We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience e.g. Ad and content measurement. Personal data can be processed (e.g. IP addresses). You can find more information about the use of your data in our data protection declaration.
Thank you for visiting our website and for your interest in our company. The protection of your personal data is very important to us. With the following information, we would like to inform you about the processing of your personal data during your visit of our website.
"Personal data" is any data relating to you personally, e.g. name, address, e-mail addresses, user behaviour. The "processing" of your data within the meaning of the European General Data Protection Regulation (GDPR) refers to any operation in connection with your personal data. This includes, for example, the initial collection, storage, adaptation or alteration as well as any other use of your personal data.
Of course, we comply with the legal provisions, in particular the GDPR, the German Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG).
This Privacy Policy informs you in accordance with our legal obligations and explains, among other things, what personal data we collect and what we use it for. It also explains how and for what purpose this is done and on what legal basis.
The controller for data processing within the meaning of the GDPR is the
IMPPV Immobilien und Mobilien Potsdamer Platz Verwaltungs GmbH
Linkstraße 2
10785 Berlin
Insofar as "we", "us" or the "company" are referred to below, this refers to the aforementioned controller.
Data Protection Officer If you have any questions, suggestions or complaints, you are welcome to contact our data protection officer under the keyword "data protection". You can reach the data protection officer by e-mail at [email protected] - or via the postal address: Von Zur Mühlen'schen GmbH An den Datenschutzbeauftragten Potsdamer Platz Alte Heerstraße 1 53121 Bonn
Where we store or otherwise process your personal data, we use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties, taking into account and considering the state of the art, the implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks, likelihood and impact of a data breach for the data subject. Our security measures are continuously updated in line with technological developments.
In particular, this site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us. You can recognize an encrypted connection when the address bar of the browser changes from "http://" to "https://" and by the lock symbol in your browser bar. If SSL or TLS encryption is activated, the data you transmit to us normally cannot be intercepted by third parties.
We would like to point out that data transmission on the Internet (e.g., communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
**INFORMATIONAL USE ** When using the website for information purposes, i.e., simply viewing it without registering and without you providing us with any other information, we process the personal data that your browser transmits to our server.
· IP address · Date and time of the request · Time zone difference from Greenwich Mean Time (GMT) · Content of the request (page visited) · Access status/HTTP status code · Data volume transferred in each case · Previously visited page · Browser · Operating system · Language and version of the browser software.
COOKIES So-called cookies are sometimes used on the website. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your device and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses. Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognise your browser on your next visit. In some cases, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user. You can configure your browser so that you are informed about the use of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited. The individual cookies and tools that we use on our website are described in more detail in sections 4 to 8 below.
SERVER LOG FILES We automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are: · Browser type and version · Operating system used · Referrer URL · Host name of the accessing computer · Time of the server request · IP address
LEGAL BASIS The legal basis for the processing of your data for informational use is our legitimate interest (Art. 6 para. 1 lit. f GDPR). This is that this data is technically necessary to display our website to you and to ensure stability and security and must therefore be processed by us. The processing of data collected by means of server log files or technical or functional cookies is also our legitimate interest to provide the website securely or to monitor and maintain its performance. The legal basis for the processing of data collected by means of other cookies, in particular those for analysis and marketing purposes, is your consent (Art. 6 para. 1 lit. a GDPR), which you can give via the cookie banner and also revoke at any time - see also in more detail in sections 5 to 8 on the individual cookies/services used.
We do not use social media plugins on our website. If our website contains icons from social media providers (e.g., Facebook or Instagram), we only use these for passive linking to the pages of the respective providers.
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses "cookies" in the form of text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website is usually transmitted to and stored by Google on servers in the United States. The use of Google Analytics allows us to measure reach and optimise your user experience. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
IP shortening We have activated the IP anonymisation function on this website. This means that your IP address will be shortened by Google before being transmitted to the USA, either within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Demographic characteristics in Google Analytics This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person.
Legal basis The processing of data by means of Google Analytics cookies and the corresponding transmission to the USA takes place exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and Art. 49 para. 1 lit. a GDPR respectively. You can give or refuse your consent via our cookie banner.
Data processing by Brevo As part of its activities and for the purpose of providing its services, Sendinblue GmbH (hereinafter referred to as "Brevo") collects and processes the personal data of its users (hereinafter referred to as the "Users").
The purpose of this Brevo Privacy Policy is to provide users with a concise and global overview of the processing of personal data by Brevo.
Brevo attaches particular importance to the protection of Users' privacy and the confidentiality of their personal data and undertakes to process data in compliance with applicable laws and regulations, in particular the French Data Protection Act No. 78-17 of January 6, 1978 (hereinafter the "Data Protection Act"), Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR").
Definitions Personal data: Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to that person;
Processing of personal data: Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Cookie: A cookie is a piece of information that is stored on the hard disk of an Internet user by the server of the website visited. It contains several pieces of data: the name of the server that stored it, an ID in the form of a unique number and possibly an expiration date. This information is stored on the PC in a simple text file that a server accesses to read and store information.
