3. Purposes of data processing, legal bases and legitimate interests pursued by Mähren AG or a third party, as well as categories of recipients
3.1. Open our website
When you access our website, the browser on your end device automatically sends information to the server of our website and temporarily stores it in a so-called log file. We have no influence on this. The following information is collected without your intervention and stored until automatic deletion:
- the IP address of the requesting internet-capable device,
- the date and time of access,
- the name and URL of the file accessed,
- the website from which the access was made (referrer URL),
- the browser you use and, if applicable, the operating system of your Internet-enabled computer, as well as the name of your access provider
The legal basis for the processing of the IP address is Article 6(1)(f) GDPR. Our legitimate interest follows from the purposes of data collection listed below. At this point, we would like to point out that we are not able to draw any conclusions about your identity from the collected data and that we will not do so.
The IP address of your terminal device and the other data listed above are used by us for the following purposes:
- Ensuring a smooth connection setup,
- Ensuring a comfortable use of our website,
- evaluation of system security and stability as well as
- other administrative purposes
The data is stored for a period of 90 days and then automatically deleted. Furthermore, we use so-called cookies, tracking tools, targeting methods and social media plug-ins for our website. The exact procedures involved and how your data is used for this purpose are explained in more detail below in section 3.4.
If you have consented to geolocation in your browser or operating system or other settings on your end device, we use this function to offer you individual services based on your current location (e.g., the location of the nearest store). We process your location data processed in this way exclusively for this function. If you terminate the use, the data will be deleted.
3.2 Conclusion, execution or termination of a contract
3.2.1 Data processing upon conclusion of a contract
The object of activity of MÄHREN AG is the purchase and sale as well as the management of real estate – in particular the activity of a housing company. In this context, we process the data required for the conclusion, execution or termination of a contract. This includes:
- First name, last name
- Billing address
- Email address
- Invoice and payment data
- Date of birth, if applicable
- Telephone number, if applicable
The legal basis for this is Article 6(1)(b) GDPR. Insofar as we do not use your contact data for advertising purposes (see 3.3. below), we store the data collected for contract processing until the expiry of the statutory or possible contractual warranty and guarantee rights. After expiration of this period, we retain the information of the contractual relationship required by commercial and tax law for the periods determined by law. For this period (regularly ten years from the conclusion of the contract), the data is processed again solely in the event of an audit by the tax authorities.
3.2.2 Identity, creditworthiness and transmission to credit agencies
If necessary, we verify your identity by using information from service providers. The legal basis for this is Article 6 (1) (b) and (f) GDPR. The authorization for this results from the protection of your identity and the prevention of fraud attempts at our expense. The circumstance and the result of our inquiry will be added to your customer account or your guest account for the duration of the contractual relationship.
In the event of a delay in payment, we transmit the necessary data to a company commissioned to enforce the claim if the other legal requirements are met. The legal basis for this is both Article 6(1)(b) and Article 6(1)(f) GDPR. The assertion of a contractual claim is considered a legitimate interest within the meaning of the second-mentioned provision. We also transmit information about the delay in payment or any bad debt to credit agencies cooperating with us if the other legal requirements are met. The legal basis for this is Article 6 (1) (f) GDPR. The legitimate interest required here results from our interest, as well as the interest of third parties in reducing contractual risks for future contracts.
3.2.3 Contact form
If you send us inquiries via the contact form, your information from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6Abs. 1S. 1 lit. a GDPR on the basis of your voluntarily given consent. You have the option at any time to object to the use of your data transmitted for the purpose of contacting you. In the event of an objection, your data will be deleted immediately. In this case, it may not be possible for us to complete the processing of your request.
As far as the data processing for the purpose of a specific contract-related inquiry – including those for the initiation of a contract – is carried out according to Art. 6 para. 1 p. 1 lit. b GDPR.
The personal data collected by us for the use of the contact form will be deleted automatically after completion of the request you have made, or if the purpose of storage has ceased to apply.
3.3 Data processing for advertising purposes
3.3.1 Advertising purposes of MÄHREN AG and third parties
Insofar as you have concluded a contract with us, we manage you as an existing customer. In this case, we process your postal contact data outside of the existence of a specific consent in order to send you information about new products and services in this way. From time to time, we may send your postal contact information to carefully selected contractual partners from the retail and telecommunications sectors so that they can also inform you about their products. We process your e-mail address in order to send you information on our own similar products, unless you have given your specific consent.
3.3.2 Interest-based advertising
To ensure that you only receive information that is of supposed interest to you, we categorize and add further information to your customer profile. Statistical information as well as information about you (e.g. basic data of your customer profile) is used for this purpose. The aim is to send you advertising that is geared solely to your actual or perceived needs and accordingly not to bother you with useless advertising.
The legal basis for the aforementioned processing is in each case Article 6(1)(f) DSGVO. The processing of existing customer data in this way for our own advertising purposes or for the advertising purposes of third parties is to be regarded as a legitimate interest.
3.3.3 Right of objection
You may object to data processing for the aforementioned purposes at any time, free of charge, separately for the respective communication channel and with effect for the future. For this purpose, it is sufficient to send an e-mail or a postal letter to the contact data mentioned under 1.
If you object, the contact address concerned will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent after receipt of your objection. This is due to technical reasons and does not mean that we will not implement your objection. Thank you for your understanding.
