Privacy

huber staudt architekten bda Gesellschaft von Architekten mbH

  1. Subject of this Privacy Policy
    The protection of your personal data (hereinafter referred to as “data”) is a major and very important concern for us. Below, we would therefore like to inform you in detail about which data is collected by us and how it is subsequently processed or used by us, as well as about the accompanying protective measures we have taken in technical and organizational terms.
  2. Name and Contact Details of the Controller / Service Provider
    The controller within the meaning of Art. 4 No. 7 GDPR and other national data protection laws of the Member States, as well as other data protection regulations, and at the same time the service provider within the meaning of the Digital Services Act (DDG), is:
    Christian Huber
    huber staudt architekten bda Gesellschaft von Architekten mbH
    Keithstraße 2–4, 10787 Berlin, Germany
    Telephone: +49 30 880010-80
    Fax: +49 30 880010-99
    Email: info(at)huberstaudtarchitekten.de
  3. Contact Details of the Data Protection Officer
    You can reach our data protection officer at info(at)huberstaudtarchitekten.de
    or at our postal address with the addition “Attn: Data Protection Officer”.
  4. Purposes and Legal Basis for the Processing of Your Data and Storage Period
    All personal data that we collect from you will only be collected, processed, and used for the stated purpose. In doing so, we observe that this is carried out only within the framework of the applicable legal provisions or otherwise only with your consent. The scope and nature of the processing of your data differ depending on whether you visit our website merely to retrieve information or whether you make use of services offered by us:
    a) Use of the Website
    For purely informational use of our website, we collect and use only those data that your internet browser automatically transmits to us. This information is temporarily stored in a so-called log file. The following information is collected automatically without your intervention and stored until automated deletion:
    • Date and time of access to one of our web pages
    • Your browser type
    • Browser settings
    • Operating system used
    • The last page you visited
    • The amount of data transferred and the access status (file transferred, file not found, etc.), and
    • Your IP address.
    We collect and process these data for the purpose of enabling the use of the web pages you access and improving our online offering. Furthermore, we process the data for purposes of ensuring system security and stability, including defense against and analysis of attacks on our websites, as well as for other administrative purposes. The IP address is stored for a period of 10 weeks and only for the purposes stated above; thereafter the data are deleted or stored only in anonymized form, unless a security-relevant event occurs (e.g. a DDoS attack). In the event of a security-relevant incident, server log files are stored until the incident has been remedied and fully clarified. Any statistical analysis is carried out only in anonymized form. These data are not merged with other data sources.
    The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR. Our legitimate interest arises from the purposes listed above
    b) Use of Services / Use of Data to Fulfill Tasks
    If you wish to use services offered by us, it is necessary for you to provide us with the personal data required for this purpose. These are the data necessary for processing and handling your inquiry. You may optionally provide additional information; such information is marked accordingly as optional. The processing of your data is carried out for the purpose of handling your inquiry and providing the services you have requested.
    The legal basis for data processing is Art. 6(1)(b) GDPR insofar as it concerns the initiation and, if applicable, execution of a contract. Otherwise, the legal basis is Art. 6(1)(f) GDPR; our legitimate interest lies in responding to and handling your inquiry, for which the stored data are necessary.
    Your data are generally deleted as soon as they are no longer required to achieve the purpose for which they were collected, i.e. once your inquiry has been processed or the requested service has been fully provided. Beyond this, data are stored only insofar as this is necessary to comply with legal obligations, in particular statutory retention obligations (e.g. under tax law such as § 147 of the German Fiscal Code (AO)) pursuant to Art. 6(1)(c) GDPR, or for the assertion, exercise, and defense of possible legal claims in connection with our services within the applicable limitation periods (e.g. §§ 195 et seq. German Civil Code (BGB)), or if you have given us your consent pursuant to Art. 6(1)(a), Art. 7 GDPR.
  5. Recipients of the Data
    For the purposes stated above, your data may be passed on to service providers who support us and whom we have, of course, carefully selected and obliged to comply with data protection law. These may include, in particular, technical service providers or shipping service providers (e.g. letter shops).
    Otherwise, your data will only be disclosed to other third parties if (1) this is necessary to fulfill a legal obligation pursuant to Art. 6(1)(c) GDPR, (2) we have obtained your explicit consent pursuant to Art. 6(1)(a) GDPR (e.g. transmission to providers of communication, tracking, and web analytics tools that process the data on our behalf for the purpose of user analysis and statistical evaluation), (3) the disclosure is necessary to safeguard our legitimate interests or the legitimate interests of a third party and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data, or (4) the disclosure is legally permissible and necessary for the performance of contractual relationships with you.
  6. Data Security
