Name and address of the responsible company
The responsible company within the means of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection regulations is:
Name and address of the data protection officer
The data protection officer of the controller is:
Deutsche Datenschutz Consult GmbH
22769 Hamburg Germany
Telefon: +49 40 228 60 70 402
Email: [email protected]
Concerning data security
For our website we use the SSL (Secure Socket Layer) procedure in connection with the highest encryption level that is supported by your browser. Typically, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit technology instead. You can identify whether an individual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Communication with corporate and private customers
If you correspond with us via email, we collect, store, and process your name, email address, and all relevant contents of the correspondence. The processing of this data is regularly carried out in order to initiate, implement or support our contractual relationship with you or the responsible entity that you represent.
If the correspondence serves the purpose of initiating, implementing or servicing of a contractual relationship with you, the legal basis for the processing is usually Art. 6 (1) lit. b GDPR. If you represent a company that corresponds with us, the processing is based on Art. 6 para. I lit. f GDPR, whereby our rightful interest lies in the establishment and support of business relationships. If you have specifically given us your consent for contacting or corresponding with you, processing may also be based on Art. 6 para. 1 lit. a GDPR in individual cases.
If necessary for the performance of the contract or if required by law, we will disclose or transfer personal data of our customers to third parties, however, only if this serves the provision of our services in accordance with Art. 6 para. 1 lit. b. GDPR, if it is required by law according to Art. 6 para. 1 lit c. GDPR, if it serves our interest or the interest of our customers to receive the efficient and cost-effective provision of services in accordance with Art. 6 Para. 1 lit f. GDPR, or in the context of explicit consent pursuant to Art. 6 para. 1 lit. a., Art. 7 GDPR. Possible third parties to whom your personal data may be transferred to are
- external specialists involved in the provision of services, and
- third parties necessarily or typically involved in the performance of the contract, such as billing offices or other comparable service providers.
Your data will only be stored for as long as it is required to process the correspondence. In addition, we are required by law to retain business correspondences for a period of 6 years. In this regard, your data is stored in accordance with Art. 6 Para. 1 lit. c GDPR for the purpose of fulfilling statutory retention obligations. After expiry of these retention obligations, your data will be deleted, unless there is a need for further storage of the data in connection with a contract conclusion or a contract fulfillment.
Retrieval of data from real estate portals and valuation
As part of our core business, we collect data on properties that are offered on real estate portals. This factual data always relates to the property itself, but in individual cases it may also be possible to draw conclusions about their owners or tenants via the address or other information provided, without having any significance for our service provision (“personal factual data”). The property data is obtained via a software interface (API) or determined by a service provider referencing other predefined regions. The property data is used to evaluate which properties are suitable for acquisition. This evaluation also takes into account options for expansion and the rental prices that can be achieved. The property data is stored for the long-term to analyze the real estate market and regional developments. We do not draw any conclusions about private individuals.
As part of the valuation, we may also transmit property data to the service provider Sprengnetter (Sprengnetter Real Estate Services GmbH, Sprengnetter Campus 1, 53474 Bad Neuenahr-Ahrweiler) to run a comparative analysis with similar properties in the same area. Sprengnetter then provides data on similar properties in the vicinity of the offered property.
Provided that the property data includes personal private data at all, it is processed in accordance with Art. 6 Para. 1 lit. f GDPR, whereby our legitimate interest lies in the pursuit of our corporate purpose.
For the sale of properties, we transmit property data to the structure distributor, who then sells the properties to third parties. If the property data includes personal private data, it is processed in accordance with Art. 6 Para. 1 lit. f GDPR, whereby our legitimate interest lies in the profitable sale of the properties.
Administration / Property Management
In some cases, we offer property management services for sold properties. In this reagard, we may process personal data of tenants and owners (or, if they are legal entities, of the reference contact) as well as reference contacts of service providers, artisans, suppliers, and condominium managers for the management of the property. These services include, among others, the maintenance, repair, and care of the property, the management of payments from tenants, service charge statements, payout to owners, the management of deposit accounts, or the representation of the owner at owners’ meetings.
