Modern information and communication technologies are playing an increasingly important role in the activities of companies such as Grossmann & Berger GmbH. We, therefore, take the protection of your privacy and the personal data you make available to us very seriously. The following information applies to the processing of personal data when using our website. Personal data are any data that can be related to you personally, e.g. name, address, e-mail address and user behaviour.
I. Name and address of the Controller and contact details of the Data Protection Officer
1. Controller
Controller within the meaning of the EU General Data Protection Regulation and other national data protection laws of the Member States and other data protection law provisions is
Grossmann & Berger GmbH
Bleichenbrücke 9 (Stadthöfe)
D-20354 Hamburg
Germany
Managing directors with power of representation:
Andreas Rehberg (Sprecher), Andreas Gnielka, Björn Holzwarth
Chairman of the Supervisory Board:
Wilfried Jastrembski
Telefon: +49 40 350802-0
E-Mail: info@grossmann-berger.de
2. Contact details of the Data Protection Officer
The data protection officer of the Controller is
Datenschutzbeauftragter
Hamburger Sparkasse AG
Dammtorstraße 1
20354 Hamburg
You can contact our Data Protection Officer at the e-mail address datenschutz@grossmann-berger.de or via the postal address to the attention of the “Data Protection Officer”.
Our Data Protection Officer is available to you as a user, in particular, for questions regarding the processing of your personal data or the subject of data protection in general, as well as in the event of complaints.
II. General information about data processing
1. Scope of processing personal data
As a matter of principle, we only process the personal data of our users insofar as this is required to provide the website in good working order and provide our content and render our services. The personal data of our users are normally processed only following consent by the user. An exception applies in cases in which obtaining prior consent is not possible for actual reasons and processing the data is permitted by way of statutory requirements.
2. Legal basis for the processing of personal data
a) Consent (Article 6(1), Sentence 1, Point a., GDPR)
Insofar as we obtain consent of the data subject for the processing operations involving personal data, Article 6(1), Point a., EU General Data Protection Regulation (GDPR) applies as a legal basis.
b) Honouring the contract and pre-contractual enquiries (Article 6(1), Sentence 1, Point b., GDPR)
In the case of processing personal data that are required to execute a contract and the data subject is a contracting party to such a contract, Article 6(1), Point b., GDPR, applies as the legal basis. This also applies to processing operations that are required to perform pre-contractual measures.
c) Legal obligation (Article 6(1), Sentence 1, Point c., GDPR)
Where processing personal data is required to honour a legal obligation that applies to our company, Article 6(1), Point c., GDPR applies as the legal basis.
d) Protection of vital interests (Article 6(1), Sentence 1, Point d., GDPR)
In the event that vital interests of the data subject or another natural person render the processing of personal data necessary, Article 6(1), Point d., GDPR, applies as the legal basis.
e) Justified interests (Article 6(1), Sentence 1, Point f., GDPR)
If the processing is required to safeguard a justified interest on the part of our company or a third party, and if the interests, basic rights and fundamental freedoms of the data subject do not override the former, Article 6(1), Point f., GDPR, shall apply as the legal basis for the processing.
In addition to the GDPR, a national law applies, such as the Federal Data Protection Act (BDSG), which may contain special regulations.
3. Deleting data and storage period
The data subject’s personal data shall be deleted or blocked as soon as the purpose for the storage becomes inapplicable. Storage may apply beyond this if this was proposed by the European or national legislator in Union law orders, laws or other requirements to which the Controller is subject (e.g. tax or commercial law storage periods). Blocking or deleting the data shall also apply if a storage period specified by the stated standards expires unless there is a necessity for further storage of the data for entering into or executing a contract.
III. Security measures
To ensure an appropriate level of protection, technical and organisational measures are taken in accordance with the legal requirements, taking into account the following criteria, in particular:
1) Technological developments
2) Implementation costs
3) Type, scope and purpose of the processing
4) Likelihood of occurrence and extent of the threat to the rights and freedoms of natural persons.
In addition, when selecting measures, particular emphasis is placed on ensuring the confidentiality, integrity and availability of data.
For example, SSL encryption is used to protect the forwarded data during data exchange. You can recognise this on the one hand by “https://” in the URL and on the other by the lock symbol displayed in the browser address bar.
Procedures are implemented that adequately guarantee the exercise of data subject rights, such as deletion.
In addition, data protection is taken into account by way of data protection-friendly default settings (privacy by default) and technology design (privacy by design).
IV. Forwarding personal data to third parties
As part of processing personal data, it may be the case that data are forwarded or disclosed to other companies, legally independent organisational units or persons. This is the case, for example, with IT service providers, such as those hosting the website. You can find more detailed information in the description of the respective service.
V. Data processing in third countries
The Controller does not directly process data in third countries - i.e. in countries outside the European Union (EU), the European Economic Area (EEA).
If service providers, such as Google Ireland Limited with its parent company Google LLC in the USA, were to process data outside the European Union, this applies in accordance with the legal requirements according to the service providers (please also note the “Notice on the transfer of personal data to the USA or other third countries that are not safe from a data protection perspective”).
Subject to express consent or contractually or legally required transfer, we only arrange for data to be processed in third countries with a recognised level of data protection, contractual obligation by way of so-called standard contractual clauses of the EU Commission, in the case of certifications or binding internal data protection regulations.
Note on the transfer of personal data to the USA or other third countries that are not secure under data protection law
If we use tools from companies based in the USA or other third countries that are not secure under data protection law, your personal data may be transferred to these third countries and processed there. A level of data protection comparable to that in the EU cannot be guaranteed in the absence of corresponding binding regulations between the EU and the other countries. For example, companies from the USA undertake to hand over personal data to security authorities. Against this background, it cannot be ruled out that authorities from the USA (e.g. the secret services) gain access to the servers and, therefore, your personal data for monitoring purposes, process them, evaluate them and store them permanently. As a data subject, you may only have limited rights to take legal action against this. We exert no influence on these possible processing operations.
VI. Provision of the website and creating log files
1. Description and scope of the data processing
The web hosting provider domainfactory GmbH, Oskar-Messter-Str. 33, D-85737 Ismaning, Germany is used to provide the website. The website is accessed via their servers or servers they use.
Whenever our website is visited, our system automatically records data and information about the computer system of the requesting computer. Your browser automatically transmits such data to us.
In that respect the following data are collected:
(1) IP address of the terminal device used by you
(2) User’s browser type and version
(3) e user's operating system
(4) URL of the previously accessed page (so-called “referrer URL”)
(5) Host name of the accessing computer
(6) Date and time of the server enquiry
The data are similarly stored in the log files of our system. Such data are not stored in conjunction with the user's other personal data.
