Controller and data protection officer (1) The controller within the meaning of Article 4 paragraph 7 of the General Data Protection Regulation (hereinafter "GDPR") and the service provider within the meaning of § 13 of the German Telemedia Act (hereinafter "TMG") is:
Investa Projektentwicklungs- und Verwaltungsgesellschaft mbH
Düsseldorfer Strasse 15
Please direct any data protection related queries to our “data protection team” at firstname.lastname@example.org
(2) The data protection officer of the controller can be reached at:
Investa Projektentwicklungs- und Verwaltungsgesellschaft mbH
Düsseldorfer Strasse 15
Source of personal data We will process personal data that we receive from you when your visit our website, when you contact us by email, or when you complete our contact form.
Categories of personal data that are processed (1) If you visit or use our website for information purposes only, i.e., if you do not register or otherwise transmit information to us, we will only collect personal data that are transmitted to our server by your browser. If you wish to view our website, we will collect the following data, which we need for technical reasons to show our website to you and to ensure stability and security:
Additional functions and services of our website (1) In addition to purely informational use of our website we offer various services that you may use if you are interested. To use those services you will generally have to provide additional personal data, which we will then use to provide the service you have selected and which are subject to the aforementioned data processing principles. (2) If you contact us by email, the data you have provided (your email address and, if applicable, your name and telephone number) will be stored by us in order to answer your questions. Data we receive in this connection will be erased as soon as their storage is no longer necessary, or, if we are subject to legal recordkeeping obligations, we will restrict the processing of such data.
Integration of the web analysis service Matomo (1) We use the web analysis service Matomo for our website to be able to analyze and continuously improve use of our website. The statistical data generated by Matomo allow us to improve our products and services and to make them more interesting to you as a user. (2) For purposes of this analysis cookies will be stored on your computer (for more details see section 3 above). Data so collected will be stored by the controller exclusively on its server in Germany. You may stop the analysis by deleting existing cookies and blocking new cookies. Note that if you block cookies, you may no longer be able to use this website to the full extent. Cookies can be blocked by selecting the appropriate settings in your browser. Matomo can be blocked by unchecking the following box thereby activating the opt-out plugin. (3) This website uses Matomo with the extension "AnonymizeIP." As a result, IP addresses are masked before being processed, thereby ruling out that your IP address can be directly correlated to you. The IP address transmitted by your browser through Matomo will not be merged with any other data we have collected. (4) The Matomo program is an open source project. You will find information about data privacy at this third-party provider at the following link: https://matomo.org/privacy-policy/.
Categories of recipients of personal data (1) For some of the aforementioned processes and services we have carefully selected third-party service providers in conformity with applicable data protection law. Such third-party service providers are bound by our instructions and are audited by us on a regular basis. They will transfer no data to third parties. (2) In terms of transferring data to other recipients, we will transfer information about you only if we are required to do so by law, if you have consented, or if we otherwise have the right to transfer your data.
Purposes for which personal data are processed, and legal bases of data processing We will process your personal data in compliance with applicable data protection laws. Data processing is lawful if the following conditions are satisfied: Consent (Article 6 paragraph 1a) of the GDPR: Processing of your personal data is lawful if you have consented to processing for specific purposes (e.g., processing of your inquiry, use of data for marketing purposes). Your consent may be revoked at any time with effect for the future. This also applies to the revocation of consents you gave us before the GDPR took effect, i.e., prior to May 25, 2018. Legal requirements (Article 6 paragraph 1c) of the GDPR: Investa Projektentwicklungs- und Verwaltungsgesellschaft mbH is subject to various legal obligations, including the following: recordkeeping obligations under the German Commercial Code (HGB) and the German Tax Code (AO) audit and reporting obligations under tax law Legitimate interests (Article 6 paragraph 1f) of the GDPR: To the extent necessary, we will process your data beyond the actual performance of the agreement with you to protect our rightful interests or those of third parties. For example, we may process your data: to assert legal claims or defend legal actions, to guarantee IT security and IT operation, to analyze and improve use of our website, or to use social media plugins.
Intent to transfer personal data to a third country or international organization Personal data will be actively transmitted to third countries only if this is expressly disclosed in connection with the aforementioned services.
Criteria for determining the duration for which personal data will be stored (1) Data will be stored in compliance with applicable data processing laws and in conformity with legal recordkeeping obligations. We will process and use data only for the purposes for which you have authorized us to process your data, and we will store data for as long as they are needed for those purposes. (2) If and when data are no longer needed for their purpose or for compliance with legal obligations, they will generally be erased unless continued processing of such data – for a limited time period and, where applicable, on a restricted basis – is necessary for any of the following purposes: Compliance with recordkeeping obligations under commercial or tax law: noteworthy are the German Commercial Code (HGB) and the German Tax Code (AO). These statutes provide for recordkeeping and/or documentation periods of up to 10 years. Preservation of evidence in connection with statute of limitations provisions: under §§ 195 et seq. of the German Civil Code (BGB) the standard limitation period is three years, but may be up to 30 years under special circumstances.
Your data privacy rights (1) Every data subject has a right to information under Article 15 of the GDPR, a right to rectification under Article 16 of the GDPR, a right to erasure under Article 17 of the GDPR, a right to restricted data processing under Article 18 of the GDPR, a right of revocation under Article 21 of the GDPR, and a right to data portability under Article 20 of the GDPR. The right to information and the right to erasure are subject to the limitations of §§ 34 and 35 of the Federal Data Protection Act (BDSG). In addition, every data subject has a right to lodge a complaint with a competent data protection regulatory authority (Article 77 of the GDPR in conjunction with § 19 of the Federal Data Protection Act (BDSG)). (2) Your consent to the processing of personal data by us may be revoked at any time with effect for the future, as is the case for consents that were given to us before the General Data Protection Regulation took effect, i.e., prior to May 25, 2018. (3) You have a right to object at any time to the processing of your personal data based on Article 6 paragraph 1 e) of the GDPR (data processing in the public interest) or Article 6 paragraph 1 f) of the GDPR (data processing on the basis of a legitimate interest) if the reasons for the objection involve special personal circumstances. If you object, we will no longer process your personal data unless we can show that there are compelling, protected reasons for processing your data that outweigh your interests, rights, and freedoms, and unless your data are processed to assert, exercise, or defend legal rights or claims. Objections may be made informally and, if possible, should be addressed as follows:
Investa Projektentwicklungs- und Verwaltungsgesellschaft mbH Der Datenschutzbeauftragte Törringstraße 22 81675 Munich Email: email@example.com
Obligation to make available personal data and potential consequences of failing to make available personal data In connection with using our services you must make available personal data which are necessary for achieving the purpose for which they are collected or which we are required to collect by law. Without those data, we will generally be unable to enter into or perform a contract with you.
Automated decision-making process, including profiling We generally use no fully automated decision-making process within the meaning of Article 22 of the GDPR to enter into or maintain a business relationship with you. Should we use such a process in a particular case, we will notify you by separate notice if required by law.