Privacy Notice

In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled under the data protection regulations, the European General Data Protection Regulation (GDPR).

This privacy notice informs you about the nature, scope and purpose of the processing of personal data within our website (hereinafter "website"). The privacy notice applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).

Personal data in the sense of the GDPR is all data that can be personally related to you, e.g. name, address, email addresses, user behavior. Which data is processed in detail and how it is used depends largely on the services used by us.

We use various other terms in our privacy notice in the sense of the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority and international organization. You can find corresponding definitions for these terms in Art. 4 GDPR.

1. Who is responsible for data processing and whom can I contact?

The entity responsible for the processing of personal data is:

Deutsche Real Estate Aktiengesellschaft

Oudenarder Str. 16

13347 Berlin

Deutschland

+49 (0) 30 24 00 864 – 0

+49 (0) 30 24 00 864 - 599

info@drestate.de

You can reach our data protection officer at:

mip Consult GmbH

Jan Käding

Wilhelm-Kabus-Str. 9

10829 Berlin

+49 (0) 30 24 00 864 – 0

datenschutz@drestate.de

www.sofortdatenschutz.de

2. What sources and data do we use?

We process personal data that we receive from you while using our website and, if applicable, our business relationship.

In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and safety. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software, notification of successful retrieval.

Furthermore, we receive your personal data if you contact us via contact form or e-mail. Personal data here are, for example, name, company, address, e-mail address, telephone number and, if applicable, the data you send us as a message (hereinafter referred to as "contact data"). Please note that we cannot guarantee complete data security when communicating by e-mail, so we recommend that you use the postal service for information requiring a high degree of confidentiality.

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for the following purposes and on the basis of the following legal grounds:

Purposes

Legal basis

Insofar as you have given us consent to process personal data for certain purposes, in particular for contacting you (e.g. via our contact form or by e-mail for processing and handling the inquiry, advertising approach by telephone, e-mail, SMS, etc.), the lawfulness of this processing is based on your consent.

Any consent given can be withdrawn at any time. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is therefore not affected by the withdrawal. The withdrawal can be sent to the contact details above or to info@drestate.de.

Consent, Art. 6 para. 1 sentence 1 lit. a GDPR

When contacting us (via contact form or email), your information will be processed for the purpose of handling the contact request and its processing.

Performance of a contract or execution of pre-contractual measures upon request of the person, Art. 6 para 1 lit b GDPR,

When contacting us (via contact form or e-mail) in connection with your application, we process your data in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process. Your applicant data will be screened by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers responsible for the respective open position. There, a decision will be made on the further procedure. As a matter of principle, only those persons in the company who require your data for the proper conduct of our application process have access to it.

Establishment of an employment relationship, § 26 BDSG and after completion of the application process in the event of rejection to protect legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR (defense against claims), if applicable, if consent has been given, Art. 6 para. 1 sentence 1 lit. a GDPR.

We process your access data (see data listed above under point 2) to protect legitimate interests of us or of third parties. In particular, we pursue the following legitimate interests

· Ensuring IT security, in particular the safety of the website;

· Advertising or market and opinion research, insofar as you have not objected to the use of your data;

· Assertion of legal claims and defense in legal disputes;

As part of the balancing of interests for the safeguarding of legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR

4. Who gets my data?

Within our company, those departments receive access to your data that need it to fulfill our contractual and legal obligations.

Processors used by us (Art. 28 GDPR) may also receive data for the purposes mentioned above. These are companies in the categories of IT services, telecommunications, consulting and advisory services, and sales and marketing. If we pass on data to our service providers, they may only use the data to perform their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects, guarantee an appropriate level of data protection and are carefully monitored by us.

Data is only passed on to third parties who are not processors within the framework of legal requirements. We only pass on users' data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in the economic and effective operation of our business operations, or if you have consented to the transfer of data. In the case of purely informational use of the website, we do not pass on any data to third parties as a matter of principle. 

5. How long will my data be stored?

For security reasons (e.g. for the clarification of abuse or fraud) log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.

As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of an agreement via contact form or by e-mail.

Applicant data is deleted after 6 months in the event of a rejection. If we are not able to hire you, but your application is still of interest to us, we will continue to keep your application on file for future job postings, provided we have your express written consent. The data will be deleted after two years at the latest.

In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are two to ten years.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.

Insofar as you assert your rights as a data subject, we will store the information provided to you in this regard until the expiry of the statutory limitation period pursuant to Section 31 (2) No. 1 OWiG, Section 41 (1) BDSG, Art. 83 (5) lit b GDPR for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of the limitation period (e.g. in the context of inquiries by supervisory authorities).

6. Is data transferred to a third country or to an international organization?

Data is not transferred to third countries (countries outside the European Union - EU).

7. What data protection rights do I have?

Every data subject has

  • the right of access according to Art. 15 GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
  • the right to rectification according to Art. 16 GDPR (i.e. in the event that your personal data is inaccurate or incomplete, you may request that it be rectified),
  • the right to erasure under Art. 17 GDPR and the right to restriction of processing under Art. 18 GDPR (i.e. you may have the right to request erasure or restriction of processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal retention obligations do not require continued storage),
  • the right to data portability under Art. 20 of the GDPR (i.e. you may have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transfer this data to another controller without hindrance).

Furthermore, you can withdraw consents, in principle with effect for the future.

In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

In addition, we would like to point out your right to object according to Art. 21 GDPR:

Information about your right to object according to Art. 21 GDPR.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e of the GDPR (data processing in the public interest) and Art. 6 para. 1 sentence 1 lit. f of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 of the GDPR. 

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

In individual cases, we process your personal data to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made form-free and no transmission costs other than those according to the prime rates will be incurred.

If you wish to exercise your right to object, it is sufficient to send an informal message, e.g. to the contact details above.

8. To what extent is there automated decision-making in individual cases, including profiling?

In the context of accessing our website or in the context of contacting us by form or email, we generally do not use fully automated decision-making pursuant to Art. 22 of the GDPR. If we use these procedures in individual cases, we will inform you about this separately, as far as this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

9. Is there an obligation for me to provide data? 

Within the scope of our website, you must provide those personal data that are required for the use of our website for technical or IT security reasons. If you do not provide this data, you will not be able to use our website.

When contacting us by form or e-mail, you only need to provide the personal data that is required to process your request. Otherwise, we will not be able to process your request.