1. SCOPE OF THIS DATA PROTECTION NOTICE
We, BOHNZIRLEWAGEN GmbH & Co. KG, Immobilien Prozess- und Managementberatung, Erika-Mann-Strasse 7, 80636 Munich, BOHNZIRLEWAGEN GmbH Berlin and BOHNZIRLEWAGEN GmbH Düsseldorf attach particular importance to the protection and confidentiality of personal data. We collect and use personal data exclusively in accordance with the statutory provisions on data protection. This data protection notice is intended to inform visitors to our website which personal data (referred to as “Data”) we collect and the purposes for which we process it.
2. CONTROLLER/SERVICE PROVIDER
The controller within the meaning of the GDPR and also the service provider within the meaning of the Telemedia Act [Telemediengesetz] (“TMG”) is
BOHNZIRLEWAGEN GmbH & Co. KG
Registered in the Commercial Register HRA 99421
BOHNZIRLEWAGEN GmbH & Co. KG is represented by BOHNZIRLEWAGEN Verwaltungs GmbH, represented in turn by its directors Prof. Dr.-Ing. Thomas Bohn and Jörg Zirlewagen Dipl.-Ing.
Telephone: +49 89 5599982-0
Fax: +49 89 5599982-55
The contact details of our data protection officer are:
Company’s postal address: as above
Telephone: +49 89 5599982-0
Please address questions or comments relating to this data protection notice or about data protection generally to the following email address: firstname.lastname@example.org.
3. COLLECTION AND USE OF DATA
3.1 The extend and nature of the collection and use of your data
varies depending on whether a visitor accesses our website just to retrieve information, or writes to us or submits an application to us.
3.2 Use for information purposes
3.2.1 A visitor who uses our website only for information purposes does not need to supply any data. Instead, in this case the only data that we collect from the visitor and use is that which is sent automatically by the visitor’s internet browser, such as:
- IP address,
- name of the website and file accessed,
- date and time of visit,
- volume of data transmitted,
- whether the access/retrieval was successful,
- browser type and version,
- visitor’s operating system,
- referrer URL (page previously visited) and
- the requested provider.
3.2.2 In the case of a visit for information purposes, we collect and use this data to allow the visitor to make any use of all of the pages accessed. This data is stored in log files for the duration of the communication process. We also store the IP address for a short period of up to a maximum of 7 days after the conclusion of the communication process for the purpose of ensuring IT security, and particularly in order to protect our IT systems against misuse and to defend against attacks. Visitors’ data is collected and processed on the basis of GDPR Art. 6(1)(b), for the purposes of performing the contract for the use of our website, for information purposes and, in respect of the storage of the IP address, for a period of up to 7 days after the conclusion of the communication process on the basis of GDPR Art. 6(1)(f), because we have a legitimate interest in the protection of our IT systems.
The data can be viewed by the service provider responsible for our IT. The data can also be viewed by the service provider which provides us with support in the provision of the website. Naturally, we have selected these service providers carefully and we have concluded processing contracts with them pursuant to GDPR Art. 28, pursuant to which the service providers are obliged to process the data only on our behalf and in accordance with our instructions.
3.3.1 Visitors to our website may also send us an application for a vacant position by post or by email.
3.3.2 We use the data sent to us with the application exclusively for the purpose of checking whether the candidate might be considered for a position with us and to make contact with him or her for that purpose. Naturally, the submission of an application is voluntary, and it is for candidates to determine what data they disclose to us in the application. However, if an application does not include the data which is usually contained in such an application, under some circumstances this may mean that we do not consider a candidate for a vacant position.
3.3.3 We make the application available internally for the aforementioned purposes to our personnel department and, if appropriate, to the relevant personnel officer.
3.3.4 Legally, the candidate’s data sent with the application is collected and processed on the basis of GDPR Art. 6(1)(a) and (b) in conjunction with Federal Data Protection Act [BDSG] §26..
3.3.5 We erase the application data pursuant to Employment Courts Act [AGG] §61b para. 1, in conjunction with Employment Courts Act §15, after the expiry of a period of 6 months after we have informed the candidate that he or she is not being considered for a position, unless a different legal basis allows it to be stored for longer.
3.3.6 If an employment relationship is entered into with the candidate, as part of the process of concluding the employment contract he or she will be informed about how we treat employee data.
3.4 Other enquiries using the contact details on our webs
3.4.1 If visitors to our website use the contact details provided there to make contact,wecollect and process the information provided by each visitor exclusively for the purpose of dealing with their particular concern.
