3. Purposes of data processing, legal bases and legitimate interests pursued by Mähren AG or a third party, as well as categories of recipients
3.1. Visit on our website
When you visit our website, the browser on your end device automatically sends information to the server of our website and temporarily stores it in a so-called log file. We have no influence on this. The following information is collected without your intervention and stored until automatic deletion:
- the IP address of the requesting internet-capable device,
- the date and time of access,
- the name and URL of the file accessed,
- the website from which the access was made (referrer URL),
- the browser you use and, if applicable, the operating system of your Internet-enabled computer, as well as the name of your access provider
The legal basis for the processing of the IP address is Article 6(1)(f) GDPR. Our legitimate interest follows from the purposes of data collection listed below. At this point, we would like to point out that we are not able to draw any conclusions about your identity from the collected data and that we will not do so.
The IP address of your terminal device and the other data listed above are used by us for the following purposes:
- Ensuring a smooth connection setup,
- Ensuring a comfortable use of our website,
- evaluation of system security and stability as well as
- other administrative purposes
The data is stored for a period of 90 days and then automatically deleted. Furthermore, we use so-called cookies, tracking tools, targeting methods and social media plug-ins for our website. The exact procedures involved and how your data is used for this purpose are explained in more detail below in section 3.4.
If you have consented to geolocation in your browser or operating system or other settings on your end device, we use this function to offer you individual services based on your current location (e.g., the location of the nearest store). We process your location data processed in this way exclusively for this function. If you terminate the use, the data will be deleted.
3.2 Conclusion, execution or termination of a contract
3.2.1 Data processing upon conclusion of a contract
The object of activity of MÄHREN AG is the purchase and sale as well as the management of real estate – in particular the activity of a housing company. In this context, we process the data required for the conclusion, execution or termination of a contract. This includes:
- First name, last name
- Billing address
- Email address
- Invoice and payment data
- Date of birth, if applicable
- Telephone number, if applicable
The legal basis for this is Article 6(1)(b) GDPR. Insofar as we do not use your contact data for advertising purposes (see 3.3. below), we store the data collected for contract processing until the expiry of the statutory or possible contractual warranty and guarantee rights. After expiration of this period, we retain the information of the contractual relationship required by commercial and tax law for the periods determined by law. For this period (regularly ten years from the conclusion of the contract), the data is processed again solely in the event of an audit by the tax authorities.
3.2.2 Identity, creditworthiness and transmission to credit agencies
If necessary, we verify your identity by using information from service providers. The legal basis for this is Article 6 (1) (b) and (f) GDPR. The authorization for this results from the protection of your identity and the prevention of fraud attempts at our expense. The circumstance and the result of our inquiry will be added to your customer account or your guest account for the duration of the contractual relationship.
In the event of a delay in payment, we transmit the necessary data to a company commissioned to enforce the claim if the other legal requirements are met. The legal basis for this is both Article 6(1)(b) and Article 6(1)(f) GDPR. The assertion of a contractual claim is considered a legitimate interest within the meaning of the second-mentioned provision. We also transmit information about the delay in payment or any bad debt to credit agencies cooperating with us if the other legal requirements are met. The legal basis for this is Article 6 (1) (f) GDPR. The legitimate interest required here results from our interest, as well as the interest of third parties in reducing contractual risks for future contracts.
3.2.3 Contact form
If you send us inquiries via the contact form, your information from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6 (1) lit. a) GDPR on the basis of your voluntarily given consent. You have the option at any time to object to the use of your data transmitted for the purpose of contacting you. In the event of an objection, your data will be deleted immediately. In this case, it may not be possible for us to complete the processing of your request.
As far as the data processing for the purpose of a specific contract-related inquiry – including those for the initiation of a contract – is carried out according to Art. 6(1) lit. b) GDPR.
The personal data collected by us for the use of the contact form will be deleted automatically after completion of the request you have made, or if the purpose of storage has ceased to apply.
