Data protection information
– Information pursuant to Article 12 et seq. of the General Data Protection Regulation (GDPR) –
In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled according to the data protection regulations, in particular the European Data Protection Regulation (GDPR).
Personal data in the sense of the GDPR are all data that can be personally related to you, e.g. name, address, e-mail addresses, date of birth etc.
We use the data protection terms used in our data protection information according to the GDPR. This includes terms such as personal data, processing, restriction of processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, undertaking, supervisory authority and international organisation. For these terms, you can find corresponding definitions in Art. 4 GDPR.
Notice regarding the transmission of third party data by yourself:
If you transfer personal data about your spouse, life partner, relatives or other third parties (such as guarantors), please inform them about the processing of their personal data by us and refer to this data protection information. If necessary, the consent of these persons to the data transfer is required.
1. Who is responsible for data processing and whom can I contact?
controller:
HECF Werfthaus S.à r.l.
35 F, Avenue John F. Kennedy
L-1855 Luxembourg
Please direct any enquiries regarding data protection to us as follows:
Deutschland.Datenschutz@hines.com
2. For what purposes do we process your data and on what legal basis?
We process personal data that we receive from you as part of your use of our website and, if applicable, our business relationship/management of the rental contract.
In the case of solely informative use of the website, i.e if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website solely for information purposes, we collect the following access data, which are technically necessary for us to display our website to you and to ensure its stability and security. This access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, browser type as well as language and version of the browser software, notification of successful retrieval.
Furthermore, we receive your personal data if you contact us, for example via contact form or e-mail. Personal data here are e.g name, address, e-mail, telephone number and, if applicable, the data you send us as a message (hereinafter referred to as „contact data“). We process personal data for the following purposes and on the following legal basis:
Fulfilment of pre-contractual and contractual obligations, Art. 6 para. 1 b GDPR
When contacting us (via contact form or e-mail), your details will be processed to process the contact request and its handling.
Legitimate interests, Art. 6 para. 1 f GDPR
Where necessary, we process your data to protect legitimate interests of us or third parties. This includes in particular the following data processing:
• Ensuring IT security, in particular the security of the website;
• Advertising or market and opinion research, provided you have not objected to the use of your data;
• Assertion of legal claims and defence in legal disputes
3. Who can access my data?
Within our company, only those departments will have access to your data that need it to fulfil our contractual and legal obligations.
Processors used by us (Art. 28 GDPR) may also receive data for these purposes. These are companies in the categories of trades for construction and repair measures, meter reading companies (such as ISTA and others), laboratories for testing the water for legionella, IT services for the maintenance of our hardware and software, logistics or letter dispatch and debt collection. If we use processors to provide our services, we take appropriate legal precautions and technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal requirements.
Data is only transferred to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, e.g. on the basis of Art. 6 para. 1 b) GDPR for contractual purposes or based on legitimate interests pursuant to Art. 6 para. 1 f) GDPR in an economic and effective operation of our business or if you have consented to the data transfer. Under these conditions, recipients of personal data can be in particular:
• Suppliers, service providers and craftsmen, insofar as they are not processors (e.g. to carry out a repair in your home)
• Real estate agencies
• Marketing companies
n the event of a contact request or contract initiation, we may pass on your data to the following companies:
• Hines Immobilien GmbH, Joachimsthaler Str. 1, 10623 Berlin (Asset Manager)
• C & W (U.K.) LLP German Branch, Rathenauplatz 1, 60313 Frankfurt am Main (Real estate agencies)
4. How long will my data be stored?
For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.
As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a rental agreement.
If we do not offer you a rental contract after checking the documents or if you are not interested in concluding a rental contract with us and you have not given us your consent to further storage, we will delete your data stored by us after 3 months calculated from the time of our or your rejection of the rental contract. You will receive back the documents you have handed over to us. The legal basis for storing the documents for 3 months is our legitimate interest (Art. 6 Para. 1f GDPR) in defending against the assertion of claims by prospective tenants, in particular in accordance with the General Equal Treatment Act (AGG).
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are two to ten years. For example, we must retain the rental agreement containing your personal data for at least 10 years – calculated from the end of the rental agreement.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.
5. Is data transferred to a third country or to an international organisation?
A data transfer to third countries (countries outside the European Union or the European Economic Union) does not take place. An exception applies in the case of your consent for the use of external online services. Please see for more details below: 11. Processing of personal data in the context of the use of external online services.
6. What data protection rights do i have?
Each data subject shall
• the right to access their data according to Art. 15 GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
• the right to rectification in accordance with Art. 16 GDPR (i.e. in the event that your personal data is inaccurate or incomplete, you may request that it be rectified),
• the right to erasure according to Art. 17 GDPR and the right to restriction of processing according to Art. 18 GDPR (i.e. you may have the right to request the erasure or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal retention obligations do not require the continued storage),
• the right to data portability from Art. 20 GDPR (i.e. you may have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller without hindrance).
Furthermore, you can withdraw your consent, in principle with effect for the future.
In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You can find the supervisory authority responsible for you at
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
In addition, we would like to point out your right of objection according to Art 21 GDPR:
Information about your right to object according to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) of the GDPR (data processing in the public interest) and Article 6(1)(f) of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) of the GDPR which we use for questionnaire evaluation or advertising purposes. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. The objection can be made form-free and no transmission costs other than those according to the base rates will be incurred. The objection should be sent to the contact details provided above.
7. To what extent is there automated decision making including profiling in individual cases?
For the establishment and implementation of the business relationship, we do not use fully automated automatic decision-making pursuant to Article 22 GDPR. We also do not process your data automatically with the aim of evaluating certain personal aspects (profiling).
8. Is there an obligation for me to provide data?
On our website, you must provide the personal data necessary for using our Website for technical or IT security reasons. You cannot use our website unless you provide the above-mentioned data.
When contacting us via form or by e-mail, you only need to provide the personal data required to process your request. Otherwise we will be unable to process your request.
Within the scope of our business relationship, you only have to provide the personal data that is required for the establishment, execution and termination of a rental agreement or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude a rental agreement or will no longer be able to execute an existing agreement and may have to terminate it. If a statement can be made voluntarily, we have marked this statement accordingly in the respective survey form.
9. Cookies
We use cookies on our website. Cookies are small text files, usually consisting of letters and numbers, which are stored on the user’s computer when visiting certain Internet pages.
By default, we only use necessary cookies. Necessary cookies enable the core functionalities of our website. The website cannot be displayed correctly without these cookies or individual areas may not function properly. Necessary cookies can only be prevented by appropriate settings in your browser.
For a visually appealing design of our website, we use Adobe Typekit Web Fonts from Adobe Systems Software Ireland Ltd. 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland („Adobe“).
This service enables us to access the Adobe font library. In order for the fonts we use to be integrated, your browser must establish a connection to an Adobe server in the USA and download the required font. Adobe then receives the information that our website has been accessed from the IP address of your device.
Adobe Inc., 345 Park Avenue, San Jose, California 95110-2704, USA, has concluded standard data protection clauses to ensure that the European data protection principles and the European level of data protection also apply to data processing in the USA. Adobe Inc. is also listed in the Data Privacy Framework Program (DPF) and is thus committed to complying with essential data protection standards. Further information on Adobe Fonts can be found in Adobe’s privacy policy at https://www.adobe.com/de/privacy.html.
You can prohibit the storage of cookies individually via the settings of your browser (you can find out how to set the cookie handling on the browser’s help page). You can find help on cookie management in the most common browsers at the following addresses:
• Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
• Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
• Opera: http://www.opera.com/de/help
• Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE.