1. Content of this statement
This data protection statement and privacy policy explains to you how we handle your personal data when you visit us on deka-immobilien.de (the “Website”). It also contains information about your rights under the General Data Protection Regulation (GDPR).
Furthermore, Item 7 provides information about the use of cookies on our Website.
2. Controller and data protection officer
The controller responsible for the processing of your data within the meaning of the GDPR is:
Deka Immobilien Investment GmbH
Lyoner Straße 13
60528 Frankfurt am Main
Phone: (+49) 69 7147-0
Fax: (+49) 69 7147-3529
E-mail: immobilien@deka.de
The data protection officer may be contacted at:
Deka Immobilien Investment GmbH
Data Protection Officer
Lyoner Straße 13
60528 Frankfurt am Main
E-mail: datenschutz@deka.de
3. Visiting this Website
Our web servers, like all other web servers, will automatically record technical data in server log files every time you access one of our pages.
Such information includes:
- browser type and browser version
- operating system used
- web page or website you visited prior to ours (referrer URL)
- host name of the device accessing the page
- date and time of server query
- IP address
In our log files, we save your computer’s IP address merely in truncated form. As a result, it is not possible to draw any conclusions about your person.
We use the log file data solely to ensure the functionality of our services (e.g. for error analysis, to ensure system security and to protect against abuse). Said data will be erased after 14 days.
The legal basis for the processing of any log file data classified as personal data is our legitimate interest (Art. 6(1) (f) GDPR) in error analysis, ensuring system security and providing protection against abuse.
Said data will not be amalgamated with other data sources.
For the technical operation of the Website, we use technical service providers, who are bound by instruction. This Website is operated by our service provider on a server in Germany and hosted on behalf of our service provider at a German data centre. To display map content, we also use a technical service provider domiciled in Germany that processes data in strict compliance with our issued instructions within the scope of a data processing agreement.
4. Displaying our LinkedIn posts
On our Website, we embed posts that we have published on our LinkedIn page. To this end, we employ the services of Walls.io GmbH (Schönbrunner Straße 213/215, 3rd floor, 1120 Vienna, Austria). Walls.io accesses and saves the content of posts from LinkedIn. When you visit a page of our Website on which our LinkedIn posts are embedded, your browser will establish a direct connection to the Walls.io computer in order to access the content there. A direct connection between your device and LinkedIn is not established. In the process, Walls.io will receive the data mentioned in Item 3 and will use it to provide the LinkedIn content to your browser. Walls.io will store your IP address in truncated form only. Additional information about data protection at walls.io is available here: https://help.walls.io/en/articles/5634115-data-privacy-ccpa-gdpr-compliance.
The legal basis for the use of Walls.io is our legitimate interest (Art. 6(1) (f) GDPR) in the efficient embedding of our LinkedIn posts by a specialised service provider.
The privacy policy stated on the website of LinkedIn applies if you access the LinkedIn website by clicking on one of our LinkedIn posts.
5. Displaying videos
We use the video hosting provider movingimage EVP GmbH, Tempelhofer Ufer 1, 10961 Berlin, Germany, which acts as a processor in accordance with our binding instructions. When you watch a video on our Website, your device will establish a connection to the terminal of movingimage and will use such connection to transmit the content of the video.
This service provider is used on the basis of our legitimate interest in a fast and efficient provision of our video offerings at a sufficient transmission speed, Art. 6(1) (f) GDPR.
movingimage processes IP addresses to enable video content to be presented and to determine statistical data such as the number of views. Before being stored in the database, this data is anonymised or pseudonymised by movingimage unless it is required in order to provide video content.
For its part, movingimage may engage service providers, in particular Akamai Technologies GmbH in Germany. Akamai Germany will, in turn, engage sub-processors to ensure quick delivery of video content worldwide. A list of the sub-processors used by Akamai can be found at https://www.akamai.com/legal/compliance/privacy-trust-center/list-of-sub-processors. The column “Safeguards for transfer outside the EEA” on that page indicates whether the country in question has an adequate level of protection in accordance with the GDPR (adequacy decision) and, if not, how an adequate level of protection was ensured (e.g. EU Standard Contractual Clauses, Module 3).
6. Analysis of Website visits
6.1 Use data
When you visit our Website, we will record the following use data for the purpose of analysis:
- web page accessed, along with date and time
- web page or website you accessed prior to ours (referrer)
- operating system, browser software and screen resolution of the device
- IP address of the device, which will be stored and used solely in truncated form
- interactions on the Website (otherwise known as “events”), such as downloads and selected links
6.2 Purposes of use
We use data on use for the following purposes:
- to improve our offerings. For example, we are able to recognise which functions and content are particularly popular and expand and enhance them accordingly. We see which devices are used and are able to tailor our offerings to them technically. We identify the countries and regions from which users come and are able to enhance the language offerings accordingly.