3.3 Data processing for advertising purposes
3.3.1 Advertising purposes of MÄHREN AG and third parties
Insofar as you have concluded a contract with us, we manage you as an existing customer. In this case, we process your postal contact data outside of the existence of a specific consent in order to send you information about new products and services in this way. From time to time, we may send your postal contact information to carefully selected contractual partners from the retail and telecommunications sectors so that they can also inform you about their products. We process your e-mail address in order to send you information on our own similar products, unless you have given your specific consent.
3.3.2 Interest-based advertising
To ensure that you only receive information that is of supposed interest to you, we categorize and add further information to your customer profile. Statistical information as well as information about you (e.g. basic data of your customer profile) is used for this purpose. The aim is to send you advertising that is geared solely to your actual or perceived needs and accordingly not to bother you with useless advertising.
The legal basis for the aforementioned processing is in each case Article 6(1)(f) GDPR. The processing of existing customer data in this way for our own advertising purposes or for the advertising purposes of third parties is to be regarded as a legitimate interest.
3.3.3 Right of objection
You may object to data processing for the aforementioned purposes at any time, free of charge, separately for the respective communication channel and with effect for the future. For this purpose, it is sufficient to send an e-mail or a postal letter to the contact data mentioned under 1.
If you object, the contact address concerned will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent after receipt of your objection. This is due to technical reasons and does not mean that we will not implement your objection. Thank you for your understanding.
3.3.4 Newsletter dispatch
On our website, we may offer you the possibility to subscribe to our newsletter. In order to be able to ensure that no mistakes have been made when entering the email address, we use the so-called double opt-in procedure: After you have entered your email address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your e-mail address be added to our distribution list. You can revoke your consent at any time with effect for the future. For this purpose, it is sufficient to send a short note by e-mail to the e-mail address given under section 2.
3.4 Online presence and website optimization
3.4.1 Cookies – general information
We use so-called cookies on our website. Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. Information is stored in the cookie that is related to the specific end device used. This does not mean, however, that we gain direct knowledge of your identity. The use of cookies helps us to make our offer more convenient for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website or that you have already logged into your customer account. These are automatically deleted after you leave our site. In addition, we also use temporary cookies for the purpose of user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you as well as to display information tailored specifically to you. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website. The storage period of cookies depends on their intended use and is not the same for everyone.
If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent given or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
On our website, we use the cookies listed in the following table, with the functions also specified there. The storage period of the respective cookies can also be found below.
Cookie name: _ga
Function / Purpose: This cookie is set by Google Analytics to store a unique user ID
Storage duration: 2 years
Cookie name: _gid
Function / Purpose: This cookie is set by Google Analytics to count and track page views.
Storage duration: 25 hours
Cookie name: _gat
Function / Purpose: This cookie is set by Google Analytics to filter out machine page views.
Storage duration: 1 minute
3.4.2 Google Analytics
For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analytics service offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), on the basis of your consent (see Article 6(1) lit. a) GDPR). Furthermore, the use of Google Analytics for the purpose of demand-oriented design and continuous optimization of our pages constitutes a legitimate interest within the meaning of Article 6(1) lit. f) GDPR.
Google Analytics uses cookies with a validity of 14 months to record your access data when you visit our website. The access data is compiled by Google on our behalf into pseudonymous usage profiles and transferred to a Google server in the USA. Your IP address is anonymized beforehand. We are therefore unable to determine which usage profiles belong to a particular user. Based on the data collected by Google, we can therefore neither identify you nor determine how you use our website.
The information generated by the cookie about your use of this website such as..
- Browser type/version,
- operating system used,
- Referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server requests
are transferred to a Google server in the USA and stored there.
In the event that, exceptionally, personal data is transferred to the USA, Google has integrated the EU Standard Contractual Clauses into its terms and conditions and thus offers a guarantee that the European data protection principles and the local data protection level are also guaranteed in the context of data processing taking place in the USA.
Google will use the information obtained through the cookies on our behalf to evaluate the use of our website, to compile reports on website activities and to provide us with further services related to website and Internet use. Further information on this can also be found in the privacy policy of Google Analytics. Google Analytics sets the following three cookies for the specified purpose with the respective storage period: “_ga” for 2 years, “_gid” for 24 hours (both to distinguish the website visitors) and “_gat” for 1 minute (to reduce requests to the Google servers).