    We have taken technical and organizational security measures to protect personal data generated or collected on our websites, in particular against accidental or intentional manipulation, loss, destruction, or attacks by unauthorized persons. Our security measures are continuously improved in line with technological developments.
    Where we provide you with online forms and services through which you can send us personal data, these forms are protected against access by third parties through the use of TLS encryption. Depending on the service, you may also be required to provide certain information for identification or to prevent misuse:
    For identification when transmitting data, the entry of a user-defined identifier or other suitable authentication may be required. The data are protected against access by third parties via SFTP or HTTPS, provided that the user uses the transmission methods recommended by us.
  7. Rights of Data Subjects
    Under the applicable laws, you have various rights in connection with the processing of your personal data. If you wish to exercise these rights, please send your request by email or by post, clearly identifying yourself, to the email or postal address specified in section 2 of this privacy policy. Below is an overview of your rights:
    a) Right of Access
    You have the right at any time to obtain confirmation from us as to whether personal data concerning you are being processed. If this is the case, you have the right to obtain information about the personal data stored about you and the information listed in Art. 15(1) and (2) GDPR in connection with the processing of your data. Under the conditions of Art. 15(3) GDPR, you have the right to request a copy of your personal data. The first copy is provided free of charge; a reasonable fee may be charged for additional copies. The provision of a copy is subject to the rights and freedoms of other persons pursuant to Art. 15(4) GDPR. In addition, the restrictions of your right of access pursuant to § 34 of the German Federal Data Protection Act (BDSG) must be observed.
    b) Right to Rectification
    Pursuant to Art. 16 GDPR, you may request the immediate rectification of inaccurate personal data or the completion of your personal data stored by us.
    c) Right to Erasure (“Right to Be Forgotten”)
    Under the conditions of Art. 17 GDPR, you have the right to request that personal data concerning you be erased without undue delay. In particular, you have a right to erasure pursuant to Art. 17(1) GDPR if:
    • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
    • you withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) GDPR and there is no other legal basis for the processing,
    • you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object pursuant to Art. 21(2) GDPR to processing for direct marketing purposes,
    • your personal data have been processed unlawfully.
    The right to erasure is subject to certain restrictions pursuant to Art. 17(3) GDPR and § 35 BDSG. Accordingly, the right to erasure does not apply, among other things, where processing is necessary for the assertion, exercise, or defense of legal claims or for compliance with a legal obligation under Union or Member State law to which the controller is subject.
    d) Right to Restriction of Processing
    Under the conditions of Art. 18(1) GDPR, you have the right to request the restriction of processing. If the processing of personal data concerning you has been restricted, such data may—apart from their storage—only be processed with your consent or for the assertion, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
    e) Right to Data Portability
    Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us. When exercising your right to data portability, you also have the right to request that we transmit your personal data directly to another controller, insofar as this is technically feasible. The right to data portability is subject to the restrictions of Art. 20(3) and (4) GDPR.
    f) Withdrawal of Consent
    Pursuant to Art. 7(3) GDPR, you are entitled to withdraw any consent you have given to us at any time. This also applies to data protection consents granted to us before the GDPR came into force. The withdrawal means that we may no longer continue the data processing based on this consent in the future. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of the consent prior to its withdrawal.
    g) Right to Object
    You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is based on Art. 6(1)(e) or (f) GDPR. We will then no longer process these data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims (Art. 21 GDPR).
    If your personal data are processed by us for purposes of direct marketing, you have the unrestricted right to object at any time to the processing of personal data concerning you for such purposes; this also applies to profiling insofar as it is related to such direct marketing. Profiling means the use of personal data to analyze or predict certain personal aspects (e.g. interests).
  8. Right to Lodge a Complaint with a Supervisory Authority
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you by us violates the GDPR (Art. 77 GDPR). You may exercise this right with a supervisory authority in the Member State of your habitual residence, place of work, or the place of the alleged infringement. The contact details of the supervisory authorities in Germany can be found at:
    https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
    Please note that for architectural firms, the “supervisory authorities for the non-public sector” are responsible.
  9. Amendments to This Privacy Policy
    This privacy policy is currently valid. Due to the further development of our website and offerings or due to changes in legal or official requirements, it may become necessary to amend this privacy policy. The current version of the privacy policy can be accessed and printed by you at any time here.

Status: December 2025