Privacy protection

    Public list of procedures for Investa Projektentwicklungs- und Verwaltungsgesellschaft mbH

    Data Privacy Policy for the Website www.investa.de

    Effective as of May 15, 2018 Protecting your privacy and your personal data is very important to us. We want to collect and process your personal data only with your knowledge and consent. Personal data within the meaning of this Policy are any information that may be related to you, i.e., your name, address, email address, IP address, and user behavior. In this Data Privacy Policy we explain to you what information we may store and for what purposes we might use such information. Investa Projektentwicklungs- und Verwaltungsgesellschaft mbH agrees to comply with all national and European data protection laws and regulations.

    Controller and data protection officer (1) The controller within the meaning of Article 4 paragraph 7 of the General Data Protection Regulation (hereinafter "GDPR") and the service provider within the meaning of § 13 of the German Telemedia Act (hereinafter "TMG") is:

    Investa Projektentwicklungs- und Verwaltungsgesellschaft mbH
    Törringstraße 22
    81675 Munich

    Please direct any data protection related queries to our “data protection team” at datenschutzteam@investa.de

    (2) The data protection officer of the controller can be reached at:

    Investa Projektentwicklungs- und Verwaltungsgesellschaft mbH
    Der Datenschutzbeauftragte
    Törringstraße 22
    81675 Munich
    Email: datenschutz@investa.de

    Source of personal data We will process personal data that we receive from you when your visit our website, when you contact us by email, or when you complete our contact form.

    Categories of personal data that are processed (1) If you visit or use our website for information purposes only, i.e., if you do not register or otherwise transmit information to us, we will only collect personal data that are transmitted to our server by your browser. If you wish to view our website, we will collect the following data, which we need for technical reasons to show our website to you and to ensure stability and security:

    • your IP address
    • the date, time, and duration of your visit,
    • the content requested (specific page),
    • the access status/http-status code,
    • the data volume transmitted,
    • the website from which the request is received,
    • your browser, and
    • your operating system. Those data will be used exclusively for internal statistical purposes. (2) In addition to the aforementioned data, cookies will be stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive by your browser and that transmit certain information to the party that has placed the cookie. Cookies can execute no programs or transmit any viruses to your computer. Their purpose is to make the website as a whole more user-friendly and effective. (3) We use cookies to be able to recognize you the next time you visit our website, if you have created an account with us. Otherwise you will have to log in for each new visit. (4) Most browsers are configured by default to accept cookies. However, you can block cookies in your browser at any time or select settings in your browser to receive a notification as soon as a cookie is transmitted. Please note, however, that if you do so, you may not be able to use all functions of this website. (5) This stored information will be stored separately from any additional data you may have provided to us. In particular, data from cookies will not be linked to any other of your data.

    Additional functions and services of our website (1) In addition to purely informational use of our website we offer various services that you may use if you are interested. To use those services you will generally have to provide additional personal data, which we will then use to provide the service you have selected and which are subject to the aforementioned data processing principles. (2) If you contact us by email, the data you have provided (your email address and, if applicable, your name and telephone number) will be stored by us in order to answer your questions. Data we receive in this connection will be erased as soon as their storage is no longer necessary, or, if we are subject to legal recordkeeping obligations, we will restrict the processing of such data.

    Integration of the web analysis service Matomo (1) We use the web analysis service Matomo for our website to be able to analyze and continuously improve use of our website. The statistical data generated by Matomo allow us to improve our products and services and to make them more interesting to you as a user. (2) For purposes of this analysis cookies will be stored on your computer (for more details see section 3 above). Data so collected will be stored by the controller exclusively on its server in Germany. You may stop the analysis by deleting existing cookies and blocking new cookies. Note that if you block cookies, you may no longer be able to use this website to the full extent. Cookies can be blocked by selecting the appropriate settings in your browser. Matomo can be blocked by unchecking the following box thereby activating the opt-out plugin. (3) This website uses Matomo with the extension "AnonymizeIP." As a result, IP addresses are masked before being processed, thereby ruling out that your IP address can be directly correlated to you. The IP address transmitted by your browser through Matomo will not be merged with any other data we have collected. (4) The Matomo program is an open source project. You will find information about data privacy at this third-party provider at the following link: https://matomo.org/privacy-policy/.

