Privacy notice

Data protection at a glance

The Stork Intellectual Property BV ("Stork") takes the protection of your personal data very seriously. Stork treats your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy notice.

This privacy notice contains information on (i) what happens to your personal data when you visit this website, (ii) how Stork processes your personal data when you interact with Stork via social media and (iii) how Stork processes personal data of business partners.

I.	Who we are, how to contact Stork and your rights
II.	Special information for website visitors
III.	Special information for people who interact with Stork via social media
IV.	Information about updates to this privacy notice

I. Who we are, how to contact Stork and your rights

1. Who are we and how can you contact us?

The controller with respect to the processing of personal data is

Stork Intellectual Property BV

Van Deventerlaan 121, 3528AG Utrecht, The Netherlands (in this privacy notice: "we", "us")

If you have any questions about this privacy notice or the processing of your personal data in general, please contact us by email at dataprivacy@bilfinger.com.

2. How can you contact our data protection officer?

We have appointed a data protection officer for our company.

You can contact them by e-mail at dataprivacy@bilfinger.com or by phone at +49 (0)621 4690.

3. What rights do you have with regard to your personal data?

You have the following rights, provided that the relevant legal requirements are met:

1. Right of access (Art. 15 of the General Data Protection Regulation ("GDPR")). You may request information about the processing of your personal data and a copy of the personal data that is the subject of the processing, provided that such copy does not adversely affect the rights and freedoms of others.
2. Right to rectification (Art. 16 GDPR). You may request the rectification of your personal data that are inaccurate and/or the completion of such data that are incomplete.
3. Right to erasure ("right to be forgotten") (Art. 17 GDPR). You may request the erasure of your personal data in particular if (i) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) you have objected to the processing and there are no overriding legitimate interests for the processing, (iii) your personal data has been processed unlawfully or (iv) your personal data must be erased in order to comply with a legal obligation to which we are subject. However, the right to erasure does not apply in particular if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
4. Right to restriction of processing (Art. 18 GDPR). You may request the restriction of the processing of your personal data (i) for the period during which we verify the accuracy of your personal data if you have contested the accuracy of such data, (ii) if the processing of your personal data is unlawful and you request the restriction of processing instead of erasure of the data, (iii) if we no longer need the personal data but you need the data to establish, exercise or defend legal claims; or (iv) if you have objected to the processing until it has been verified whether our legitimate grounds override your interests, rights and freedoms.

   
   If processing has been restricted, we will only process the data concerned - apart from storage - with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state of the European Union.

5. Right to data portability (Art. 20 GDPR).You may request that we provide you with your personal data that you have provided to us in a structured, commonly used and machine-readable format, insofar as the processing of your personal data is based on your consent or a contract and the processing is carried out by automated means; in these cases, you may also request that the personal data be transferred directly to another controller, if this is technically feasible.
6. Right to withdraw consent at any time (Art. 7 (3) sentence 1 GDPR). You may withdraw your consent at any time with effect for the future, insofar as the processing is based on your consent, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
7. Right to object (Art. 21 GDPR).
   Right to object
   
   

   You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interests or those of a third party.

   We will then no longer process your personal data for the purpose to which you have objected, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims.

   To the extent that your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing.

   If you object to the processing of your personal data for direct marketing purposes, we will no longer process the personal data for these purposes.

8. France - right to digital legacy. If you are a resident of France, you have the right to set directives (general or specific) on the fate of your personal data after your passing.
9. Right to lodge a complaint with a supervisory authority. You may lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR. You can view the contact details of the European data protection authorities here. If you believe that the processing of your personal data infringes the GDPR, you can also contact us first using the email address below.

Please direct your requests to exercise these rights (other than the right to complain to a supervisory authority) to dataprivacy@bilfinger.com.

II. Special information for website visitors

Below you will find information on how we process the personal data of website visitors.

1.	Where do we collect your personal data?
2.	How is your data processed (purposes and legal bases)?

1. Where do we collect your personal data?

We collect no personal data when you use the website, navigate it, use the search function and/or contact us via the website.

2. How is your data processed (purposes and legal basis)?

1. General

   
   We process no personal data for the purposes listed in the table below. In doing so, we rely on the legal bases listed in the table. Where relevant, the legitimate interest we pursue with the processing is also listed. In principle, the following legal bases are relevant:

   • performance of a contract (including processing necessary to take steps at your request prior to entering into a contract) (Art. 6 (1) (b) GDPR;
   • Compliance with legal obligations (Art. 6 (1) (c) GDPR);
   • Legitimate interests (Art. 6 (1) (f) GDPR);
   • Consent (Art. 6 (1) (a), Art. 7 GDPR).
   For some specific purposes of processing (e.g. server logs), you can find additional information below the table.

