Data Protection Information | Infrapier
With the following information, we provide you with an overview of the processing of your personal data when you use our website and utilise our services, as well as your rights under data protection law.
This data protection information applies to all processing of personal data carried out by us when using our website at https://www.infrapier.de, our online presence, and in the context of providing our services. It does not apply to websites or online offerings of other providers to which reference is made by means of a corresponding link.
With regard to the terminology used (e.g. “data subject”, “personal data”, “processing” or “controller”), reference is made to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
1. Controller
The controller within the meaning of Article 4 No. 7 GDPR is:
INFRAPIER GmbH
Taunusstrasse 59-61
55118 Mainz
Telephone: 06131 2078718
Email:
You can contact the controller at any time if you have questions about the processing of your personal data or about exercising your rights under the GDPR.
2. Purposes and Scope of Data Processing
2.1 Visiting the Website
Each time our website is accessed, your web browser automatically transmits usage data to our server. Without the collection of this data, a connection to the server is technically not possible. This data is temporarily stored in a so-called log file.
Type of data: Website from which the request originates (referrer URL); name and URL of the requested page; date and time of the request; IP address of the requesting device; time zone difference to Greenwich Mean Time (GMT); message whether the call was successful (access status); amount of data transmitted in each case; operating system used; type, language and version of the web browser used
Purposes of processing: The collection of this data serves to ensure the technical security of our website, in particular to defend against and log attack attempts (e.g. DDoS attacks) on the web server, the forensic analysis of potential security incidents, and to ensure the stability and operational security of our systems.
Legal basis: The legal basis is Article 6(1)(1)(f) GDPR. The legitimate interest lies in ensuring and improving the technical security and stability of the systems. Insofar as access to information stored in the user’s terminal equipment is absolutely necessary, the legal basis is also Section 25(2) No. 2 TTDSG.
Storage duration: The data is stored for a maximum of 8 weeks and then deleted or anonymised. Data whose further retention is necessary in individual cases for evidential purposes will be stored beyond this until the final clarification of the respective incident.
Web hosting: Our websites are hosted by IONOS SE, which must have access to the data in order to provide hosting and support services. IONOS SE is obligated to comply with data protection requirements through a data processing agreement.
Right to object: Subject to the conditions of Art. 21 GDPR, you may object to the processing (see “5. Right to Object”).
No cookies are used and no tracking methods whatsoever are employed.
2.2 Contact
When you contact us (e.g. via our contact form, by email or post, by telephone), we process your information to the extent necessary to handle your enquiry.
Type of data: Name; email address; if applicable, further contact details (e.g. telephone number, postal address); information about the company or organisation to which you belong; subject/concern and contents of the message; if applicable, further information that you provide to us
Purposes of processing: We process this data to the extent necessary for handling and responding to your enquiries and for communicating with you. The provision of your data is voluntary.
Legal basis: The legal basis for data processing is Article 6(1)(1)(f) GDPR. The legitimate interest arises from the purposes described.
Storage duration: The data collected in connection with your contact will be deleted as soon as your concern has been fully dealt with and no further communication with you is necessary or desired by you. If your contact enquiry results in the initiation of business or a contractual relationship, we will store this data until the contractual relationship has been fully concluded. Further storage will take place to the extent necessary to fulfil our legal and contractual obligations (e.g. statutory retention obligations pursuant to Section 147 AO, Section 257 HGB).
Right to object: Subject to the conditions of Art. 21 GDPR, you may object to the processing (see “5. Right to Object”).
2.3 Initiation and Execution of Contracts
If you or the company or organisation for which you work enter into a business relationship with us or conclude a contract with us, we process the personal data necessary for the initiation and execution of the contract.
Type of data: We primarily process such personal data that the data subjects themselves provide to us in the context of contractual and business relationships or that we receive from the respective contractual and business partners (e.g. from your colleagues with whom we are already in contact), for example in the context of processing an enquiry or an order. We also process personal data that we collect from publicly accessible sources (such as the commercial register, press, internet, company websites, industry directories) or receive from third parties (e.g. credit agencies, business partners, cooperation partners, project participants).
Relevant personal data includes in particular name and contact details (email, telephone, address), information about you and the company or organisation to which you belong (e.g. profession, industry, position, tasks and powers); billing and payment data (e.g. bank details, invoice address, tax number/VAT ID); creditworthiness data (where necessary for the business relationship); contract data and content (e.g. project descriptions, contract documents); communication data in connection with contract execution.
Purposes of processing: We process this data for the performance of pre-contractual measures (e.g. preparation of offers, project concepts); for the fulfilment of our contractual obligations (e.g. provision of planning and consulting services); for communication with our business and contractual partners, including pre-contractual communication and communication with contact persons at our business partners; for the maintenance and management of our business relationships (customer relationship management); for the optimisation of our business processes; for the assertion, exercise or defence of legal claims; for information about similar services within the framework of existing business relationships; for ensuring IT security and IT operations; and for the fulfilment of legal obligations (e.g. commercial and tax law obligations, statutory control and reporting obligations, obligations in the context of official enquiries or proceedings, statutory retention periods, obligations under the Money Laundering Act).
Legal basis:
Where a contractual relationship exists with you as the data subject or the processing serves to carry out pre-contractual measures at the request of the data subject, the legal basis is Article 6(1)(1)(b) GDPR. Where the business or contractual partner is a legal person, the processing of personal data of the respective representatives and contact persons is based on Article 6(1)(1)(f) GDPR. The legitimate interest arises from the necessity of communication with the contact persons for the initiation and execution of contracts.
