Privacy Policy
Last updated: February 2026
We are pleased about your visit to our website https://www.comstruct.com/ and your interest in our offering. In the course of your use of our services, the processing of your personal data may take place. Protecting your data is always an important concern for us. This privacy policy informs you about how we process personal data and which rights you have. This statement applies to all processing of personal data carried out by us both in connection with the provision of our services via our website and our mobile application (hereinafter also referred to as the “App”). This privacy policy can be accessed and printed at any time on our website and in our app.
I. General information
This privacy policy informs you about the handling of your personal data when using our website and the app. It explains in particular which data we collect for which purposes and on what legal basis.
Personal data (“data”) are all information relating to an identified or identifiable person. “Processing” means any operation performed with or without the help of automated procedures in connection with personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, querying, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. We treat personal data confidentially and in accordance with the statutory data protection regulations. The legal bases of data protection are found in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”, GDPR), as well as in the Federal Data Protection Act (BDSG), the Telemedia Act (TMG) and the Act Regulating Data Protection and the Protection of Privacy in Telecommunications and Telemedia (TTDSG).
II. Controller
The controller responsible for the processing of your data is
comstruct ICT GmbH
Agnes-Pockels-Bogen 1
80995 Munich
Germany
+49 (0) 170 5556293
Email: kontakt@comstruct.eu
The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.
III. Scope of data processing
We process your data only to the extent necessary for the purpose of providing a functional and user-friendly online presence or a functional and user-friendly website and app, as well as for providing our content and services in. Failure to provide the data may have legal disadvantages, such as the impossibility of performing a contract. In the context of data processing, we use various third-party providers in the areas of hosting, online marketing, mailing services and customer/data management (CRM), each of which processes data on our behalf. With these third-party providers, insofar as they are processors, we have concluded appropriate data processing agreements that ensure that an adequate level of data protection is also guaranteed by our processors (Art. 28 GDPR).
For hosting our offering, we use Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands. When visiting our website, Framer collects various log files including your IP address. Details can be found in Framer's privacy statement at https://www.framer.com/legal/privacy-statement/. Framer is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable possible presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG insofar as the consent covers the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.framer.com/legal/privacy-statement/.
IV. Data security
We have taken technical and organizational measures that ensure that data protection regulations are observed both by us and by external service providers. For security reasons and to protect the transmission of confidential content, such as information you send to us as the site operator, our website uses SSL or TLS encryption.
V. Processing of personal data
The following overview lists all types of data processed by us, the purposes of their processing, as well as the legal bases for their processing.
1. Use of the website
If you use our website without otherwise transmitting data to us (e.g. by registering or using the contact form), we collect the following data temporarily and anonymously on our web server via server log files:
Website from which our website was requested (so-called referrer URL)
Name and URL of the requested website
Date and time of access to the website
Description of the type, language and version of the web browser used
IP address of the requesting computer, which is shortened so that no personal reference can be established
Notification whether access was successful (access status / HTTP status code)
Internet service provider of the accessing system
Amount of data transferred each time
Operating system used and its interface
the GMT time zone difference
This processing is technically necessary to enable us to display our website to you. We also use the data for statistical evaluations in order to ensure the operational security and stability of our website. The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR. The processing of the aforementioned data is necessary for providing the website and ensuring the stability and operational security of the website and therefore serves the protection of a legitimate interest of our company. We also use the data to fulfill our legal obligations for reasons of data security. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. c GDPR.
2. Use of the App
If you use our app, we process the data listed below:
Registration data (name, username, phone number, email address, usual place of residence)
GPS location data
content data voluntarily provided by the user (photos, videos, routes, etc.)
IP address
Date and time of app access
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code,
amount of data transferred each time
Website from which the request originates, browser, operating system and its interface
Language and version of the browser software
Your device identifier and serial number
Name of your mobile device, email address
The processing purposes are based on the following legal bases:
Processing purpose
statistical evaluations for the purpose of optimizing our app, ensuring stability and operational security of the app
fulfillment of legal obligations for reasons of data security
Account creation and administration; processing of inquiries, use of the functions of the app.
Voluntary sharing of content data as part of app use
Identification of the user account for push notifications, deactivation of the app on stolen or lost smartphones and/or end devices.
Legal basis
Art. 6 para. 1 sentence 1 lit. f GDPR due to our legitimate interest in fraud prevention and quality assurance
Art. 6 para. 1 sentence 1 lit. c GDPR
Art. 6 para. 1 sentence 1 lit. b GDPR
Art. 6 para. 1 sentence 1 lit. a GDPR
Art. 6 para. 1 sentence 1 lit. f GDPR due to our legitimate interest in fraud prevention and quality assurance
3. Contacting us
If you contact us, e.g. by sending us an email or contacting us via the contact form, we store the contact details you provide, such as name, address, mobile phone number, email and the information you provide in your inquiry.
If you contact us in the context of an existing contractual relationship or contact us in advance to obtain information about our services or other services, the data and information you provide will be processed for the purpose of handling and responding to your contact request on the legal basis of Art. 6 para. 1 sentence 1 lit. b GDPR. If you have consented to the processing for the purpose of responding to your inquiry, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. Otherwise, we process your data to safeguard our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in order to answer customer/contact inquiries appropriately.