The processing of this data is done in accordance with Art. 6 (1) lit. b GDPR, where the processing is necessary for the performance of a contract. Otherwise, the processing is carried out in accordance with Art. 6 (1) lit. f GDPR, where our legitimate interest lies in the proper provision of property management services.
The property management data will be deleted as soon as the contract is terminated, the data is no longer required for legal prosecution / defense against legal claims and the statutory archiving obligations have expired.
When you visit our website, we log the following data that your browser transmits:
- IP address
- Internet Service Provider of the user
- Access status / HTTP status code
- Language and version of the browser software
The system’s temporary storage of the IP address is necessary to enable the delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. These purposes are also our legitimate interest in data processing according to Art. 6 (1) lit. F GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
The collection of data is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.
If you apply for one of our vacancies via our web platform, we will collect and process your personal data for the purpose of processing the application and carrying out pre-contractual actions in accordance with Section 26 (1) BDSG.
By submitting an application on our recruiting page, you express your interest in taking up employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application.
In particular, the following data is collected:
- Name (first and last name)
- E-mail address
- Telephone number
- Salary expectation
You also have the option of uploading further documents such as a cover letter, your resume and references. These may contain further personal data such as your date of birth, address, etc.
Only authorized employees from the HR department or employees involved in the application process have access to your data.
Personal data is stored solely for the purpose of filling the vacant position for which you have applied.
Your data will be stored for a period of 180 days after the end of the application process. This is done to fulfill legal obligations or to defend against any claims arising from legal regulations. Subsequently, we are obliged to delete or anonymize your data. In this case, the data is only available to us as so-called metadata, without direct personal reference, for the use of statistical evaluations (for example, proportion of women or men in applications, number of applications per period, etc.).
If, in the case of a rejection from our side, we are still interested in your profile, we will obtain your consent for further storage of your data and to check for a match with other open positions in the company. Your data will then only further be used with your explicit consent. If you do not respond to the request within the time window, in which we store your data based on our interest, it will be automatically deleted. In all other cases, your data will be deleted immediately upon rejection.
If you are accepted within the application process and also take up this position, the data from the applicant data system will be transferred to our personnel information system.
The data transmitted as part of your application will be transferred via TLS encryption and stored in a database. This database is operated by Personio GmbH, which provides personnel administration and applicant management software (https://www.personio.de/impressum/). Processing takes place exclusively within the Federal Republic of Germany (see also https://www.personio.de/datenschutz/#datenschutz). In this context, Personio is our processor according to Art. 28 GDPR. The basis for the processing is an order processing contract between us, as the controller, and Personio.
Our website contains a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. This data includes, in addition to the worded request of the user:
- First and last name
- Email address
- Subject and content of the message
At the time the message is sent, the following data is also stored:
- IP address
- Date and time of entry
Alternatively, it is possible to contact us via the e-mail address that is provided. In this case, the user’s personal data that is transmitted with the e-mail will be stored. Please note that there will be no separate encryption of the data that is sent.
No data will be passed on to third parties in connection with your contact. The data is used exclusively for conversation processing purposes.
If necessary, the data is processed within the context of the initiation or implementation of a contractual relationship, Art. 6 para. 1 lit. b GDPR. Furthermore, processing may take place within the scope of our legitimate interest, Art. 6 (1) lit. f GDPR – our legitimate interest in this case is the provision of an uncomplicated possibility for parties that are interested in our services or other visitors of our website to contact us. Our legitimate interests may also lie, for example, in the internal forwarding of the inquiry to another employee or other organizational measures to reduce workload. This does not include unexpected or unmanageable processes that are detrimental to the sender.
The collection of data from the input mask is solely for the purpose of processing your inquiry and providing information about our services. Your data will not be passed on or used for other purposes.
