Responsible for data processing on these websites:
HeidelbergCement AG (in the following „we“)
Dr. Bernd Scheifele, Vorsitzender
Dr. Dominik von Achten, stellvertretender Vorsitzender
Dr. Lorenz Näger
Dr. Albert Scheuer
Berliner Straße 6
Phone: +49 6221-481-0
Fax: +49 6221-481-13217
Data Protection Officer:
Dr. Dennis Voigt (external Data protection Officer)
Phone: +49 6221-481-39603
1. Collection and processing of data
We collect and process personal data that you provide us with, whether that be by completing an entry form on our website or by any other means including, for example, by e-mail. Moreover, we collect and process personal data that arises during the use of our website. The processing of your personal data is made in accordance with the EU General Data Protection Regulation (GDPR), the German Data Protection Act (Bundesdatenschutzgesetz – BDSG) and the German Telemedia Act (Telemediengesetz – TMG). ‘Personal data’ means any information relating to an identified or identifiable natural person. Below we inform you in detail about what personal data we process, in what way and the legal basis upon which we process such personal data. Moreover, we inform you about your rights and about the duration for which your personal data is stored.
2. Processing of data for registering for and participating in the QLA contest; CONSENT to disclose your data to public
To participate in the Quarry Life Award contest, a user account is required. So before submitting a project proposal you have to create an account on our Quarry Life Award website (https://www.quarrylifeaward.com). Moreover, we process your IP address in order to be able to prove your completion of our entry form. For the creation of an account you will have to provide us initially with your e-mail address. After entering your e-mail address in our registration form you will receive a confirmation e-mail in which you will have to click a link to confirm your registration. The sending of this confirmation e-mail is necessary for verifying you as the owner of the e-mail address that was inserted. Without clicking this link you will not be registered, in which case we will delete your e-mail address after a short period of time as a matter of routine.
We will process your e-mail address and your password according to Art. 6 (1) sent. 1 point (b) GDPR only for the purpose of providing you with an account for Quarry Life Awards’ website and to enable us to send you any messages necessary for your participation in Quarry Life Award.
After the confirmation of your registration, you may submit your first name, last name, your occupation, your organization/university and the country of contest in which you will participate. We need this data for your participation in the contest in accordance with Art. 6 (1) sent. 1 point (b) GDPR.
In addition, you may provide us voluntarily with a picture of yourself, with a short biography and links to your social media profiles and any personal websites. Of course, you may provide us with more data when participating and submitting your proposal and your final report. If you provide us with such data you give us your consent to save the data on our servers and to make any of it available to the International and National coordinators, as well as to National and International Jury Members.
When submitting your final report you also give us your express consent to store the report and to make it publicly available in our website’s archive.
In addition, information you provide to us by participating in a contest will be processed according to Art. 6 (1) sent. 1 point (b) GDPR by the International and National coordinators as well as National and International Jury Members for the purposes of evaluation and publication of the projects.
CONSENT to disclose your data to public
If you do not hide your profile by activating “Hide my profile from other users” you give your consent for us to make the following data available to the public:
- First and last name
- Organization / University
- Short biography
Furthermore, your personal data may be disclosed in the event of publication of the research that you submitted to us. We may also disclose your personal data to other entities of the Heidelberg Cement Group for processing purposes related to those purposes for which you initially submitted your personal data to us. Some of these entities are located in countries that are not considered to provide the same level of data protection as the countries within the EEA. By submitting or uploading information via the Quarry Life Award website you understand and consent to such international transfer of your personal data.
You can withdraw your consent at any time without giving reason by contacting us via the above mentioned contact details. If you withdraw your consent, this does not affect the lawfulness of processing based on consent before its withdrawal. However, we only have to delete data that we collected on the basis of your consent. We may continue to process personal data that we collected and process pursuant to other legal bases as long as the requirements for those legal bases are fulfilled.
3. Processing of Personal Data when participating in public vote
To ensure a fair voting process and to prevent double-voting, all voters have to register with their email-address and a password. After submitting your e-mail address in our registration form you will receive a confirmation e-mail in which you will have to click a link to confirm your registration. This confirmation e-mail is necessary for verifying you as the owner of the e-mail address that was submitted. Without clicking this link you will not be registered. In this case we will delete your e-mail address after a short period of time as a matter of routine. We will use the personal data made available by you on the legal basis of Art. 6 (1) sent. 1 point (f) GDPR exclusively for the purpose of ensuring a fair voting process and to prevent double-voting which is in our legitimate interest. Your personal data will be deleted shortly after the voting period ends.