Controller - DPO The responsible body within the meaning of data protection law is Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (hereinafter: Brevo. Further information about Brevo can be found in the imprint.
Brevo has appointed a Data Protection Officer who can be contacted at the following address: [email protected].
Data collected Brevo collects users' data in order to provide them with the services for which they have registered on the platform.
An asterisk is used to indicate whether the information provided is mandatory or voluntary (in order to complete the user's registration and provide them with Brevo services).
In addition, certain data is collected automatically through the user's actions on the website (see paragraph on cookies).
Purposes The personal data collected by Brevo during the provision of services is necessary for the performance of contracts concluded with the user or is necessary for Brevo to pursue its legitimate interests while respecting the user's rights. Certain data may also be processed with the user's consent.
Brevo processes the data for the following purposes: Commercial and accounting management of the contract; Management of activation and marketing campaigns; Detection of malicious behavior (fraud, phishing, spam, etc.); Improvement of the user's browsing history on the website; in general, for any purpose within the meaning of Article 2 of Decree-Law No. 2012-209 of June 21, 2012 establishing a simplified standard for the automated processing of personal data relating to the management of users and prospects.
Recipients of the data The personal data collected is intended for Brevo's sales department, accounting department and customer service. It may be transferred to Brevo's subsidiaries or to processors that Brevo may use in the context of the provision of its services.
In this context, personal data may be transferred to a country within or outside the European Union. Brevo puts in place safeguards to ensure the protection and security of this data in accordance with the regulations.
Brevo does not sell or rent personal data to third parties for marketing purposes without the express consent of Brevo users.
Apart from these cases, personal data may only be disclosed to third parties in the following cases: – with their authorization; – at the request of the legally competent authorities, at the request of a court or in the context of a legal dispute.
Data retention period Brevo may archive the data under the conditions provided for in the Regulation in order to comply with its legal obligations or to have the necessary elements to assert its rights.
Thus, the personal data collected by Brevo regarding the identity and contact details of its users will be archived for a maximum period of two years (i) from the termination of the contractual relationship for the data of users/customers or (ii) from their collection by the controller or (iii) from the last contact by the interested party for the data of interested parties. Termination of the contractual relationship shall be deemed to be the express termination of the contract by the user or the non-use of Brevo's services for a period of five years.
Rights of the user In accordance with the Regulation, the user has the right to access and rectify personal data concerning him/her, so that information that is inaccurate, incomplete, misleading or out of date and whose collection or use, disclosure or retention is prohibited is rectified, completed, clarified, updated or erased.
The user also has the right to request the restriction of processing and to object to the processing of their personal data for legitimate reasons. The user may also leave instructions as to what should happen to their personal data in the event of their death.
Where applicable, the user may request the transfer of their data or, if the processing requires their consent, withdraw their consent at any time.
The user can assert their rights by email to [email protected] or by post to the following address:
Sendinblue GmbH Köpenicker Straße 126, 10179 Berlin
These requests will be processed within a maximum period of 30 days.
The user can change the data concerning him/her at any time by logging in to https://www.brevo.com and clicking on "Edit my profile" or by contacting the customer service department at [email protected].
The user can unsubscribe from Brevo's newsletter or marketing emails at any time by clicking on the relevant links contained in each email message.
The user has access to detailed information about the use of their personal data, in particular about the purposes of the processing, the legal bases that allow Brevo to process the data, the retention period of the data, its recipients and, if applicable, the transfer of the data to countries outside the European Union and the precautions to be taken. For this purpose, the user can send a corresponding request by e-mail to [email protected].
Additional provisions on the inbox function Notwithstanding the provisions of our current Privacy Policy, the following provisions apply when the user (ex Brevo) provides access to their Gmail user data. Brevo: – uses the access only to read, write, modify or control Gmail text messages (including attachments), metadata, headers; to customize settings to provide a web-based email client that allows users to create, read, send and process emails without transferring data from Gmail; unless it is necessary to improve or provide features, comply with laws or is required as part of a merger, acquisition or sale. – does not use the data for its own customer acquisition or marketing activities. Under no circumstances will the data be used for advertising purposes. – does not allow people to read this data unless Brevo has the user's consent. Necessary for security reasons - for example to check for misuse, compliance with applicable laws or for internal purchases at Brevo. These processes are carried out anonymously.
Cookies For more information about cookies at Brevo, please visit our Cookie Policy.
Security Brevo has taken all reasonable precautions to ensure the security of personal data and in particular to prevent it from being distorted, damaged or accessed by unauthorized third parties.
In particular, the following measures have been taken: – Multi-level firewall, – Proven virus protection and detection of intrusion attempts, – Encrypted data transmission using SSL/https/VPN technology, – Tier 3 and PCI DSS certified data centers
In addition, access to processing by Brevo recipient services requires authentication of the persons accessing the data by means of an individual access code and password that are sufficiently robust and regularly renewed.
Data transmitted via unsecured communication channels is subject to technical measures to make this data unintelligible to unauthorized persons.
Questions about the security of Brevo's website can be directed to [email protected].