The legal basis for the processing of personal data for our own business purposes, in particular for the optimisation of our business processes, customer service, the assertion, exercise or defence of legal claims, information about similar services within the framework of existing business relationships, or for ensuring IT security and IT operations, is also Article 6(1)(1)(f) GDPR. The legitimate interest arises from the aforementioned purposes, in particular the efficient design and optimisation of our business processes and services, the maintenance of our business relationships, and the protection of our legal and economic interests.
Where processing is necessary to fulfil a legal obligation, the legal basis is Article 6(1)(1)(c) GDPR.
Storage duration: We generally only store personal data for as long as is necessary for the respective processing purposes and for the fulfilment of legal and contractual obligations. We process personal data of contact persons of our business partners for the duration of the respective business relationship. We delete contract-related and project-related personal data at the latest when the respective contractual relationship has ended, all mutual legal claims arising from the respective contractual relationship have been fulfilled or can no longer be asserted (i.e. at the latest after expiry of the limitation periods), and there are no other statutory retention obligations (such as the six- or ten-year retention periods under Section 257 HGB, Section 147 AO) or statutory justification grounds for storage.
Right to object: Where processing is based on Article 6(1)(1)(f) GDPR, you may object to the processing subject to the conditions of Art. 21 GDPR (see “5. Right to Object”).
3. Storage Duration
Unless otherwise stated above, we only store personal data for as long as is necessary to achieve the respective purpose for which the data was collected. In addition, there may be legal or contractual obligations, which arise in particular from the Commercial Code (HGB) and the Tax Code (AO), with periods of six years pursuant to Section 257 HGB and up to ten years pursuant to Section 147 AO.
4. Recipients
In order to fulfil our contractual and legal obligations and to protect our business interests, it may be necessary to disclose personal data to public bodies, external service providers or other third parties, e.g.:
- Necessary disclosure of business contact data to other project participants in the context of providing our services and contract execution (e.g. for project planning/coordination)
- Necessary data disclosures to courts, authorities and public bodies such as financial, administrative, supervisory authorities, law enforcement authorities (e.g. in the context of official inspections, in disputed proceedings, to clarify or prosecute unlawful or abusive incidents)
- Necessary data access by IT service providers acting as processors pursuant to Art. 28 GDPR (e.g. maintenance service providers, hosting service providers, service providers commissioned with the operation and support of our internal IT infrastructure)
- Other external service providers (e.g. logistics companies, financial institutions, insurance companies, service providers for file and data destruction), where necessary for the provision of services
- Auditors, tax advisers, lawyers and other legal advisers (e.g. for the enforcement of contractual claims, for the assertion, exercise or defence of legal claims)
- Potential acquirers or investors in the context of corporate transactions (e.g. in the event of sale, merger or restructuring of parts of the company)
- Data transmission to a third country (countries outside the EU or the EEA) or to an international organisation is currently not intended. Should such transmission become necessary in future, for example in the context of involving service providers or cooperation partners based outside the EU/EEA, we will ensure an adequate level of data protection. This is achieved in particular through the conclusion of EU standard contractual clauses pursuant to Art. 46(2)(c) GDPR, through adequacy decisions of the EU Commission pursuant to Art. 45 GDPR, or through other suitable guarantees pursuant to Art. 46 GDPR. Further information on this can be obtained from us upon request.
5. Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, provided that the processing is based on Article 6(1)(1)(e) GDPR (data processing in the public interest) or Article 6(1)(1)(f) GDPR (data processing on the basis of a balancing of interests). This also applies to profiling based on this provision; however, such profiling is not carried out by us. In the event of a justified objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the assertion, exercise or defence of legal claims.
Where personal data is processed for the purposes of direct marketing, you have the right to object at any time without restriction to the processing of data concerning you for the purpose of such marketing. This also applies to profiling insofar as it is related to such direct marketing. In the event of an objection, processing for the purposes of direct marketing will be stopped immediately. However, such direct marketing is not intended by us.
The objection can be made informally and should preferably be directed to the controller’s contact details given in Section 1.
6. Data Subject Rights
Right of access: Subject to the conditions of Art. 15 GDPR, you may at any time request free information about the data concerning you stored by INFRAPIER GmbH, including a copy of this data. Please note that the right of access may be restricted.
Right to rectification: Subject to the conditions of Art. 16 GDPR, you may at any time request the immediate rectification of inaccurate data or the completion of data concerning you stored by INFRAPIER GmbH.
Right to erasure: Subject to the conditions of Art. 17 GDPR, you may in principle request the erasure of data concerning you stored by INFRAPIER GmbH. The right to erasure may be restricted under certain conditions, for example if processing is necessary to fulfil a legal obligation or for the assertion, exercise or defence of legal claims.
Right to restriction of processing: In accordance with Art. 18 GDPR, you may request the restriction of the processing of data concerning you, in particular where the accuracy of the stored data is disputed or where an objection to processing has been lodged pursuant to Article 21 GDPR. In such a case, the data will be blocked for any processing.
Right to data portability: Where we process your personal data for the performance of a contract with you or on the basis of your consent, subject to the conditions of Art. 20 GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format, provided and to the extent that you have provided the data to us.
7. Right to Lodge a Complaint
If you believe that the processing of data concerning you by INFRAPIER GmbH is not lawful, you may lodge a complaint with any supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement (Art. 77 GDPR).
The competent supervisory authority in Rhineland-Palatinate is:
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate,
Postfach 30 40, 55020 Mainz,
Telephone: +49 (0) 6131 8920-0,
Email: poststelle(at)datenschutz.rlp.de
The status of this data protection information is 07.01.2026