   Processing purposes	Legal basis	Legitimate interests (as far as relevant)	Categories of personal data
   Provision and maintenance of the website	Legitimate interest	There is a legitimate interest in providing and maintaining a (legally compliant) website in order to present the Stork Group and its services and content on the Internet.	Server log data
   Contacting you and providing you with information you have requested	Fulfillment of a contract or, if you are not our contractual partner, legitimate interests	There is a legitimate interest in responding to your communication.	Identification data, contact data, communication data
   Improving our services, products and website	Legitimate interests	There is a legitimate interest in improving our services, products and website in order to further develop our business.	Website activity data, location information
   Collection and use of statistical information about the use of the website	Legitimate interests	There is a legitimate interest in analyzing the use of the website in order to improve it.	Website activity data, location information
   Detecting faults and ensuring the security of the website and associated systems, including the detection and tracking of (attempted) unauthorized access to web servers	Fulfillment of legal obligations related to data security or, in the absence of such an obligation, legitimate interests.	There is a legitimate interest in rectifying faults and ensuring the security of the website and associated systems.	Server log data, website activity data, identification data
   Marketing communications (such as newsletters)	Consent or, to the extent permitted by law, legitimate interests	There is a legitimate interest in advertising products and/or services.	Contact data, identification data
   Safeguarding our rights	Legitimate interests	There is a legitimate interest in establishing, exercising and/or defending legal claims.	Identification data, contact data, communication data, server log data, website activity data, location information
   Compliance with legal obligations (e.g. from tax law)	Fulfillment of legal obligations	-	Identification data, contact data, communication data, server log data, website activity data, location information
   Execution of corporate transactions (e.g. reorganization, merger, sale, sale of assets, joint venture)	Legitimate interests	There is a legitimate interest in effectively disposing of our assets and making commercially reasonable decisions about the development of our business.	Identification data, contact data, communication data, website activity data, location information.
   For the processing purposes listed above it may be necessary to transfer data to other companies of the Stork	Consent, insofar as consent is used as a legal basis for the relevant processing activity, otherwise legitimate interests	There is a legitimate interest in transferring data within the Stork for internal administrative purposes.	The categories of personal data correspond to those listed for the respective processing purpose.

2. Server logs

   
   As indicated in the table above, we store server logs, which contain server log data, in order to detect and correct malfunctions and to ensure the security of the website and related systems.

3. Cookies

   
   Our website does not use so-called "cookies".

III. Special information for people who interact with Stork via social media

The following provides information about how we process the personal data of individuals who interact with us through social media.

1.	Where do we collect your personal data?
2.	How is your data processed (purposes and legal bases)?
3.	Who has access to your personal data (recipients)?
4.	Do we transfer your personal data internationally (transfer to third countries)?
5.	How long do we store your personal data?

1. Where do we collect your personal data?

We have a presence on (i) LinkedIn, (ii) YouTube, (iii) Twitter, (iv) Instagram, (v) Xing and (vi) Facebook.

The providers of these social media process information about how you interact with our corporate presence on the respective network and data that you provide in your respective profile. The providers aggregate this data and provide it to us as statistics; however, you are not identifiable from these statistics. These statistics help us better understand trends and demographics of the groups of people who interact with our corporate presence.

The social network providers are the following companies:

• LinkedIn: LinkedIn Ireland Unlimited Company ("LIUC"), Wilton Place, Dublin 2, Ireland

  
  In connection with the processing of your personal data to produce the statistics, we and LIUC are joint data controllers. In this context, we and LIUC have entered into a joint controllership arrangement (available here). Pursuant to this arrangement, LIUC assumes compliance with the data protection obligations that exist in connection with the provision of the statistics. This includes the fulfillment of all rights you have as a user of LinkedIN. These are, for example, your rights to information, disclosure, deletion and objection. LIUC will also ensure that any existing notification obligations due to personal data breaches (such as towards authorities or you) are fulfilled. LIUC will therefore also ensure that LinkedIn members are informed about the processed data.

  Information about LIUC's processing of your personal data when using LinkedIn can be found in LIUC's privacy notice, which is available here. You can view the user agreement for LinkedIn here.

• YouTube: Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland

  
  Information about Google's processing of your personal data when using YouTube can be found in Google's privacy notice, which is available here. You can view the terms of service for YouTube here.

• Twitter: Twitter International Unlimited Company ("TIUC"), One Cumberland Place, Fenian Street Dublin 2, Ireland

  
  Information about TIUC's processing of your personal data when using Twitter can be found in Twitter's privacy notice, which is available here. You can view the Twitter user agreement here.

• Instagram: Meta Platforms Ireland Limited ("Meta"), 4 Grand Canal Square, Dublin 2, Ireland

  
  Information about Meta's processing of your personal data when using Instagram can be found in Meta's privacy notice, which is available here. You can view the terms of use for Instagram here.