You can object to web analysis by Google at any time. You have several options to do so:
For more information about Google Analytics, please see Google’s privacy policy.
3.4.3 Use of Google Maps
This website uses Google Maps to display interactive maps and to create directions. Google Maps is a map service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in the USA If you call up a web page of our website that contains Google Maps, your browser establishes a direct connection with Google’s servers. The map content is transmitted by Google directly to your browser, which then integrates it into the website. Therefore, we have no influence on the scope of the data collected by Google in this way. According to our knowledge, this is at least the following data:
- Date and time of the visit to the website in question,
- Internet address or URL of the website accessed,
- IP address,
- (start) address entered as part of route planning
We have no influence on the further processing and use of the data by Google and therefore cannot accept any responsibility for this.
If you do not want Google to collect, process or use data about you via our website, you can disable JavaScript in your browser settings. In this case, however, you will not be able to use the map display.
The purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights in this regard and settings options for protecting your privacy can be found in Google’s privacy policy. There you can also change your settings in the Privacy Center so that you can manage and protect your data.
3.4.4 Use of Google reCAPTCHA
On this website, we use “Google reCAPTCHA” (hereinafter “reCAPTCHA”). The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
This function is primarily used to distinguish whether an input is made by a natural person or is misused by machine and automated processing. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.
The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The
website operator has a legitimate interest in protecting its web offerings from abusive
automated spying and SPAM. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
For more information on Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use under the following links:
https://policies.google.com/privacy and
https://policies.google.com/terms.
3.4.5 Google Tag Manager
Our website uses the Google Tag Manager service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
When Google Tag Manager is started, your browser establishes a connection to Google’s servers. Through this, Google obtains knowledge that our website has been accessed via your IP address.
The Tag Manager is a service that allows us to manage website tags via an interface. This allows us to include code snippets such as tracking codes or conversion pixels on websites without interfering with the source code. In doing so, the data is only forwarded by the Tag Manager, but not collected or stored. The Tag Manager itself is a cookieless domain and does not process any personal data, as it is purely used to manage other services in our online offering. The Tag Manager takes care of the resolution of other tags, which in turn may collect data. However, the Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with the Tag Manager.
The legal basis here is Art. 6 para. 1 lit. a EU-GDPR. You can deactivate the additional services via the cookie settings by not agreeing to the use of Google Tag Manager. This will also automatically deactivate the additional services included in the Google Tag Manager.
We would like to point out that data transfer to the USA cannot be ruled out within the scope of this service. For more detailed information, we refer you to 4. of this privacy policy.
Further information on data protection can be found in the privacy policy and the terms of use of Google.
3.4.6 DoubleClick
This website uses DoubleClick for Advertisers, a web analytics service provided by Google, Inc. (“Google”). DoubleClick sets so-called “cookies”, text files, when you view an ad or click on an advertising banner from us that is located on partner websites. This is done in order to display banners that are more interesting to you. The cookie allows the controller to register certain data about your browser’s interaction with a particular insertion. It is also recorded whether you have viewed an advertisement, clicked on it and whether registration with ElitePartner.de has occurred in this way. The data is collected and stored anonymously and usage profiles are created from this data using pseudonyms. However, usage profiles are not merged with data about the bearer of the pseudonym without your express consent. In particular, IP addresses are made unrecognizable immediately after receipt, making it impossible to assign usage profiles to IP addresses. If you do not wish this information to be collected, you can deactivate the use of cookies in your browser.
3.4.7 Cloudflare
On our website, we use a so-called Content Delivery Network (“CDN”) of the technology service provider Cloudflare Inc, 101 Townsend St. San Francisco, CA 94107, USA (“Cloudflare”). A content delivery network is an online service that is used in particular to deliver large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected via the Internet. The use of Cloudflare’s Content Delivery Network helps us to optimize the loading speeds of our website.
The processing is carried out pursuant to Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in a secure and efficient provision, as well as improvement of the stability and functionality of our website.
