses cookies to identify the visitor’s current language, the last visited language and the language of users who have logged in. While you use the plugin, WPML will share data regarding the site through Installer. No data from the user itself will be shared.

WPML String Translation will send all strings to WPML’s Advanced Translation Editor and to the translation services which are used.

Further information on data protection and the cookies used can be found on the Internet at: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/.

12. Google Tag Manager

Our website uses the Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin D04 E5W5, Ireland. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. Google does, however, receive your IP address, which is required to run the Google Tag Manager.

Further information on data protection and the cookies used can be found on the Internet at: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

13. Content Delivery Networks

This internet site uses Content Delivery Networks (CDNs) to improve the performance of content provision (§ 6 (1) S. 1 lit. f GDPR forms the legal basis for this). CDNs enable common JavaScript libraries and font types to be loaded more quickly as the files used are transferred from quick, local or underutilized servers. Among other things, the IP address of the user is transmitted to the CDN service provider.

You can prevent the collection and processing of your data by CDN providers by deactivating the script code in your browser or installing a script blocker in your browser (you can find these e.g. under www.noscript.net or www.ghostery.com).

We use the following CDN providers on our website:

Cloudflare (https://www.cloudflare.com, provider: CloudFlare Inc., 101 Townsend St, 94107 San Francisco):

Cloudflare operates servers in the EU but it cannot be excluded that servers outside the EU – in particular in the USA – are also used. Cloudflare is certified under the EU/USA and Switzerland/USA Privacy Shield Frameworks designed by the US Department of Commerce to manage the collection, use and storage of personal data transmitted from the EEA or Switzerland into the United States. Further information about the Privacy Shields between the EU and the USA and between Switzerland and the USA can be found on the Privacy Shield website of the US Department of Commerce at: https://www.privacyshield.gov/welcome.

Further information about data protection at Cloudflare can be found at: https://www.cloudflare.com/privacypolicy/.

14. Applicant portal

We process personal data that we receive from you via the applicant portal or when you contact us or send us an application by post or email. We only process data that relates to your application. This may include general data concerning you (name, address, contact details, etc.), information about your professional qualifications and school education, information about professional training and, if applicable, other data that you send to us in connection with your application, as well as special categories of personal data based on Article 9 (1) GDPR.

Within our company, we only share your personal data with areas and persons who need this data to meet contractual and legal obligations or for our legitimate interests.

We may transmit your personal data to companies affiliated with us, as far as this is permissible within the scope of the purposes and legal bases set out in point 3 of this data protection information sheet. Your personal data will be processed on our behalf based on data processing agreements in accordance with Article 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. In this case, the categories of recipients are internet service providers and providers of applicant management systems and software.

Otherwise, data will only be shared with recipients outside the company insofar as legal provisions allow or require this, sharing is necessary to meet legal obligations or we have your consent to do so.

If your application results in the conclusion of an employment contract, we will process the data you have sent to us in your personnel file for the purpose of standard organisational and administrative processes in line with the relevant legal regulations.

If your job application is rejected, the data you have sent to us will be automatically erased two months after you have been notified of the rejection or six months after the position has been filled. This does not apply if longer storage is required because of legitimate interests (e.g. the burden of proof under the General Equal Treatment Act [Allgemeines Gleichbehandlungsgesetz]).

15. Involvement of service providers and data transfer to third parties

For the provision of this website and for the above purposes, if necessary, your data will be forwarded to our supporting technical service providers (e.g. website hosting and support, newsletter shipping), whom we have of course carefully selected and commissioned in writing.

These service providers are bound by our instructions and are regularly monitored by us.

The transfer of your data to other third parties otherwise only takes place to the extent that this data protection statement is explicitly pointed out or we are legally obliged to do so.

16. Your rights

You have the right to request confirmation from thinkproject as to whether personal data concerning you is being processed; If this is the case, you have a right to information about this personal data and the information listed in Article 15 GDPR.

You have the right to promptly request that thinkproject correct incorrect personal data concerning you and, if necessary, complete incomplete personal data (Art. 16 GDPR).

You have the right to demand from thinkproject that personal data relating to you be deleted immediately, provided that one of the reasons detailed in Art. 17 GDPR is met, e.g. if the data is no longer needed for the purposes pursued (right to deletion).

You have the right to demand from thinkproject the restriction of the processing if one of the conditions listed in Art. 18 GDPR is given, e.g. if you have objected to the processing, for the duration of the examination by us.

You have the right, at any time, to object to thinkproject about the processing of your personal data for reasons arising from your particular situation. thinkproject then no longer processes the personal data, unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims (Article 21 GDPR).

You have the right to revoke your consent to us at any time with effect for the future (right of revocation).

You have the right to receive the data that you have provided thinkproject within a structured, standard and machine-readable format. You may also transmit this data to other sources, or have it transmitted by us (right to data portability).

Please contact the above-mentioned contact person for data protection in order to exercise your rights (Item 2).

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR (Article 77 GDPR). In Bavaria, the competent supervisory authority: Bavarian State Office for Data Protection Supervision, PO Box 606, 91511 Ansbach, www.lda.bayern.de.

17. Data security

We also use technical and organisational security measures to protect personal data arising or collected, in particular against accidental or intentional manipulation, loss, destruction or against attack by unauthorised persons. Our security measures are continuously improved in line with technological developments.

When you use our website, your personal data is encrypted using SSL/TLS technology to prevent access by unauthorised third parties.

May 2019

thinkproject Deutschland GmbH

Right of revocation:

You have the right, at any time, to object to thinkproject about the processing of your personal data for reasons arising from your particular situation. thinkproject then no longer processes the personal data, unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims (Article 21 GDPR).

May 2019

thinkproject Deutschland GmbH