Privacy policy –
XXLKW Secure Parking Elbebrücke GmbH

The fair handling of your personal data is very important to us. According to European data protection laws, this includes comprehensible information. In our data protection declaration, you will therefore learn how we process personal data in principle and in particular on our websites. Likewise, we inform you about your rights under data protection laws. We strive to make this information as concise and understandable as possible, but also to provide sufficient detail. This privacy policy also applies to our websites and social media profiles. If you want to know more precisely what the data protection terms used here mean, you will find a list of definitions in the General Data Protection Regulation (Art. 4 DSGVO).

At a glance

Data processing at XXLW Secure Parking Elbebrücke GmbH
We collect personal data from customers, employees and business partners as well as from website visitors for the initiation and fulfillment of contracts, the fulfillment of legal obligations as well as for our own purposes such as the handling of our internal processes and advertising. If necessary, we pass on data to internal and external bodies, e.g. authorities. We retain data only as long as the respective purpose and legal regulations require.

We do not sell data. Our web offer is not financed by advertising. We use cookies and other tracking technologies solely to analyze the use of our website and to enable the display of content.

Your rights
We grant you information about your data processed by us at any time as well as the possibility to correct, delete and object to the processing. Likewise, you have the right to data transfer and the right to contact the data protection supervisory authority responsible for us ( or the supervisory authority in your country with any complaints.

The company responsible for processing your data is XXLKW Secure Parking Elbebrücke GmbH, Raiffeisenallee 6a, 82041 Oberhaching. Questions regarding data protection at XXLKW should be directed to

1. general notes and mandatory information

Responsible entity
The responsible body in the sense of the data protection laws (Basic Data Protection Regulation and Federal Data Protection Act) is the

XXLKW Secure Parking Elbebrücke GmbH
Raiffeisenallee 6a
82041 Oberhaching
Phone: 089 / 665197-0
Fax: 089 / 665197-70
For further information please refer to the imprint.

Data Protection Officer
XXLKW Secure Parking Elbebrücke GmbH has appointed msecure GmbH as External Data Protection Officer. You can reach the data protection officer at

Data processing purposes
XXLKW Secure Parking Elbebrücke GmbH is a service provider for mainly medium-sized companies. Personal data usually results from contacts with contact persons or from the employment of employees. Through our activities, we may come into contact with personal data of our clients and their customers. We treat such data with due confidentiality and discretion.

Personal and person-related data are processed by XXLKW Secure Parking Elbebrücke GmbH in order to be able to offer and provide services, process and invoice orders, conclude and fulfill contracts, fulfill legal obligations, create business and statistical evaluations, process job applications, provide information and carry out security measures. The processing of personal data thus complies with the data protection law permissions in the General Data Protection Regulation (GDPR), i.e. generally on the basis of our legitimate interest, for the fulfillment of legal obligations or, if applicable, for the fulfillment of contracts with natural persons. If we process personal data beyond the above-mentioned circumstances, this is done on the basis of consent.

We do not process personal data beyond what is necessary. In particular, we do not sell personal data to third parties.

Type of personal data

  • From customers and interested parties: Address and contact data, contract data, data on the purchase of products and services, billing data, data on interest in services.
  • From employees of our customers and business partners: address and contact data
  • From our employees: Address data, contact data, bank data, personnel data
  • From applicants: address and contact details and personal data provided
  • From business partners and suppliers: Address data, contact data, contract data
  • From website visitors: Usage data, contact data (if provided voluntarily)

Origin of the personal data
XXLKW Secure Parking Elbebrücke GmbH usually collects the data directly from the respective person. In some cases, personal data is transmitted to us by customers, business partners or public authorities.

