English

THOST Projektmanagement GmbH
Villinger Straße 6 | D-75179 Pforzheim
+49 7231 1560-0
info@thost.de

Data Protection statement website

Information in accordance with Art. 13 of the EU General Data Protection Regulation (EU GDPR)
Data Protection statement for our website users

Data protection and data security when using our website are a matter of course for us. In the following we will inform you about the collection of personal data when using our website.

Personal data is all data which is personally related to you, for example your name, address, telephone number, email address, user behaviour.

Responsible Party

THOST Projektmanagement GmbH
Villinger Str. 6
75179 Pforzheim

Telephone: +49 7231 1560-0
Telefax: +49 7231 1560-90

E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Data Protection Officer

RA Helge Kauert, LL.M.
dataLEGAL Rechtsanwaltsgesellschaft mbH
Prinzregentenplatz 15
81675 München

Telephone: (089) 248 82 68-0
Telefax: (089) 248 82 68-68

E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

I. General Information about Data Processing

1. Scope of the Processing of Personal Data

The personal data of our users is only processed for the necessary provision of a functioning website as well as relevant content and services.

The processing of our users’ personal data only takes place regularly after the consent of the user. An exception applies in situations where prior consent cannot be obtained for practical reasons and the processing of data is legally permitted.

2. Legal basis for the Processing of Personal Data.

Provided that we obtain the consent of the affected person for the processing of personal data GDPR Art. 6, Para. 1 lit. a serves as the legal basis. 

During the processing of personal data for the completion of a contract in which the contracting party is the affected person, GDPR Art. 6 Para. 1 lit. b serves as the legal basis. This also applies to data processing needed to implement pre-contractual measures.

Provided that the processing of personal data is necessary to fulfil a legal obligation that our company is subject to, GDPR Art. 6 Para. 1 lit c is the legal basis.

In the situation that essential interests of the affected person or another natural person require the processing of personal data, GDPR Art. 6 Para. 1 lit. d serve as the legal basis.

If the processing is necessary to protect the legitimate interests of our company or a third party, and as long as the interests, basic rights and freedoms of the affected person don’t outweigh the interests of the former, Art. 6 Para 1 lit. f provides the legal basis for the processing. Legitimate interests include, for example, the maintenance of our IT infrastructure, the marketing of our own services as well as legally required documentation of our business contacts.

3. Data Deletion and Storage Period

The personal data of the affected person will be either deleted or blocked, as soon as the specific purpose for storage expires. Furthermore, storage can occur if provided for within European or national legislation in accordance with EU law in regulations, laws, or other provisions which the responsible is subject to. The blocking or deletion of data occurs when the defined standard storage period expires, unless there is a need for the further storage of the data for the conclusion or fulfilment of a contract.

II. Usage of Cookies

We do not create personal user profiles. In connection with the retrieval of the information you request, data is stored on our servers exclusively in anonymous form for the provision of services or evaluation purposes.  In doing so, general information is recorded, such as when which content is retrieved from our website or which pages are most frequently visited.

To do this we use so-called “cookies” (small text files with configuration information). The cookies used serve to determine the frequency of use and the number of users of our website. This is how we find out which areas of our website and which other websites our users have visited. This user data does enable any conclusions to be made about the user.  None of this anonymously collected user data is matched with your personal data and is deleted immediately at the end of its statistical evaluation.

Most browsers are configured to automatically accept cookies. However you can deactivate the storage of cookies or set your browser to notify you before storing cookies. Users who do not accept cookies may not be able to access certain areas of our website.

III. Registration for events; Surveys

1. Registration for events

You have the possibility on our website to register for events or seminars. The information provided by you in the input screen (obligatory details are: name, company, industry, position, address, email address) will be transferred to us and stored. Additionally, the IP address of the contacting computer and the data and time of registration are recorded.

Your personal data will only be used within the context of the event and contract processing, unless you consent to further usage. On the registration screen you have the possibility to indicate whether you would like to be informed of further THOST events (events newsletter). Your consent can be cancelled at any time using the unsubscribe link provided in the newsletter.

The transfer of your data to third parties does not take place.

Your data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. Your email address will be saved for the duration of your subscription to the events newsletter.

2. Surveys

Particularly after events, your feedback will be requested in the form of a survey.

To carry out this survey we use the survey tool “Survey Online” from enuvo GmbH, Seefeldstraße 25, 8008 Zurich, Switzerland, which carries out this survey on our behalf. You can find a copy of the order processing contract in accordance with Art. 28 EU GDPR at https://www.umfrageonline.com/static/Vereinbarung-zur-Auftragsverarbeitung-DSGVO-Pre-Signed.pdf.