• Xing: New Work SE, Am Strandkai ("NW"), 20457 Hamburg, Germany

  
  Information on the processing of your personal data by NW when using Xing can be found in NW's privacy notice, which is available here. You can view the general terms and conditions for the use of XING here.

• Facebook: Meta Platforms Ireland Limited ("Meta"), Block J, Serpentine Avenue, Dublin 4, Ireland

  
  In connection with the processing of your personal data to produce the statistics, we and Meta are joint controllers. In this context, we and Meta have entered into a joint controllership arrangement (available here). Thereafter, we and Meta have agreed that Meta is obligated to enable data subjects' rights under Articles 15 to 20 of the GDPR (in particular, the right of access, the right of rectification, the right of erasure, the right to restrict processing and the right to object) with respect to personal data stored by Meta after joint processing. You may exercise your rights in relation to the processing of your personal data towards Meta.

  Under this arrangement, we are also required to inform you of the following: Meta relies on the legal basis of "legitimate interests" (Art. 6 (1) (f) GDPR) for the processing of your personal data in connection with the statistics.

  Information about Meta's processing of your personal data when using Facebook, in particular Meta's contact details and the contact details of Meta's designated data protection officer, as well as your rights vis-à-vis Meta, can be found in Meta's privacy notice, which is available here. You can view the terms of service for Facebook here.

We collect your personal data when you interact with us via social media. The categories of personal data we process in the course of such interaction depend on the platform used. Among others, this may involve the following categories of personal data:

• Identification data (if you contact us via social media): such as your first and last name;
• Contact details (if you contact us via social media): such as your email address and phone number;
• Communication data (if you contact us via social media): such as the company you work for or on whose behalf you are contacting us, the country you are in, and the content of your message;
• Social media activity data, such as your IP address, your behavior on social media, information about the device you are using, browser language, the date, time and duration of your visit to social media;
• Location information, such as general information about your location (e.g. time zone, city/state and/or zip code in conjunction with your IP address).

2. How is your data processed (purposes and legal basis)?

1. General

   
   We process your personal data for the purposes listed in the table below. In doing so, we rely on the legal bases listed in the table. Where relevant, the legitimate interest we pursue with the processing is also listed. In principle, the following legal bases are relevant:

   • performance of a contract (including processing necessary to take steps at your request prior to entering into a contract) (Art. 6 (1) (b) GDPR;
   • Compliance with legal obligations (Art. 6 (1) (c) GDPR);
   • Legitimate interests (Art. 6 (1) (f) GDPR);
   • Consent (Art. 6 (1) (a), Art. 7 GDPR).

   Processing purposes	Legal basis	Legitimate interests (as far as relevant)	Categories of personal data
   Provision of a corporate presence in social media	Legitimate interest	There is a legitimate interest in providing and maintaining (legally compliant) presences in social media in order to present the Stork group and its services and content on the Internet.	Social media activity data
   Contacting you and providing you with information you have requested	Fulfillment of a contract or, if you are not our contractual partner, legitimate interests	There is a legitimate interest in responding to your contact.	Identification data, contact data, communication data
   Improving our services, products and our corporate presences in social media	Legitimate interests	There is a legitimate interest in improving our services, products and social media presence in order to further develop our business.	Social media activity data
   Collection and use of statistical information on the use of company presences in social media	Legitimate interests	There is a legitimate interest in analyzing the use of the social media presences in order to improve them.	Social media activity data, location information
   Marketing communications (such as newsletters)	Consent or, to the extent permitted by law, legitimate interests	There is a legitimate interest in advertising products and/or services.	Contact data, identification data
   Interaction via social media	Legitimate interests	There is a legitimate interest in interacting with followers and other interested parties via social media in order to present the Stork group and its services on the Internet.	The categories of personal data depend on the platform used. In particular, the following categories are concerned: Contact data, identification data, other information that you provide to us as part of the interaction via social media.
   Implementation of sweepstakes	Performance of a contract	-	Personal data necessary for the implementation of the sweepstake and provided by the user, as well as data collected by the social network (identification data, location information, other information relevant to the implementation of the sweepstake).
   Safeguarding our rights	Legitimate interests	There is a legitimate interest in asserting, exercising and/or defending legal claims.	Identification data, contact data, messaging data, social media activity data, location information.
   Compliance with legal obligations (e.g. from tax law)	Fulfillment of legal obligations	-	Identification data, contact data, communication data, social media activity data, location information.
   Execution of corporate transactions (e.g. reorganization, merger, sale, sale of assets, joint venture)	Legitimate interests	There is a legitimate interest in effectively disposing of our assets and making commercially reasonable decisions about the development of our business.	Identification data, contact data, messaging data, social media activity data, location information.
   For the processing purposes listed above, it may be necessary to transmit data to other companies of the Stork	Consent, insofar as consent is used as a legal basis for the relevant processing activity, otherwise legitimate interests	There is a legitimate interest in transferring data within the Stork for internal administrative purposes.	The categories of personal data correspond to those listed for the respective processing purpose.

