Data protection policy
We thank you for your interest in our company. Here at Eiffage Rail branch office of Eiffage Infra-Bau SE (Eiffage Infra-Bau), data protection is of great importance to us.
We would like to use this data protection policy to inform users of our website about the nature, scope and purpose of the personal data collected, used and processed by us during the operation of the website. In addition, this data protection policy is aimed at notifying data subjects of their rights. By doing so, we comply with our information obligations in accordance with the GDPR (Art. 13).*
The terms used in this data protection policy correspond to the definitions in the GDPR (Art. 4).
is the data controller in relation to this website.
Data protection officer
Eiffage Infra-Bau has appointed a company data protection officer. If you have any questions or suggestions or wish to exercise your rights you can contact the data protection officer by email at email@example.com
General data protection on the website
Every time this website is accessed, it collects various general data and information. This general data and information is stored in the log files of the server. The data collected may include the (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system has reached our website (known as a referrer), (4) the sub-sites on our website which are accessed via an accessing system, (5) the date and time of an access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information aimed at risk prevention in the case of attacks on our IT systems.
When using this general data and information, we do not draw any conclusions as to the user as the data subject. Instead, this information is required (1) to correctly display the content of our website, (2) to optimise the content of our website as well as the advertisements for these, (3) to ensure the ongoing functionality of our IT systems and the technology relating to our website and (4) to provide the necessary information to law enforcement authorities to bring criminal proceedings in the event of a cyber attack. On the one hand, we therefore analyse this data and information for statistic purposes and, on the other, for purposes of increasing data protection and data security in our company in order to ultimately ensure the best possible level of protection for personal data processed by us. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.
The personal data is erased as soon as it is no longer required for the purposes for which it was collected. In the event that data is collected for purposes of providing access to the website, this is the case when the respective session has ended. IP addresses of the accessing systems are stored on the web server for a period of seven days. In the backups the IP addresses of accessing systems are stored for four weeks.
Data processing in the careers portal
Applicants are able to apply to us online. For this purposes we have integrated a link in our website that leads to the central careers portal of Eiffage Infra-Bau Group in Germany.
In the application process that is operated via the careers portal we collect, process and use the data provided by the applicant, such as contact details, content of cover letters, CV, proof of qualifications and past experience, in order to implement the application process. The data is kept confidential. If an applicant is offered a job, the data is transferred to the personnel file and subsequently erased from the application system. If the applicant is turned down, the data is erased from the application system six months later.
If the applicant has given his/her consent, the data is also used for other relevant job postings and passed on the respective company within the Eiffage Infra-Bau Group. The data is only used for the period to which the consent relates. If an applicant is offered a job, the data is transferred to the personnel file and subsequently erased from the application system. If the application does not result in a job offer, the data is erased after expiry of the period to which the consent relates.
By using cookies we are able to offer users of this website more user-friendly services which would not be possible without setting cookies.
By placing a cookie, the information and offers on this website can be optimised for the benefit of the user. Cookies allow us to recognise recurring users of our website. The purposes of such recognition is to make the use of our website easier for users.
The data subject may, at any time, prevent the placing of cookies by our website by making a corresponding adjustment to the settings of the internet browser used, and thereby object to the placing of cookies once and for all. Furthermore, any cookies that have already been placed may be deleted at any time via an internet browser or other software program. This is possible in all the usual internet browsers. If the data subject deactivates the placing of cookies in the internet browser used, this may result in some of our website’s functions not being fully usable.
The data controller responsible for the processing has integrated the Google Analytics component (with anonymisation function) on this website. Google Analytics is a web-analytics service. Web analytics is the collection, compilation and analysis of data about the behaviour of visitors to websites. A web-analysis service collects, among other things, data about the website from which a data subject finds its way onto a website (known as a referrer), which sub-sites of the website are accessed or how often and for which length of time a sub-site has been viewed. A web analysis is primarily used to optimize an internet page and to carry out a cost-benefit analysis of internet advertising.