Other personal data processed during the submission process is used to prevent the misuse of the contact form and to ensure the security of our information technology systems.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data from the contact form and those sent by e-mail, this is the case when there is no longer a legal obligation to provide proof, as far as they are relevant under tax or commercial law. Otherwise, the deletion takes place as soon as the respective conversation with the user has terminated. The conversation counts as terminated if it is clear from the circumstances that the matter in question has been conclusively clarified and it is unlikely that it will be referred to again in the future.
The additional personal data collected for technical reasons during the sending process will be deleted after a period of seven days at the latest, unless the information can be derived from the content of the message.
The user can object to the storage of his or her personal data at any time. For this purpose, it is sufficient to send an informal email to our data protection officer (address see above) and stating the data required for the assignment of the contact. In this case, the conversation cannot be continued. All personal data stored in the process of contacting us will be deleted in this case, unless further storage is required for verification purposes.
Information about details you provide when visiting the website can be stored in cookies – for example, language selection, entries in form fields, etc. Cookies can also store a unique identifier that makes your browser recognizable to the website.
Our site uses both session cookies (which are automatically deleted when the browser is closed) and persistent cookies (which remain on your computer until the set expiration date).
Additionally, third-party services are integrated on the website, which may also place cookies on your computer. For information on the integrated services, see below.
The setting of cookies is based on Art. 6 para. 1 sentence 1 lit.f GDPR, whereby our legitimate interest lies in the provision of a functional and user-friendly website, the response to customer inquiries, and the optimization of our web offering.
Some of the cookies used are placed on your device only after confirming the cookie banner. In this case, your consent provides the legal basis for placement of these cookies in accordance with Art. 6 Para. 1 lit. a GDPR.
We use the personal data collected with the help of the cookies to optimize the information and offers on our website in your interest by optimizing the navigation of the site from a technical point of view, for example, by allowing you to save your settings for your next visit or features such as the recognition of a closed session to enable a login or shopping cart, etc.
The user data collected by the cookies is not used to create user profiles.
Session cookies are deleted when the browser is closed, persistent cookies are deleted after the set expiration date.
Google Universal Analytics
Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. In doing so, pseudonymous usage profiles can be created from the processed data.
We use Google Analytics in the form of “universal analytics”. “Universal Analytics” refers to a method of Google Analytics in which the user analysis is based on a pseudonymous user ID. Hereby, a pseudonymous profile of the user is created with information from the use of different devices (so-called “cross-device tracking”).
We only use Google Analytics with IP anonymization activated. This means that Google shortens the IP address of the user within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser is not merged with other data from Google.
You give your consent to this processing by confirming the cookie banner that pops up when you visit this website. You can revoke your consent at any time.
Online profiles in social media
We have online profiles on the platforms LinkedIn and XING in order to communicate with our customers, interested parties, and active users to be able to inform them about our services. When visiting the respective platforms, the terms and conditions and data processing policies of the respective operators apply.
Furthermore, the data of visitors to our online profiles is evaluated by the platform operators and the anonymized data is partly made available to us. The provision of our online profiles on these platforms and the obtaining of statistical evaluations of visitors, which is our responsibility, is carried out in our legitimate interest in being able to evaluate our offer and market reach, Art. 6 (1) lit. f GDPR.
The actual statistical evaluation is done by the platform operators. For more detailed information, you can contact the responsible platform operators at any time or look up further information in their privacy statements.
Name: LinkedIn Ireland Unlimited Company
Address: Wilton Place, D2 Dublin, Ireland
Name: XING SE
Address: Dammtorstraße 30, 20354 Hamburg, Germany
No automated individual decision-making
We would like to point out that by using our services, you will not be subject to any decision based exclusively on automated processing – including profiling – which becomes legally effective vis-à-vis you or, similarly, significantly affects you.
You can request information about the processing of your personal data. In addition, you have the right to request rectification, restriction of processing, portability and/or deletion of your personal data. If you have asserted your right to deletion, restriction of processing, or rectification, you may also request corresponding information from the recipients of your data.
Furthermore, you can lodge a complaint about the processing of your data with a supervisory authority and object to it.