The data protection policy

The data protection policy

Data protection policy

1. Data protection policy

Thank you for visiting our websites. Below please find some information about how we handle your data under Art. 13 of the EU General Data Protection Regulation (GDPR).

Controller

The controller responsible for data collection and processing as outlined below can be found in the Legal Disclosure section.

Usage data

When you visit our websites, our web server stores temporary “usage data” for statistical purposes as a log in order to improve the quality of our websites. This set of data includes:

  • the page from which the file was requested,
  • the name of the file,
  • the date and time of request,
  • the volume of transferred data,
  • the access status (file transferred, file not found),
  • the description of the type of web browser used,
  • the IP address of the computer sending the request, which is abbreviated in order to conceal personal identity.

The log data mentioned above is stored in anonymous form only.

2. Data transfer to third parties

Data transfer to third parties

We transfer your data to providers who process it on our behalf under Art. 28 GDPR in order to help us run our websites and the related processes. Our service providers are subject to our strict instructions and are contractually obligated to follow them. The name of our provider is: Host Europe GmbH, Google LLC.

Data transfer to third countries

In some cases, we transfer personal data to a third country outside the EU. We have ensured an adequate level of data protection in all cases:

Google Analytics (USA) has an adequate level of data protection due to its participation in the Privacy Shield (Art. 45 (1) GDPR).

3. Cookies

Our websites use cookies. Cookies are small text files that are stored on your device and can be read. There are “session cookies,” which are deleted once you close your browser, and persistent cookies, which are stored even after a session. Cookies can contain data that allow for the identification of the device you have used. However, sometimes cookies contain only information about certain settings that do not identify a person.

Our websites use session cookies. Processing is based on Art. 6 (1) (1) f) GDPR and in the interest of optimizing/enabling user navigation and presenting our websites.

You can set your browser to notify you when cookies are placed. The use of cookies will then be transparent for you. You can also delete cookies at any time using the relevant browser settings and block new cookies. Please note that if you do so, our websites may not be displayed in an optimal manner and some functions may not be technically available.

4. Retargeting Google

By using this website, you agree to the following data processing:

We use Google remarketing technologies.

We use Google's cross-device remarketing technologies so that targeted advertising can be displayed on other websites based on your visits to our websites. Data is processed on the basis of your consent under Art. 6 (1) (1) a) GDPR.

How does remarketing work?

When you visit our websites, it is possible for Google to access recognition features for your browser or your device (e.g., it creates a “browser fingerprint”), analyze your IP address, or store a fingerprint in the form of a small text file on your device (e.g. a “third-party cookie”). It is also possible for Google to link and store your visit to our websites with one or more of these fingerprints in order to show you our ads on other pages on the internet.

The above fingerprints are designed as a pseudonym and can be used by Google in order to recognize your device on other websites. For instance, if you visit a page that takes part in Google's Display Ads network (i.e. that shows ads on behalf of Google), Google can recognize your device and browser using the above features.

We can also use "remarketing tags” on our websites. This means that we can add keywords to our websites that contain information about the content of the page shown (such as product or service categories). The keywords that we use do not include personal or sensitive information. Google receives and stores these keywords for the aforementioned fingerprints. This means that when you visit a page where we have placed keywords for a certain product category, Google will store this keyword and match it with your fingerprints.

This allows us to have Google place ads on other websites that are based on our pages you have visited. In other words, if you visit another website that takes part in the Google Display Ad network, Google can use the fingerprint and the keywords stored on this fingerprint to determine whether our ads should be shown to you, and if so, which ones.

For more information on how the Google remarketing technologies works, see https://www.google.com/policies/technologies/ads/.

What is cross-device remarketing?

If you log onto Google services with your own user ID, or use one or more of your own Google accounts, Google can link the fingerprints from various browsers and devices. If Google has created a separate fingerprint for the laptop, desktop PC, smartphone and/or tablet that you use, these fingerprints can be linked with one another once you use or have used a Google service with your user ID. This allows Google to show our ad campaigns in a targeted manner regardless of device. However, Google will not do this unless you have provided Google with your consent for this data processing in the past.

You can change your ad settings.

You can opt out of this form of processing at any time. To do so, go to https://support.google.com/ads/answer/2662922 and deactivate personalized ads. Please note that these settings may not affect all devices and browsers. You can also find more information at https://support.google.com/ads/answer/2662922.

5. Explanation of security measures

Data security

We take technical and organizational measures to protect your data as much as possible from unauthorized access. We use an encryption method on our sites. Your information is sent from your computer to our server and back via the internet using TLS encryption. You can verify this by making sure that the lock symbol is closed in the status bar of your browser and that the address begins with https://.

6. Rights of the user

Your rights as a user

When your personal data is processed, you have certain rights as a website user under the GDPR:

1. Right of access (Art. 15 GDPR):

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the specific information listed in Art. 15 GDPR.

2. Right to rectification and erasure (Art. 16 and Art. 17 GDPR):

You have the right to request the immediate rectification of incorrect personal data about you and, if needed, the completion of incomplete personal data.

You also have the right to request that personal data about you is deleted immediately if one of the specific reasons listed under Art. 17 GDPR applies, e.g. if the data is no longer needed for the intended purpose.

3. Right to restriction of processing (Art. 18 GDPR):

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have filed an objection to the processing, for the duration of any review.

4. Right to data portability (Art. 20 GDPR):

In certain cases, as specified in Art. 20 GDPR, you have the right to receive personal data about you in a structured, standard and machine-readable format or to request that this data be transferred to a third party.

