Privacy Policy

Introduction

neonpath GmbH ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website neonpath.top, use our services, or engage with us in any other way.

This policy applies to all personal data we process about you in connection with our civil engineering services. Please read this Privacy Policy carefully to understand our views and practices regarding your personal data and how we will treat it.

Data Controller

The data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Data We Collect

We may collect and process the following categories of personal data about you:

Information You Provide Directly

When you contact us through our website, request our services, or engage with us professionally, we may collect personal information including:

• Name and contact details (email address, phone number, postal address)
• Company or organisation information
• Project requirements and technical specifications
• Communication preferences
• Any other information you choose to provide in correspondence with us

Technical Information

When you visit our website, we may automatically collect technical information including:

• IP address and browser type
• Operating system and device information
• Pages visited and time spent on our website
• Referring website and search terms used
• Cookie data (see our Cookie Policy for details)

How We Use Your Information

We process your personal data for the following purposes and on the following legal bases:

Service Delivery (Contractual Necessity)

We use your personal data to provide our civil engineering services, including project planning, design, management, and consultation. This includes communicating with you about project requirements, timelines, and deliverables.

Communication (Legitimate Interest)

We use your contact information to respond to your inquiries, provide customer support, and maintain professional relationships. Our legitimate interest is to operate our business effectively and maintain good client relationships.

Legal Compliance (Legal Obligation)

We may process your data to comply with legal obligations, including record-keeping requirements for engineering projects, tax obligations, and regulatory compliance in the construction industry.

Website Improvement (Legitimate Interest)

We analyse website usage data to improve our online services, ensure website security, and enhance user experience. Our legitimate interest is to maintain and improve our digital presence.

Data Sharing and Disclosure

We may share your personal data in the following circumstances:

• Service Providers: We may share data with trusted third-party service providers who assist us in operating our business, such as IT support, professional advisors, and subcontractors working on your project.
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
• Business Partners: With your consent, we may share relevant project information with business partners or collaborators involved in your engineering project.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

Data Retention

We retain your personal data for different periods depending on the purpose for which it was collected:

• Project Data: We retain project-related information for a minimum of 10 years after project completion, in accordance with German engineering and construction industry standards.
• Communication Records: We retain correspondence and communication records for up to 7 years for business and legal purposes.
• Website Data: Technical website data is typically retained for up to 2 years for security and analytical purposes.
• Marketing Data: If you have consented to marketing communications, we retain this data until you withdraw consent or for up to 3 years of inactivity.

After these retention periods, we will securely delete or anonymise your personal data unless we are required to retain it for longer by law.

Your Rights

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: You can request copies of your personal data and information about how we process it.
• Right to Rectification: You can request correction of inaccurate or incomplete personal data.
• Right to Erasure: You can request deletion of your personal data in certain circumstances.
• Right to Restrict Processing: You can request that we limit how we use your personal data in certain situations.
• Right to Data Portability: You can request transfer of your data to another organisation in certain circumstances.
• Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month, unless the request is complex, in which case we may extend this period by up to two additional months.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training on data protection
• Secure backup and recovery procedures
• Regular monitoring for security incidents

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you and relevant authorities of any data breaches where required by law.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we need to transfer your data outside the EEA, we will ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the European Commission
• Standard contractual clauses approved by the European Commission
• Binding corporate rules or certification schemes
• Your explicit consent for the transfer

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse website usage. For detailed information about our use of cookies, including how to manage your preferences, please see our Cookie Policy.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us:

You also have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with applicable law. In Germany, you can contact your local data protection authority or the Federal Commissioner for Data Protection and Freedom of Information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

Governing Law

This Privacy Policy is governed by German data protection law and the General Data Protection Regulation (GDPR). Any disputes relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the German courts.