- to identify and rectify errors. In doing so, we spot factors such as the frequency of interruptions in processes and the types of devices on which they occur.
We do not use the data on use to identify individual visitors or users, or to create use profiles for individual users. We do not attribute the use data to individual persons.
6.3 Processing
Cookies are not used in use analysis. We solely process information that is ordinarily transmitted from the browser to our servers. The IP address is stored only in truncated, anonymised form. We operate the software for use analysis on our servers. No third-party providers or cloud services are used. We erase the use data after 12 months.
The legal basis for the processing is our legitimate interest (Art. 6(1) (f) GDPR) in the analysis of the use of our Website for the purpose of improving our offering and for identifying and rectifying errors.
6.4 Right to object
You may object to processing within the scope of use analysis by clicking on the following link. To this end, a permanent cookie may be stored on your computer to save your objection:
7. Cookie information
Below, you will find an explanation of cookies that are used on our Website. Cookies are information that we save on your device, or that are already saved there, and that we access.
We use cookies only if they are necessary to the ability to independently provide services of our Website expressly requested by you and/or the Website itself (otherwise known as “necessary cookies”).
“First-party cookies” refers to cookies that are stored by the domain that is displayed in the URL line of your browser. “Third-party cookies”, by contrast, are stored by other domains.
“Session” is used below to refer to a browser session.
Specifically, we use the following cookies:
| No. | Name/Designation | Purpose of use | Content | Type | Lifetime | First-/Third-party cookie | Explanation |
| 1 | PHPSESSID | Session management | Sample content: 1ilbk3g9a55e62jrnht2t78lvaa | Necessary cookie | Until closing the browser window | First-party cookie | - |
| 2 | Cookieconsent_status | Storage of the displayed cookie banner | Dismiss | Necessary cookie | Until closing the browser window | First-party cookie | After the first visit to the website, a cookie is stored that states that the cookie banner should remain hidden. |
8. Definitions
8.1. Terms
In the following section, we will explain some of the legal and technical terms used in this data protection statement.
Personal data: Personal data means any information relating to an identified or identifiable natural person, such as information that is linked to your e-mail address or securities account number.
Processing: Processing of personal data means any operation which is performed on personal data, such as collection by way of an online form, its storage on our servers or its use to establish contact.
IP address: An IP address is a number that your internet provider temporarily or permanently assigns to your device. A full IP address may, in some cases, make it possible to identify the subscriber based on additional information from your internet access provider.
8.2. Legal basis
The GDPR permits the processing of personal data only if a legal basis exists. We are legally obligated to notify you of the legal basis for the processing of your data.
In the following section, we will explain to you the terminology used.
| Legal basis | Term | Explanation |
|---|---|---|
|
Art. 6(1) (f) GDPR |
Legitimate interest |
In accordance with this |
9. Your rights
The GDPR affords you certain rights in relation to your personal data. We explain these rights below. You are entitled to the rights in accordance with the conditions of the respective data protection provisions. The following statement does not grant you any additional rights.
9.1. Access
You have the right to obtain from us confirmation as to whether or not we are processing personal data concerning you, and, where that is the case, access to the personal data and the information detailed in Art. 15 GDPR.
9.2. Rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data and, if applicable, the right to have incomplete personal data completed, Art. 16 GDPR.
9.3. Erasure
You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds detailed in Art. 17 GDPR applies, such as if the personal data is no longer necessary in relation to the purposes pursued.
9.4. Restriction of processing
You have the right to obtain from us restriction of processing where one of the conditions stated in Art. 18 GDPR applies, such as if you have objected to processing, for the duration of our verification.
9.5. Data portability
Under certain conditions, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit said data and to have said data transmitted (if technically feasible), Art. 20 GDPR.
9.6. Complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data relating to you infringes the GDPR, Art. 77 GDPR. You may exercise this right in the Member State of your habitual residence, place of work or place of the alleged infringement. The contact information of the supervisory authorities in Germany is available here.
9.7. Withdrawal (of consent)
You have the right to withdraw your consent to the processing of your data with future effect at any time, including with regard to any consent to processing granted prior to the applicability of the GDPR.
9.8. Objection
You also have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6(1), including profiling based on those provisions. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims (Art. 21 GDPR).