For more information about the processing of your personal data by enuvo GmbH, please refer to their privacy policy, available at  https://www.umfrageonline.com/datenschutz.

enuvo GmbH processes your personal data on servers belonging to Amazon Web Services Inc. within the EU. However it cannot be ruled out that your data will be passed on to Amazon Inc. in the USA and processed there. Amazon Inc. processes your personal data under the so-called EU-US Privacy Shield.

enuvo GmbH processes your personal data for maintenance purposes in Switzerland only temporarily. The EU has set an adequate level of data protection for Switzerland.

We have no influence on data transfer to a third country.

The survey results are transmitted to us by enuvo GmbH in pseudonymous form so that conclusions regarding individuals are not possible. 

Insofar as you voluntarily provide personal details (forename and surname, company name), envoi GmbH transfers these together with your survey results so that you are identifiable.

Any other data transfer does not take place and is not planned.

Participation on the survey is obviously voluntary. If you do not wish your personal data to be processed, please refrain from taking part.

IV. Hyperlinks to external Websites

You will find so-called hyperlinks to other suppliers on our website. When clicking on these hyperlinks you will be redirected directly to the other supplier’s website. This can be recognised for example by the different URL. We accept no responsibility for the confidential handling of your data on third party websites because we have no influence on their compliance with applicable data protection laws. Information on this company deals with your personal data can be found directly on their website.

V. Social Media Plug-ins

1. Google Maps

In the interest of optimum usability and in order to find our company easily, our website uses the map service Google Maps through an API. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We have no control over any data transfer to servers belonging to Google LLC in the USA. For more information about Google’s data processing policy, please refer to the Google data protection policy, available at: https://policies.google.com/privacy.

2. YouTube

In the interests of optimum usability and the improvement of our website, YouTube is integrated into our website. The provider is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Our YouTube videos are embedded using the “advanced privacy mode”. According to YouTube your data will only be transmitted to YouTube LLC’s servers when you actually start a video.

We have no influence over a subsequent data transfer. For more information about YouTube’s data processing policy, please refer to the Google data protection policy, available at: https://policies.google.com/privacy.

VI. Contact per email, fax or telephone

Contact using the given email address, fax or telephone number is possible. We use the personal data submitted in this way to process your contact.

Your data will be forwarded internally as required to the responsible department and to our IT department for exclusively technical processing.

Our service providers, e.g. for the provision of IT services when processing data, can also be the recipient of your personal data in accordance with Art. 28 EU GDPR.

The transfer of your data to a third country outside of the EU / EEA occurs within the framework of the necessary processing of your contact to our subsidiaries situated in such third countries or to a data processor in one.  Before transferring data to such a third country, we ensure that the European Commission has established an adequate level of data protection for the recipient country and that so-called EU standard contractual clauses have been agreed with the recipient or other legal permission has been granted.

Any other data transfer does not take place and is not planned.

VII. Your rights

If the legal prerequisites are met, then you are entitled to the following rights under Art. 15 to 22 of the EU GDPR: right to access, correction, deletion and restriction of processing as well as the right to data portability.

In addition, you have the right of objection to the processing according to Art. 14 Para. 2 lit c) in connection with Art. 21 of EU GDPR based on Art. 6 Para 1 lit. f) of the EU GDPR.

According to art. 77 of the EU GDPR, you have the right to appeal to the regulatory body when you believe that your data is not being processed legally.

The address for the regulatory body responsible for our company is:

Commissioner for Data Protection and Freedom of Information, PO Box 102932, 70025 Stuttgart.

Moreover, you have the right to withdraw any data protection consent declarations at any time. The withdrawal of your consent does not affect the legality of the processing carried out on the basis of the consent until its withdrawal.

VIII. Obligation to submit Personal Data

There is no legal or contractual obligation to submit your data. However, certain features of our website may require the input and use of personal information.  Should you decide again the input of personal data in such cases, certain functions or services may be limited or unavailable.

IX. Automated decision-making:

Automated decision making does not take place.

X. Supplementary provisions when using the THOST Freelance Portal

1. Scope of Processing

At https://freelance.thost.de/ we offer you the opportunity to register with us by submitting personal data.  The data submitted will be forwarded internally as required to the responsible department and to our IT department for exclusively technical processing. The processing of personal data you enter on the Freelance Portal is for the purpose of conducting or initiating a business relationship with you (Art. 6 Para. 1 lit. b GDPR).