2. Legal basis for the data processing
The aforementioned data may be processed to implement pre-contractual measures or to honour a contract in accordance with Article 6 (1), Sentence 1, Point b., GDPR. In addition, the legal basis for the temporary storage of the data and the log files may be based on Article 6(1), Point f., GDPR, for the protection of legitimate interests based on a balancing of interests. In the event of unlawful use of this website, such data are also used to clarify possible legal violations.
3. Data subject
The data subject is the respective user, e.g. website visitor.
4. Data processing purpose
The temporary storage of the IP address by the system is required to facilitate the presentation of the website on the user’s computer. To that end the user's IP address needs to be stored for the duration of the session.
Data are stored in the log files to guarantee the good working order of the website. In addition, we use the data to optimise the website and guarantee the security of our IT systems. In this context the data are not evaluated for marketing purposes.
These purposes also constitute a justified interest on our part in processing data in accordance with Article 6(1), Point f., GDPR.
5. Storage duration
The data are deleted as soon as they are no longer required for the purpose of their collection. In the case of recording the data to present the website, this shall be deemed the case if the respective session has ended.
In the case of storing the data in log files, this is deemed the case at the latest after seven days.
6. Option of withdrawing consent and rectification
Collecting such data to present the website and storing the data in log files are absolutely necessary to operate the website. As a result, the user has no option in which to withdraw consent.
VII. External hosting
As stated above, this website is hosted by the external service provider (hoster) domainfactory GmbH (address see above). The personal data generated by the website, such as IP addresses, name, contact details or other meta and communication data, are stored on the hoster’s servers.
The hoster is used for the purpose of honouring the contract with our potential and existing customers (Article 6(1), Point b., GDPR) and in the interest of the secure and fast provision of our online services by a professional provider (Article 6(1), Point f., GDPR). Insofar as the processing of personal data is based on consent, this occurs exclusively in accordance with Article 6(1), Point a., GDPR. Section 25 (1) TDDDG applies if the consent includes, for example, the storage of Cookies or access to information in the user’s terminal device in accordance with the TDDDG (German Telecommunications and Telemedia Data Protection Act). You have the right to withdraw your consent at any time.
The hoster shall only process your data within the framework of the order processing contract that has been entered into to the extent that this is necessary to honour the service it is required to render. In doing so, the processor must follow instructions. The contract on order processing ensures that your data are processed in a legally compliant manner, in particular in accordance with the data protection law provisions.
VIII. Use of Cookies or other tracking
1. Cookies
Our website uses Cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user visits a website, a Cookie can be stored on the user’s operating system. Such a Cookie contains a character string that facilitates a unique identification of the browser when the website is next visited.
a) Description and scope of the data processing
There are different types of Cookies in terms of function. Among others, they are divided into Necessary and non-Strictly Necessary Cookies.
aa) Necessary Cookies
We use Necessary Cookies to make our website more user-friendly. Some elements of our website necessitate the option of being able to identify the requesting browser including following a move to a different website. The following data are stored and forwarded in the Cookies:
(1) Bookmarked objects (watch list)
(2) Sorting of the property search (topicality, price)
bb) Non-Strictly Necessary Cookies
We also use Cookies on our website that enable an analysis of the user’s surfing behaviour. In this way, the following data may be forwarded:
(1) Entered search terms
(2) Frequency of page views
(3) Use of website functions
(4) Frequency of page views (in particular bounce rates, dwell time)
(5) Recording of selected events (contact requests, newsletter registration, etc.)
(6) Source of access to the website and links called up
(7) Search terms on the website
The user data collected in this way are generally pseudonymised (or rendered anonymous) by way of technical precautions. It is, therefore, no longer possible to assign the data to the caller. The data are not stored with other personal data of the user.
When calling up our website, users are informed by a so-called “consent banner” about the use of Cookies for analysis purposes and, where necessary, consent is obtained.
b) Legal basis for the data processing
Processing the aforementioned data by way of Cookies may be based on Article 6 (1), Sentence 1, Point a., b., c. or f., GDPR, and Section 25 TDDDG.
c) Data subject
The data subject is the respective user, e.g. website visitor.
d) Data processing purpose
The purpose of using Cookies that are required at a technical level is to make it easier for users to use web sites and to shorten URLs. Some functions on our website cannot be made available without the use of Cookies. Some functions of our website cannot be offered without the use of Cookies.
We require Cookies for the following applications:
(1) Remembering sorting parameters in the object results list (such as sorting by recency or price).
(2) Remembering selected objects for the watch list.
The user data collected by way of the technically Strictly Necessary Cookies are not used to create user profiles.
Analysis Cookies are used to improve the quality of our website and its content. By way of the Analysis Cookies, we learn how the website is used and can therefore continually optimise our services.
These purposes also constitute a justified interest on our part in processing data in accordance with Article 6(1), Point f., GDPR.
e) Storage duration, option of withdrawing consent and rectification
Cookies are stored on the user's computer and forwarded from there to our page. Therefore, as a user you are fully in control of the use of Cookies. By changing the settings in your internet browser, you can deactivate or restrict the transfer of Cookies. Cookies that have already been stored can be deleted at any time. This may also be done by automatically. If Cookies are deactivated with regard to our website, it may be case that not all website functions will be available for use.
Some Cookies are only stored until the end of a session (so-called “Session Cookies”) and some are stored permanently, but are deleted at the latest after a certain time has elapsed since you accessed our website.
With regard to Strictly Necessary Cookies, users do not have the option to object because these Cookies are absolutely necessary to operate the website. In the case of other Cookies, you have the option of revoking your consent to the processing of personal data at any time.
2. More detailed information about individual Cookies and other tracking
a) Usercentrics Consent Management Platform
We use the Usercentrics Consent Management Platform to manage and document your consent regarding certain Cookies or other technologies. The provider is Usercentrics GmbH, Sendlinger Straße 7, D-80331 Munich.
The following data are collected:
• Device information
• Browser information
• The user’s IP address
• Consent of / withdrawal by the user
• Date and time of the access
In addition, a Cookie is stored in your browser, which enables the assignment of the consent granted and/or its withdrawal. The collected data shall be stored until you delete the Cookie, the purpose for processing no longer applies or you ask us to delete it. In the latter case, the data shall be deleted unless there is a legal obligation to retain the data.
The Usercentrics Consent Management Platform is used to obtain the legally required consent for the use of certain technologies.
Article 6(1), Point f., GDPR, and Section 25 TDDDG, form the legal basis for the processing.
The consent data (consent given and withdrawal of consent) are kept for three years.
You have the option to withdraw your consent to the processing of personal data at any time.
A contract on the order processing has been entered into with Usercentrics GmbH. Processing your data in compliance with data protection regulations is guaranteed in accordance with this contract.
