Date Protection Declaration

This data protection declaration provides you with information about how, when and why we process your personal data in the sense of Art. 4 no. 1 of the General Data Protection Regulation (hereafter GDPR) (see Art. 4 no. 2 GDPR).

Please note that this data protection declaration uses legal terms that are defined in the General Data Protection Regulation. These are in particular the following terms:

  • Personal data and data subject (Art. 4 no. 1 GDPR)
  • Processing (Art. 4 no. 2 GDPR)
  • Profiling (Art. 4 no. 4 GDPR)
  • Pseudonymisation (Art. 4 no. 5 GDPR)
  • Controller (Art. 4 no. 7 GDPR)
  • Processor (Art. 4 no. 8 GDPR)
  • Consent (Art. 4 no. 11 GDPR)
  • Third Party (Art. 4 no. 10 GDPR)
  • We therefore refer you to the text of the regulations in order to better understand the following data protection declaration.

1. General notice and obligatory information

The controller for data processing (including data processing on this website) is:

Ingenieurgesellschaft Hartmann mbH | Herbert-Bayer-Str. 4 | 13086 Berlin – Germany

Managing Directors: Torsten Heyn, Tobias Schlüter and Torsten Kaap



Tel.: +49 (0) 30/ 47 90 82 -0 
Fax: +49 (0) 30/ 47 90 82 -19 

As Data Commissioner we have appointed:

Catharina Schulz
Ingenieurgesellschaft Hartmann mbH |

Herbert-Bayer-Str. 4 | 13086 Berlin - Germany

Telephone: + 49 30 47 90 82 - 0

2. Our website

a. The use of cookies

How do cookies work?

Our website uses cookies. Cookies are small text files that your web browser saves on your device. Cookies help us to make our site more user-friendly, effective and secure.

Some cookies are “session cookies”, meaning that they are deleted at the end of your browser session. Other cookies remain on your device until you delete them yourself. Such cookies help us to recognize you when you return to our website.

A modern web browser allows you to monitor, restrict or prevent the use of cookies. Many browsers can be configured to delete cookies automatically when you close your browser. Deactivating cookies can limit the functionality of our website.

Our authorisation to use cookies

The setting of cookies that are necessary for the exercise of electronic communication processes or the provision of certain functionalities (e.g. slide show, menu navigation), is carried out on the basis of Art. 6 para. 1(f) GDPR. As the operator of this website, we have a legitimate interest in the storage of cookies for the technically error-free and smooth provision of our services.

b. Server log files

What data do we collect?

The provider of this website uses server log files to automatically collect and store information that your browser automatically transmits to us. This information is:

  • Sites visited in our domain
  • Date and time of the server query
  • Browser type and browser version
  • Operating system
  • Referrer URL
  • Hostname of the accessing computer
  • IP address

These data are not merged with other data sources. The data collected is used only for statistical evaluations and to improve the website and, if necessary, to ward off possible attacks on our website.

This data is saved for 24 hours. Then the data is deleted.

Our authorisation to collect data

The legal foundation of data processing is provided by Art. 6 para. 1(f) GDPR. Accordingly, processing is necessary to safeguard the legitimate interests of the controller, unless the interests or fundamental rights and freedoms of the data subjects prevail. As the data processing serves to evaluate, improve and prevent attacks on the website, we have a legitimate interest in data processing which outweighs the interests of the persons concerned.

d. Contact form

Our website does not have a contact form.

3. Contact via e-mail

Personal data relating to your enquiry (name, e-mail address, subject and other information contained in your message) will be stored as part of the e-mail communication initiated by you in order to process your enquiry or to be available for follow-up questions.

Our right to store data results from:

  •  Art. 6 para. 1(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • Art. 6 para. 1(c) GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Art. 6 para. 1(f) GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

4. Processing of personal data

We process personal data that are required in order to:

  • handle and process our existing legal obligations
  • enter into new business relationships
  • meet our legal obligations.

For these purposes, we require in particular the following personal data:

  • E-mail addresses, last name, first name, contact data, address, bank account, creditworthiness, tax data, etc.

We only process personal data when we are authorised to do so under Art. 6 para. 1 GDPR. This authorisation can result from:

  • your consent (Art. 6 para. 1(a) GDPR)
  • as necessary for the performance of a contract or in order to take steps prior to entering into a contract (Art. 6 para. 1(b) GDPR)
  • as necessary for fulfilling legal obligations (Art. 6 para. 1(c) GDPR)
  • our legitimate interests or of a third party, except where such interests are overridden by the interests of the data subject (Art. 6 para. 1(f) GDPR)

We do not process personal data in the context of automated decision-making or by means of profiling.

Personal data are not transmitted to third countries.

6. Deletion of data

We delete personal data immediately if we are no longer authorised to save data by Art. 6 para. 1 GDPR.

Deletion therefore takes place when an order, enquiry, or business relationship is ended or wound up and no mutual requirements can be made valid. In addition, the deletion of data presupposes that all legal deadlines for the storage of documents have already expired.

7. Your rights

a. Revocation of your data processing authorisation

Some data processing procedures are only possible with your explicit consent (e.g. receipt of newsletters by e-mail). You are entitled to revoke your consent at any time and without giving reasons.

An informal notification by e-mail is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

b. Right of access

Pursuant to Art. 15 GDPR, you have the right at any time, within the framework of the applicable statutory provisions, to free information about your stored personal data, the origin of the data, its recipients and the purpose of the data processing.

c. Right to rectification

On the basis of Article 16 GDPR, you have the right to request the rectification of inaccurate personal data.

d. Right to deletion

You can request us to delete the personal data stored about you in accordance with Art. 17 GDPR. We will delete the data if or when:

  1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. you have withdrawn your consent and there is no other legal basis for processing.
  3. you have filed an objection against data processing under Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you have filed an objection against data processing under Art. 21 para. 2 GDPR.
  4. your personal data has been processed illegally.
  5. The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
  6. The personal data relating to information society services under Art. 8 para. 1 GDPR have been collected.

e. Right to limit processing

You may request that we restrict data processing in accordance with Art. 18 GDPR. Therefore, if one of the following conditions is met:

  1. the accuracy of the personal data is disputed by you for a period of time that allows us to verify the accuracy of the personal data,
  2. the processing is unlawful and you refuse deletion of personal data and instead request the restriction of the use of the personal data;
  3. we no longer need the personal data for the purposes of processing, but you need this data to assert, exercise or defend legal claims, or
  4. you have objected to processing under Art. 21 para. 1 GDPR, until it is established whether our legitimate reasons outweigh your interests.

f. Right to data portability

Pursuant to Art. 20 GDPR, you have the right to data, which we process automatically on the basis of your consent or in fulfilment of a contract, handed over to you or to third parties. Provisioning is done in a machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.

g. Right to object

According to Art. 21 GDPR, you have the right to object to the processing of your personal data at any time.

With regard to the aforementioned rights and also to further questions on the subject of personal data, you can contact us or our data protection officer at any time via the contact options listed in the legal notice.

h. Right of appeal to the competent supervisory authority

In the event of a breach of data protection law, you can lodge a complaint with the competent supervisory authority. The competent supervisory authority with regard to data protection issues is the Berlin State Data Protection Commissioner. The following link takes you to the website of the Berlin Data Protection Officer:

Source: Data protection configurator from