Website Privacy Policy

Below, we will inform you about the processing of your personal data by us and your claims and rights under the data protection law, in particular the General Data Protection Regulation (GDPR).

This Privacy Policy explains nature, scope and purpose of the processing of personal data by our website (collectively referred to as "Website"). The Privacy Policy applies regardless of the domains, systems and devices used (e.g., desktop, mobile, etc.).

Personal data according to DS-GVO are any data that are personally attributable to you, e.g. name, address, e-mail addresses, user behavior. Which data are processed in detail and how they are used depends largely on which of our services are used.

In our privacy policy we use various terms within the meaning of the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymization, controller, processor, recipient, third parties, consent, regulatory authority and international organization. Please see Art. 4 GDPR for definitions of such terms.

1. Who is responsible for data processing and whom can I contact?

Controller is:

Velero AG

Kantstr. 153

10623 Berlin, Germany

Phone: +49.30.213 0019-00

Fax: +49.30.213 0019-99

e-mail: mail@velero.ag

You can contact our Company Data Protection Officer at: 

mip Consult GmbH

Asmus Eggert, Attorney-at-Law

Alte Jakobstr. 77

10179 Berlin, Germany

Phone: +49.30.213 0019-00

datenschutz@velero.ag   

www.sofortdatenschutz.de

 

 

2. Which sources and data do we use?

We process personal data that we receive from you as part of your use of our website and, if applicable, our business relationship.

In the case of purely informative use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data that we technically require to display our website and to ensure stability and security. The access data include the IP address (which we anonymize), date and time of the visit,  content of the request (i.e. name of the specific visited web page), access status/HTTP status code, respective amount of transmitted data, referrer URL (previously visited page), browser type and version, operating system and its interface, language and version of the browser software, message about successful retrieval.

In addition, we obtain your personal data if you contact us by using our contact form or by e-mail.  Personal data here include e.g. name, company, e-mail, phone number, subject, message text (hereinafter called "contact information").

 

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for the following purposes and on the following legal bases:

Purposes:

Insofar as you consent to the processing of personal data for specific purposes, in particular for contacting you (e.g. via our contact form or by e-mail for handling and processing the request, advertising by telephone, e-mail, SMS, etc.), such processing is legal as you have consented.

Your consent may be revoked at any time. Please note that any revocation is effective for the future only. It does not affect any processing that was done prior to the revocation. Any revocation may be addressed to the above-mentioned contact data or to widerruf@velero.ag.

Legal basis: Consent, Art. 6 (1a) GDPR

Purposes:

When you contact us (via contact form or by e-mail), in addition to any consent given to processing the contact request and its handling, your details are also processed based on steps taken prior to entering into a contract, Art. 6 (1b) GDPR.

Legal basis: Steps taken at the request of the data subject prior to entering into a contract, Art. 6 (1b) GDPR

Purposes:

We process your access data (see data specified under item 2 above) to safeguard our legitimate interests or those of third parties. In particular, we pursue the following legitimate interests

  • Ensuring IT security, in particular the security of the Website; we also store the IP address in the event that someone leaves behind illegal content using the comment function (insults, prohibited propaganda, etc.) and we must be able to determine the author's identity for our own legal protection.

  • Advertising or market and opinion research, unless you have objected to the use of your data;

  • Assertion of legal claims and defense in case of legal disputes;

Legal basis: As part of the balancing of interests for the safeguarding of legitimate interests, Art. 6 (1f) GDPR

 

 

4. Who can access my data?

Within the organization, entities that need to know your data to fulfill our contractual and regulatory obligations can access your data.

In addition, processors (Art. 28 GDPR) engaged by us may also obtain access to data for the above-mentioned purposes. These are companies in the categories IT services, printing services, telecommunications, sales and marketing. If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant technical and organizational measures to protect personal data in accordance with applicable law.