For more information about the provider, please visit https://usercentrics.com/de/.
b) Google Tag Manager
We use Google Tag Manager to enable tracking or statistical tools and other technologies to be embedded on our website. The provider is Google Ireland Limited, which has its registered office at Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager can set Cookies, although it does not itself create user profiles or carry out any independent analyses. The Google Tag Manager processes your IP address, which may also be transferred to Google’s parent company in the United States. The Google Tag Manager is used to manage and play out the tools integrated via Google Tag Manager.
Article 6(1), Point f., GDPR, forms the legal basis for use of the Google Tag Manager. The legitimate interest of the website provider is the fast and uncomplicated integration and management of various tools on its website. If consent is given, the processing of personal data is based exclusively on Article 6(1), Point a., GDPR. Insofar as the consent includes the storage of Cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG, Section 25(1), TDDDG, shall apply.
You have the option to withdraw your consent to the processing of your data at any time.
For further information, please refer to Google’s usage guidelines and Google’s privacy policy for this product.
c) Google Analytics
This website uses the web analytics service Google Analytics. The provider is Google Ireland Limited, which has its registered office at Gordon House, Barrow Street, Dublin 4, Ireland.
The website operator analyses the behaviour of website visitors by way of Google Analytics. The website operator receives various usage data, such as length of stay, page views, operating systems used and the user’s origin. The data are summarised in a user ID and assigned to the respective end device of the website visitor.
The Google Analytics tool uses various technologies to enable the recognition of the user for the purpose of analysing user behaviour (e.g. Cookies or device fingerprinting). The information collected by Google Ireland Limited about the use of this website is forwarded to Google servers and stored there. The servers are mostly located in the USA.
Article 6(1), Point f., GDPR, forms the legal basis for the sue of the web analytics tool. The website operator’s legitimate interest is the analysis of user behaviour to optimise both its website and its advertising. If consent is given, the processing of personal data is based exclusively on Article 6(1), Point a., GDPR. Insofar as the consent includes the storage of Cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG, Section 25(1), TDDDG, shall apply.
You have the option to withdraw your consent to the processing of your data at any time.
The Standard Contractual Clauses of the EU Commission (SCC) form the basis for data transfer to the USA. More detailed information can be found at the following URL: https://privacy.google.com/businesses/controllerterms/mccs/.
aa) Anonymisation of the IP
We have activated the IP anonymisation function in the Google Analytics web analytics tool on this website. Accordingly, the IP address is shortened within the European Union (or in other contracting states to the Agreement on the European Economic Area) before being forwarded to the USA. Only in exceptional cases will the full IP address be forwarded to a Google server in the USA and shortened there. Google uses the data on behalf of the website operator, for example, to evaluate your use of the website and compile reports on website activities. In addition, the data are used to provide further services to the website operator in conjunction with use of the website and the internet. Google does not combine the data collected as part of the Google Analytics web analysis tool, for example the IP address forwarded by your browser, with other Google data.
bb) Demographic characteristics with Google Analytics
We use the “demographic characteristics” function of Google Analytics to show you suitable advertisements within the Google advertising network. The reports generated in this respect may contain statements about the age, gender and interests of site visitors. The data used in this way come from interest-based advertising from Google and / or visitor data from third-party providers. The data processed in this way cannot be assigned to a specific person. Nevertheless, you can deactivate this function at any time via the ad settings in your Google account or object to the collection of your data by Google Analytics at any time or generally prohibit it.
cc) Storage period
The personal data stored by Google that are linked to Cookies, user IDs (e.g. User ID) or advertising IDs (e.g. DoubleClick Cookies, Android advertising ID) will be anonymised or deleted after 14 months. This applies at both user and event level. You can find more information about the storage period at the following link: https://support.google.com/analytics/answer/7667196?hl=de
dd) Browser Plug-In
You can deactivate the collection and processing of your data by Google by downloading and installing a browser Plug-In. You can find the browser Plug-In at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information about Google Analytics, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
ee) Order processing
We have entered into an order processing contract with Google, which ensures compliance, in particular, with data protection regulations.
d) Google Ads
We use the online advertising programme Google Ads. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads makes it possible to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). In addition, Google Ads can be used to display advertisements in a targeted manner based on the user data available at Google (e.g. location data and interests) (target group targeting). This enables us as website operators to quantitatively evaluate the personal data by analysing, for example, which search terms have led to our advertisements and how many advertisements have led to corresponding clicks.
Article 6(1), Point f., GDPR, and Section 25 TDDDG form the legal basis for processing the data. The legitimate interest is to market its offered services as effectively as possible.
The data shall be deleted as soon as they are no longer required for the stated processing purposes.
Forwarding data to the US is based on the standard contractual clauses of the EU Commission. Further information can be obtained via the following links: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
e) Google Remarketing
We use the functions of Google Analytics Remarketing. The provider is Google Ireland Limited (“Google”), which has its registered office at Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of Google Analytics Remarketing is to analyse your user behaviour on our website (e.g. clicking on certain products). This makes it possible to classify you in certain advertising target groups and then play suitable advertising messages to you when you visit other online offers (remarketing or retargeting). In addition, Google Remarketing can create advertising target groups that can link Google functions across devices. This allows interest-based and personalised advertising messages to be displayed across different end devices. For example, the advertising message that has been served to you on one device (e.g. mobile phone) depending on your previous usage and browsing behaviour can now also be displayed on another of your devices (e.g. tablet or PC).
The following personal data are processed when using the service: Duration of visit, IP address, pages visited, content in which the user is interested and website usage. Cookies are used as the technology.
Article 6(1), Point f, GDPR, forms the legal basis for processing the data. The legitimate interest of the website operator lies in marketing its offered services as effectively as possible. If consent is given, the processing of personal data is based exclusively on Article 6(1), Point a., GDPR. Insofar as the consent includes the storage of Cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG, Section 25(1), TDDDG, shall apply. You have the option to withdraw your consent to the processing of your data at any time.
The data shall be deleted as soon as they are no longer required for the stated processing purposes.
The Standard Contractual Clauses of the EU Commission (SCC) form the basis for data transfer to the USA. More detailed information can be found at the following URL: https://privacy.google.com/businesses/controllerterms/mccs/.
More detailed information can be found, for example, in Google's Data Protection Policy at: https://policies.google.com/technologies/ads?hl=de.
In addition, you can object to personalised advertising at the following link: https://www.google.com/settings/ads/onweb/.
f) Google Conversion Tracking
We use Google Conversion Tracking on this website. The provider is Google Ireland Limited (“Google”), which has its registered office at Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of Google Conversion Tracking is to analyse advertising. It can be determined whether the user participates in certain actions. We can, therefore, find out which buttons on our website have been used how often and which products are particularly popular. This can be used to create corresponding statistics, and a statement can be made about the total number of users who have clicked on the ads and which actions have been performed. The user cannot be identified personally.