The operating company of the Google-Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
For the web analysis via Google Analytics, the data controller responsible for the processing uses the suffix "_gat._anonymizeIp". By means of this suffix, the IP address of the internet connection of the data subject is truncated and anonymized if our website is accessed from a member state of the European Union or from another country which is a signatory to the Agreement on the European Economic Area.
The purpose of the Google-Analytics component is the analysis of the flow of visitors on our website. Google uses the collected data and information, among other things, to analyse the use of our website, in order to compile online reports for us, which show the activities taking place on our website, and to provide other services connected to the use of our website.
Google Analytics places a cookie on the IT system of the data subject. The nature of cookies has already been described above. By placing cookies, Google is able to analyse the use of our website. Each time one of the individual pages of this website – which is operated by the controller responsible for the processing and on which a Google-Analytics component has been integrated – is accessed, the internet browser on the IT system of the data subject is automatically induced, by the respective Google-Analytics component, to transmit data to Google for purposes of online analysis. In the context of this technical process, Google will gain access to personal data such as the IP address of the data subject, which Google uses, among other things, to trace the origin of the visitors and clicks and to subsequently allow commissions to be calculated.
Personal information such as the time of access, the place from which the site was accessed and the number of times the data subject has visited our website is stored via the cookie. Each time our website is visited, this personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States. This personal data is stored by Google in the United States. Google may pass this personal data, which is collected via the technical process, on to third parties.
As has already been set out above, the data subject may, at any time, prevent our website placing any cookies by making a corresponding adjustment to the settings of the internet browser used, and thereby object to the placing of cookies once and for all. Such an adjustment of the internet browser used would also prevent Google placing a cookie IT system of the data subject. In addition, a cookie that has already been placed by Google Analytics can be deleted at any time via the internet browser or other software programs.
For more information and the applicable data protection provisions of Google, please refer to https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. You can find a more detailed description of Google Analytics under this link https://www.google.com/intl/de_de/analytics/.
Legal bases for the processing
Our company relies on Art. 6(i)(a) GDPR as the legal basis for any processing for which we require consent for a particular processing purpose. If the processing of personal data is required in order to perform a contract whose contracting party is the data subject, as is the case for instance for processing that is necessary for goods to be supplied or for a service or return service to be provided, the processing is based on Art. 6(I)(b) GDPR. The same applies with regard to processing that is required in order to implement pre-contractual measures, for instance in cases of inquiries regarding our products or services or during the application process. If our company is subject to a legal obligation which requires the processing of personal data, for instance in order to comply with tax obligations, the processing is based on Art. 6(I)(c) GDPR. In rare cases might the processing of personal data be required in order to protect vital interests of the data subject or of another natural person. This would be the case, for instance, if a visitor was injured on our premises and this would require his name, age, health insurance details or other vital information to be passed on to a doctor, a hospital or other third parties. In this case, the processing would be based on Art. 6(I)(d) GDPR. Lastly, processing could be based on Art. 6(I)(f) GDPR. Any processing that is not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary in order to safeguard a legitimate interest of our company or a third party, provided that the interests and the fundamental rights and freedoms of the data subject do not prevail. These are the conduct of business operations, in particular promotional measures addressed to potential customers via this website and the provision of information regarding products, services and the company, the analysis of the use of the website as well as the prevention of risk in the case of attacks on our IT systems.
Eiffage Infra-Bau has put suitable technical and organisational measures in place in order to achieve a protection of personal data processed via the website that is as seamless as possible with regard to confidentiality, availability and integrity.
Rights of the data subject
In accordance with Art. 15 GDPR data subjects have the right to access the personal data held about them including any recipients and the intended storage time. If inaccurate personal data is being processed, the data subjects have the right to rectification pursuant to Art. 16 GDPR. If the statutory requirements have been met, data subjects may request that their personal data is erased or the processing is restricted and they may object to the processing (Art. 17, 18 and 21 GDPR). In addition, every data subject has the right to make a complaint to the data protection authorities.
*REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).