Company Name and Address
The controller within the meaning of the DSGVO German Data Protection Regulation (hereinafter “GDPR”) and other national data protection laws of the EU Member States as well as in accordance with current data protection legislation is:
econcept Immobilien und Projektentwicklung KG (GmbH & Co.)
Belforter Str. 8
Phone: +49 30 44 01 22-0
General Data Processing
Scope of, and Permission for, the Processing of Personal Data
We principally collect and use the personal data of our users only to the extent necessary to ensure the proper functionality of our website as well as of our contents and services. The collection and use of our users’ personal data is generally subject to each user’s consent.
An exception applies whenever obtaining prior consent is not possible for factual reasons and processing of the data is permitted by legal regulations.
The lawful basis for processing personal data after obtaining the consent of the data subject is Art. 6, Sec. 1, Letter a, GDPR. The lawful basis for processing personal data that are necessary to carry out pre-contractual measures is Art. 6, Sec. 1, Letter b, GDPR. The lawful basis for processing personal data to fulfil a legal obligation is Art. 6, Sec. 1, Letter c, GDPR. In the event that the vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6, Sec. 1, Letter d, GDPR, serves as lawful basis. If the processing is necessary to protect a legitimate interest of our company or of a third party, and if these interests outweigh the interest of the data subject, due consideration having been given to the fundamental rights and freedoms of the data subject, the lawful basis for the processing of the data is Art. 6, Sec. 1, Letter f, GDPR.
Data Deletion and Storage Period
The personal data of the data subject will be deleted or blocked as soon as the purpose for storing them ceases to apply. Personal data may moreover be stored if doing so is mandated by a statutory provision obligating us to retain the data. In such cases, the data will be blocked or deleted whenever the legally prescribed storage period expires, unless further storage of the data is necessary to conclude or fulfil a contract.
Data Processing as a Result of Using Our Website
Visiting Our Website
Every time you access our website, the browser used by your endpoint will automatically send information to our website server. These data are temporarily saved in so-called log files. The following data will be collected without any action on your part and stored until their automated deletion: the IP address of the requesting computer, the access date and time, the name and URL of the retrieved file, the website from which our website is accessed (the referrer URL), the browser used and, where applicable, the operating system of your computer as well as the name of your access provider.
The aforementioned data will be processed by us for the purposes of ensuring the smooth establishment of a connection to our website, of ensuring a comfortable use of our website, of evaluating the system security and stability, as well as for other administrative purposes.
The lawful basis for the data processing is Art. 6, Sec. 1, Sent. 1, Letter f, GDPR. Our legitimate interest derives from the data collection purposes listed above. In no case will we use the collected data for the purpose of drawing conclusions regarding your person.
Inquiries by E-Mail, Phone or Fax
If you contact us via e-mail, telephone or facsimile, your inquiry including all the personal data it generates (name, request for information) will be saved and processed by us for the purpose of responding to your request. We will not disclose these data without your consent.
These data are processed on the lawful basis of Art. 6, Sec. 1, Letter b, GDPR, if your request for information is connected to the fulfilment of a contract or necessary for executing pre-contractual measures. In all other cases, processing is subject to your consent (Art. 6, Sec. 1, Letter a, GDPR) and / or based on our legitimate interest (Art. 6, Sec. 1, Letter f, GDPR) since we have a legitimate interest in the effective processing of inquiries submitted to us.
The data you submit via our contact form will remain with us until you request that we delete it, revoke your consent for storage, or whenever the purpose for which the data were stored ceases to apply (e. g. once the subject of your inquiry has been processed). Mandatory legal provisions—especially statutory retention periods—remain unaffected.
Disclosure of Data
Your personal data will not be transferred to third parties for any but the purposes listed below. We will disclose your personal data to third parties only if you expressly consented to it pursuant to Art. 6, Sec. 1, Sent. 1, Letter a, GDPR, or if the disclosure is necessary to assert, exercise or defend legal claims pursuant to Art. 6, Sec. 1, Sent. 1, Letter f, GDPR, and if there is no reason to assume that you have a protectable interest in the non-disclosure of your data whenever we are under a statutory obligation to disclose your data pursuant to Art. 6, Sec. 1, Sent. 1, Letter c, GDPR, and doing so is legally permissible and necessary for implementing contractual relationships with you pursuant to Art. 6, Sec. 1, Sent. 1, Letter b, GDPR.