The following personal data are processed when using the service: Browser language, browser type, ads clicked, Cookie ID, Cookie information, date and time of visit, IP address, referrer URL, usage data and web request.
The technology used comprises Cookies, pixels and web beacons.
Article 6(1), Point f, GDPR, forms the legal basis for processing the data. The legitimate interest of the website operator lies in the analysis of user behaviour to optimise both its website and its advertising. If consent is given, the processing of personal data is based exclusively on Article 6(1), Point a., GDPR. Insofar as the consent includes the storage of Cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG, Section 25(1), TDDDG, shall apply. You have the option to withdraw your consent to the processing of your data at any time.
The data shall be deleted as soon as they are no longer required for the stated processing purposes.
The Standard Contractual Clauses of the EU Commission (SCC) form the basis for data transfer to the USA. More detailed information can be found at the following URL: https://privacy.google.com/businesses/controllerterms/mccs/.
For more information, see for example Google’s Data Protection Policy at: https://policies.google.com/privacy?hl=de.
In addition, you can object to personalised advertising at the following link: https://www.google.com/settings/ads/onweb/.
g) Facebook Pixel
We use Facebook Pixel on our website to measure visitor actions. The provider is Meta Platforms Ireland Ltd., which has its registered office at 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland.
The following personal data are processed when using Facebook Pixel: Ads viewed, content viewed, device information, geographic location, HTTP headers, interactions with ads, services and products, IP address, items clicked, marketing information, non-confidential custom data, pages visited, Pixel ID, referrer URL, marketing campaign success, usage data, user behaviour, Facebook Cookie information, Facebook user ID, usage/click behaviour and browser information. The purposes of data collection and processing by Facebook Pixel are analysis, marketing, retargeting, tracking and advertising. The aim is to track the behaviour of page visitors after they have been redirected to the corresponding website by clicking on the Facebook advertisement. This allows the effectiveness of advertisements to be evaluated for statics and market research for optimisation in the future. The data are rendered anonymous by the website operator such that no conclusions can be drawn about individuals. However, Facebook can establish connections to the user profile and use them for its own advertising purposes.
Article 6(1), Point f, GDPR, forms the legal basis for processing the data. The legitimate interest of the website operator lies in effective advertising measures, including social media. If consent is given, the processing of personal data is based exclusively on Article 6(1), Point a., GDPR. Insofar as the consent includes the storage of Cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG, Section 25(1), TDDDG, shall apply. You have the option to withdraw your consent to the processing of your data at any time.
The data shall be deleted as soon as they are no longer needed for the specified processing purposes and after 720 days at the latest.
The Standard Contractual Clauses of the EU Commission (SCC) form the basis for data transfer to the USA. More detailed information can be found at the following URL: https://www.facebook.com/legal/EU_data_transfer_addendum und https://de-de.facebook.com/help/566994660333381.
With regard to the service described and the personal data collected on our site and forwarded to Facebook as a result, Facebook and we are jointly responsible in accordance with Article 26, GDPR. The joint responsibility is limited exclusively to the collection and forwarding to Facebook. Facebook is solely responsible for the processing of the data after forwarding. The joint obligations are set out in an agreement, which you can find at the following link: https://www.facebook.com/legal/controller_addendum
For more information, please see Facebook’s Data Protection Policy at: https://de-de.facebook.com/about/privacy/.
If you have a Facebook account, you can disable the Remarketing feature in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you do not have a Facebook account, you can deactivate Facebook’s usage-based advertising on the European Interactive Digital Advertising Alliance website http://www.youronlinechoices.com/de/praferenzmanagement/.
h) Facebook Connect
We use Facebook Connect for this website. This is a single sign-on application service that allows users to sign in to third party websites using their Facebook account. The provider of this service is Facebook Ireland Limited at 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland.
The following personal data are processed when using the service, where available: profile information, browser information, user agent, usage data, profile picture, age, IP address, gender, geographic location, referrer URL, HTTP header and e-mail address. The purposes of data collection and processing are registration, identity verification, personalisation and advertising. The technology used is Cookies.
The legal basis for the processing of personal data is Article 6(1) Point a., GDPR, and Section 25(1), Sentence 1, TDDDG. You have the option to withdraw your consent to the processing of your data at any time.
The data shall be deleted as soon as they are no longer required for the processing purposes.
Forwarding data to the US is based on the standard contractual clauses of the EU Commission. For more detailed information see: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
i) LinkedIn Insight Tag
Our website uses the LinkedIn Insight Tag. This is a conversion tracking and retargeting service. The provider of this service is LinkedIn Ireland Unlimited Company, in Wilton Place, Dublin 2, Ireland.
The following personal data are processed when using the service: device information, IP address, referrer URL, timestamp and browser information. The purposes of data collection and processing are marketing, retargeting and analysis. The technology used for the LinkedIn Insight Tag is the application of Cookies.
Article 6(1), Point f, GDPR, forms the legal basis for processing the data. The legitimate interest of the website operator lies in the analysis of user behaviour to optimise both its website and its advertising. If consent is given, the processing of personal data is based exclusively on Article 6(1), Point a., GDPR. Insofar as the consent includes the storage of Cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG, Section 25(1), TDDDG, shall apply. You have the option to withdraw your consent to the processing of your data at any time.
The data shall be deleted as soon as they are no longer required for the specified processing purposes, at the latest after 90 days.
Data transfer to Singapore and the USA is based on the standard contractual clauses of the EU Commission. For more detailed information see https://legal.linkedin.com/dpa.
The option to object to data processing (opt-out) can be found at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
For more information on the data processor’s Data Protection Policy, please visit: https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com and for the data processor’s Cookie Policy, please visit:
https://www.linkedin.com/legal/cookie_policy?src=li-other&veh=www.linkedin.com.
j) Microsoft Advertising
Our website uses Microsoft Advertising. This is a tracking and advertising service. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States of America.
The following personal data are processed when using the service: browser language, ads clicked, digital signature, GUID generated by UET tag, IP address, Microsoft click ID, Microsoft Cookie, page title, referrer URL, screen colour depth, screen resolution, UET ID tag, page load time and publisher/URL access. The purposes of data collection and processing are advertising and conversion tracking. Cookies and web beacons are used as technologies.
Article 6(1), Point f, GDPR, forms the legal basis for processing the data. The legitimate interest of the website operator lies in the analysis of user behaviour to optimise both its website and its advertising. If consent is given, the processing of personal data is based exclusively on Article 6(1), Point a., GDPR. Insofar as the consent includes the storage of Cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG, Section 25(1), TDDDG, shall apply. You have the option to withdraw your consent to the processing of your data at any time.