3.4.2 Naturally, contacting us is voluntary, and it is for visitors to determine what data they disclose to us when doing so.
3.4.3 We make the data available internally to the person entrusted with dealing with the visitor’s enquiry. In addition, the data can be viewed by the service provider responsible for our IT. The data can also be viewed by the service provider which provides us with support in the provision of the website. Naturally, we have selected these service providers carefully and we have concluded processing contracts with them pursuant to GDPR Art. 28, pursuant to which the service providers are obliged to process the data only on our behalf and in accordance with our instructions.
3.4.4 Legally, the data relating to each visitor’s enquiry is collected and processed on the basis of GDPR Art. 6(1)(a) and (b). Visitors can at any time withdraw their consent to processing their data in order to answer their enquiry. If that happens, it will no longer be possible to deal with their enquiry. Withdrawal of consent will not affect the legality of processing carried out prior to the withdrawal. If consent is withdrawn, we will erase the data unless a different legal basis allows or requires it to be stored for longer.
4. DURATION OF STORAGE
Basically, data which is stored only on the basis of consent under GDPR Art. 6(1)(a) will be erased if the visitor withdraws his or her consent, unless this is contrary to statutory retention obligations or a different legal basis allows or requires it to be stored for longer. Unless this contrary to statutory retention periods or a different legal basis allows or requires it to be stored for longer, data is stored only for as long as necessary for the purpose for which it was collected.
5. RIGHTS OF AFFECTED PERSONS
All persons have the right to require us to confirm whether personal data affecting them are being processed by us and, if that is the case, all affected persons have a right of access pursuant to GDPR Art. 15 in conjunction with Federal Data Protection Act §34.
All affected persons whose data we have stored have the right to require rectification of their data, subject to the conditions in GDPR Art. 16.
All affected persons whose data we have stored have the right to have the data in question erased, subject to the conditions in GDPR Art. 17.
5.4 Restriction of processing
All affected persons whose data we have stored have the right to require that the processing of their data be restricted, subject to the conditions in GDPR Art. 18.
5.5 Right to data portability
All affected persons whose data we have stored are entitled to portability of their data, subject to the conditions in GDPR Art. 20.
5.6 Right of withdrawal and objection
5.6.1 We should point out that all affected persons can withdraw any data protection consent given by them at any time, with effect for the future.
5.6.2 All affected persons also have the right to object to the processing of data affecting them, subject to the conditions in GDPR Art. 21.
5.7 Exercising the rights under points 5.1 to 5.6
A person wishing to exercise any of their rights under points 5.1 to 5.6 can contact us using the contact details at point 2.1; no particular form is required.
All affected persons have the right under GDPR Art. 77 to lodge a complaint about us with the relevant data protection supervisory authority.
6.1 We use cookie technology for our internet service. Cookies are small text files that are sent by our web server to the visitor’s browser during the course of a visit to our internet pages, and retained by the visitor’s browser on his or her computer for later retrieval.
6.2 We only use so-called session cookies (also known as temporary cookies), which are cached exclusively for the time during which one of our internet pages is used. The purpose of these cookies is to continue to identify the visitor’s computer during a visit to our website when moving from one of our web pages to another, and to be able to determine when the visit ends.
6.3 The cookies are deleted as soon as the visitor has ended his or her browser session.
6.4 Each visitor can determine in his or her browser whether cookies can be set and retrieved. Visitors can therefore completely deactivate the storage of cookies in their browser, restrict it to specified websites or configure their browser so that they are automatically informed as soon as a cookie is going to be set and asked for their consent. However, for technical reasons it is necessary to allow these session cookies in order to enjoy the full functionality of our website.
6.5 The legal basis for processing personal data using cookies employed by us is GDPR Art. 6(1)(f). Our legitimate interest consists in providing visitors with the full functionality of our website in a user-friendly form. Personal data is not stored in this regard after the termination of each session.
7. DATA SECURITY
We take appropriate technical and organisational security measures to protect the data beingprocessed. In so doing, we have regard to the objectives in GDPR Art. 32(1) such as confidentiality, integrity and availability of the systems and services, and also their capacity in relation to the nature, scope and purpose of the processing, such that an appropriate level of data security is ensured through the use of appropriate technical and organisational measures.
This text is a translation of a German original. Only the German version is binding, and it shall take precedence in every case.