5. Right of objection (Art. 21 GDPR):

If data is collected on the basis of Art. 6 (1) (1) f) (data processing to protect legitimate interests), you have the right to object at any time to the processing for reasons relating to your particular circumstances. We will no longer process the personal data if there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

6. Right to lodge a complaint with a supervisory authority

Under Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you feel that the processing of data about you infringes provisions of data protection laws. The right to lodge a complaint can be exercised in particular with a supervisory authority in the member state of your residence, your workplace or the place of alleged infringement.

7. Information to be provided under Art. 13 GDPR for direct collection

The following information is to notify you as our client, business partner, supplier, prospective client (or contact person of a business partner, supplier, or prospective client) about how we handle the collection, use and transmission of personal data. The controller for the data processing set forth below is GEG German Estate Group AG.

General processing of data from business partners

Purpose of data processing/legal basis:

Under our business relationship with you as our client, business partner, supplier or prospective client, we process personal data such as your name, address, e-mail address, telephone/fax number, tax ID, client number, bank details and possibly your place of birth, date of birth, nationality – if you have voluntarily provided this information to us – and your credit rating. Processing is for the purposes of clear identification and the initiation, performance, management and fulfillment of contracts, the evaluation of credit ratings and collateral, and in particular to prepare invoices and credit notes or refunds, the administration and enforcement of claims, the compliance with legal requirements, data security, and in the interests of comprehensive client support.

The legal basis for data processing is Art. 6 (1) b), c) and f) GDPR.

Recipients/categories of recipients:

Your data will be transmitted to third parties outside GEG German Estate Group AG only if you have given express prior consent to transmission, or if we are obligated to do so by law. The legal basis for this data processing is Art. 6 (1) a) in the case of consent or Art.6 (1) c) in the case of a legal obligation. Within GEG German Estate Group AG, your data will be transmitted to fulfill or initiate a business relationship, among other things. In exceptional cases, data will be processed by a third party on our behalf. These providers are always selected with care, are audited by us, and have contractual obligations under Art. 28 GDPR.

Term of storage / criteria for defining the term of storage:

We store the data required for the term of the business relationship with you and until the end of the applicable period of limitation, as well as any resulting claims and legal retention obligations.

Data processing for contact persons

Purpose of data processing / legal basis:

Our company processes the contact information of contact persons of clients, prospective clients, suppliers and other business partners for communications by e-mail, phone, fax and post. The legal basis for data processing is Art. 6 (1) b) and f) GDPR. The legitimate interest refers to the interest in fulfilling or initiating the business relationship with clients, prospective clients, suppliers and other business partners and maintaining personal contact with contact persons in this regard.

Recipients / categories of recipients:

Your data will be transmitted to third parties outside GEG German Estate Group AG only if you have given express prior consent to transmission, or we are obligated to do so by law. The legal basis for this data processing is Art. 6 (1) a) in the case of consent or Art.6 (1) c) in the case of a legal obligation. Within the GEG Group, your data will be transmitted to fulfill or initiate a business relationship, among other things. In exceptional cases, data will be processed by a third party on our behalf. These providers are always selected with care, are audited by us, and have contractual obligations under Art. 28 GDPR.

Term of storage / criteria for defining the term of storage:

Personal data will be stored for the purposes of fulfilling business relationships only as long as there is a legitimate interest.

Data processing for marketing purposes<&h6>

Purpose of data processing / legal basis:

The GEG Group companies use personal data for marketing purposes, especially for marketing via e-mail, phone, and post. The purpose of data processing with regard to marketing activities is to inform data subjects about products and services from the GEG Group. The legal basis for sending advertisements by post is Art. 6 (1) f) GDPR. The legitimate interest refers to the interest in notifying clients and prospective clients about products and services. The legal basis for marketing activities by e-mail or phone is generally a declaration of consent provided by you. There may also be special requirements for marketing activities with existing clients.

You can opt out of advertising at any time with future effect by sending an e-mail to datenschutz@geg.de.

Recipients / categories of recipients:

We generally do not transmit data to third parties outside GEG German Estate Group AG. If external providers are used to send advertisements, these are contractually obligated under Art. 28 GDPR and monitored accordingly for compliance with organizational and technical security measures. Your data can be transmitted to other companies within the GEG Group for marketing purposes.

Term of storage / criteria for defining the term of storage:

If you object to the receipt of advertising, your data will be blocked immediately and then deleted if it is not stored for other purposes as well.

No obligation to provide personal data

Unless otherwise stipulated in the above sections, the provision of personal data is not legally or contractually prescribed, nor is it required in order to conclude a contract. You are not required to provide the personal data unless otherwise stipulated in advance. The failure to provide your personal data may mean that we cannot respond to your inquiry, that you cannot take part in an application process, or that you may not be able to participate in an event.

8. Contact information of the data protection officer

For questions or suggestions about the topic of data protection, please get in touch with our company data protection officer:

Dr. Christian Borchers
datenschutz süd GmbH
Wörthstrasse 15
97082 Würzburg
Web: www.datenschutz-nord-gruppe.de
E-mail: office@datenschutz-sued.de
Tel.: 0930 304 976 0

9. Contact Form

Contact Form

You can contact us using a web form. To use our contact form, you must provide us with your name and e-mail address. You can also provide additional information if you so choose.

CONSENT

By submitting this online form, you agree that the data you provide can be electronically recorded and stored. The legal basis for this processing is Art. 6 (1) (1) a) GDPR. We use your data only to process your request. You can opt out at any time, such as by sending an e-mail to datenschutz@geg.de.

This website may use cookies to enable the operation of certain functions and to improve performance. If you continue browsing the site, you consent to the use of cookies on this website.

OK