Information on the Processing of Personal Data

We hereby inform you about the collection and processing of your data in accordance with Art. 13 GDPR.
Version: 1.0
Date: 18/12/2025
We reserve the right to amend this Privacy Powlicy. Any changes will be published on our website.

 

Responsibility for Data Processing and Data Protection Officer

 

Contact – Responsible Entity (Controller):

Hydrotechnik Lübeck
Grootkoppel 33
23566 Lübeck
Phone: +49 (0) 45165175

Email:

 

This website is operated by

Hydrotechnik Lübeck GmbH, Grootkoppel 33, 23566 Lübeck.

Contact – Data Protection Officer of Hydrotechnik Lübeck GmbH:

Email:

Phone: +49 (0) 45165175

 

The same privacy policy applies to Hydrotechnik Offshore GmbH.

Contact – Data Protection Officer of Hydrotechnik Offshore GmbH:
Email:

Phone: +49 172 73 88 757

 

Competent Supervisory Authority for Data Protection

The contact details of the competent data protection supervisory authority can be found here: https://www.datenschutzzentrum.de/

or: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

 

Definition

  1. Personal Data

Personal data” according to Art. 4 No. 1 GDPR means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

  1. Processing

“Processing” within the meaning of Art. 4(2) GDPR means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

  1. Controller

The “controller” within the meaning of Art. 4(7) GDPR is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

 

  1. Consent

“Consent” within the meaning of Art. 4(11) GDPR means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

Your Rights

You are entitled to exercise the rights listed below.

 

  1. Right of Access, Art. 15 GDPR

Pursuant to Art. 15 GDPR, you have the right to obtain information as to whether personal data concerning you are being processed. Where such access does not require a disproportionate effort, we will provide you with information about the personal data stored about you free of charge and provide a copy thereof.

The information shall include:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request rectification or erasure of personal data or restriction of processing by the controller or to object to such processing;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The right of access pursuant to Art. 15 GDPR exists only insofar as it does not adversely affect the rights and freedoms of other data subjects pursuant to Art. 15(4) GDPR.

 

 

  1. Right to Data Portability, Art. 20 GDPR

Where the processing is based on consent or on a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format.

 

  1. Right to Rectification, Art. 16 GDPR

You have the right to obtain the rectification of inaccurate personal data concerning you or the completion of incomplete personal data.

 

  1. Right to Erasure, Art. 17 GDPR

Your personal data shall be erased where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you withdraw your consent on which the processing was based and there is no other legal ground for the processing;
  • you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing;
  • the personal data have been unlawfully processed;
  • the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject;
  • the personal data have been collected in relation to the offer of information society services to a child pursuant to Art. 8(1) GDPR.
  • The right to erasure does not apply where processing is necessary:
  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.

 

  1. Right to Restriction of Processing, Art. 18 GDPR

You have the right to obtain restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request restriction of their use instead;
  • you require the personal data for the establishment, exercise or defence of legal claims;
  • you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.

Where processing has been restricted, such personal data shall, apart from storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. You will be informed before the restriction of processing is lifted.

 

  1. Right to Object, Art. 21 GDPR

Pursuant to Art. 21 GDPR, you have the right to object to the processing of your personal data.

You may exercise this right in particular:

  • where processing is based on our legitimate interests and your interests, fundamental rights and freedoms override those interests;
  • where personal data are processed for direct marketing purposes.
  • If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
  • You have the right to object at any time, without giving reasons. The objection may be made in writing or electronically and should be addressed to our contact details stated above.
  1. Withdrawal of Consent, Art. 7(3) GDPR

You have the right to withdraw any consent you have given to us at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The withdrawal may be made in writing or electronically and should be addressed to our contact details.

 

  1. Right to Lodge a Complaint, Art. 77 GDPR

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us. Employees are not required to follow internal reporting channels when contacting a supervisory authority.

 

Obligation to Provide Personal Data

The provision of personal data may be required by law or contract or may be necessary for the conclusion of a contract. If you do not provide the required personal data, it may not be possible to contact you, process your request, consider an application or conclude or perform a contract.

 

Storage Period and Erasure

Unless specific storage periods are stated within this privacy policy, personal data are processed and stored only for as long as necessary for the respective purposes or as long as statutory retention obligations exist. After the purpose ceases to apply or statutory retention periods expire, the personal data are routinely erased or blocked.

 

Data Processing Activities

 

Visiting Our Website

The purpose of data processing is the provision of our website.

In order for our website to be displayed on your device, it is necessary to transmit the website data to your device. This requires the processing of the following data:

  • your public IP address;
  • the date and time of page access;
  • the time zone difference to Greenwich Mean Time (GMT);
  • the content of the request (specific page);
  • the access status / HTTP status code;
  • the amount of data transferred in each case;
  • the website from which the request originates;
  • information about the browser;
  • the operating system and its interface; and
  • the language and version of the browser software.

