Please rotate your device.

Please rotate your device

Data Security

Information on the collection of data in accordance with Sections 13 and 14 of the General Data Protection Regulation (GDPR)

Who is responsible for data processing?

ingenhoven associates gmbh
Plange Mühle 1
40221 Düsseldorf
Telefon +49 211 30101 01
Fax +49 211 30101 31

The data protection officer can be contacted at:

ingenhoven associates gmbh
Plange Mühle 1
40221 Düsseldorf


What is the legal basis on which we process your data and what is our purpose for doing it?

We primarily process your personal data (title, name, address, contact and communication details, contract and accounting data, other information required for processing an enquiry or commission) for setting up (e.g. preparing an offer, processing an enquiry), carrying out and completing contracts for architectural services. In particular, we process your data for the purpose of fulfilling our (pre-) contractual duties, of communicating when setting up and carrying out a contract (e.g. with you, our contract partners, other parties involved, such as public authorities, specialist engineers, or contractors), and for the purpose of billing and asserting, exercising, and defending legal rights in connection with the architectural services. Data will only be processed to the extent required for these purposes. In the case that you are not providing your personal data, it will usually not be possible to conclude a contract because we will not be able to fulfill our contractual duties. We process data for contractual purposes in accordance with Section 6 Para. 1 b GDPR. When our contract partner is not you but the person/organization you work for, your personal data is processed in accordance with Section 6 Para. 1 f GDPR. The justified interest in your data results from the need to process your data for the purposes stated above.

Furthermore, we process your personal data to the extent required in order to comply with statutory duties, in particular duties relating to the retention of data under fiscal regulations. The legal basis for this is Section 6 Para. 1 c GDPR in connection with the respective statutory instrument.

We also use your personal data (title, name, contact details) for the purpose of direct marketing (e.g. sending of newsletters, invitations to events, information brochures, or other information on current projects or events). Provided you have given your consent, we use your data for these purposes in accordance with Section 6 Para. 1 a GDPR. You can revoke your consent at any time with effect from the date of revocation. Revoking the consent does not affect the lawfulness of the processing carried out following your consent up until the revocation of this consent.

Ceteris paribus, we will use your data for marketing purposes only to the extent permitted by law and in the context of legitimate interest. The legal basis for this is Section 6 Para. 1 f GDPR. Our legitimate interest is based on customer relations management and the acquisition of customers.

Who will receive your data?

On principle, your personal data will only be passed to others to the extent that this is required for the contract management (e.g. to public authorities or other companies that are involved in the design or execution of a project, such as specialist engineers or building contractors). In the context of providing our services we also commission contract management agencies who may have access to personal data as part of their activities, e.g. computer centers or IT service providers. Such service providers will only be commissioned in compliance with the relevant data protection regulations. Ceteris paribus, no data will be released.

What data do we process and what is the source of this data?

As a rule, we only process personal data you have provided to us. However, for the purpose of providing our contractual services we may need to process personal data that we have legitimately obtained from other companies or third parties for this purpose (e.g. your employer, business partners or public authorities). Furthermore we may process personal data from publicly accessible sources, e.g. from websites, that we use legitimately for the stated contractual purposes.
It can happen that third-party content is included in a website, for example videos from YouTube or Vimeo, or graphic material from other websites.  This will always mean that the providers of these contents use the IP address of the users. Without the IP address the third-party providers cannot send content to the browser of the respective user. Without the IP address it is not possible to present such content. We endeavor to use only content from providers who use the IP address only for the delivery of the content. However, it is possible that third-party providers store the IP address for other purposes, e.g. for collecting statistical data; this is something we have no control over. If and when we are aware of such practices we will inform the users.

What data do we process in the context of newsletter registration?

When you register for our newsletter we collect personal data for the period of your free subscription. This involves sending the data from the respective input template to SendinBlue, including the applicant’s first name, surname, and email address. Using the double opt-in process, SendinBlue will transmit your data. When you register for our newsletter we will send you an email with a request for confirmation. You can cancel your subscription to our newsletter at any time. To do this, please click on the Cancel Subscription link in the newsletter or send an email to asking for cancelation of the subscription.

How long will your data be stored?

On principle, we will only process your personal data for as long as this is necessary for achieving the respective purpose of processing and for complying with statutory record retention obligations.  As a rule, the statutory retention period is six or ten years (see in particular Section 147 of the General Tax Code). In certain cases it may be necessary to retain your data for longer periods; this may be in order to comply with statutory periods of limitation, in particular in accordance with Sections 195 ff. German Civil Code or Section 64 German Copyright Act. This means that in certain cases data needed for establishing, exercising, and defending lawful claims in connection with architectural services may have to be retained for up to thirty years, or—when relating to data associated with copyright—for up to seventy years after the death of the originator. Following the expiry of the above periods your data will be deleted unless you have consented to retention for a longer period.

What are your rights under data protection legislation?

Regarding the processing of your personal data you have the following rights:

  • In accordance with Section 15 GDPR you may, free of charge, request information relating to your personal data. In accordance with Section 15 Para. 3 GDPR you are entitled to request a copy of your personal data. Limitations apply in accordance with Section 15 Para. 4 GDPR and Section 34 Federal Data Protection Act (BDSG).
  • Should you feel that personal data retained about you is incorrect or incomplete, you may—in accordance with Section 16 GDPR—request the immediate correction or amendment of the data without delay.
  • In accordance with the provisions in Section 17 GDPR you can request that your personal data stored by us be deleted. This right is subject to limitations in accordance with Section 17 Para. 3 GDPR and Section 35 Federal Data Protection Act (BDSG).
  • In accordance with the provisions in Section 18 GDPR you can request that the processing of your personal data be limited.
  • Subject to the provisions in Section 20 GDPR, you may obtain personal data you have provided to us in a structured, commonly available and machine-readable format or you may request that we transmit the data to a third party provided that such transmission is technically feasible (data portability right).
  • Notwithstanding any other administrative and judicial appeals, you—as the data subject—have the right of appeal to a supervisory authority, in particular in the member state of your residence, your place of work, or the place of the alleged infringement, if you feel that the processing of your personal data contravenes the GDPR.

In the case that we process your personal data for the purpose of safeguarding justified interests in accordance with Section 6 Para. 1 f GDPR, you have the right, at any time, for reasons of your particular situation, to file an objection against the processing of this data. In that case we will stop processing your data unless we can document compelling and legitimate grounds for such processing that take precedence over your interests, rights, and privileges, or the processing serves the establishment, exercise, or defense of legal claims.  You may, at any time and without restriction, object to the processing of your personal data for the purpose of direct marketing. Furthermore, you have the right to lodge a complaint with a supervisory authority for data protection (Section 77 GDPR) if you feel that your personal data is not legitimately processed. You have this right of complaint irrespective of any other administrative and judicial appeals. The data protection supervisory authority for our company is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).

Additional information relating to your right of objection can be found at the end of this data protection statement in "Information about your right of objection in accordance with Section 21 GDPR".