We use so-called cookies for the operation of our website in order to make it more user-friendly. Some elements of our website require that the requesting browser can be identified even after changing pages.
Cookies are small files that permit saving specific information about the user’s endpoint (PC, smartphone or similar) on that device. On the one hand, they help to make websites more user-friendly and more convenient for the user (e. g. by saving the user’s login data). On the other hand, their purpose is to gather statistical data about the website use, and to analyse the data for the sake of improving the website. The placement of cookies is subject to the user’s control. Most browsers include the option to limit or entirely prevent the placement of cookies. Please note, however, that the use of the website and particularly user convenience would be limited without cookies.
User data gathered in this manner will be pseudonymised through technical safeguards. This makes it impossible to associate the gathered data with the querying user. The data are not saved in the same place as the user’s other personal data.
The lawful basis for the processing of personal data using cookies is Art. 6, Sec. 1, Letter f, GDPR. The lawful basis for the processing of personal data using cookies is Art. 6, Sec. 1, Letter f, GDPR. The lawful basis for using cookies to process personal data for analytic purposes subject to the user’s consent to such processing is Art. 6, Sec. 1, Letter a, GDPR.
Analytic cookies are used for the purpose of improving the quality of our website and its contents. The analytic cookies tell us how the website is used, and thereby help us to keep optimising our website services.
These purposes also constitute our legitimate interest in the processing of personal data pursuant to Art. 6, Sec. 1, Letter f, GDPR.
We integrated the contents, services and deliverables of third-party providers into our website. These include, for instance, maps made available by Google Maps, videos available on You Tube, as well as charts and images provided by other websites. To retrieve and properly present such data in the user’s browser, it is indispensable that the user’s IP address be transmitted. The providers (hereinafter: “the third-party providers”) will therefore become aware of a given user’s IP address.
Although we strive to use exclusively third-party providers who need a user’s IP address only to deliver content, we cannot control whether or not the IP address is saved. Assuming they do, the process would serve statistical purposes, among others. Whenever we are aware of the fact that our users’ IP addresses are saved, we will notify our users accordingly.
Use and Application of Google Analytics (with anonymisation function)
The controller has integrated the Google Analytics component (including its anonymisation function) into this website. Google Analytics is a web analysis service. The term “web analysis” signifies the collection, aggregation and evaluation of data regarding the behaviour of website visitors. A web analysis service collects, inter alia, data about the website from which a data subject has accessed a given website (the so-called “referrer”), about what sub-pages of the website were accessed, or how often and for how long a given sub-page was viewed. The primary purpose of running a web analysis is to optimise a given website and to analyse the cost-benefit ratio of internet advertising.
The operating company providing the service within the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The controller uses the addition “_gat._anonymizeIp” for the web analysis via Google Analytics. The addition is used by Google to truncate and anonymise the IP address of the data subject’s internet connection if access to our internet pages is made from a member state of the European Union or from another member state of the Treaty on the European Economic Area.
The purpose of the Google Analytics component is to analyse the visitor flows on our website. Google will use the data and information collected for the purpose of evaluating your use of our website, of compiling reports on the activity on our websites, and of providing other services related to the use of our website.
Google Analytics will place a cookie on the data subject’s information technology system (hereinafter “the IT system”). For details on the nature of “cookies” in this context, see the elaboration above. Placement of its cookie enables Google to analyse user activity on our website. Every time one of the individual pages of this website that is operated by the controller and that features a Google Analytics component, the browser on the data subject’s IT system is automatically prompted by the aforesaid Google Analytics component to transmit data to Google for the purpose of conducting an online analysis. Within the framework of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses to track the origin of visitors and clicks, and to subsequently calculate commissions, among other purposes.