We do not actively disclose the processed data. To provide the necessary technical infrastructure, we use service providers who may have access to the above-mentioned data in the course of their activities. The required data processing agreements pursuant to Art. 28 GDPR have been concluded with these service providers. They are contractually obliged to implement adequate technical and organisational measures. Compliance with these measures can be reviewed by us at any time.

The provision of the website and the information published therein is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our legitimate interests consist in presenting our services for participation in economic life and providing our contact details.

 

The domain hydrotechnik-offshore.de redirects to this website. The controller for data processing is Hydrotechnik Lübeck GmbH.

 

Cookies & Tracking (Consent)

For statistical, convenience and marketing purposes, we use cookies and similar technologies.
Legal bases: § 25(1) TTDSG (storage/access on your device) and Art. 6(1)(a) GDPR (further processing).

You may change or withdraw your selection at any time via the Cookie-Richtlinie (EU). The lawfulness of processing carried out prior to withdrawal remains unaffected (Art. 7(3) GDPR).

 

Website Usage Analysis

To optimise our website, we analyse website usage and use the service Google Analytics.

The following data are processed:

  • your public IP address;
  • the date and time of access;
  • the time zone difference to Greenwich Mean Time (GMT);
  • the content of the request (specific page);
  • the amount of data transferred;
  • the referring website;
  • information about the browser, operating system and its interface, as well as the language and version of the browser software.

 

The legal basis for this processing is your consent pursuant to Art. 6(1)(a) GDPR.

You may withdraw your consent at any time by reopening the consent banner via the  Cookie-Richtlinie (EU) link and adjusting your settings accordingly.

 

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy:  policies.google.com/privacy

 

IP Anonymisation

IP anonymisation is activated on this website. As a result, your IP address is truncated by Google within EU Member States or other contracting states of the EEA Agreement prior to transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

On behalf of the website operator, Google will use this information to evaluate your use of the website, compile reports on website activity and provide further services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

 

Plugins and Tools

  1. Vimeo

Our website uses plugins from the video platform Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA.

When you visit a page equipped with a Vimeo plugin, a connection to Vimeo’s servers is established. Vimeo is thereby informed which of our pages you have visited. Vimeo also receives your IP address, even if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to Vimeo servers in the USA.

If you are logged into your Vimeo account, Vimeo can directly associate your browsing behaviour with your personal profile. You can prevent this by logging out of your Vimeo account.

Further information on the handling of user data can be found in Vimeo’s privacy policy:
https://vimeo.com/legal/privacy/policy

 

  1. Google Maps

This website uses Google Maps via an API. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use Google Maps functions, it is necessary to store your IP address. This information is usually transmitted to and stored on a Google server in the USA. The operator of this website has no influence on this data transfer.

The use of Google Maps is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in an appealing presentation of our online offerings and in making locations specified on the website easy to find.

Further information on data handling can be found in Google’s privacy policy:
https://www.google.de/intl/de/policies/privacy/

 

Email Infrastructure

The purpose of processing is the provision and use of an electronic communication system.

Sending and receiving emails requires processing the email address of the sender and recipient. As emails may contain various types of information, data of all kinds may be processed in addition to technical log data. Particularly sensitive data are encrypted prior to transmission. We also use transport encryption for sending and receiving emails.

We do not actively disclose the processed data. Service providers are used to provide the necessary technical infrastructure and may have access to the data listed above. Appropriate data processing agreements have been concluded, and the service providers are obliged to implement adequate technical and organisational measures. Compliance can be reviewed at any time.

The operation and use of the email infrastructure is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in providing an electronic means of communication.

 

Data Security

We implement appropriate technical and organisational measures to protect personal data against loss, destruction, unauthorised access or unauthorised disclosure. These measures include in particular:

  • encryption of data transmission using SSL/TLS technology;
  • access restrictions and authorisation concepts;
  • regular data backups;
  • protection of IT systems using up-to-date security measures.

These measures are continuously adapted in line with technological developments.

 

Contact Form

The purpose of processing is to provide a communication channel to facilitate contact.

Receiving electronic messages via the contact form requires processing the following data categories:

  • your email address;
  • your name;
  • the content of the message;
  • your public IP address;
  • the date and time of page access;
  • the time zone difference to GMT;
  • the content of the request (specific page);
  • the access status / HTTP status code;
  • the amount of data transferred;
  • the referring website;
  • browser information;
  • operating system and interface;
  • language and version of the browser software.

As various types of information may be transmitted, data of all kinds may be processed. We do not actively disclose this data. Service providers located in Germany are used to provide the technical infrastructure; appropriate data processing agreements have been concluded. They are obliged to implement adequate technical and organisational measures, compliance with which can be reviewed at any time.

The processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in social participation and communication.

 

Processing of Business Partners

We process personal data of our business partners, customers, and suppliers to establish, manage, and fulfill contracts and to maintain ongoing business relationships.

The types of data we process include:

  • Contact information of your representatives (e.g., name, position, email, phone)
  • Company information (e.g., company name, address, VAT ID)
  • Contractual and communication data
  • Billing and payment information
  • Other data necessary for our business relationship

We process this data based on legal obligations, the performance of contracts, and our legitimate interest in running efficient business operations.

