Privacy notice

At Master Builders Solutions Deutschland GmbH (hereinafter "MBSD" or "we"), data protection is our top priority. For us this includes maintaining a high degree of transparency.

Therefore, we would like to inform you about the principles that apply when we allow visitors onto our premises or into buildings, chemical production facilities or other physical facilities operated by us ("Premises").

We would also like to inform you

• about the rights you are entitled to with respect to the processing of your personal data

• and who you should contact for matters pertaining to data protection law and, if available, the contact details of our data protection officer.

1. Data processing

We collect and process the following personal data from you when you visit our Premises

1. Specifically, we collect information such as your name, date of birth, the people you visit, your identity card number, your telephone number and the duration of your visit measured in days. If necessary, you may have to take a test on safe behavior on the Premises; the test result will be stored. We will issue you with an identification card to be worn openly (e.g., day pass, driver's pass, replacement pass) in order to access the Premises. Drivers are additionally registered with the license plate of the vehicle used. If you are a driver transporting dangerous goods, the dangerous goods will be inspected and the inspection results will be documented.

1. For persons entering the Premises in order to fulfil a contract, we also process information about the company for which you work and the data required to fulfil the respective contract.

1. Purpose and scope of the data processing

1. The data processing described in section 1a serves to verify access authorization, to ensure that the scope of access authorization is adhered to, and to protect and ensure the security at our Premises and the safety of the people working there. The personal data listed in section 1a will be stored for as long as is necessary to achieve the aforementioned purposes. Furthermore, data may be retained if and insofar as doing so is required by law (retention obligations).

1. The data listed in section 1b shall be processed for as long as it is necessary to fulfil the corresponding contract. Furthermore, data may be retained if and insofar as doing so is required by law (retention obligations).

1. Moreover, personal data may be kept for the time during which claims can be made against us (statutory limitation period of three or up to thirty years).

1. Legal basis

The legal basis for the personal data processing listed above is Art. 6 para. 1, first sentence, section (f) of the General Data Protection Regulation (“GDPR”). Our legitimate interest in these processing activities arises from the purposes mentioned in section 2.

The transmission of personal data is voluntary. Without providing personal data, however, you may be denied access to the Premises.

1. Who do we forward your personal data to?

The personal data listed in section 1 will be partially disclosed to subcontractors based in the European Union for the purposes listed in section 2. Any processing carried out by subcontractors is carried out on our behalf and in accordance with our instructions. We have no intention of transferring your personal data to a third country.

1. How do we secure your personal data?

We take technical and organizational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously revised to keep pace with technological developments.

1. What rights are you entitled to?

Right of access: You have the right to access your personal data processed by us and other information (such as the information) provided in this privacy policy.

Right of rectification: If your personal data is incorrect or incomplete, you have a right to have it corrected.

Right to deletion: Based on the "right to be forgotten", you can demand that your personal data be deleted, unless we have an obligation to retain it. The right to deletion is not an exclusive right. For instance, we have the right to continue processing your personal data if such processing is necessary to comply with our legal obligations or to assert, exercise or defend legal claims.

Right to restrict processing: This right includes the right to restrict the use or manner of use. This right is limited to certain cases and exists in particular if (a) the data is incorrect, (b) the processing is unlawful and you refuse to delete it, (c) we no longer need the data, but you need the data to assert, exercise or defend legal claims. If the processing is restricted, we may continue to store the data, but not use it. We maintain a list of the individuals who have exercised the right to restrict processing to ensure that this right is respected.

Right to data portability: This right means that we will transfer your personal data in a structured, accessible and electronic format for your own purposes to the extent that this is technically possible.

Right to objection: You may object to the processing of your personal data provided it is processed based on legitimate interests, such as direct marketing.

Right to be informed: You have the right to be informed in clear and easily understandable language about how we process your personal data.

Right to withdraw your consent: If you have given us your consent to process your data, you have the right to withdraw your consent at any time. This withdrawal does not affect the lawfulness of the processing carried out prior to the withdrawal.

Exercising these rights is free of any costs for you. However, you must provide two factors proving your identity. We will do everything possible in compliance with our legal obligations to transfer, correct or delete your personal data in our data systems.

Please contact us by e-mail or by writing to us in order to exercise your rights, lodge a complaint or make other inquiries. We will try to answer you within 30 days. You can reach our data protection officer using the contact details listed in section 8.

If we receive a complaint, we will contact the person who made the complaint to investigate it further. If we cannot resolve a complaint immediately, we will cooperate with the authorities, in particular the data protection authorities, as required.

If you are not satisfied with the handling of a complaint regarding your personal data, you can submit your complaint to the relevant data protection authority.

1. Designated supervisory authority

You can lodge a complaint with a supervisory authority, in particular in the Member State in which you reside or work, or where a suspected infringement has occurred if you believe that the processing violates the GDPR. You can lodge a complaint with our designated supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18

91522 Ansbach

1. Controller and Data Protection Officer

Master Builders Solutions Deutschland GmbH is a company of the Master Builders Solutions Group. Unless otherwise specified in individual cases, the person responsible within the meaning of the GDPR is MBSD, or, in all other cases, any group company within the Master Builders Solutions Group that maintains the respective Premises.

Our contact data:

Master Builders Solutions Deutschland GmbH

Dr.-Albert-Frank-Straße 32

88308 Trostberg

Tel.: +49 8621 86 16

Fax: +49 8621 86 2995

You can contact our Data Protection Officer via the mailing address listed above or by email at dataprotection@masterbuilders.com.