Disclosure of personal data
We sometimes use partners and subcontractors for the processing of data. As a rule, the responsibility for this remains with XXLKW Secure Parking Elbebrücke GmbH. For the handling of our processes or for the fulfillment of legal obligations, a transfer of personal data may be necessary to:

  • Public bodies that receive data on the basis of statutory regulations (e.g. public authorities, social insurance institutions, law enforcement agencies)
  • Internal units involved in the execution of business processes (e.g. human resources, accounting, sales, IT)
  • External entities involved in the handling of business processes (service providers and subcontractors, e.g. advertising agencies, IT service providers, tax consultants, cooperation partners)

If data is passed on to the commissioned processors as part of a commissioned processing agreement, this is always done in accordance with data protection laws. We have concluded contracts with these companies that grant us rights of instruction and control with regard to the data. They also oblige the processors to take appropriate technical and organizational measures and to comply with data protection laws.

Retention period of personal data
Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as the purpose for storing it no longer applies, unless its continued storage is necessary for evidence purposes or legal storage obligations prevent deletion. This includes, for example, retention obligations under tax law (10 years). When the prescribed retention period expires, your data will be blocked or deleted, unless the storage is still necessary for the conclusion of a contract or the enforcement of rights.

Contact us via contact form / e-mail / fax / mail
When contacting us via contact form, fax, mail or e-mail, your information will be processed to handle the request. We have a legitimate interest in processing and storing such data in order to be able to respond to users’ inquiries, to preserve evidence for liability reasons and, if necessary, to comply with our legal obligations to retain business correspondence.

We may store your information and contact request in our customer and order management systems. We store inquiries from users with whose companies we have a contractual relationship until two years after termination of the contract. In the case of legal archiving obligations, deletion takes place after their expiry; in the case of tax law retention obligations, this is 10 years. In other cases, we delete the data as soon as the purpose has been achieved, i.e. the respective conversation with you has ended, as the facts concerned have been conclusively clarified.

Note on e-mails and e-mail applications

Please note that unencrypted e-mails and e-mail applications sent via the Internet are not adequately protected against unauthorized third-party access.

Data protection in applications and the application process
Applications sent to us electronically or by mail are processed electronically or manually to handle the application process.

If your application documents contain “special categories of personal data” (e.g. photo, information on religion or marital status), you disclose this data freely, with the exception of any severe disability. You may submit your application without such data; this will not affect your chances of applying.

The legal basis for the processing is the fulfillment of contracts, which in this case also includes the assessment of suitability for a vacancy.

If an employment relationship is entered into with you after completion of the application process, your application data will be transferred to the personnel file and stored in compliance with relevant data protection regulations. If you are not offered a position after completion of the application process, your submitted letter of application including documents will be deleted 6 months after the rejection has been sent in order to be able to satisfy any claims and obligations to provide evidence in accordance with the AGG.

2. website and social media

Logging (server log files)
When you visit our websites, our web servers log some information that your browser transmits with the request. These are the IP address you use or your Internet service provider, information about the browser used (type, language, version) and the operating system, as well as the website from which you visit us.

This information is required to deliver the content of our website correctly and to ensure the functionality of the technology of our website. In addition, they are used to defend against attempted attacks on our web servers, including the provision of information to authorities for law enforcement purposes. The legal basis for this is our legitimate interest in the above purposes. The log data is deleted after 7 days. This data is not merged with other data sources.

Cookies use
The internet pages partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure.

Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When cookies are disabled, the functionality of this website may be limited.

We store and process cookies that are required to carry out electronic communication or to provide certain functions on the basis of our legitimate interest in the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy.

Cookie Consent Tool from Borlabs
This website uses Borlabs cookie, which sets a technically necessary cookie(borlabs-cookie) to store your cookie consents.

Borlabs Cookie does not process any personal data.