    Use of Shariff solution for social media plugins of Facebook and Twitter (1) We currently use social media plugins of Facebook and Twitter. In this connection we use the so-called Shariff solution. This means that when you visit our website, no personal data will initially be transferred to the providers of these plugins. You can identify the provider of a plugin through the marking on the gray-shaded box based on the initial letter or logo. Contact to such providers and access requests are made by the server, so that instead of the IP address of the visitor only the server address will be transmitted to Facebook and Twitter. Only if and when you click on the link to share content, will a plugin provider receive the information that you have accessed the corresponding website of our online offer. In addition, the data shown in section 3 of this Data Privacy Policy will be transmitted. In the case of Facebook, the IP address will be rendered anonymous in Germany immediately after collection, according to information provided by the provider of Facebook in Germany. By activating the plugin personal data will therefore be transmitted to providers in the United States and stored there. Because plugin providers collect data in particular by using cookies, we recommend that you delete all cookies in the security settings of your browser before clicking on the gray-shaded box. (2) We neither have control over collected data or data processing procedures of plugin providers nor do we know the full extent to which data are collected, for what purposes data are processed, or for how long data are stored by plugin providers. We also have no information about the erasure of collected data by plugin providers. (3) Plug-in providers store such data as user profiles and use them for advertising and market research purposes and/or for designing their websites in conformity with user preferences. Such an analysis is made in particular (whether or not users are logged in) to show advertising in conformity with user preferences and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such a user profile. To exercise this right, you must contact the appropriate plugin provider. Through plugins we provide you with the opportunity to interact with social networks and other users, allowing us to improve our products and services and make them more interesting to you as the user. (4) Data will be transferred whether or not you have an account with a plugin provider or are logged in with a plugin provider. If you are logged in with a plugin provider, your data will be directly associated with your account with the plugin provider. If you click on the button and, e.g., link the page, the plugin provider will store that information in your user account as well and share that information publicly with your contacts. We recommend that you always log out from a social network after use, in particular however before you activate the button, as this will allow you to avoid association with your profile at the plugin provider. (5) Additional information about the purpose and extent of data collection and processing by plugin providers is available in the data privacy policies of the various providers shown below. There, you will also find additional information about your rights and setting options to protect your privacy. (6) Addresses of providers and URLs of data privacy policies: Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, U.S.A.; http://www.facebook.com/policy.php; additional information about data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications, and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Twitter Inc., 1355 Market St., Suite 900, San Francisco, California 94103, U.S.A.; http://Twitter.com/privacy.

    Integration of Google Maps (1) We use Google Maps on this website. This allows us to show you interactive maps directly on the website and provide you with convenient use of the map function. (2) When you visit the website, Google will receive information that you have accessed the corresponding page of our website. In addition, the data shown in section 3 of this Data Privacy Policy will be transmitted. This will happen whether or not Google makes available a user account through which you are logged in. If you are logged in with Google, your data will be associated directly with your account. If you do not wish data to be associated with your Google profile, you have to log out before clicking the button. Google stores such data as user profiles and uses them for advertising and market research purposes and/or for designing its website in conformity with user preferences. Such an analysis is made in particular (whether or not users are logged in) to show advertising in conformity with user preferences and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such a user profile. To exercise this right, you must contact Google. (3) You will find additional information about the purpose and extent of data collection and processing by Google in its data privacy policy. There, you will also find additional information about your rights and setting options to protect your privacy: https://policies.google.com/privacy?hl=de&gl=de. Google will process your personal data also in the United States and has committed to comply with the EU-US Privacy Shield.

    Categories of recipients of personal data (1) For some of the aforementioned processes and services we have carefully selected third-party service providers in conformity with applicable data protection law. Such third-party service providers are bound by our instructions and are audited by us on a regular basis. They will transfer no data to third parties. (2) In terms of transferring data to other recipients, we will transfer information about you only if we are required to do so by law, if you have consented, or if we otherwise have the right to transfer your data.

