I. General information on data processing
1. Scope of processing of personal data
In principle, we process personal data of our users only insofar as this is necessary to provide our website and our content and services. The processing of the personal data of our users takes place regularly and is subject to the user’s consent. An exception applies in cases in which prior consent cannot be given for practical reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) provides the legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(a) of GDPR provides the legal basis. This also applies to the processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required in order to fulfil a legal obligation that is incumbent on our company, Article 6(1)(c) of GDPR provides the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of GDPR provides the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Article 6(1)(f) GDPR provides the legal basis for processing.
3. Data erasure and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of the storage no longer applies. Data may be stored beyond this point if this is provided for by European or national legislators in EU regulations, laws or other rules to which the controller is subject. The data is also blocked or erased when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data in order to conclude or fulfil a contract.
II. Name and address of the controller
The controller within the meaning of the GDPR and other national data protection laws of the Member States, and other data protection provisions, is:
Weishaupt Immobilien GbR
Tel.: +49 7392 83220
III. Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. These server log files contain the following data:
- Domain, IP address, requests, user agent, timestamp, status code
The log files contain IP addresses or other data that allow allocation of the data to a particular user. The data will not be merged with any other data sources.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is provided by Article 6(1)(f) of GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to allow the website to be delivered to the user’s computer. This requires that the user’s IP address must remain stored for the duration of the session. Data is stored in log files to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our IT systems. The data is not analysed for marketing purposes in this context.
These purposes also represent our legitimate interest in the processing of data according to Article 6(1)(f) of GDPR.
4. Duration of storage
All log files are subject to a daily rotation. Logs from the previous day are archived, made available for a duration of three days and subsequently erased.
5. Objection and remedy
The gathering of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, the user does not have the option of objection.
1. Description and scope of data processing
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is provided by Article 6(1)(f) of GDPR.
3. Purpose of data processing
The user data collected via technically required cookies will not be used to create user profiles.
4. Duration of storage, objection and remedy
V. Secure data transmission
During your website visit, we use SSL (Secure Socket Layer) technology, which is the internet standard for the secure transmission of data, with the highest-level encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page on our website has been transmitted using encryption by seeing a key or closed padlock icon in the lower status bar of your browser.
Apart from that, we use appropriate technical and organisational safeguards to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. We continually optimise our safety measures to keep up with technological developments.
VI. Rights of the data subject
If we process your personal data, you are the data subject pursuant to GDPR and you have the following rights in relation to the controller:
1. Right to information
You may ask the controller to confirm whether we process personal data relating to you. If such processing does take place, you can request information from the controller about the following:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data processed;
(3) the recipients or the categories of recipients to whom the personal data relating to you has been disclosed or is to be disclosed;
(4) the planned duration of storage of your personal data or, if specific information is not available, the criteria for determining the duration of storage;
(5) the existence of a right to have personal data relating to you corrected or erased, a right to restrict processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making, including profiling under Article 22(1) and (4) of GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether your personal data is to be transferred to a third country or an international organisation. In this context, you can request the appropriate guarantees pursuant to Article 46 of GDPR in connection with this transfer.
2. Right to correction
If the personal data processed is incorrect or incomplete, you have the right to have this corrected and/or made complete by the controller. The controller must make the correction immediately.
3. Right to restrict processing
You may demand the restriction of the processing of your personal data under the following conditions:
(1) if you dispute the accuracy of the personal data relating to you for a period of time that enables the controller to verify the accuracy of the said personal data;
(2) processing is unlawful, and you decline to have the personal data erased and instead request the restriction of the use of the said personal data;
(3) the controller no longer needs the personal data for the purposes of processing, however you need it to establish, exercise or defend legal claims; or
(4) if you have objected to processing pursuant to Article 21(1) of GDPR and it is not yet determined whether the legitimate reasons of the controller prevail over your reasons. If the processing of personal data relating to you has been restricted, this data may only be used with your consent or for the purpose of establishing, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest to the European Union or a Member State. If the restriction of processing has been limited according to the above restrictions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Duty of erasure
You may require the controller to erase your personal data without delay, and the controller is required to erase this data immediately if one of the following grounds applies:
(1) The personal data relating to you is no longer necessary for the purposes for which it was gathered or otherwise processed.