4. Newsletter
With our newsletter we inform you about us and our offers. To register for the newsletter, only your email address and your name are required. If you register for the newsletter, your email address is transferred to us (or our mail provider) and stored there. After registration, you will receive an email to confirm the registration (“double opt-in”). In this context, we (or our mail provider) process the following data:
Contact data (email address, name)
Device data (device name, if applicable country code, language, name of the operating system and version)
Connection data (IP address, mail provider)
Date and time of registration and confirmation
Our newsletter is sent on the basis of your prior express consent, Art. 6 para. 1 sentence 1 lit. a GDPR. To the extent that we commission a service provider to send emails, this is done on the basis of our legitimate interests in efficient and secure transmission. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. f GDPR.
You can revoke your consent to the processing of the data for the purpose of sending the newsletter or evaluating the related data at any time. Withdrawal can be made via a link contained in every newsletter or by separate notification to us. Apart from transmission costs according to the basic rates, you will not incur any further costs.
5. Processing of data of suppliers and construction companies
We collect the data of suppliers and construction companies in various ways as part of registration, tenders, orders, deliveries, invoices, payments and accounting. On the suppliers' side, data processing is carried out for dispatch software, fleet management, customer management and accounting, as well as other systems for creating delivery notes and invoices. On the construction companies' side, data processing is carried out for internal construction management systems, the comstruct Field app, the comstruct Web app, as well as for accounting, customer and supplier management (purchasing and sales), employee management. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, as the data is necessary for the correct use of the app and thus for contractual processing.
General information
Data processing of tenders
Orders
Deliveries
Invoices, payments and accounting
Processing of data of suppliers
Customer data:
Generally (name, owner, legal)
Location
Contact person
Product data:
Current price lists
Availability
Data on warehouse/plant:
Availability/offer lists of the individual warehouses as well as delivery times
Locations of the individual warehouses/plants
Contact persons
Master data:
Contract contents
Customer data (construction companies, construction sites)
Access data for customer portals
Offers:
Contract data
Lists with updated product prices
Contact details
New contracts:
Contract contents regarding goods/products
General data (such as contract partners, time of contract etc.)
General data:
Order ID
VAT ID
Dispatch (allocation to deliveries)
Time created
Time changed
Data on problems / changes
Cancellations / changes
Changed data
Time of change
Responsible contact
Order contents:
Item number
Name
Specification (for customized products)
Order quantity
List of deliveries
Feedback:
Acceptance
Suggested dates/ availability of the offers
General data:
Delivery ID
Dispatch (planned delivery time)
Time created
Time changed
Problems:
Cancellations
Changes
Delivery contents:
Item number, name
Specification (for customized products
Delivery quantity
Delivery vehicle:
Vehicle type
License plate, driver
GPS location
Delivery status
Invoice data:
VAT ID
Orders (list, prices)
Invoice issuer
Account information
Planned invoice data
Payment data:
Payment receipt/ confirmation
Processing of data of construction companies
Customer data:
Generally (name, owner, legal)
Location
Contact person/ employee information
Access data for supplier customer portals
Tender data:
Contact details of construction companies
Construction site information (start and location of the construction site)
Material specifications
Quantities
Feedback:
Information on acceptance/ rejection of specific offers
Suggestions for changes
Contract data:
Lists of goods with reductions
General data (such as contract partners etc.)
Order contents:
Item number
Name
Specification (for customized products)
Order quantity
List of deliveries
Data on problems / changes:
Cancellations / changes
Changed data
Time of change
Responsible contact
General data:
Delivery note as PDF/ in data format (with signature)
Problems:
Complaints about individual deliveries
Changes:
Requests regarding changes
Change information
Invoice data:
Invoice template
Payment data:
Payment receipt/ confirmation
Payment outgoing
6. Cookies
On our website and in our app we use cookies that are offered either by us or by third parties.
Cookies are small text files that are placed on the end device you use and stored by the browser. Cookies are used to make our offer more user-friendly, effective and secure. There are different types of cookies that are used for different purposes. Some cookies ensure that our offers function properly or that you are recognized again on your end device after successful registration (“necessary” cookies). By placing these necessary cookies, we make it easier for you, for example, to visit our offers and use the services available there. Other cookies we place in order to analyze user preferences and thereby improve our offers (“enhanced” cookies). We use these for the purpose of tracking (e.g. interest-/behavior-based profiling), remarketing, visit action analysis, conversion measurement, reach measurement (e.g. access statistics, recognition of returning visitors), audience building and cross-device tracking. We only set non-necessary cookies with your consent. When you visit our offers for the first time, a popup (“cookie banner”) is displayed, in which the individual cookies are described in more detail. There you have the option to allow or reject cookies according to your preferences. You can change your settings at any time here [LINK to the cookie banner]. We point out that deactivating cookies may restrict the functionality of this website.