    Purposes for which personal data are processed, and legal bases of data processing We will process your personal data in compliance with applicable data protection laws. Data processing is lawful if the following conditions are satisfied: Consent (Article 6 paragraph 1a) of the GDPR: Processing of your personal data is lawful if you have consented to processing for specific purposes (e.g., processing of your inquiry, use of data for marketing purposes). Your consent may be revoked at any time with effect for the future. This also applies to the revocation of consents you gave us before the GDPR took effect, i.e., prior to May 25, 2018. Legal requirements (Article 6 paragraph 1c) of the GDPR: Investa Projektentwicklungs- und Verwaltungsgesellschaft mbH is subject to various legal obligations, including the following: recordkeeping obligations under the German Commercial Code (HGB) and the German Tax Code (AO) audit and reporting obligations under tax law Legitimate interests (Article 6 paragraph 1f) of the GDPR: To the extent necessary, we will process your data beyond the actual performance of the agreement with you to protect our rightful interests or those of third parties. For example, we may process your data: to assert legal claims or defend legal actions, to guarantee IT security and IT operation, to analyze and improve use of our website, or to use social media plugins.

    Intent to transfer personal data to a third country or international organization Personal data will be actively transmitted to third countries only if this is expressly disclosed in connection with the aforementioned services.

    Criteria for determining the duration for which personal data will be stored (1) Data will be stored in compliance with applicable data processing laws and in conformity with legal recordkeeping obligations. We will process and use data only for the purposes for which you have authorized us to process your data, and we will store data for as long as they are needed for those purposes. (2) If and when data are no longer needed for their purpose or for compliance with legal obligations, they will generally be erased unless continued processing of such data – for a limited time period and, where applicable, on a restricted basis – is necessary for any of the following purposes: Compliance with recordkeeping obligations under commercial or tax law: noteworthy are the German Commercial Code (HGB) and the German Tax Code (AO). These statutes provide for recordkeeping and/or documentation periods of up to 10 years. Preservation of evidence in connection with statute of limitations provisions: under §§ 195 et seq. of the German Civil Code (BGB) the standard limitation period is three years, but may be up to 30 years under special circumstances.

    Your data privacy rights (1) Every data subject has a right to information under Article 15 of the GDPR, a right to rectification under Article 16 of the GDPR, a right to erasure under Article 17 of the GDPR, a right to restricted data processing under Article 18 of the GDPR, a right of revocation under Article 21 of the GDPR, and a right to data portability under Article 20 of the GDPR. The right to information and the right to erasure are subject to the limitations of §§ 34 and 35 of the Federal Data Protection Act (BDSG). In addition, every data subject has a right to lodge a complaint with a competent data protection regulatory authority (Article 77 of the GDPR in conjunction with § 19 of the Federal Data Protection Act (BDSG)). (2) Your consent to the processing of personal data by us may be revoked at any time with effect for the future, as is the case for consents that were given to us before the General Data Protection Regulation took effect, i.e., prior to May 25, 2018. (3) You have a right to object at any time to the processing of your personal data based on Article 6 paragraph 1 e) of the GDPR (data processing in the public interest) or Article 6 paragraph 1 f) of the GDPR (data processing on the basis of a legitimate interest) if the reasons for the objection involve special personal circumstances. If you object, we will no longer process your personal data unless we can show that there are compelling, protected reasons for processing your data that outweigh your interests, rights, and freedoms, and unless your data are processed to assert, exercise, or defend legal rights or claims. Objections may be made informally and, if possible, should be addressed as follows:

    Investa Projektentwicklungs- und Verwaltungsgesellschaft mbH Der Datenschutzbeauftragte Törringstraße 22 81675 Munich Email: info@investa.de

    Obligation to make available personal data and potential consequences of failing to make available personal data In connection with using our services you must make available personal data which are necessary for achieving the purpose for which they are collected or which we are required to collect by law. Without those data, we will generally be unable to enter into or perform a contract with you.

    Automated decision-making process, including profiling We generally use no fully automated decision-making process within the meaning of Article 22 of the GDPR to enter into or maintain a business relationship with you. Should we use such a process in a particular case, we will notify you by separate notice if required by law.

    Changes to this Data Privacy Policy We continuously develop and optimize our services. We may therefore add new functionalities. Should this have an impact on the way in which your personal data are processed, we will provide you with timely notice in our Data Privacy Policy.