The data shall be deleted as soon as they are no longer required for the stated processing purposes. The maximum storage period is 1 year, 25 days.
Forwarding data to the US is based on the standard contractual clauses of the EU Commission.
The option of objecting to the data processing (opt-out) can be found under the following link: https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings.
Further information on the data processor's data protection regulations and Cookie policy can be found at: https://privacy.microsoft.com/de-de/privacystatement.
k) Google Maps
On this website, we use Google Maps to display (land) maps. By way of this service we can make available to you interactive maps directly on the website and enable you to comfortably use the map function. No maps are displayed or loaded when you visit our site, so no data about you as a user are forwarded to Google Maps. Personal data can only be forwarded to Google Maps when you display the maps. We have no influence on such data forwarding. The maps can only be displayed if you set the “Google Maps” Cookie settings for the entire website to “on”. The service provider of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For more detailed information see: https://policies.google.com/privacy.
The following shall apply if the “Google Maps” Cookie setting is switched on.
1. Scope of processing personal data
The scope of the processing of personal data depends on the settings made with the service provider. Depending on the setting, for example, usage data (e.g. websites visited, access times or interest in certain content), meta/communication data (e.g. IP address, device information) or interactions with content and functions may be processed. Setting options can be found in particular at://policies.google.com/privacy?hl=de#infochoices .
The collection of data by the service provider occurs regardless of whether the service provider provides a user account via which you are logged in or whether a user account does not exist. If you are logged in to other services of the service provider (e.g. Google Mail), your data shall be assigned to your account. If you do not wish to have your data associated with your profile, you should log out of Google Maps before activating the Cookie settings.
2. Data subject
The data subject is the respective user website visitor.
3. Legal basis for the data processing
The legal basis for the processing of data is Article 6(1), Point a., GDPR, if the user has given his consent; Article 6(1), Point b., GDPR, if the processing relates to the performance of a contract or a pre-contractual enquiry; and Article 6(1), Point f., GDPR, if the user has legitimate interests. If Cookies are stored or information is accessed on the user’s terminal device, Section 25 of TDDDG shall also be authoritative.
4. Data processing purpose
The processing of personal data is aimed at rendering our online services and user-friendliness. This is also the legitimate interest in accordance with Article 6(1), Point f., GDPR.
The service provider stores your data as usage profiles and uses them, for example, for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation applies, in particular (including for users who are not logged-in), to provide tailor-made and to inform other users of the social network about your activities on our website.
5. Storage duration
The personal data storage period depends on the specifications and the settings made with the service provider.
6. Option of withdrawing consent and rectification
Cookies are stored on the user's computer and forwarded from there to our page. Therefore, as a user you are fully in control of the use of Cookies. By changing the settings in your internet browser, you can deactivate or restrict the transfer of Cookies. Cookies that have already been stored can be deleted at any time. This may also be done by automatically. If Cookies are deactivated with regard to our website, it may be case that not all website functions will be available for use. You have the right to object to the creation of user profiles. You can contact the service provider directly to exercise this right. An option to object (opt-out) is granted via the opt-out Plug-In: https://tools.google.com/dlpage/gaoptout?hl=de. The data protection settings can be adjusted at https://policies.google.com/privacy.
m) Incorporation of YouTube videos
We have incorporated YouTube videos in our online services, which are stored on www.youtube.com and can be played directly via our website. No videos are displayed or loaded when you visit our site, and therefore no data about you as a user are forwarded to YouTube. Personal data can only be forwarded to YouTube when you want to preview or play the videos. We have no influence on such data forwarding. Displaying the preview, or playing the videos, is only possible if you set the “YouTube” Cookie settings for the entire website to “on”. The service provider of YouTube videos is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Detailed information can be found at: https://policies.google.com/privacy.
The following shall apply if the “YouTube” Cookie setting is switched on.
1. Scope of processing personal data
The scope of the processing of personal data depends on the settings made with the service provider. Depending on the setting, for example, usage data (e.g. websites visited, access times or interest in certain content), meta/communication data (e.g. IP address, device information) or interactions with content and functions may be processed. Setting options can be found in particular at://policies.google.com/privacy?hl=de#infochoices.
Data collection by the service provider occurs regardless of whether YouTube provides a user account via which you are logged in or whether a user account does not exist. If you are logged in to other services of the service provider (e.g. Google Mail), your data shall be assigned to your account. If you do not wish to have your data associated with your profile, you should log out of YouTube before activating the Cookie settings.
2. Data subject
The data subject is the respective user website visitor.
3. Legal basis for the data processing
The legal basis for the processing of data is Article 6(1), Point a., GDPR, if the user has given his consent; Article 6(1), Point b., GDPR, if the processing relates to the performance of a contract or a pre-contractual enquiry; and Article 6(1), Point f., GDPR, if the user has legitimate interests. If Cookies are stored or information is accessed on the user’s terminal device, Section 25 of TDDDG shall also be authoritative.
4. Data processing purpose
The processing of personal data is aimed at rendering our online services and user-friendliness. This is also the legitimate interest in accordance with Article 6(1), Point f., GDPR.
The service provider stores your data as usage profiles and uses them, for example, for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation applies, in particular (including for users who are not logged-in), to provide tailor-made and to inform other users of the social network about your activities on our website.
5. Storage duration
The personal data storage period depends on the specifications and the settings made with the service provider.
6. Option of withdrawing consent and rectification
Cookies are stored on the user's computer and forwarded from there to our page. Therefore, as a user you are fully in control of the use of Cookies. By changing the settings in your internet browser, you can deactivate or restrict the transfer of Cookies. Cookies that have already been stored can be deleted at any time. This may also be done by automatically. If Cookies are deactivated with regard to our website, it may be case that not all website functions will be available for use. You have the right to object to the creation of user profiles. You can contact the service provider directly to exercise this right. An option to object (opt-out) is granted via the opt-out Plug-In: https://tools.google.com/dlpage/gaoptout?hl=de. The data protection settings can be adjusted at https://policies.google.com/privacy.
We use Google Tag Manager to enable tracking or statistical tools and other technologies to be embedded on our website. The provider is Google Ireland Limited, which has its registered office at Gordon House, Barrow Street, Dublin 4, Ireland.
IX. Newsletter
The General Data Protection Notice of Grossmann & Berger GmbH applies to the processing of your personal data. The following information also applies if you have subscribed to our newsletter.
The Newsletter Data Protection Notice informs you about the personal data that are collected when sending newsletters, the purposes for which such data are processed, when such data are deleted and the legal basis in this respect.
1. Description, scope, purpose and legal basis for data processing. What data are collected and for what purpose are they processed?