The cookie is used to save personal data, such as the access time, the place from which the site was accessed and the frequency of the data subject’s visits to our website. During each visit to our website, these personal data, including the IP address of the internet connection used by the data subject, are transmitted to Google in the United States of America. The personal data are saved by Google on servers located in the United States of America. Google may pass on the personal data obtained via the technical process to third parties.
The data subject may, as outlined above, prevent the placement of cookies by our website by adjusting the settings of the used Internet browser accordingly, and thereby permanently object to the placement of cookies. Adjusting the settings of the used Internet browser in this manner would also keep Google from placing a cookie on the data subject’s IT system. Alternatively, a Google Analytics cookie already placed can be deleted via the Internet browser or other software programs any time.
For more information and Google’s effective data protection policies, go to https://www.google.de/intl/de/policies/privacy/ and to http://www.google.com/analytics/terms/de.htm. For a detailed account of Google Analytics, click the link https://www.google.com/intl/de_de/analytics/.
Use and Application of Google Maps
We use the “Google Maps” component provided by the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).
Each time the “Google Maps” component is retrieved, Google will place a cookie in order to process the respective user settings and user data when displaying the page into which the “Google Maps” component is integrated. Cookies of this type will generally not be deleted by closing the browser, but will expire after a certain period unless you delete them manually beforehand.
If you do not consent to the processing of your data, you have the option to disable the “Google Maps” service and thereby to prevent the transfer of data to Google. To do so, you will have to disable the Java Script function in your browser. Please note, however, that doing so may limit your use of “Google Maps” or deny you its use altogether.
Use and Application of MyFonts
Our website uses fonts provided by the company MyFonts Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA. Each visit of our website will cause data to be retrieved from a server of the company MyFonts, so that at least your IP address is revealed to MyFonts. At the same time, MyFonts will also learn that you retrieved the font via our website while also becoming aware of certain technical data concerning your browser because virtually every Internet browser will automatically send this kind of data to the server. Some browsers will let you limit or modify the data transmitted to the server, but whether or not this is an option depends on the make of your browser. Although MyFonts requires the transmitted data, specifically the IP address, only to deliver the retrieved contents, we have no way of knowing or influencing whether and to what extent MyFonts statistically analyses or saves these data. For more details on the data protection policy of MyFonts, use the link below: https://www.myfonts.com/info/terms-and-conditions.
Collaboration with Commissioned Data Processors Joint Controllers and Third Parties
If we, within the scope of our data processing, disclose data to other persons and companies (commissioned data processors, joint controllers or third parties), transfer such data to them or otherwise grant them access to the data, we will do so exclusively on the basis of a legal permission (e. g. if a transfer of the data to third parties, such as payment service providers, is necessary for the contract performance), if the respective user has consented to it, if a legal obligation mandates it or on the basis of our legitimate interests (e. g. when using agents, web hosts, etc.).
If we disclose or transfer data to member companies of our conglomerate or grant them access to the data, we will do so primarily for administrative purposes, which constitutes a legitimate interest, and moreover on the basis of pertinent statutory requirements.
Transfers to Third Countries
If we process data in a third country (i. e. outside the European Union [EU] or the European Economic Area [EEA] or the Swiss Confederation) or if this is done in the context of using third party services or of the disclosure or transfer of data to third parties, we will do so only for the purpose of fulfilling our (pre)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Even with legal or contractual permissions in place, we will process, or let someone process, data in a third country only if the legal prerequisites are met. This means that processing will take place e. g. on the basis of specific guarantees, such as the officially recognised establishment of a level of data protection equivalent to that of the EU (e. g. via the “Privacy Shield” in the United States) or compliance with officially recognised specific contractual obligations.
Data Policy for Recruitment and the Application Process
In conjunction with the recruitment process, we will gather and process the personal data of job applicants. The processing may be done electronically. This is particularly the case whenever a given applicant submits the relevant application documents to us in electronic form, for example as e-mail attachments or via a web form made available on our website. Whenever we sign an employment contract with an applicant, the data transmitted will be saved for the purpose of processing the employment relationship in compliance with the applicable statutory provisions. If no employment contract is signed with a given applicant, the application documents will automatically be deleted two months after our decision not to hire the applicant was communicated, unless other legitimate interests on our part stand in the way of their deletion. Other legitimate interests in this sense could, for example, be an obligation to provide evidence in proceedings under the German General Equal Treatment Act (AGG).