The borlabs-cookie cookie stores the consent you gave when entering the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent. You can also change the cookie settings at any time here: [borlabs-cookie type=”btn-cookie-preference” title=”Change cookie settings” element=”link” /]

Use of Myfonts
This site uses MyFonts. These are fonts that are loaded into your browser when you visit our website in order to ensure a uniform typeface when displaying the website. The provider is Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA. In order to verify compliance with the license terms and the number of monthly page views, MyFonts transfers your IP address along with the URL of our website and our contractual data to its servers in the USA. According to Monotype, your IP address will be deleted immediately after the transfer.
anonymized so that it is no longer possible to establish a personal reference (anonymization).

For details, please refer to Monotype’s privacy policy at

Google Maps
This site uses the map service Google Maps. Provider is Google Ireland Limited (“Google”), Gordon
House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This
Information is usually transferred to a Google server in the USA and stored there.
The provider of this site has no influence on this data transmission. When Google Maps is enabled,
Google may use Google Fonts for the purpose of uniform display of fonts. At
When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and
Display fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online
offers and in an easy findability of the places we indicate on the website. This represents
a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Provided that a corresponding
consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a
DSGVO and § 25 para. 1 TTDSG, insofar as the consent allows the storage of cookies or access to
information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The
Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here: and
More information on the handling of user data can be found in Google’s privacy policy:

Social media presence

  1. We maintain profiles or fan pages in social media in order to communicate with the users connected and registered there and to provide information about our products, offers and services. The US providers are certified under the so-called Privacy Shield and are thus obliged to comply with European data protection. When you use and call up our profile in the respective network, the respective data protection information and terms of use of the respective network apply.
  2. We process the data you send us via these networks in order to communicate with you and to reply to your messages there.
  3. The legal basis for the processing of personal data is our legitimate interest in communicating with users and our external presentation for the purpose of advertising pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR. Insofar as you have given the person responsible for the social network consent to the processing of your personal data, the legal basis is Art. 6 para. 1 p. 1 lit. You can find the data protection notices, information options and objection options (opt-out) of the respective networks here:

SSL or TLS encryption
In order to protect the data that is transmitted to us and to ensure that the data protection regulations are complied with by us, as well as by our external service providers, we have taken appropriate technical and organizational security measures. Therefore, among other things, all data between your browser and our server is transmitted via a secure SSL or SSL-encrypted connection. TLS encryption. You can recognize an encrypted connection by the fact that the browser address bar changes from “http://” to “https://” and by the lock symbol in your browser bar. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

3. your rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • to request information about your personal data processed by us in accordance with Art. 15 DSGVO. This includes the purposes of processing, the category of personal data, the categories of recipients of the data, the planned storage period, the origin of their data, and about the existence of automated decision-making (profiling);
  • in accordance with Art. 16 DSGVO to demand the correction of incorrect or completion of your personal data stored by us;
  • pursuant to Art. 17 DSGVO to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • in accordance with Art. 18 DSGVO to request the restriction of the processing of your personal data if you: dispute the accuracy of the data; the processing is unlawful and you object to the erasure of your data; we no longer need your data, but you need them to enforce legal claims; you have objected to the processing as long as it has not yet been determined whether our legitimate grounds override yours.
  • in accordance with Art. 20 DSGVO to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • according to Art. 7 par. 3 DSGVO to revoke a given consent to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future;
  • object to the processing of your personal data pursuant to Art. 21 DSGVO. If your objection is directed against direct advertising, we will implement this immediately. If the processing of your data is based on a legitimate interest of Albert Hauptstein Bauunternehmung e. K. or a third party and your objection is based on your particular situation, we will comply unless there are legitimate grounds for the processing which override your interests or we need your data to enforce legal claims.
  • complain to a supervisory authority in accordance with Art. 77 DSGVO. If you believe that we have not adequately complied with your rights and our obligations under the GDPR, you have the right to lodge a complaint with a competent data protection authority. The authority responsible for us is the Bavarian State Office for Data Protection Supervision in Ansbach,;
    We may not be able to fulfill all rights in full, e.g. due to legal requirements. If we have to reject your application in whole or in part in such a case, we will inform you of the reasons for the rejection.