Data protection

1. SCOPE OF THIS DATA PROTECTION NOTICE

We, BOHNZIRLEWAGEN GmbH & Co. KG, Immobilien Prozess- und Managementberatung, Erika-Mann-Strasse 7, 80636 Munich, BOHNZIRLEWAGEN GmbH Berlin and BOHNZIRLEWAGEN GmbH Düsseldorf attach particular importance to the protection and confidentiality of personal data. We collect and use personal data exclusively in accordance with the statutory provisions on data protection. This data protection notice is intended to inform visitors to our website which personal data (referred to as “Data”) we collect and the purposes for which we process it.

2. CONTROLLER/SERVICE PROVIDER
The controller within the meaning of the GDPR and also the service provider within the meaning of the Telemedia Act [Telemediengesetz] (“TMG”) is

BOHNZIRLEWAGEN GmbH & Co. KG
Erika-Mann-Straße 7
80636 München
Registered in the Commercial Register HRA 99421

BOHNZIRLEWAGEN GmbH & Co. KG is represented by BOHNZIRLEWAGEN Verwaltungs GmbH, represented in turn by its directors Prof. Dr.-Ing. Thomas Bohn and Jörg Zirlewagen Dipl.-Ing.

Phone: +49 89 5599982-0
Fax: +49 89 5599982-55
Email: beratung@bohnzirlewagen.de

The contact details of our data protection officer are:

Company’s postal address: as above
Phone: +49 89 5599982-0
Email: probst@bohnzirlewagen.de

Please address questions or comments relating to this data protection notice or about data protection generally to the following email address: probst@bohnzirlewagen.de.

3. COLLECTION AND USE OF DATA

3.1 The extend and nature of the collection and use of your data
varies depending on whether a visitor accesses our website just to retrieve information, or writes to us or submits an application to us.

3.2 Use for information purposes
3.2.1 A visitor who uses our website only for information purposes does not need to supply any data. Instead, in this case the only data that we collect from the visitor and use is that which is sent automatically by the visitor’s internet browser, such as:

  • IP address,
  • name of the website and file accessed,
  • date and time of visit,
  • volume of data transmitted,
  • whether the access/retrieval
  • was successful,
  • browser type and version,
  • visitor’s operating system,
  • referrer URL (page previously visited) and
  • the requested provider.

3.2.2 In the case of a visit for information purposes, we collect and use this data to allow the visitor to make any use of all of the pages accessed. This data is stored in log files for the duration of the communication process. We also store the IP address for a short period of up to a maximum of 7 days after the conclusion of the communication process for the purpose of ensuring IT security, and particularly in order to protect our IT systems against misuse and to defend against attacks. Visitors’ data is collected and processed on the basis of GDPR Art. 6(1)(b), for the purposes of performing the contract for the use of our website, for information purposes and, in respect of the storage of the IP address, for a period of up to 7 days after the conclusion of the communication process on the basis of GDPR Art. 6(1)(f), because we have a legitimate interest in the protection of our IT systems.

The data can be viewed by the service provider responsible for our IT. The data can also be viewed by the service provider which provides us with support in the provision of the website. Naturally, we have selected these service providers carefully and we have concluded processing contracts with them pursuant to GDPR Art. 28, pursuant to which the service providers are obliged to process the data only on our behalf and in accordance with our instructions.

3.3 Application
3.3.1
Visitors to our website may also send us an application for a vacant position by post or by email.
3.3.2 We use the data sent to us with the application exclusively for the purpose of checking whether the candidate might be considered for a position with us and to make contact with him or her for that purpose. Naturally, the submission of an application is voluntary, and it is for candidates to determine what data they disclose to us in the application. However, if an application does not include the data which is usually contained in such an application, under some circumstances this may mean that we do not consider a candidate for a vacant position.
3.3.3 We make the application available internally for the aforementioned purposes to our personnel department and, if appropriate, to the relevant personnel officer.
3.3.4 Legally, the candidate’s data sent with the application is collected and processed on the basis of GDPR Art. 6(1)(a) and (b) in conjunction with Federal Data Protection Act [BDSG] §26..
3.3.5 We erase the application data pursuant to Employment Courts Act [AGG] §61b para. 1, in conjunction with Employment Courts Act §15, after the expiry of a period of 6 months after we have informed the candidate that he or she is not being considered for a position, unless a different legal basis allows it to be stored for longer.
3.3.6 If an employment relationship is entered into with the candidate, as part of the process of concluding the employment contract he or she will be informed about how we treat employee data.