Data Subject Rights
You have the right:
(1) to demand information about your personal data processed by us pursuant to Art. 15, GDPR. In particular, you may demand information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to object, the origin of your data if these were not collected by us, as well as the existence of automated decision making, including profiling and, where applicable, meaningful information on the details thereof;
(2) to demand, pursuant to Art. 16, GDPR, the prompt correction of inaccurate or incomplete personal data stored by us;
(3) to demand, pursuant to Art. 17, GDPR, the deletion of your personal data stored by us unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
(4) to demand, pursuant to Art. 18, GDPR, the restriction of the processing of your personal data if the accuracy of the data is disputed by you, if the processing is unlawful but you object to their deletion, or if we no longer need the data but you require them to assert, exercise or defend legal claims, or if you have lodged an objection to such data processing pursuant to Art. 21, GDPR;
(5) to demand, pursuant to Art. 20, GDPR, to have your personal data that you provided to us disclosed to you in a structured, common and machine-readable format or to request its transfer to another controller;
(6) to revoke at any time, pursuant to Art. 7, Sec. 3, GDPR, the consent you once granted to us. As a result, we will be unable to keep processing the data subject to the revoked consent; and
(7) to complain to a regulator pursuant to Art. 77, GDPR. The best way to do so is normally to contact the regulator responsible for your habitual place of residence or workplace, or the regulator responsible for our principal place of business.
Right to Object
You have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6, Sec. 1, Letter e or f, GDPR, for reasons arising from your particular situation; this applies even to profiling based on this provision.
If you file such an objection, the controller will cease to process your personal data unless the controller can substantiate mandatory protectable reasons for processing your data which outweigh your interests, rights and freedoms, or unless the processing serves the assertion, exercise or defence of legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this applies even to profiling if it is associable with direct marketing of this kind.
If you object to the data processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In the context of using information society services, you have the option—notwithstanding Directive 2002/58/EC—to exercise your right to object through automated procedures that use technical specifications.
Automated Decisions in Individual Cases, Profiling Included
You have the right not to be subject to decisions based solely on automated processing—including those based on profiling—that have a legal or similarly significant effect on you. This fails to apply if the decision
(1) is necessary to conclude or fulfil a contract between you and the controller,
(2) is permissible under legal provisions of the European Union or of EU member states that apply to the controller, and if these legal provisions include adequate safeguards to protect your rights and freedoms as well as your legitimate interests, or
(3) is made with your express consent.
However, these decisions must not be based on special categories of personal data pursuant to Art. 9, Sec. 1, GDPR, unless Art. 9, Sec. 2, Letter a or g, GDPR, applies and adequate safeguards are in place to protect rights and freedoms and your legitimate interests.
With regard to the cases mentioned in items (1) and (3), above, the controller shall take adequate steps to safeguard your rights and freedoms and your legitimate interests, which includes, at the very least, the right to request human involvement on the side of the controller, to state your own position and to challenge the decision taken.
As a responsible organisation, we refrain from the use of automated decision-making and profiling.
When you visit our website, we use the standard SSL (Secure Socket Layer) procedure in combination with the highest encryption level that your browser supports. Normally, this will be 256-bit encryption. In case your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether a given page of our website is transmitted in encrypted form by the closed display of the key or padlock symbol in the lower status bar of your browser.
Other than that, we use adequate technical and organisational security measures to protect your data against accidental or wilful manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological advances.
Currency of and Amendments to this Data Protection Statement
This is our currently effective Data Protection Statement as of August 2020.
Further development of our website and of offers communicated via the same, or changing legal or official requirements, may necessitate revisions of this Data Protection Statement from time to time. You can retrieve and print the effective Data Protection Statement as amended via this website.