3.3.4 Newsletter dispatch
On our website, we may offer you the opportunity to subscribe to our newsletter. In order to be able to ensure that no mistakes have been made when entering the email address, we use the so-called double opt-in procedure: After you have entered your email address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your e-mail address be added to our distribution list. You can revoke your consent at any time with effect for the future. For this purpose, it is sufficient to send a short note by e-mail to the e-mail address given under 2.
3.4 Online presence and website optimization
3.4.1 Cookies – general information
We use so-called cookies on our website on the basis of Article 6(1)(f) GDPR. Our interest in optimizing our website is thereby to be regarded as legitimate within the meaning of the aforementioned provision. Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity. The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website or that you have already logged into your customer account. These are automatically deleted after you leave our site. In addition, we also use temporary cookies for the purpose of user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you as well as to display information tailored specifically to you. These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website. The storage period of cookies depends on their purpose and is not the same for all.
3.4.2 Google Analytics
For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analytics service provided by Google Inc. (“Google”). In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as.
- Browser type/version,
- operating system used,
- Referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server requests
are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and demand-oriented design of these web pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (so-called IP masking).
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a corresponding browser add-on. For more information on data protection in connection with Google Analytics, please visit the Google Analytics website.
3.4.3 Use of Google Maps
This website uses Google Maps to display interactive maps and to create directions. Google Maps is a map service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in the USA If you call up a web page of our website that contains Google Maps, your browser establishes a direct connection with Google’s servers. The map content is transmitted by Google directly to your browser, which then integrates it into the website. Therefore, we have no influence on the scope of the data collected by Google in this way. According to our knowledge, this is at least the following data:
- Date and time of the visit to the website in question,
- Internet address or URL of the website accessed,
- IP address,
- (start) address entered as part of route planning
We have no influence on the further processing and use of the data by Google and therefore cannot accept any responsibility for this.
If you do not want Google to collect, process or use data about you via our website, you can disable JavaScript in your browser settings. In this case, however, you will not be able to use the map display.
The purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights in this regard and settings options for protecting your privacy can be found in Google’s privacy policy. There you can also change your settings in the Privacy Center so that you can manage and protect your data.
3.4.4 Opt-out/objection option
You can prevent the targeting technologies explained by making the appropriate cookie settings in your browser (see also 3.4.1). In addition, you have the option of deactivating preference-based advertising using the preference manager available here.
3.4.5 Social media plug-ins
We use social plug-ins from the social networks Facebook, Google+ and Twitter on our website on the basis of Article 6 (1) (f) GDPR in order to make our company better known via these. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for data protection-compliant operation is to be ensured by their respective providers. The integration of these plug-ins by us takes place by way of the so-called two-click method in order to protect visitors to our website as best as possible.
3.4.5.1 Facebook
Our website uses so-called plug-ins of the social network Facebook, which is offered by Facebook Inc. The Facebook plug-ins are marked with a Facebook logo or the addition “Like” or “Share”. When you activate such a plug-in (first click), your browser establishes a direct connection to Facebook’s servers. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plug-ins, for example by clicking the “Like” button, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook’s privacy policy. If you do not want Facebook to directly assign the information collected about your visit to our website to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plug-ins with add-ons for your browser, e.g. with a so-called “Facebook Blocker”.
3.4.5.2 YouTube
So-called plug-ins of the Google-operated YouTube site are used on our website, which is offered by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plug-in, a connection to the YouTube servers is established. In the process, the YouTube server is informed which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. If you do not want YouTube to assign the information collected about your visit to our website directly to your YouTube profile, you must log out of YouTube or Google before visiting our website.
For the purpose and scope of the data collection and the further processing and use of the data by YouTube, as well as your rights in this regard and setting options for protecting your privacy, please refer to YouTube’s privacy policy.
3.4.5.3 Xing
Our website also uses a function of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. If you click on the XING button (plug-in), you will be redirected to our offer on XING in a separate browser window and can follow us on XING – provided you are logged into your user account on XING. The plug-in establishes a direct connection between your browser and the XING server. XING thereby receives the information that you have visited our website with your IP address. We would like to point out that we have no knowledge of the content of the transmitted (personal) data or its use by XING. Further information on this can be found in XING’s privacy policy.
3.4.5.4 LinkedIn
Our website uses a function of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If you click on the button (plug-in) of LinkedIn, you will be redirected to our offer at LinkedIn in a separate browser window and can – if you are logged into your user account at LinkedIn – follow us at LinkedIn. The plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn thereby receives the information that you have visited our website with your IP address. In addition, it is then possible for LinkedIn to assign your visit to our website – provided you are logged into your user account at LinkedIn – to you and your user account. We point out that we have no knowledge of the content of the transmitted (personal) data and its use by LinkedIn. For more information, please refer to the privacy policy of LinkedIn.
3.5 Job advertisements / applicant data
From time to time, we post job openings on our website, on our social media channels or through dedicated application portals for you to apply.
We process the data you have sent us in connection with your application in order to assess your suitability for the job (or other open positions in our companies, if applicable) and to carry out the application process.
The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG or Article 6 (1) b) GDPR. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.
Should the data be required for legal prosecution after the conclusion of the application process, if applicable, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6 (1) f) GDPR. Our interest then consists in the assertion or defense of claims.
Your applicant data will be sifted by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers for the respective open position. The further procedure is then coordinated. In principle, only those persons in the company have access to your data who require it for the proper conduct of our application process.
In the event of a rejection, applicants’ data will be deleted after 6 months from receipt of the rejection.
In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years at the latest.
If you have been awarded a position during the application process, the data will be transferred from the applicant data system to our personnel information system.