Any transfer of data to third parties will be made only within the scope of legal requirements. We will disclose user data to third parties only if this is required, for example, under Art. 6 (1) (b) GDPR for contract purposes or based on legitimate interests pursuant to Art. 6 (1) (f.) GDPR in the economic and effective operation of our business or if you have consented to the data transfer.  If the Website is used for purely informational purpose, we generally do not disclose any data to third parties.

 

5. How long will my data be retained?

For security reasons (e.g. to investigate abusive or fraudulent activities) log-file information is retained for a maximum of four weeks and then deleted (see item 2 above). Data that must be retained further for evidential purposes are exempted from deletion until the respective incident has been finally clarified.

If necessary, we process and retain your personal data for the duration of our business relationship, which also includes, for example, initiation and performance of a contract via the contact form or by e-mail.

In addition, we are subject to various retention and documentation obligations, inter alia under the German Commercial Code (HGB) and the German Tax Code (AO). The deadlines for retention and documentation specified therein range from two to ten years.

Finally, the retention period also depends on the statutory limitation periods, which for example, usually is 3 years according to Sec. 195 et seqq. of the German Civil Code (BGB), but in some cases may be as long as thirty years, with the standard limitation period being three years.

 

6. Are data transferred to a third country or to an international organization?

The provided data are processed within the European Union as well as in the case of Google Analytics, Twitter and Zendesk (see last two sections below) in the USA. Please note that in case of recipients of your data in countries without an adequacy decision by the Commission according to Art. 45 GDPR, as is the case with the USA, we either ensure that they are certified under the EU-U.S. Privacy Shield (such as e.g. Google) or that we have agreed on EU standard data protection clauses with such recipients. This is done to protect your data and to attain an adequate level of protection for your personal data. You have the option of obtaining a copy of, or perusing, the EU standard data protection clauses. If necessary, please contact us, using the contact details specified in item 1 above.

 

7. What are my data protection rights?

Each and every data subject has

  • the right to information according to Art. 15 GDPR(right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and further information about the processing of your data)

  • the right to rectification according to Art. 16 GDPR (right to obtain from us without undue delay the rectification of inaccurate personal data concerning you)

  • the right to erasure according to Art. 17 GDPR and the right to restriction of processing according to Art. 18 GDPR, (you may be entitled to request the deletion or restriction of the processing of your personal data, if e.g. no legitimate business purpose exists for such processing and statutory retention requirements do not require further storage)

  • the right to data portability under Art. 20 GDPR (you may have the right to receive the personal information that you have provided to us in a structured, commonly used and machine-readable format and transmit that information to someone else without hindrance)

 

In addition, you may revoke consent in principle with effect for the future.

You furthermore have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with Sec. 19 BDSG). The supervisory authority responsible for you can be found at

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

We would also like to note your right to object according to Art 21. GDPR:

Information about your right to object according to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (e) GDPR (data processing in the public interest) and Art. 6 (1) (f) of the General Data Protection Regulation (data processing based on balancing of interests); this also includes profiling under these provisions within the meaning of Art. 4 No. 4 GDPR, which we use to analyze questionnaires or for advertising purposes.

 

If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the purposes of asserting, exercising or defending legal claims.

 

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes.

 

Objections do not require a particular form and no costs are incurred, other than the transmission costs according to the basic tariffs.

 

If possible, any objection should be addressed to:

 

Velero AG

Kantstr. 153

10623 Berlin, Germany

 

or by e-mail to:

widerspruch@velero.ag   

 

 

8. To what extent do you apply automated individual decision-making, including profiling?

In principle, we do not use fully automated decision-making pursuant to Art. 22 GDPR as part of access to our Website or in the context of contact via form or by e-mail. Should we use such procedures in individual cases, we will notify you separately, if this is required by law. We do not process your data automatically with the objective of evaluating certain personal aspects (profiling).

 

9. Am I under any obligation to provide data?

On our Website, you must provide the personal data necessary for using our Website for technical or IT security reasons. You cannot use our Website, unless you provide the above-mentioned data.