2. Analysis of usage behavior in social media

   
   The social media providers process information about how you interact with our corporate presence on the respective network and data that you provide in your respective profile. The providers aggregate this data and provide it to us as statistics; however, you are not identifiable from this aggregated data. These statistics help us better understand trends and demographics of the groups of people who interact with our company presence. Details about our corporate presences on social media and the respective providers can be found in section 1.

   Processing purposes	Legal basis	Legitimate interests (as far as relevant)	Categories of personal data
   Placement of advertisements	Legitimate interests	There is a legitimate interest in evaluating the use of the presences on social media in order to play out advertising as targeted as possible. Furthermore, there is a legitimate interest in advertising products and/or services.	The categories of personal data depend on the platform used. In particular, the following categories are concerned: social media activity data, identification data, contact data, communication data, location information.

3. Social media

   
   In connection with our channels on social media, we ask you to consult the privacy notices of the respective platform if you would like to learn more about the processing of your personal data on these platforms.

3. Who has access to your personal data (recipients)?

1. We may share your personal data with service providers who process personal data on our behalf and based on our instructions as so-called processors in order to provide their services to us:
   
   
   • Consent management provider (in the EU)
   • Provider for sending newsletters (in the EU)
2. We may share your personal information with the following third parties:
   
   
   • Authorities, courts and consultants (e.g. lawyers, auditors), insofar as we are legally obliged to do so, or this is necessary to safeguard our rights
   • Relevant third parties in the context of a corporate transaction, to the extent required for a transaction

4. Do we transfer your personal data internationally (transfer to third countries)?

The recipients of your personal data (see section 3) may be located in a country outside the European Union / European Economic Area. To the extent that the relevant country has not been recognized by the European Commission - by means of an adequacy decision - as a country where personal data are adequately protected, we will only transfer your personal data to such countries to the extent that another mechanism of Art. 44 et seq. GDPR justifies the transfer (e.g. standard contractual clauses) or an exception under Art. 49 GDPR applies. Additional measures are taken / agreed upon to the extent necessary to ensure adequate protection for the personal data. A list of adequacy decisions can be found here.

If there is no adequacy decision, the standard contractual clauses of the European Commission (from the implementing decision (EU) 2021/914 of June 4, 2021) are regularly the basis for the transfer. Insofar as the transfer in this context is made to a service provider acting as a processor for us, Module Two (transfer from controllers to processors) of the standard contractual clauses is relevant; insofar as the transfer is made to other third parties, Module One (transfer from controllers to controllers) is relevant.

For more details about these transfers and the transfer mechanisms used with respect to them, please contact us at dataprivacy@bilfinger.com.

5. How long do we store your personal data?

Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

Exceptionally, we may store your personal data longer than shown in this section to the extent necessary to comply with a legal obligation or to assert, exercise or defend legal claims.

1. Analysis of usage behavior in social media
   
   

   The data generated via the analysis is collected and stored by us exclusively in a non-personal manner.

6. How long do we store your personal data?

Your personal data is regularly deleted as soon as it is no longer required to achieve the purpose for which it was collected. The personal data is therefore usually deleted at the latest when the contractual relationship with you or your employer/client has ended, and the applicable limitation periods have expired.

The personal data of new leads that we have entered into our Customer Relationship Management tool will initially be checked within 28 days to determine whether it is still required for the purposes set out in section 2 above. If this check does not lead us to the conclusion that the personal data is required for this purpose, it will be deleted within four weeks of the expiry of these 28 days. This review will be repeated every three years thereafter and if we do not conclude within 28 days during this review that the personal data is still necessary, it will be deleted.

The personal data of contacts that we have entered into our customer relationship management tool are reviewed every ten years to determine whether they are still required for the purposes described in section 2 above. If we do not conclude within 28 days during this review that the personal data is still necessary, it will be deleted.

We retain e-mails for as long as they are needed for our operational purposes.

Insofar as personal data is processed on the basis of consent, we generally delete this data when the consent is withdrawn. The documentation relating to such consent is regularly stored for up to three years after the calendar year in which the consent was withdrawn. Exceptionally, we may store your personal data for a longer period of time to the extent necessary to comply with a legal obligation or to establish, exercise or defend legal claims.

IV. Amendment of this privacy notice

We reserve the right to amend or change this privacy notice at any time to ensure compliance with applicable laws. Please check regularly to see if this privacy notice has changed.

This privacy notice was last amended in May 2025.