Service providers we use, e.g. for the delivery of IT services within the framework of data processing, can also be recipients of your personal data in accordance with Art. 28 of the GDPR.

The forwarding of your data to third countries outside of the EU / EEA in connection with our business relationship or the initiation thereof takes place as required to our subsidiaries located in such third countries or to data processors with their location in such a third country.

Before transferring data to such a third country, we ensure that the European Commission has established an adequate level of data protection for the recipient country and that so-called EU standard contractual clauses have been agreed with the recipient or other legal permission has been granted.

Any other data transfer does not take place and is not planned.

You may deactivate your Freelance Portal account at any time. All data will be deleted with 14 days of deactivation and cannot be recovered.

2. Google Analytics

To analyse the surfing behaviour of our users we employ Google Analytics in the freelance portal (https://freelance.thost.de/). The provider is  Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “Cookies“ (small text files with configuration information). The cookies used serve to determine the frequency of use and the number of users of our website. This is how we find out which areas of our website and which other websites our users have visited. This user data does enable any conclusions to be made about the user.  None of this anonymously collected user data is matched with your personal data and is deleted immediately at the end of its statistical evaluation.

Most browsers are configured to automatically accept cookies. However you can deactivate the storage of cookies or set your browser to notify you before storing cookies. Users who do not accept cookies may not be able to access certain areas of our website.

We have no control over any data transfer to servers belonging to Google LLC in the USA. For more information about Google’s data processing policy, please refer to the Google data protection policy, available at: https://policies.google.com/privacy.

You can prevent the transfer and processing of data generated by cookies and related to your use of the website to Google by downloading and installing the browser plug-in here: http://tools.google.com/dlpage/gaoptout.

You can also prevent collection by Google Analytics by clicking on this Link. An opt-out cookie will be generated  which prevents the future collection of your data when visiting this website.

Data Protection statement applicants

Data Protection statement applicants

Information in accordance with Art. 13 of the EU General Data Protection Regulation (EU GDPR)
Data Protection statement for applicants

Responsible Party

THOST Projektmanagement GmbH
Villinger Str. 6
75179 Pforzheim

Telephone: +49 7231 1560-0
Telefax: +49 7231 1560-90

E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Data Protection Officer

RA Helge Kauert, LL.M.
dataLEGAL Rechtsanwaltsgesellschaft mbH
Prinzregentenplatz 15
81675 München

Telephone: (089) 248 82 68-0
Telefax: (089) 248 82 68-68

E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Processing Purpose and Legal Basis

The purpose of the data processing is to initiate a possible employment relationship in accordance with article 88 para. 1 of the EU GDPR i conjunction with §26 Para 1 of the German Federal Data Protection Act (new).

Art. 6 Para. 1 lit. a) of the EU GDPR is the legal basis for the processing of personal data on the basis of given consent. 

Categories of Recipients

As part of the application process, your data will be forwarded internally to our Management, Human Resources and the relevant department as well as to our IT Department and its service providers engaged in data processors (data centre operators, database operators) solely for technical processing in accordance with Article 28 of the EU GDPR.

In order to check for employment opportunities before the beginning of an employment relationship we forward your pseudonymous data to potential clients. With your personal consent your non-pseudonymous data can also be forwarded, specifically the disclosure of your name and photos contained in the application process.

Should you apply to one of our subsidiaries in a third country outside of the EU / EEA, the data transfer to that third country will be limited to the above-mentioned purpose. Before the data transfer, we ensure that the European Commission has established an adequate level of data protection for the recipient country and that so-called EU standard contractual clauses have been agreed with the recipient or other legal permission has been granted.

Any other data transfer does not take place and is not planned.

Storage duration

In the case of a cancellation of your application on our side we will delete your stored data six months after this cancellation. 

If you have consented to the storage of your data beyond this time period, we will delete your data at the end of the agreed period.

In the event of employment in our company, we will inform you separately about the personal data we have on you in due course.

Your rights

If the legal prerequisites are met, then you are entitled to the following rights under Art. 15 to 22 of the EU GDPR: right to access, correction, deletion and restriction of processing as well as the right to data portability.

In addition, you have the right of objection to the processing according to Art. 14 Para. 2 lit c) in connection with Art. 21 of EU GDPR based on Art. 6 Para 1 lit. f) of the EU GDPR.

Right of Appeal to the Regulatory Body

In accordance with Article 77 of the EU GDPR you have the right to appeal to the regulatory body when you believe that your data is not being processed legally.