3.4 Other enquiries using the contact details on our website
3.4.1
If visitors to our website use the contact details provided there to make contact, we collect and process the information provided by each visitor exclusively for the purpose of dealing with their particular concern.
3.4.2 Naturally, contacting us is voluntary, and it is for visitors to determine what data they disclose to us when doing so.
3.4.3 We make the data available internally to the person entrusted with dealing with the visitor’s enquiry. In addition, the data can be viewed by the service provider responsible for our IT. The data can also be viewed by the service provider which provides us with support in the provision of the website. Naturally, we have selected these service providers carefully and we have concluded processing contracts with them pursuant to GDPR Art. 28, pursuant to which the service providers are obliged to process the data only on our behalf and in accordance with our instructions.
3.4.4 Legally, the data relating to each visitor’s enquiry is collected and processed on the basis of GDPR Art. 6(1)(a) and (b). Visitors can at any time withdraw their consent to processing their data in order to answer their enquiry. If that happens, it will no longer be possible to deal with their enquiry. Withdrawal of consent will not affect the legality of processing carried out prior to the withdrawal. If consent is withdrawn, we will erase the data unless a different legal basis allows or requires it to be stored for longer.

4. DURATION OF STORAGE

Basically, data which is stored only on the basis of consent under GDPR Art. 6(1)(a) will be erased if the visitor withdraws his or her consent, unless this is contrary to statutory retention obligations or a different legal basis allows or requires it to be stored for longer. Unless this contrary to statutory retention periods or a different legal basis allows or requires it to be stored for longer, data is stored only for as long as necessary for the purpose for which it was collected.

5. RIGHTS OF AFFECTED PERSONS

5.1 Access
All persons have the right to require us to confirm whether personal data affecting them are being processed by us and, if that is the case, all affected persons have a right of access pursuant to GDPR Art. 15 in conjunction with Federal Data Protection Act §34.

5.2 Rectification

All affected persons whose data we have stored have the right to require rectification of their data, subject to the conditions in GDPR Art. 16.

5.3 Erasure

All affected persons whose data we have stored have the right to have the data in question erased, subject to the conditions in GDPR Art. 17.

5.4 Restriction of processing

All affected persons whose data we have stored have the right to require that the processing of their data be restricted, subject to the conditions in GDPR Art. 18.

5.5 Right to data portability

All affected persons whose data we have stored are entitled to portability of their data, subject to the conditions in GDPR Art. 20.

5.6 Right of withdrawal and objection
5.6.1
We should point out that all affected persons can withdraw any data protection consent given by them at any time, with effect for the future.
5.6.2 All affected persons also have the right to object to the processing of data affecting them, subject to the conditions in GDPR Art. 21.

5.7 Exercising the rights under points 5.1 to 5.6

A person wishing to exercise any of their rights under points 5.1 to 5.6 can contact us using the contact details at point 2.1; no particular form is required.

5.8 Complaints

All affected persons have the right under GDPR Art. 77 to lodge a complaint about us with the relevant data protection supervisory authority.

6. USE OF GOOGLE MAPS

This page uses the map service Google Maps. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To protect your data, a placeholder image is initially loaded instead of a map. No data is transferred to Google until you click on the consent button. Only at that moment will the map be loaded and Google Maps displayed.
Once the map is loaded, it is necessary to store your IP address in order to use the functions of Google Maps. This information is usually transferred to a Google server in the USA and stored there. The owner of this site has no influence on this data transmission.
Also – as soon as you have agreed to load the map – cookies from Google Maps are stored in your browser. You can find information about this under the following link: How Google uses cookies.
Google Maps is used in the interest of an appealing presentation of our online offers and to make it easy to find our locations indicated on the website. This constitutes a legitimate interest within the meaning of GDPR Art. 6(1)(f).
The processing is only carried out if you have given your consent and exclusively on the basis of GDPR Art. 6(1)(a).
More information on the handling of user data can be found in Google’s privacy policy.

7. DATA SECURITY

We take appropriate technical and organisational security measures to protect the data being processed. In so doing, we have regard to the objectives in GDPR Art. 32(1) such as confidentiality, integrity and availability of the systems and services, and also their capacity in relation to the nature, scope and purpose of the processing, such that an appropriate level of data security is ensured through the use of appropriate technical and organisational measures.

This text is a translation of a German original. Only the German version is binding, and it shall take precedence in every case.