(2) You withdraw your consent to processing pursuant to Article 6(1)(a) or Article 9(2)(a) of GDPR and there is no other legal basis for processing.
(3) You file an objection to the processing pursuant to Article 21(1) of GDPR and there are no prior justifiable reasons for the processing, or you file an objection to the processing pursuant to Article 21(2) of GDPR.
(4) Your personal data has been processed unlawfully.
(5) It is necessary to erase personal data relating to you in order to fulfil a legal obligation under European Union law or the law of the Member States incumbent on the controller.
(6) The personal data relating to you was gathered in relation to an information society service pursuant to Article 8(1) of GDPR.
b) Information to third parties
If the controller has made the personal data relating to you public and if they are obliged to erase it pursuant to Article 17(1) of GDPR, they shall take the appropriate steps, including technical measures, taking into account available technology and implementation costs, to inform controllers responsible for data processing who process the personal data that you, as a data subject, have demanded the deletion of all links to such personal data or copies or duplicates of such personal data.
c) Exceptions The right of erasure does not exist if processing is necessary
(1) in order to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation required by the law of the European Union or of the Member States incumbent on the controller, or to implement a task in the public interest or in the exercise of the official authority conferred on the controller;
(3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of GDPR;
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of GDPR, to the extent that the right referred to in subparagraph (a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
(5) to establish, exercise or defend legal claims.
5. Right to information
If you have the right of correction, erasure or restriction of processing in relation to the controller, the latter is obliged to notify all recipients to whom your personal data has been disclosed of this correction or erasure of data or restriction of processing, unless this proves to be impossible or requires disproportionate effort.
You are entitled to require the controller to reveal the identity of these recipients to you.
6. Right to data portability
You have the right to receive the personal data that you have supplied to the controller in a structured, current, machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was supplied, provided that
(1) processing is based on consent pursuant to Article 6(1)(a) of GDPR or Article 9(2)(a) of GDPR or on a contract pursuant to Article 6(1)(b) of GDPR, and
(2) processing involves an automated procedure.
In exercising this right, you are also entitled to require that the personal data relating to you should be transmitted directly from one controller to another controller, insofar as this is technically feasible. This must not impair the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data necessary to implement a task in the public interest or in the exercise of the official authority conferred on the controller.
7. Right of objection
You have the right to object to processing of your personal data at any time, for reasons that arise from your particular situation pursuant to Article 6(1)(e) or (f) of GDPR; this also applies to profiling based on these provisions.
The controller will no longer process personal data relating to you unless they can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or processing is for the purpose of establishing, exercising or defending legal claims.
If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Directive 2002/58/EC notwithstanding, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
Right to withdraw the declaration of consent under data protection law
You have the right to withdraw the declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of the consent before its withdrawal.
9. Automated decision-making on a case-by-case basis, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – that will have legal effect or substantially affect you in a similar manner. This shall not apply if the decision
(1) is required for the conclusion or fulfilment of a contract between you and the controller,
(2) is permitted under European Union or Member State legislation which is incumbent on the controller and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
(3) is made with your express consent. However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) of GDPR, unless subparagraphs (a) or (g) of Article 9(2) of GDPR apply and reasonable measures have been taken to protect your rights and freedoms, as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to uphold your rights and freedoms and your legitimate interests, including at least the right to seek intervention by a person on the controller's side, to express a personal position and to challenge the decision.
10. Right of appeal to a supervisory authority
Without prejudice to other administrative or judicial remedies, you have the right of appeal to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged breach, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of GDPR.