The address for the regulatory body responsible for our company is:

Commissioner for Data Protection and Freedom of Information, PO Box 102932, 70025 Stuttgart.

Obligation to submit Personal Data

There is no legal or contractual obligation to submit your data. However, certain features of our website may require the input and use of personal information.  Should you decide again the input of personal data in such cases, certain functions or services may be limited or unavailable.

Automated decision-making

Automated decision making does not take place.

 

Data Protection statement business partners

Data Protection statement business partners

Information in accordance with Art. 13 of the EU General Data Protection Regulation (EU GDPR)
Data Protection statement for our business partners

Responsible Party

THOST Projektmanagement GmbH
Villinger Str. 6
75179 Pforzheim

Telephone: +49 7231 1560-0
Telefax: +49 7231 1560-90

E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Data Protection Officer

RA Helge Kauert, LL.M.
dataLEGAL Rechtsanwaltsgesellschaft mbH
Prinzregentenplatz 15
81675 München

Telephone: (089) 248 82 68-0
Telefax: (089) 248 82 68-68

E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Processing Purpose and Legal Basis

We process personal data that we receive from directly in connection with our business relationship, for example within the context of a request for proposal and concrete order placement as well as the delivery of our services or the initiation of business. Normally this involves contact and address details, as well as records of our mutual commercial activity and correspondence.  Depending on the type of business undertaken it may also include user ID for secure customer platforms.

The data processing occurs to enable the execution and completion of all processes which concern our project responsibles, customers, prospective customers, business partners or other contractual or pre-contractual relationships (in the broadest sense) between the named groups or legal obligations affecting the project responsibles.

Art. 6 Para. 1 lit. b) of the EU GDPR provides the legal basis for the processing of your data provided that you personally as a contracting party are engaged in a contractual relationship with us or for the initiation thereof.

Provided it concerns a business relationship or the initiation thereof between the company for which you are acting and THOST Projektmanagement GmbH, the legal basis for the processing of your personal data is Art. 6 Para. 1 lit. f) of the EU GDPR. This protects our legitimate interests as well as the interests of your company which are based on the lawful execution of the mutual business relationship.

Categories of Recipients

Within the context of our business relationship your data will be forward to the relevant department as required as well as to our IT department solely for technical processing.

Additionally, our external service providers, e.g. for the provision of IT services, could be recipients of your personal data in a data processing context in accordance with Art. 28 of the EU GDPR.

The forwarding of your data to third countries outside of the EU / EEA in connection with our business relationship or the initiation thereof takes place as required to our subsidiaries located in such third countries or to data processors with their location in such a third country.

Before the data transfer, we ensure that the European Commission has established an adequate level of data protection for the recipient country and that so-called EU standard contractual clauses have been agreed with the recipient or other legal permission has been granted. 

Any other data transfer does not take place and is not planned.

Storage duration

Unless otherwise stated in the other regulations of this notice, we will store the personal data received in connection with our business relationship only as long as required for the fulfilment of our contractual and legal obligations. Afterwards your data will be deleted.

Furthermore, we will store your data only to the extent we are statutorily obliged to, e.g. under commercial or tax law. Provided that your data is no longer needed for the purposes described above, it will be temporarily stored solely for the respective legally required storage period and not processed for other purposes.

Your rights

If the legal prerequisites are met, then you are entitled to the following rights under Art. 15 to 22 of the EU GDPR: right to access, correction, deletion and restriction of processing as well as the right to data portability.

In addition, you have the right of objection to the processing according to Art. 14 Para. 2 lit c) in connection with Art. 21 of EU GDPR based on Art. 6 Para 1 lit. f) of the EU GDPR.

Right of Appeal to the Regulatory Body

In accordance with Article 77 of the EU GDPR you have the right to appeal to the regulatory body when you believe that your data is not being processed legally.

The address for the regulatory body responsible for our company is:

Commissioner for Data Protection and Freedom of Information, PO Box 102932, 70025 Stuttgart.

Obligation to submit Personal Data

If you are in a direct business relationship with us, you must provide the personal information necessary to commence and conduct a business relationship and fulfil the associated contractual obligations.  Without this data, we will generally have to refuse to conclude or execute the contract or withdraw from and possibly terminate an existing one.

If it is regarding a business relationship with a company you are representing, you must provide us with the personal data necessary to take up and perform representation / procuration and the completion of the associated contractual obligations. Without this data, we usually have to reject you as the representative / procurator and may have to cancel existing authorised representation / procuration.

Automated decision-making

Automated decision making does not take place.