We only share personal data when necessary for contract fulfillment or required by law (e.g., with tax advisors, banks, or authorities).

Our partners are expected to:

  • Process data only for agreed contractual or legal purposes
  • Protect data with appropriate technical and organizational measures
  • Not share data with unauthorized third parties
  • Delete or block data when it is no longer needed or when legal retention periods expire
  • Notify us promptly in case of any data protection incident

If our partners are based outside the EU/EEA, they must ensure a level of data protection equivalent to GDPR and, if necessary, implement appropriate safeguards (e.g., EU Standard Contractual Clauses).

Personal data is deleted as soon as it is no longer needed for the purposes above and no legal retention requirements apply.

 

Recruitment Process

The purpose of processing is the conduct of recruitment procedures.

Within the scope of recruitment procedures, we process the data provided in the application documents. This includes both personal master data and professional data of applicants. If employment results from the application, the data will be stored in the personnel file. Applications can be submitted to us by email.

 

Internally, the application documents are made available to the relevant departments as well as, where applicable, to the responsible representatives (e.g., representatives for severely disabled employees, equal opportunity officers, etc.). The legal basis for processing the application documents is Section 26 of the German Federal Data Protection Act (BDSG) and Article 6(1)(b) GDPR for the initiation or conclusion of contractual relationships.

If no employment relationship is established, the data will be destroyed or deleted no later than six months after the recruitment process.

In addition, your application may also be forwarded for vacant positions within the corporate group. The legal basis for this processing is your consent in accordance with Article 6(1)(a) GDPR. You have the right to withdraw your consent at any time for the future. Your data will be deleted no later than 365 days after submission.

 

Employee Data

The purpose of processing personal data of employees is the establishment, management, and termination of the employment relationship.

Within the scope of the existing employment relationship, we process the following categories of personal data in particular:

  • Master data (e.g., name, address, contact details, date of birth)
  • Contract data (e.g., employment contract, start date, contract amendments)
  • Payroll and payment data (e.g., bank details, tax ID, social security information)
  • Working time and absence data
  • Qualification and performance data
  • Communication data (e.g., official email correspondence)
  • IT usage data within the company’s IT systems

The processing is based on Section 26 of the German Federal Data Protection Act (BDSG) and Article 6(1)(b) GDPR for the performance of the employment relationship, as well as on the basis of legal obligations under Article 6(1)(c) GDPR (e.g., tax and social security obligations).

Where necessary, processing is also carried out on the basis of our legitimate interest under Article 6(1)(f) GDPR, in particular to ensure IT security and maintain business operations.

Personal data is only shared with internal departments and external recipients (e.g., tax advisors, social security authorities, public authorities) if required for the fulfillment of legal or contractual obligations.

Employee personal data is deleted after the termination of the employment relationship as soon as it is no longer necessary for the purposes stated above and no statutory retention obligations exist.

 

Social Media

We operate our own pages on social media platforms, including Facebook, Vimeo, Instagram, and LinkedIn. The purpose of these pages is to inform the public about our work and to provide additional communication channels.

Visiting our pages does not result in the transmission of any personal data to the social media providers. Personal data is only processed by the respective platform providers if you actively use our pages on those platforms. In such cases, the providers process the information necessary for operating a website, which may include the following data:

  • Your public IP address
  • The date and time of page access
  • The time zone difference to Greenwich Mean Time (GMT)
  • The content of the request (specific page)
  • Access status/HTTP status code
  • The amount of data transferred
  • The website from which the request originates
  • Browser information
  • Operating system and its interface
  • Language and version of the browser software

Furthermore, we publish digital content on these social media platforms, such as photographs, videos, and reports.

Where we jointly process personal data with the respective platform providers, we act as joint controllers in accordance with Article 26 GDPR. The main content of the joint controllership agreements is provided by the respective platform providers.

Information on the data processing activities of the platform providers can be found here:

All data processed by the platform providers when you use the platforms may be accessed by those providers. The operation and use of the platforms is based on our legitimate interest under Article 6(1)(f) GDPR in promoting our products and services and providing additional communication channels. If we publish personally identifiable content you provide, such publication is based on your consent in accordance with Article 6(1)(a) GDPR.

 

Data Transfer to Third Countries
If personal data is transferred to countries outside the European Union (EU) or the European Economic Area (EEA), we ensure that such transfers comply with Articles 44 et seq. of the GDPR. To guarantee an adequate level of protection, we may rely on safeguards such as the EU Standard Contractual Clauses (“SCCs”) adopted by the European Commission (see Commission Decision (EU) 2021/914 and the official templates: https://commission.europa.eu/publications/publications-standard-contractual-clauses-sccs_en).

Although appropriate safeguards are in place, it cannot be completely ruled out that authorities in the third country may access the transferred data. As a result, there remains a small residual risk that data subject rights may not be fully enforceable.