If you register for a newsletter, we shall use your e-mail address to send you the respective newsletter, in which we will regularly inform you about interesting topics and services of Grossmann & Berger GmbH.
Article 6(1), Point a., GDPR, forms the legal basis is your consent To ensure the registration for your newsletter is implemented properly, i.e. to prevent unauthorised registration on behalf of third parties, we shall send you a confirmation e-mail after your initial newsletter registration using the double opt-in procedure, in which we ask you to confirm your registration. Your information shall be deleted if you do not confirm the registration/subscription within the period stated in the e-mail. Your e-mail address will be stored for the purpose of sending you the newsletter only if you confirm the registration within the specified time.
Furthermore, Grossmann & Berger stores your form of address and surname - if provided voluntarily. Such data are used exclusively for sending the newsletter and for the personal address of newsletter subscribers. You do not undertake to provide the listed data.
We also store your registration data in conjunction with your newsletter registration: e-mail address, date as well as time of newsletter registration and confirmation of opt-in or consent. This procedure is aimed at providing proof of your registration and, where necessary, being able to clarify any possible misuse of your personal data.
For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection statement.
We use the analysis service Evalanche from SC-Networks GmbH to send our newsletter. Evalanche shall not forward the data referred to here to third parties. Evalanche uses so-called Cookies, text files that are stored on your computer and which facilitate an analysis of how you use the newsletter. The information generated by the Cookie about your use of the newsletter (including your IP address) is read and sent to a server in Germany.
The newsletter contains so-called tracking pixels. This is a miniature graphic that lets us know whether a newsletter has been opened by you or not. During the course of this retrieval, technical information such as information about the browser and your system, the terminal device used and the mail client as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened, which links are clicked and whether the delivery of the e-mails was successful.
2. Storage duration For how long do we store your data?
We store your e-mail address to send you the newsletter until you unsubscribe or we stop sending you the newsletter. Once you have unsubscribed from the newsletter, your personal data shall be deleted following a period of fourteen days. In accordance with Article 6(1), Point f., GDPR, we reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion as part of our legitimate interest.
3. How can I cancel the newsletter mailing?
You can withdraw your consent to receive newsletters from Grossmann & Berger GmbH at any time in the future by clicking on the unsubscribe link at the end of a newsletter you receive.
X. Contact form and e-mail contact
1. Description and scope of the data processing
Our website contains contact forms which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask is forwarded to us, stored and otherwise processed.
Different data shall be requested depending on the contact form and entry of the reason for the request and the selected contact channel. This can be the following data:
(1) Contacted area;
(2) Form of address, first name, surname;
(3) Contact route: telephone, e-mail or post;
(4) Telephone, e-mail;
(5) Company name, street, house number, postcode, town;
and/or
(6) Message.
In addition, the following data shall be stored at the time of sending the message: Date and time of the enquiry.
In addition, the following are forwarded to Google Analytics:
(1) Requested area
(2) Time of the enquiry
Your consent is obtained in respect of processing the data as part of the sending procedure, and reference is made to this Data Protection Policy.
Alternatively, you can establish contact via the stated e-mail address. In such a case, the user's personal data forwarded by e-mail are stored.
Attention is expressly drawn to the fact that contact via the internet, in particular by e-mail, is not completely encrypted. Encryption only occurs on the transport route, unless an end-to-end encryption procedure is used. We, therefore, exclude any assumption of responsibility for transmission paths between sender and recipient that are not fully encrypted.
In this context, the data are not forwarded to third parties. The data are used exclusively to process the conversation.
2. Legal basis for the data processing
The legal basis for processing the data in the case of obtaining the user's consent is Article 6(1), Point a., GDPR. If entering into a brokerage contract is intended with the establishment of contact, Article 6(1), Point b., GDPR, is also the legal basis.
The legal basis for processing the data that are forwarded during the course of sending an e-mail is Article 6(1), Point f., GDPR. If the e-mail contact is aimed at entering into a contract, the additional legal basis for the processing is Article 6(1), Point b., GDPR.
3. Data processing purpose
The processing of the personal data from the input mask is solely for the purpose of processing the contact and property-related enquiries (in particular information on specific objects, exposé enquiries and appointment enquiries for advice in general or for viewing a specific object).
In the case of contact or property-related enquiries by e-mail, this also constitutes the necessary legitimate interest in processing the data.
If the purpose of the contact is to create the opportunity for entering into a contract or for the brokerage of a contract by the broker, the processing of the personal data also enables the proof of our brokerage activity in dealings with you.
The other personal data processed during the sending process are aimed at preventing misuse of the contact form and ensuring the security of our information technology systems.
4. Storage duration
The data are deleted as soon as they are no longer required for the purpose of their collection. With regard to personal data from the entry window of the contact form and personal data that have been sent via e-mail, this is the case if the respective conversation with the user has ended. The conversation is deemed to have ended if based on the circumstances it is clear that the respective matter has been conclusively clarified.
The additional personal data collected during the sending process shall be deleted after a period of seven days at the latest.
5. Option of withdrawing consent and rectification
The user has the option at any time of withdrawing their consent to the processing of the personal data. If the user establishes contact with us by e-mail, he or she can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
In such a case, the conversation cannot be continued.
Any personal data that have been stored during the course of establishing contact shall be deleted in this context.
XI. 360° tours
We offer you the opportunity to take a virtual 360° tour of selected properties. The functions of the service of the company Ogulo GmbH, Tauentzienstraße 9-12, D-10789 Berlin, are integrated for this purpose.
As soon as you use the function, a connection is established to the servers of Ogulo GmbH. This automatically collects and stores information in so-called server log files, which your browser passes on to these servers. In the process, the server is informed which property you are visiting. Furthermore, Cookies, small text files, are placed on your computer and stored in your browser, with the help of which further information about your visits can be collected for statistical purposes. In detail, this is the IP address, which is anonymised, the individual tours, number of calls, time and dwell time. The storage and processing of the collected data occurs within the EU.
You can adjust your browser so that you are informed of the placing of Cookies and only permit Cookies in an individual case, exclude the acceptance of Cookies for certain cases or in general, and activate the automatic deletion of Cookies when the browser is closed. If Cookies are deactivated, the functionality of the virtual tour may be limited.
The data processing is based on Article 6(1), Point f., GDPR.
The website operator has a legitimate interest in the technically error-free presentation and an appealing presentation of the properties it presents. Insofar as your registration is required before the function is activated, stating your first name and surname, your address, your e-mail address and your telephone number, the data processing for this is performed on the basis of your consent in accordance with Article 6(1), Point a, and Article 6(1), Point f., GDPR. The website operator has the right to protect the security and privacy of the property residents. If Cookies are stored or information is accessed on the user’s terminal device, Section 25, of TTDDDG shall also be authoritative. You have the option to withdraw your consent to the processing of your data for the future at any time.
