Get Started

We take the protection of your personal data very seriously. In this Privacy Policy, we inform you in accordance with the requirements of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-new) about the type, scope, and purpose of the processing of personal data by our company.

This Privacy Policy also applies to our website and our social media profiles. For definitions of terms such as “personal data” or “processing”, please refer to Article 4 GDPR.

1. Name and Contact Details of the Data Controller

Herzog Bau GmbH
Fuchsengarten 1a
91054 Erlangen
Fax: +49 (0)9131 / 6823-10
Email: info@herzog-bau.gmbh

2. Data Protection Officer

Herzog Bau GmbH
Attn: Oliver Herzog
Fuchsengarten 1a
91054 Erlangen
Email: datenschutz@herzog-bau.gmbh
Fax: +49 (0)9131 / 6823-10

3. Types of Data We Process

We process the following categories of data:

  • Usage data: access times, pages visited, log files
  • Customer and account data: names, addresses
  • Contact details: email, telephone, fax
  • Communication data: IP addresses, device information

4. Purposes of Data Processing (Art. 13 (1) c GDPR)

We process personal data for the following purposes:

  • To ensure the technical and economic operation of our website
  • To provide secure and easy access to our services
  • To optimize user experience and website functionality
  • To generate statistics and performance analysis
  • To process contact and service requests
  • To support commercial use of our online presence

5. Categories of Data Subjects

We process data of the following groups:

  • Visitors and users of our website
  • Customers and prospective customers
  • Suppliers and business partners
  • Employees and job applicants

Together, these individuals are referred to as “users.”

6. Legal Basis for Processing

We process personal data in accordance with the following legal bases:

  • Consent – Art. 6 (1) a GDPR
  • Contract fulfillment or pre-contractual measures – Art. 6 (1) b GDPR
  • Legal obligations (e.g., retention duties) – Art. 6 (1) c GDPR
  • Vital interests – Art. 6 (1) d GDPR
  • Legitimate interests (website security, optimization, marketing) – Art. 6 (1) f GDPR

7. Disclosure of Personal Data to Third Parties

We do not share your data with third parties without your consent, unless legally required or necessary for contract fulfillment (e.g., payment providers).

We may use data processors such as hosting providers or IT service providers under Art. 28 GDPR. These processors are contractually bound to comply with GDPR standards.

8. Data Transfers to Third Countries

If personal data is transferred outside the EU/EEA, it will only occur under the conditions of Articles 44 ff. GDPR (e.g., adequacy decisions, Standard Contractual Clauses).

Where data is transferred to the USA, we highlight that US authorities may have access rights without adequate legal remedies for EU citizens.

9. Data Retention and Deletion

Personal data will be deleted or restricted as soon as:

  • The purpose of processing no longer applies
  • Consent is withdrawn
  • Legal storage periods expire

Retention periods:

  • Commercial and business records: 6 years (Sec. 257 HGB)
  • Tax documents: 10 years (Sec. 147 AO)

10. Automated Decision-Making

We do not use automated decision-making or profiling.

11. Website Access and Log Files

When you visit our website, we automatically collect the following information:

  • IP address
  • Date and time of access
  • Browser type, version, and language
  • Internet service provider
  • Operating system
  • Pages visited and referrer URL
  • Access status / HTTP status code

These data are stored in log files for up to 365 days for security and optimization purposes. After this period, they are automatically deleted unless required for legal evidence.

Legal basis: Art. 6 (1) f GDPR – our legitimate interest in maintaining IT security and website functionality.

12. Cookies and Similar Technologies

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.

The legal basis for the processing of personal data in this context are Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.