Data protection

– Information according to article 12 et seq. of the General Data Protection Regulation (GDPR) –

In the following, we inform you about our processing of your personal data and about the claims and rights that you are entitled to according to data protection provisions, in particular the European General Data Protection Regulation (GDPR).

Personal data as defined by the GDPR is all data that refers to you personally such as your name, address, email address, and date of birth.

The data protection terms used in our Data Protection Information are used in line with the definitions of the GDPR. This includes terms such as personal data, processing, restriction of processing, profiling, pseudo-anonymization, controller, processor, recipient, third party, consent, undertaking, supervisory authority, and international organization. The definitions of these terms can be found in article 4 GDPR.

Notification regarding your transmissions of third-party data:

If you transmit personal data about your spouse, life partner, relatives, or other third parties (for example guarantors), please inform them about the processing of their personal data by us, and refer to this Data Protection Information. Consent from these persons may be required to transmit their data.

1. Who is responsible for data processing, and whom can I contact?

Controller:
Hines Immobilien GmbH
Joachimsthaler Str. 1
10623 Berlin
Germany

Please send inquiries about data protection to the following email address:
Deutschland.Datenschutz@hines.com

2. What purposes do we process your data for and on which legal basis?

We process personal data that we receive when our website is used as well as on the basis of current business relationships or business relationships with you that are being initiated.

We merely collect personal data that your browser transmits to our server if you use our website for informational purposes only and do not register or transmit information to us some other way. If you visit our website solely for informational purposes, we collect the following access data that is technically required for us to display our website to you and to ensure stability and security. This access data includes the IP address, the date and time of your request, the time zone difference to Greenwich Mean Time (GMT), the content of the request (i.e. the name of the specific website that was accessed), status of access/HTTP status code, the quantity of transmitted data, referrer URL (previously visited website), the operating system and its user interface, browser type as well as the language, version of the browser software and a notification of successful access.

Moreover, we receive your personal data if you contact us such as by using the contact form or by email. In this case, personal data includes your name, address, email address, telephone number, and possibly data that you send us in a message (hereinafter referred to as “Contact Data”). We process personal data for the following purposes based on the following legal bases:

Implementation of pre-contractual measures taken at the person’s request, article 6 paragraph 1 letter b GDPR

When contact is made with us (by the contact form or email), your information will be processed to handle your contract request and attend to it.

As part of balancing interests for the purposes of legitimate interests, article 6 paragraph 1 letter f GDPR

We process your access data for the purposes of our legitimate interests or the legitimate interests of third parties. In particular, we pursue the following legitimate interests:

  • Ensuring IT security, especially the security of the website;
  • Advertising or market and opinion research provided that you have not objected to the use of your data;
  • Establishing legal claims and defending against legal disputes.

3. Who obtains my data?

Within our undertaking, the only departments that receive access to your data are those departments that need access to your data to comply with our contractual and statutory obligations.

Processors that we utilize (article 28 GDPR) can also receive data for these stated purposes. They are undertakings in the categories of IT services to maintain our hardware and software, logistics or mail shipments. If we use processors to perform our services, we take suitable, lawful measures as well as appropriate technical and organizational measures to ensure the protection of personal data according to the pertinent statutory provisions.

Data is disclosed to third parties to the extent permitted by law. We disclose users’ data to third parties only if this, for example, is required on the basis of article 6 paragraph 1 letter b GDPR for contractual purposes or is based on legitimate interests according to article 6 paragraph 1 letter f GDPR in effective business operation of our business or if you have consented to transmission of data. Subject to these conditions, recipients of personal data may particularly be:

  • Suppliers, IT service providers provided that they are not processors
  • Brokerage companies
  • Marketing companies

In the event of a contact inquiry or if a contract is being initiated, we may disclose your data to the owner of the property: DPI Deutschland Plus Invest GmbH & Co. Geschl. InvKG, Ericusspitze 1, 20457 Hamburg, Germany.