Modification of the privacy policy Brevo reserves the right to amend this Privacy Policy to reflect changes in applicable laws and regulations.
This site uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to process your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. Google Maps is used in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
More information on the handling of user data can be found in Google's Privacy Policy: https://www.google.de/intl/de/policies/privacy/.
We use Friendly Captcha, a paid GDPR compliant captcha service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany, which protects websites from spam software and abuse by non-human visitors.
Friendly Captcha is a novel, privacy-friendly protection solution to make it more difficult for automated programmes and scripts (so-called "bots") to use our website. For this purpose, we have integrated a program code from Friendly Captcha into our website for the newsletter registration so that the visitor's end device can establish a connection to the Friendly Captcha servers in order to receive a calculation task from Friendly Captcha. The visitor's terminal device solves the calculation task, which requires certain system resources, and sends the calculation result to our web server. The server contacts the Friendly Captcha server via an interface and receives a response stating whether the end device solved the calculation correctly. Depending on the result, we can apply security rules to requests via our website and, for example, process or reject them.
Friendly Captcha processes and stores the following data in the above process: · Anonymized IP address of the computer making the request · Information about the browser and operating system used · Anonymised counter per IP address to control the cryptographic tasks · Website from which the access took place.
The data is used exclusively to protect against spam and bots as described above. Friendly Captcha does not set or read any cookies on the visitor's terminal device. IP addresses are only stored in hashed (one-way encrypted) form and do not allow us and Friendly Captcha to draw any conclusions about an individual person. If personal data is collected, it is deleted after 30 days at the latest. The legal basis for the processing is our legitimate interest in protecting our website against abusive access by bots, i.e., spam protection and protection against attacks (e.g., mass requests), Art. 6 para. 1 lit. f GDPR. Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.
For the transfer of data to companies or other bodies in countries outside the European Economic Area ("EEA") (so-called "third countries") and insofar as there is no EU Commission decision on an adequate level of data protection for the third country in question (Art. 45 para. 1 of the GDPR), we ensure that your rights and freedoms are adequately protected and guaranteed by means of corresponding contracts (Art. 46 para. 2 lit. c of the GDPR) or so-called Binding Corporate Rules (Art. 46 para. 2 lit. b of the GDPR). In individual cases, data may be transferred based on your consent (Art. 49 para. 1 lit. a GDPR) and if the transfer is necessary to perform a contract with you (Art. 49 para. 1 lit. b GDPR) or a contract with a third party that is in your interest (Art. 49 para. 1 lit. c GDPR) or for the establishment, exercise or defence of legal claims (Art. 49 para. 1 lit. e GDPR) or is otherwise necessary for important reasons of public interest (Art. 49 para. 1 lit. d GDPR). Data may be transferred in particular in connection with the involvement of service providers within the scope of processing. We will provide you with detailed information on the transfer of data to third countries upon request.
You can exercise your rights as a data subject with regard to your personal data processed by us at any time by contacting us using the contact details provided at the beginning of this document.
As data subject, you have the right:
· to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the source of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
· to request the rectification of inaccurate data or the completion of your data stored by us without delay in accordance with Art. 16 GDPR;
· in accordance with Art. 17 GDPR to request the erasure of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
· request the restriction of the processing of your data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you or the processing is unlawful;
· pursuant to Art. 20 GDPR to receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer to another controller ("data portability");
· object to the processing pursuant to Art. 21 GDPR, provided that the processing is based on Art. 6 para. 1 sentence 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will review the merits of the case and either cease or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing;
· in accordance with Art. 7 para. 3 GDPR, revoke your consent given once (also before the GDPR came into force, i.e., before 25.5.2018) - i.e., your voluntary will, made comprehensible in an informed manner and unambiguously by means of a declaration or other unambiguous confirming act, that you agree to the processing of the personal data in question for one or more specific purposes - at any time vis-à-vis us, if you have given such consent. This has the consequence that we may no longer continue the data processing based on this consent in the future, and
· complain about the processing of your personal data in our company to a data protection supervisory authority, such as the data protection supervisory authority responsible for us, in accordance with Art. 77 GDPR:
Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstraße 219, 10969 Berlin,
e-mail: [email protected].
We process and store your data for the duration of the respective business relationship (in case of doubt: the website visit) and/or as long as this is necessary to achieve the processing purposes described above. Your personal data will be deleted or completely anonymised as soon as the purpose of the data processing and, if applicable, the included storage ceases to apply.
Deletion or complete anonymisation does not take place if and as long as we have to retain your data in order to fulfil legal or official obligations, e.g., legal retention obligations. These may result from the German Commercial Code (HGB) or the German Fiscal Code (AO), among other things; retention periods of six to ten years are provided for here. Furthermore, deletion or complete anonymisation does not take place if and as long as we retain your data because we need it to document claims within the respective limitation period (usually three years, in individual cases up to 30 years).
Updating the Privacy Policy We reserve the right to update the Privacy Policy from time to time and to adapt it to any changes in the law. Please pay attention to the current version.
Status: July 2024