4. Processing of Personal Data when contacting us
5. Processing of Data via Cookies and Logfiles
In accordance with Art. 6 (1) sent. 1 point (f) GDPR, our website uses so-called cookies which we need to provide all the functions of our websites but also to analyze user behavior on our websites. A cookie is a small file which stores certain information about a user’s access device (PC, Tablet, Smartphone etc.) on such device. When such device accesses our server’s website, the server communicates with such cookies. The server can evaluate the information stored in the cookie by different methods. Cookies enable us, for example, to recognize and track users. We do this because we have a legitimate interest to optimize our websites and to improve website experience for our users. We use session cookies which will be deleted automatically after the end of browser sessions as well as persistent cookies which remain on your device for a preset time.
Moreover, in accordance with Art. 6 (1) sent. 1 point (f) GDPR, every single web page uses log files, i.e. for every page impression, the access data is saved to the server log. The saved data record contains the following details:
- Your IP address, the date, the time, the file accessed, the status, the request that your browser sent to the server, the amount of data transmitted and the webpage from which you accessed the requested page (referrer) as well as
- The product and version information of the browser used, your operating system and your country of origin.
Log data will be deleted every 14 days as a matter of routine, i.e. any contained data will be deleted irretrievably. This temporary storage is only for protecting our websites against attacks or misuse. We do not use the log data beyond this purpose
6. Google Analytics
In accordance with the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016, transfers of personal data are allowed from a controller or processor in the European Union to organisations in the U.S. that have self-certified their adherence to the EU-U.S. Privacy Shield Framework Principles with the Department of Commerce and who have committed to comply with them. Google has self-certified its adherence to the EU-U.S. Privacy Shield Framework Principles has committed to comply with them.
In case of activation of the IP anonymization on this website, Google will shorten the IP address beforehand within Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, will the full IP address be sent to and shortened by Google servers in the USA. IP anonymization is active on this website. On our behalf Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website provider. We have a legitimate interest in analyzing user behavior in order to optimize our websites and our marketing.
Please note that you have to deactivate tracking for every single browser you use to prevent tracking from Google Analytics completely. Please also note that you will be tracked again if you delete the opt-out cookie or when it expires.
7. Google Maps
On our websites we use Google Maps, a service of Google Inc. based in the USA (in the following: Google). By including this service in our websites data relating to our website visitors may be transferred to Google. This processing takes place on the legal basis of Art. 6 (1) sent. 1 point (f) GDPR because of our legitimate interest to make our websites more attractive to our website visitors. With Google Maps we can offer an interactive map which allows our website visitors to view our locations and to get driving directions.
In accordance with the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 transfers from a controller or processor in the European Union to organizations in the U.S. that have self-certified their adherence to the EU-U.S. Privacy Shield Framework Principles with the Department of Commerce and have committed to comply with them are allowed. Google has self-certified its adherence to the EU-U.S. Privacy Shield Framework Principles and has committed to comply with them.
8. Embedding of YouTube Videos
YouTube LLC is included in the self-certification of Google Inc. as part of the EU/US Privacy Shield. In accordance with the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 transfers from a controller or processor in the European Union to organisations in the U.S. that have self-certified their adherence to the EU-U.S. Privacy Shield Framework Principles with the Department of Commerce and have committed to comply with them are allowed. Google has self-certified its adherence to the EU-U.S. Privacy Shield Framework Principles and has committed to comply with them.
Data you insert on our website is transferred in encrypted form (SSL). We take technical and organisational measures to secure our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorized persons.
10. Categories of recipients of the personal data; data transfer to a third country
11. Your Rights
According to Art. 15 GDPR you have the right, free of charge, to access your personal data and information about the processing of it. Moreover, according to Art. 16 to 18 GDPR you have the right of rectification of inaccurate personal data as well as of erasure of personal data or restriction of processing.
Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance.
Moreover, according to Art. 21 (1) GDPR you have the right to object, on grounds relating to your particular situation, at any time, to processing of your personal data which is based on point (e) or (f) of Art. 6 (1) sent. 1 GDPR including profiling based on those provisions. We shall comply with the aforementioned requests if and to the extent such compliance is required by the applicable statutory laws. Where personal data is processed for direct marketing purposes, according to Art. 21 (2) GDPR, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Each data subject has the right to lodge a complaint with a supervisory authority of the alleged infringement.
12. Period of Data Storage and routine deletion
Unless otherwise explicitly stated above, we process and store personal data only for the period which is required to meet the purpose of such processing, or as long and to the extent as statutory laws require us to process and/or store such data.
If the purpose of processing does not apply anymore or the applicable statutory retention requirement expires, we will as a matter of routine erase data or restrict the processing of data in accordance with the applicable statutory laws.