4. How long is my data stored?

For security reasons (e.g. for investigation of abuse or fraud), log file information is stored for a duration of no more than seven days and then is erased (see Item 2 above). Data that is necessary to be retained as proof must be excluded from erasure until final clarification of the incident.

To the necessary extent, we process and store your personal data for the duration of our business relationship, which also may include initiating and processing a lease.

Moreover, we are subject to various retention and documentation obligations that are derived from sources such as the Commercial Code (HGB) and the Fiscal Code (AO). The retention and documentation periods prescribed there are two to ten years. For example, we must retain the lease that contains your personal data for at least 10 years – calculated from the end of the lease.

Ultimately, the storage period is also determined by the statutory periods of limitation that, for example, are normally 3 years according to sections 195 et seq. of the Civil Code (BGB) but that may also be up to thirty years in certain cases although the regular period of limitation is three years.

5. Is data transmitted to a third country or to an international organization?

The data that is provided is generally processed within the European Union as well as possibly in third countries, in particular the USA. An adequacy decision of the EU Commission exists according to article 45 GDPR for the USA. In addition, we generally have agreed upon EU standard data protection clauses with recipients of your data in third countries.

6. What rights do I have under data protection law?

Every data subject has

  • the right to information according to article 15 GDPR (i.e. you have the right to obtain information at any time about your personal data that we store),
  • the right to rectification according to article 16 GDPR (i.e. you can obtain rectification of your data if your personal data is incorrect or incomplete),
  • the right to erasure according to article 17 GDPR and the right to restriction of processing according to article 18 GDPR (i.e. you may have the right to obtain erasure or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and statutory retention periods do not require further storage),
  • the right to data portability from article 20 GDPR (i.e. you may have the right to receive personal data that pertains to you that you have provided to us and may receive it in a structured, commonly used, machine-readable format to transmit this data to another controller without hindrance).

In addition, you can withdraw consent, which normally will have effect for the future.

Moreover, you have the right to file a complaint with a data protection supervisory authority (article 77 GDPR in conjunction with section 19 Federal Data Protection Act – BDSG). You can find your responsible supervisory authority at https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html

In addition, we would also like to point out your right to object according to article 21 GDPR:

Information about your right to object according to article 21 GDPR

You have the right at any time on grounds relating to your particular situation to object to the processing of personal data concerning you based on article 6 paragraph 1 letter e GDPR (data processing in the public interest) and article 6 paragraph 1 letter f GDPR (data processing based on balancing of interests). This also applies to profiling based on this provision as defined by article 4 number 4 GDPR, which we use for questionnaire evaluation or advertising purposes. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or unless the purpose of the processing is the establishment, exercise, or defense of legal claims. No particular form is prescribed for the objection, and no costs are incurred other than costs of transmission according to basic rates. The objection must be sent using the Contact Data indicated above.

7. To what extent does automatic decision-making take place including profiling in individual cases?

We do not use any automatic decision-making according to article 22 GDPR. We also do not process your data automatically with the objective of evaluating certain personal aspects (profiling).

8. Am I obligated to provide data?

On our website, you must provide personal data that is necessary to use our website from a technical or IT security standpoint. You cannot use our website if you do not provide this data.

When making contact using the form or email, you have to provide only personal data that is necessary to process your inquiry. Otherwise, we cannot process your inquiry.

9. Cookies

We use cookies on our website. Cookies are small files that normally consist of letters and numbers and that are stored on users’ computers when they visit certain websites.

As a rule, we use only necessary cookies. Necessary cookies enable the core functions of our website. Without these cookies, the website cannot be displayed correctly, or under certain circumstances individual areas will not function correctly. Required cookies can be prevented only by the appropriate settings in your browser (you can find out on your browser’s help page how to change settings to handle cookies).

You can individually prohibit cookies from being stored by changing the settings of your browser (you can find out on your browser’s help page how to change settings to handle cookies). You can find help with cookie management for the most common browsers at the following addresses:

  • Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
  • Internet Explorer: https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d
  • Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
  • Opera: https://www.opera.com/help
  • Safari: https://support.apple.com/en-ca/guide/safari/sfri11471/mac