We shall independently and irrevocably delete the personal data within 60 - 90 days following termination of the contractual relationship.
Further information on this can be found in the data protection declaration of Ogulo GmbH at.
https://ogulo.de/privacy/policy.html .
XII. Sprengnetter - Free value indication for property owners
1. Scope and description of the processing of personal data
We use Sprengnetter on our website. Sprengnetter is a tool that allows you to request a free evaluation of your property. The provider is Sprengnetter Real Estate Services GmbH (“Sprengnetter”), Sprengnetter-Campus 1, D-53474 Bad Neuenahr-Ahrweiler, HRB 27814, part of the Sprengnetter Group (info@sprengnetter.de).
The data you enter is automatically forwarded to Sprengnetter to create the evaluation. The following personal data are processed when using the service: date and time of the call, IP address, browser type and version, device type and the operating system. Such data are deleted after a few seconds and are not used for any other purpose. They are only used to provide the application.
Sprengnetter integrates maps from the “Mapbox” service for better usability (https://www.mapbox.com/). Sprengnetter and Mapbox have entered into a corresponding contract in respect of an order processing relationship, which ensures compliance with data protection regulations. Further information can be found at the following link: https://www.mapbox.com/legal/privacy/
The Mapbox map service is integrated exclusively for the purposes of the best possible display and optimisation of the map functions and temporary storage of the selected settings. The following personal data are, in particular, processed when using the service: IP addresses, data on your browser, device and operating system. However, the data shall not be used by Mapbox or Sprengnetter to draw conclusions about your person.
You shall receive an initial overview of the value of your property after making just a few entries. The required details are information about your property as well as your name and e-mail address. This information is required to process your enquiry, for example to be able to address you correctly. Unless otherwise specified, the voluntary information is the telephone number.
You shall receive a link from Sprengnetter by e-mail after entering your personal data and clicking the “Request” button. After confirmation, you can call up the evaluation that has been created. Following confirmation, your entered data shall be forwarded to us for contacting you. We shall then contact you by e-mail or telephone and explain the contents of the evaluation to you. We shall be happy to advise you on the preparation of a detailed market price calculation and, where necessary, offer you our support in marketing your property.
2. Legal basis for the processing of personal data
Article 6(1), Point a., GDPR, forms the legal basis in respect of the data processing. Article 6(1), Sentence 1, Point f., GDPR, can be considered in the case of legitimate interest. The legitimate interest is to market its offered services as effectively as possible. Your consent may be withdrawn at any time with effect for the future. If Cookies are stored or information is accessed on the user’s terminal device, Section 25, of TTDDDG shall also be authoritative. You have the option to withdraw your consent to the processing of your data for the future at any time.
3. Purpose of the processing
Your personal and property-related data that you have entered in the application are processed to perform and provide the evaluation. As stated above, the information about your property as well as at least your name and your e-mail address are necessary - the latter in order to be able to address you correctly and, where necessary, to offer you advisory services.
4. Storage duration
As soon as they are no longer necessary to achieve the purpose for which they were collected or the data subject has objected to this processing or withdrawn consent, your data shall be deleted (or at least the processing of such data shall be restricted (blocked)).
XIII. Handling applicant data
On our website, we offer you the opportunity to apply for a job with us. You can send us your application by post, e-mail or by using the online application form. E-mail is an insecure way, which is why the others should be preferred (see relevant explanations).
By way of this communication we would like to inform you about the scope, purpose, use and, where applicable, deletion of your personal data processed in the application procedure. However, first of all we would like to assure you that we shall treat your data in strict confidence and ensure compliance with data protection law.
1. Scope and purpose of the processing
When we receive an application from you, we shall process the personal data contained therein, such as contact details and application documents, to the extent necessary for the decision to establish an employment relationship. Accordingly, the documents shall only be disclosed to persons involved in processing your application.
2. Legal basis for the processing
The legal basis for the processing is Section 26 BDSG and Article 6(1), Point b., GDPR. If you have given your consent, the legal basis is Article 6(1), Point a., GDPR. You have the option to withdraw your consent to the processing of your data at any time.
In the event of a successful application, your forwarded data will be stored in our systems for the purpose of implementing the employment relationship in accordance with Section 26 BDSG and Article 6(1), Point b., GDPR.
If an employment relationship does not materialise, we shall store your submitted data application documents for up to 6 months following completion of the application process (rejection or withdrawal of the application) on the basis of Article 6(1), Point f., GDPR. The legitimate interest is based, in particular, on the purposes of proof in the event of a potential legal dispute. Once 6 months have expired, the data shall be deleted unless further storage is necessary (e.g. due to pending proceedings). In this case, the data shall only be deleted after the reason has ceased to exist.
In addition, data may be retained for a longer period at your request, for example if you wish to be included in the applicant pool. In the event of inclusion in the applicant pool, all documents and details from the application will be transferred to this pool to contact you in the event of suitable vacancies.
The legal basis for inclusion in the applicant pool is exclusively your express consent (Article 6(1), Point a., GDPR). Giving your consent is voluntary and is not related to an application process. You have the option to withdraw your consent to the processing of your data at any time. In the event of withdrawal, the data shall be irrevocably deleted from the applicant pool unless there are legal reasons for retention to the contrary.
The data shall be irrevocably deleted from the applicant pool no later than two years after consent has been given.
XIV. Additional services and offers on the website
1. Description and scope of the data processing
On our website there are services and forms from external service providers that can be used. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. The services of the external service providers are marked accordingly. If a user makes use of this option, the data entered in the input mask are forwarded to the respective service provider and to us, stored and processed.
Different data shall be requested depending on the contact form and entry of the reason for the request and the selected contact channel. This can be the following data:
(1) Contacted area;
(2) Form of address, first name, surname;
(3) Contact route: telephone, e-mail or post;
(4) Telephone, e-mail;
(5) Company name, street, house number, postcode, town;
(6) Property details
and/or
(6) Message.
In addition, the following data shall be stored at the time of sending the message: Date and time of the enquiry.
In addition, the following are forwarded to Google Analytics:
(1) Requested area
(2) Time of the enquiry
Your consent is obtained in respect of processing the data as part of the sending procedure, and reference is made to this Data Protection Policy.
Alternatively, you can establish contact via the stated e-mail address. In such a case, the user's personal data forwarded by e-mail are stored.
2. Legal basis for the data processing
The legal basis for processing the data in the case of obtaining the user's consent is Article 6(1), Point a., GDPR. If entering into a brokerage contract is intended with the establishment of contact, Article 6(1), Point b., GDPR, is also the legal basis.
