We care about data privacy

We consider the protection of your privacy when processing personal data to be a high priority. When you visit our website, our web servers store by default the IP of your Internet service provider, the website from which you visit us, the pages you visit on our website and the date and duration of your visit. This information is absolutely necessary for the technical transmission of the web pages and secure server operation. There will be no personalised evaluation of this data.

If you send us data by contact form, these data are stored on our servers in the course of data backup. Your data will only be used by us to process your request. Your data will be treated in strict confidence. The data will not be passed on to third parties.

Responsible body:

GAUFF GmbH & Co. Engineering KG 
Passauer Str. 7
D-90480 Nuremberg / Germany 

Phone +49 911 42465-0
Fax +49 911 42465-215
E-Mail gauff-nue(at)gauff.net 

Homepage www.gauff.net

Personal data

Personal data are data about your person. They include your name, address and email address. You do not have to reveal any personal data to visit our website.  In some cases we need your name and address as well as further information to be able to offer you the desired service.

The same applies in the event that we supply you with information material at your request and/or if we answer your enquiries. In these cases, we will always advise you accordingly. Apart from that, we only store the data that are transmitted to us automatically or which you have given to us voluntarily.

If you use one of our services, we usually only collect the data that are necessary to be able to offer you that service. We may ask you for further information, but it is voluntary. Whenever we process personal data, we do so only to provide you with our services or to pursue our commercial goals.

Contacting us

When you contact us (e. g. by contact form, email, phone or via social media), the information provided by the requesting person will be treated as far as this is necessary for answering contact enquiries and any action requested.

The response to contact enquiries within the framework of contractual or pre-contractual relationships is made in order to fulfil our contractual obligations or to respond to (pre-)contractual enquiries and otherwise on the basis of the legitimate interests in responding to the enquiries.

  • Processed data types: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (input in online forms).
  • Data subjects: Communication partners.
  • Purposes of processing: Contact enquiries and communication.
  • Legal Basis: Performance of a contractual or pre-contractual enquiries (Article 6 (1) (b) GDPR), legitimate interests (Article 6 (1) (f) GDPR).

Automatically stored data

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Complete IP address of the requesting computer
  • Data volume transmitted

This data is not merged with other data sources. The processing is carried out in accordance with Art. 6 (1) f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to defend us against attempted attacks on our web server, we store this data for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. The data is also processed anonymously for statistical purposes; it is not compared with other data or passed on to third parties, even in part.


When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified via the unique cookie ID. 

Through the use of session cookies, the responsible party can provide the users of this website with a user-friendly service that would not be possible without the cookie setting. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest pursuant to Art. 6 (1) f GDPR.

Use of d.vinci (applicant management)

Our online applicant management portal is technically operated by our service provider 

d.vinci HR-Systems GmbH, Nagelsweg 37-39, D-20097 Hamburg (hereinafter: d.vinci)

d.vinci only provides software and computing capacity and otherwise has no influence on the application process. This is contract data processing pursuant to Art. 28 GDPR.

The operation of the Career pages of GAUFF GmbH & Co. Engineering KG is realised through so-called widgets provided by d.vinci. These processing windows on the application pages establish a direct technical connection to d.vinci as soon as you call up these pages. This means that data is automatically transmitted to d.vinci via your Internet browser for technical operating and maintenance purposes. The following data is stored by d.vinci:

  • Date and time of access
  • Browser type and version
  • Operating system used
  • URL of the previously visited website
  • Amount of data sent
  • IP address of the access

This data is stored by d.vinci exclusively for technical reasons and is not assigned to a specific person at any time. The legal basis is Art. 6 (1) f GDPR.

d.vinci is contractually obliged to take technical and organisational measures to ensure the protection of your personal data. Your data is stored in a secure operating environment that is not accessible to the public. Your data is encrypted during transmission using Transport Layer Security (TLS). This means that communication between your computer and the data servers used takes place using a recognised encryption method.


We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All of our employees and service providers working for us are obliged to abide by the applicable data protection laws.

Whenever we collect and process personal data, such data is encrypted before being transmitted. This means that misuse of your data by third parties is not possible. We are permanently working on enhancing our security precautions and updating our data privacy policies. Please ensure that you have the latest version.

Data subject rights

You have a right to information, rectification, erasure or restriction of the processing of your stored data, a right of objection to the processing as well as a right to data portability and a right to complain in accordance with the requirements of data protection law.

Right to information:

You can request information from us concerning whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or incorrect, you can request that we rectify or complete such data at any time.

Right to erasure:

You can request that we erase your data if we process it unlawfully or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of legally regulated retention obligations.

Irrespective of the exercising of your right to erasure, we will erase your data immediately and completely, unless there is a contractual or legal obligation to retain it.

Right to restriction of the processing:

You may request that we restrict the processing of your data if

  • you dispute the accuracy of the data, namely for a period of time that enables us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you refuse to have it erased and instead request a restriction on the use of the data,
  • we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
  • you have lodged an objection to the processing of the data.

Right to data portability:

You may request us to provide you with the data you have made available to us in a structured, current and machine-readable format and to allow you to forward this data to another responsible party without our interference, provided that

  • we process this data on the basis of an agreement which you have submitted and which is revocable or in order to fulfil a contract between us, and
  • this processing is carried out using automated methods.

If it is technically feasible, you can ask us to transfer your data directly to another responsible party.

Right of objection:

If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to any profiling which is based on these provisions. We will then no longer process your data unless we can prove compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. You can object to the processing of your data for the purposes of direct advertising at any time without stating any reasons.

Right of appeal:

If you are of the opinion that we are infringing German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course you also have the right to contact the supervisory authority which is responsible for you, i.e. the respective State Office for Data Protection Supervision.

If you wish to assert any of the above rights against us, please contact our Data Protection Officer. In cases of doubt we may request additional information to confirm your identity.

Amendments to our data privacy policy

We reserve the right to amend our data privacy policies should this be needed in response to new technologies. Please ensure that you have the latest version. If this data privacy policy is to be fundamentally amended, you will be notified of such amendments on our website.

All interested parties and visitors to our website can contact us on data protection issues: Christian Volkmer

Projekt 29 GmbH & Co. KG
Ostengasse 14
D-93047 Regensburg

Phone: +49 941 2986930
Fax: +49 941 29869316
E-Mail: anfragen(at)projekt29.de
Internet: www.projekt29.de