Datenschutzhinweise für Mietinteressenten


1. GENERAL INFORMATION

This document provides potential tenants with information on how their personal data is processed in the context of a pre-tenancy relationship.

 

2. CONTROLLER AND DATA PROTECTION OFFICER

This data privacy policy provides potential tenants with information on data processing in the context of a pre-tenancy relationship (initial contact, making a viewing appointment based on a rental listing, etc.) in cases where the property is going to be rented from a company within the Investa Real Estate group. Here, you can find an overview of the Investa Real Estate companies that provide information about data processing in their capacity as controllers. To find out which specific Investa Real Estate company is the controller for the property and the pre-tenancy relationship in question, please refer to the rental listing or the correspondence between you and the rental company.

Investa Real Estate has a data protection team consisting of an external data protection officer and internal data protection coordinators. The data protection team acts as a point of contact for any questions concerning data protection measures or how personal data is processed in the Investa Real Estate group. Requests from data subjects, especially those concerning assertions of data subject rights in accordance with Article 12 ff. GDPR, are received by the data protection team and passed on to the controller responsible for processing within Investa Real Estate. This ensures that potential tenants who are data subjects are able to assert their rights as data subjects or raise questions relating to data protection with the controller.

For data protection requests, please contact:

Investa Real Estate Datenschutzteam
Duesseldorfer Strasse 15
65760 Eschborn
Germany
Email: datenschutzteam@investa.de

You can contact our data protection officer at:

Investa Asset Services GmbH
An den Datenschutzbeauftragten
Duesseldorfer Strasse 15
65760 Eschborn
Germany
Email: datenschutz@investa.de

 

3. SOURCE OF PERSONAL DATA

We process personal data that we receive from you between the points of initiating a tenancy agreement and concluding it.

 

4. CATEGORIES OF PERSONAL DATA THAT IS PROCESSED

We process the following categories of personal data: Any personal data that is obtained from completed tenant information forms and any other data that you transfer or have transferred to us in this context. This includes your first name and surname, your phone number, your email address, your occupation, your net income and your address. Other documents that may be transferred include credit information documents.

 

5. PURPOSES FOR WHICH PERSONAL DATA NEEDS TO BE PROCESSED AND LEGAL BASES FOR PROCESSING

When processing your personal data, we comply with applicable national and European statutory data protection regulations.

(a) Consent (Article 6(1) (a) GDPR)
If you have granted us consent to process your personal data for certain purposes, this processing is deemed lawful on the basis of your consent. Consent can be withdrawn at any time with future effect.

(b) Fulfillment of contractual obligations or taking steps prior to entering into a contract (Article 6(1) (b) GDPR)
We also process personal data in order to fulfill our contractual obligations to our customers or take steps prior to entering into a contract.

(c) Statutory obligations (Article 6(1) (c) GDPR) or tasks carried out in the public interest (Article 6(1) (e) GDPR)
Investa Real Estate is subject to various statutory obligations (such as retention regulations under trade and tax legislation in accordance with the German Commercial Code („Handelsgesetzbuch“) and the Fiscal Code of Germany („Abgabenordnung“)). The purposes of processing include fulfilling monitoring and reporting obligations under tax legislation.

(d) Legitimate interests (Article 6(1) (f) GDPR) Where necessary, we process your data beyond the scope of performing the contract itself in order to uphold our legitimate interests or those of third parties. Some examples of this are asserting legal claims and defense against lawsuits, consultancy by and data exchange with credit agencies in order to determine credit and default risks * reviewing and improving processes relating to general business management and developing products and services * advertising, market research and opinion polling, provided that you have not objected to the use of your data for this purpose * preventing and resolving offenses * maintaining IT security and IT operations.

 

6. CATEGORIES OF PERSONAL DATA RECIPIENTS

Within the company, parties are entitled to access personal data if they need it in order to fulfill our contractual and statutory obligations. Additionally, Investa has some of the aforementioned processes and services performed by carefully selected service providers who are appointed in line with data protection requirements and are based in the EU. These are companies working in areas such as IT services. We appoint them within the context of processing agreements. With regard to passing data on to other recipients, we are only permitted to pass on your data if required by law, if you have granted your consent or if we are authorized to do so. If these prerequisites are met, recipients of personal data may include the owner of the property in question, public bodies and institutions (such as financial authorities) in cases where there is a statutory or official obligation, or other companies or comparable organizations to which we transfer personal data in order to conduct the business relationship with you.

Other parties may also receive data if you have granted us your consent to transfer data.

 

7. INTENTION TO TRANSFER PERSONAL DATA TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANIZATION

We do not actively transfer personal data to third countries or international organizations.

 

8. CRITERIA FOR DEFINING THE STORAGE DURATION FOR PERSONAL DATA

The criteria for defining the storage duration are determined on the basis of the purpose and any subsequent statutory retention periods. As a rule, we store your personal data if we have a legitimate interest in doing so and provided that your interests do not outweigh the interests in continuing to store the data. Even without a legitimate interest, we may continue to store data if we are legally required to do so (in order to fulfill retention obligations, for example). We will erase your personal data without your intervention as soon as it is no longer required to fulfill the purpose of processing or storing it would not otherwise be permitted by law.

 

9. DATA PROTECTION RIGHTS

As a data subject, you have the right to:

  • access your stored personal data in accordance with Article 15 GDPR;
  • have inaccurate or incomplete data rectified in accordance with Article 16 GDPR;
  • have personal data erased in accordance with Article 17 GDPR;
  • have processing restricted in accordance with Article 18 GDPR;
  • data portability in accordance with Article 20 GDPR; and
  • object to the processing of your personal data in accordance with Article 21 GDPR.

Asserting data subject rights

You may assert the data subject rights referred to in section 9 in writing by sending physical correspondence to the relevant controller within the Investa Real Estate group or an email to our data protection team at datenschutzteam@investa.de. We recommend sending requests via email. The controller responsible for data processing will depend on the rental listing or the correspondence with the rental company. The Investa Real Estate companies have implemented policies for handling the rights of data subjects. This ensures that requests from data subjects are answered and attended to promptly and in accordance with statutory provisions.

 

9.1. COMPLAINTS LODGED WITH THE SUPERVISORY AUTHORITY FOR DATA PROTECTION

In addition, you are entitled to lodge complaints with the relevant supervisory authority for data protection in accordance with Article 77 GDPR.

 

11. EXISTENCE OF AUTOMATED DECISION-MAKING, INCLUDING PROFILING

As a rule, we do not use any fully automated decision-making as defined by Article 22 GDPR in order to justify or conduct the business relationship. However, if we decide to use this process in isolated cases, we will notify you separately to the extent required by law.

Questions about data protection

Our data protection team (consisting of the data protection officer and data protection coordinators) is available to handle assertions of data subject rights, questions concerning the processing of your personal data, requests for information, suggestions or complaints. It can be reached via the following email address: datenschutzteam@investa.de