The legal basis for processing the data that are forwarded during the course of sending an e-mail is Article 6(1), Point f., GDPR. If the e-mail contact is aimed at entering into a contract, the additional legal basis for the processing is Article 6(1), Point b., GDPR.
3. Data processing purpose
The processing of the personal data from the input mask is solely for the purpose of processing the contact and property-related enquiries (in particular information on a property valuation).
In the case of contact or property-related enquiries by e-mail, this also constitutes the necessary legitimate interest in processing the data.
If the purpose of the contact is to create the opportunity for entering into a contract or for the brokerage of a contract by the broker, the processing of the personal data also enables the proof of our brokerage activity in dealings with you.
The other personal data processed during the sending process are aimed at preventing misuse of the contact form and ensuring the security of our information technology systems.
4. Storage duration
The data are deleted as soon as they are no longer required for the purpose of their collection. With regard to personal data from the entry window of the contact form and personal data that have been sent via e-mail, this is the case if the respective conversation with the user has ended. The conversation is deemed to have ended if based on the circumstances it is clear that the respective matter has been conclusively clarified.
5. Option of withdrawing consent and rectification
The user has the option at any time of withdrawing their consent to the processing of the personal data. If the user establishes contact with us by e-mail, he or she can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
In such a case, the conversation cannot be continued.
Any personal data that have been stored during the course of establishing contact shall be deleted in this context.
XV. Rights of the data subject
If your personal data are processed, you as the user are the data subject within the meaning of GDPR, and you have the following rights in dealings with us as the Controller:
1. Right to obtain information
You have the right to obtain confirmation from us as to whether or not we are processing your personal data.
Where such processing applies, you have the right to obtain the following information from us:
(1) The purposes for which the personal data are processed;
(2) The categories of personal data concerned;
(3) The recipients or categories of recipient to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(4) Where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) The existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
(6) The right to lodge a complaint with a supervisory authority;
(7) Where the personal data are not collected from the data subject, any available information as to their source;
(8) The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to be informed whether or not your personal data are transferred to a third country or to an international organisation. In this context, you have the right to be informed of the appropriate safeguards in accordance with Article 46, GDPR, relating to the transfer.
The contact address for safeguarding the data subject’s rights is:
Grossmann & Berger GmbH
Bleichenbrücke 9 (Stadthöfe)
D-20354 Hamburg
Tel.: +49 (0)40 / 350 80 2 - 0
Fax: +49 (0)40 / 350 80 2 - 36
E-mail: info@grossmann-berger.de
Internet: www.grossmann-berger.de
2. Right to rectification
You have the right to rectification and/or the completion of personal data by us provided the processed personal data that apply to you are incorrect or incomplete. We undertake to rectify the data without delay.
3. Right to restriction of processing
You have the right to obtain from the Controller restriction of processing of your personal data under the following conditions:
(1) You contest the accuracy of the personal data for a period enabling the Controller to verify the accuracy of the personal data;
(2) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) As the Controller we no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
(4) If you have objected to processing in accordance with Article 21(1), GDPR, pending verification of whether or the legitimate grounds of the Controller override your reasons.
If the processing of your personal data has been restricted, such data may only be processed – apart from the storage of such data – following your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the processing was restricted in accordance with the aforementioned requirements, we shall notify you before the restriction shall be lifted.
4. Right to erasure
a) Obligation to erase
You have the right to instruct us to erase your personal data without undue delay and we undertake to erase personal data without undue delay where one of the following grounds applies:
1. Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You withdraw consent on which the processing is based in accordance with Article 6(1), Point a., GDPR, and where there is no other legal ground for the processing.
3. You object to the processing in accordance with Article 21(1), GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21(2), GDPR.
4. Your personal data have been unlawfully processed.
5. Erasing your personal data is required for compliance with a legal obligation in Union or Member State law to which we, in the capacity of Controller, are subject.
6. Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1), GDPR.
b) Information forwarded to third parties
If we have made your personal data public and in accordance with Article 17(1), GDPR, we undertake to erase the personal data, we shall, taking account of available technology and the cost of implementation, adopt reasonable steps, including technical measures, to inform controllers who are processing your personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, such personal data.
c) Exceptions
The right to erasure shall not apply where processing is required
(1) To exercise the right of freedom of expression and information;
(2) To honour a legal obligation that necessitates processing in accordance with the law of the Union or the Member States to which we, in the capacity of Controller, are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
(3) On the grounds of public interest in the area of public health in accordance with Article 9(2), Points h. and i., as well as Article 9(3), GDPR;
(4) To achieve purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), GDPR, provided the right stated in section a) is likely to render the realisation of the goals of such processing impossible or have a serious detrimental effect on it, or
(5) To establish, exercise or defend legal claims.
5. Right to information
If you have exercised the right to the rectification, erasure or restriction of processing in dealings with us in the capacity of Controller, we undertake to notify all recipients to whom your personal data have been disclosed of such rectification or deletion of data or restriction of processing unless it proves impossible or would involve a disproportionate effort.
In dealings with the Controller, you have the right to be informed of such recipients.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a Controller, in a structured, commonly used and machine-readable format. In addition, you have the right to forward such data to another Controller without hindrance from us in the capacity of Controller to which the personal data have been provided, where:
(1) The processing is based on consent pursuant to Article 6(1), Point a., GDPR, or Article 9(2), Point a., GDPR, or on a contract in accordance with Article 6(1), Point b. GDPR; and
(2) The processing is performed by automated means.
In exercising this right, you furthermore have the right to have your personal data forwarded directly from one Controller to another, where technically feasible. This may not adversely affect freedoms and rights of other persons.
The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us in the capacity of Controller.
7. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)., Point e. or f., DSGVO. This also applies to profiling based on these provisions.
In this case, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This also applies to profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw the data protection law declaration of consent
You have the right to withdraw your data protection law declaration of consent at any time. Withdrawing the consent does not affect the legality of the processing that applied as a result of the consent up until the withdrawal.
9. Automated decision in an individual case, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
(1) Is necessary for entering into, or performance of, a contract between you and us;
(2) Is authorised by Union or Member State law to which we are subject and which also sets out suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) Is based on your explicit consent.
However, these decisions may not be based on special categories of personal data in accordance with Article 9(1), GDPR provided Article 9(2), Point a. or g., GDPR, does not apply and appropriate measures have been adopted for the protection of the rights and freedoms and your justified interests.
In the cases referred to in (1) and (3), we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention by us in the capacity of Controller, to express your point of view and contest the decision.
10. Right to lodge a complaint with a supervisory authority
Irrespective of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority. You can find the contact details of the competent supervisory authorities, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, by searching the internet.