When contacting us via form or by e-mail, you only need to provide the personal data required to process your request. Otherwise we will be unable to process your request.

 

10. Cookies

We use cookies on our website. Cookies are small text files, usually consisting of letters and numbers, which are stored on the user's computer when visiting certain Internet pages.

Some of these cookies are essential for the functioning of our website, while other cookies help us to improve our website by giving us insight into how you use the website.

By default, we only use necessary cookies. Necessary cookies enable the core functionalities of our website. The website cannot be displayed correctly without these cookies or individual areas may not function properly. Necessary cookies can only be prevented by appropriate settings in your browser.

We only use cookies that are not necessary for the functioning of the website ("non-essential cookies") if you have given your consent via our cookie banner. You can return to our data protection information at any time and withdraw your consent or make changes.

Click here for information on the cookies we use:

The following additional possibilities exist with regard to cookies:

12. Google Analytics 

 

Based on your consent, we use the web analysis service Google Analytics from Google Inc. ("Google"). The web analysis service Google Analytics uses cookies. The information generated by the cookies about the use of our website is usually transferred to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our website by our users, to compile reports on the activities within this website and to provide us with further services related to the use of this website. Pseudonymous user profiles can be created from the processed data.

We use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser is not merged with other Google data. Users may refuse the use of cookies by selecting the appropriate settings on their browser software. Users may also refuse the use of cookies by downloading and installing the browser plugin available at http://tools.google.com/dlpage/gaoptout?hl=de.

Alternatively, you can prevent the collection by Google Analytics by clicking on the following link. An opt-out cookie is set to prevent the future collection of your data when you visit this website: Click here to set the opt-out cookie for Google Analytics This opt-out cookie only applies to the device on which you clicked this link and only as long as the cookie is not deleted.

Further information about data processing by Google, setting and contradiction possibilities receive you on the web pages of Google under https://www.google.de

13. Other services

On our website, we use third-party services as part of our legitimate interests within the meaning of Art. 6 (1) (f) GDPR, i.e. our interest in an optimal Website. The user's IP address is transmitted to such third-party providers. The IP address is technically required for the contents to be displayed. Third party providers may use so-called web pixels (invisible graphics, also referred to as "web beacons") for evaluation or marketing purposes. The web pixels can be used to evaluate information, such as the traffic of the Website. The third parties may store information in cookies on users' devices.

We use the following third-party providers on our website:

  • Google-WebFonts, i.e. external fonts by Google, LLC., https://www.google.com/fonts. The integration of Google WebFonts is done by a server call on Google (usually in the USA). For Google's privacy policy, visit https://policies.google.com/privacy and an opt-out option is available at https://adssettings.google.com/authenticated.

  • Google Maps, provided by third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Its privacy policy is available at https://www.google.com/policies/privacy and an opt-out option is available at https://www.google.com/settings/ads/.

  • YouTube videos provided by third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For its privacy policy, visit https://policies.google.com/privacy and an opt-out option is available at https://adssettings.google.com/authenticated.

  • We include functions of Twitter in our Website. Twitter is offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the presentation of our contributions within Twitter on our Website, the link to our Twitter profile, and the ability to interact with Twitter posts and features. Twitter is certified under the Privacy Shield Agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov). For Twitter's privacy policy visit https://twitter.com/de/privacy and an opt-out option is available at https://twitter.com/personalization.

  • To process your inquiries, with use the Zendesk ticket system, a customer service platform by Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102. Necessary data such as e.g. Name, first name, postal address, telephone number, e-mail address are collected via our Website to answer your inquiry.  We have a processing contract in place with Zendesk. As a U.S.-provider, Zendesk is certified under the EU-U.S. Privacy Shield Framework and therefore fulfills the minimum requirements for legally compliant data processing. For more information about Zendesk's data processing, please refer to Zendesk's privacy policy at http://www.zendesk.com/company/privacy.


 

© 2020 Velero Immobilien AG