When cookies are used, the following data are processed – depending on the browser settings:
Usage data (e.g. visited websites, interest in content, access times),
Meta/communication data (e.g. device information, IP addresses)
Location data (data that indicate the location of the end user's device)
If personal data are processed when using “necessary” cookies, this is based on Art. 6 para. 1 sentence 1 lit. f GDPR due to legitimate interests in quality assurance and a technically flawless presentation of the website. The processing of personal data when using so-called “enhanced cookies” is based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
7. Plug-ins and similar technologies
On our website we use so-called pixel tags (invisible graphics, also referred to as “web beacons”) and other technologies of the third-party providers listed below for marketing purposes and to provide our content. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and may include, among other things, technical information about the browser and the operating system, referring websites, visit time as well as other information about the use of our online offering, and may also be linked with such information from other sources.
When pixel tags are used, usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses) and location data are processed. We process this data for the purpose of displaying fonts, direct marketing (e.g. by email or by post), tracking (e.g. interest-/behavior-based profiling, use of cookies) and interest-based and behavior-based marketing. The processing of this data is based on your consent; the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
LinkedIn, LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland; Website: https://de.linkedin.com/, Privacy policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
8. Applications
If you apply for a position with us, we process the information you provide and your personal data for the purpose of handling the application procedure. These data include your name, email address, address and phone number, age, professional history, qualifications, country of residence, language skills and all other personal information that you provide in the course of your interaction with us. We may also ask you for additional information that helps us in our recruitment process, and if you are offered a position, e.g. your date of birth and work documents. Processing may also take place electronically. This is in particular the case if an applicant submits the relevant application documents electronically, for example by email.
We process your personal data in order to fulfill our contractual or pre-contractual obligations (on the legal basis of Art. 6 para. 1 sentence 1 lit. b GDPR or, if applicable, for the performance of the employment relationship with you (§ 26 BDSG). If you have consented to the processing for the purpose of handling your application, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests preclude deletion. Another legitimate interest in this sense is, for example, an obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).
9. Social media
We are represented on the following social media platform and process user data in this context in order to communicate with active users there or to offer information about us:
LinkedIn, LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland; Website: https://de.linkedin.com/, Privacy policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We point out that user data within social networks may be processed for market research and advertising purposes. For example, usage profiles may be created based on user behavior and the resulting interests. These usage profiles can in turn be used, for example, to display advertisements within and outside the networks that are likely to correspond to the interests of users. For these purposes, cookies are usually stored on users' computers in which user behavior and interests are stored. Furthermore, data independent of the devices used by users may also be stored in the usage profiles (in particular if users are members of the respective platforms and are logged in there). For a detailed description of the respective types of processing and the opt-out options, we refer you to the privacy policies and information provided by the operators of the respective social media providers. Even in the case of information requests and the assertion of data subject rights, we point out that these can most effectively be asserted with the providers. Only the providers have access to the users' data and can directly take appropriate measures and provide information. If you still need help, you can contact us.
VI. Storage and deletion of data
The data processed by us are deleted in accordance with the statutory requirements as soon as the consents permitting their processing are withdrawn or other permissions cease to apply (e.g. when the purpose of processing these data ceases to exist or they are no longer necessary for the purpose). This means that we store your personal data only for as long as it is necessary for the respective processing purpose and limit the storage period to the minimum necessary. In addition, we only store your data if we are entitled or obliged to do so under statutory retention periods (for example under the Commercial Code (HGB) or the Fiscal Code (AO)).
Our data protection information may also contain further details on the retention and deletion of data that apply primarily to the respective processing.
VII. Your rights
You have the following rights:
the right of access,
the right to rectification or erasure,
the right to restriction of processing,
the right to data portability,
the right to withdraw any consent you have given with effect for the future.
the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
To exercise the above rights, you can send an email to kontakt@comstruct.eu. You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data.
VII. Disclosure of data / transfers to third countries
We generally disclose your data to third parties only if you have consented to this or if there is another legal basis. To the extent that we use third-party tools that process your data outside the EU/EEA, we ensure that the legal requirements of Art. 44 et seq. GDPR for such transfer to third countries are complied with and that your data are processed in the third country concerned in accordance with European data protection standards. As a rule, we use the so-called EU standard contractual clauses (SCC), which we conclude with the respective provider for this purpose. In addition, in accordance with the requirements of the CJEU (“Schrems II”), an individual risk analysis is carried out with regard to the respective transfer to third countries in order to ensure that your data are lawfully processed in the third country concerned and, in particular, to prevent access by government authorities to your data.
IX. Data processing when accessing linked content
This privacy policy applies only to this website. However, the website may also contain external links or hyperlinks to websites of other providers. They are to be distinguished from our own content. These third-party contents neither originate from us nor do we have any influence on the content of third-party pages. If you are redirected to other pages via links within the website, please inform yourself there about the respective handling of your data.
X. Automated decision-making/profiling
We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).
XI. Changes to this privacy policy
Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this privacy policy.
If you have any questions or suggestions regarding data protection, you can send us an email at kontakt@comstruct.eu at any time.
As of: May 2024