We have concluded an order processing agreement with Cloudflare (Data Processing Addendum, viewable at https://www.cloudflare.com/media/pdf/cloudflare-customer-dpa.pdf), which obliges Cloudflare to protect the data of our site visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Cloudflare refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
For more information, please see Cloudflare’s privacy policy at: https://www.cloudflare.com/privacypolicy
3.4.8 Social Media Plug-ins
We use social plug-ins from the social networks Facebook and Twitter on our website on the basis of Article 6 (1) (f) GDPR in order to make our company better known via these. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for data protection-compliant operation is to be ensured by their respective providers. The integration of these plug-ins by us takes place by way of the so-called two-click method in order to protect visitors to our website as best as possible.
3.4.8.1 Facebook
For marketing purposes, our website uses a so-called conversion tag (also called “Facebook pixel”) of the social network Facebook, a service of Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”). We use the Facebook pixel to analyze the general use of our website and to track the effectiveness of Facebook advertising (“conversion”). For this purpose, Facebook processes data that the service collects via cookies and similar technologies on our website.
This enables Facebook to identify visitors to our website as the target group of corresponding ads, the so-called Facebook ads, and thus to show them only to those Facebook users who are relevant to us as a target group. The data generated in this context may be transferred by Facebook to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, Facebook has submitted to the EU-US Privacy Shield.
If you are a member of Facebook and have allowed Facebook to do so via the privacy settings of your account, Facebook can also link the information collected about your visit to us to your member account and use it for the targeted placement of Facebook ads. You can view and change the privacy settings of your Facebook profile at any time.
Our website also uses so-called plug-ins of the social network Facebook, which is offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). For these data processing operations, we are joint controllers with Facebook pursuant to Art. 26 GDPR.
The information required with regard to joint responsibility pursuant to Art. 13 (1) (a) and (b) GDPR can be found in Facebook’s privacy policy. You can access this via the following link https://www.facebook.com/about/privacy.
In order to determine the fulfillment of the obligation in accordance with the GDPR with regard to joint responsibility, we have concluded the Controller Addendum with Facebook. For this purpose, it was agreed that Facebook is responsible for the fulfillment of the rights of data subjects in accordance with Art. 15 – 20 GDPR with regard to the personal data stored by Facebook after joint processing.
In this context, we would like to point out that data transmission to the USA takes place within the scope of this service, or such transmission cannot be ruled out. For more detailed explanations, we refer you to our explanations under section 4.
As a user of our website, you have the option to share content from our site within Facebook by “LIKE” or “SHARE”. An overview of the Facebook plug-ins and their appearance can be found behind the following link. In this context, we have taken precautions to ensure that such a plug-in does not cause your browser to establish a connection to the Facebook server when you call up our website. Only when you activate such a plug-in (first click), your browser establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there.
Since this process requires an active action by you, the data processing in this case is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.
If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plug-ins, for example by clicking the “Like” button, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
We would like to point out that Facebook may use this information for the purposes of advertising, market research and the design of Facebook pages to meet your needs. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.
For more information about how Facebook processes personal data, including the legal basis on which Facebook relies and how data subjects can exercise their rights against Facebook, please see Facebook’s Data Policy at https://www.facebook.com/about/privacy.
In addition, settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings. To do this, use the following link: https://www.facebook.com/settings?tab=ads.
3.4.8.3 YouTube
When you visit our website and give us your consent we use Youtube to make videos available. This service is provided by the YouTube LLC , 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We have integrated the YouTube videos using the “extended data protection mode” of YouTube. This ensures that when you merely call up a page containing an embedded video YouTube cannot process personal data about your visit and YouTube cannot set cookies on your computer. When you click on a video, your IP address will be transmitted to YouTube which is informed that you watched the video. If you are logged into YouTube, this information is also assigned to your user account (you can prevent this by logging out of YouTube before you call up the video). We have no knowledge of and also no influence over any possible collection and use of your data by YouTube.
In order to ensure an adequate level of data protection when transferring data to the USA, we have concluded the EU standard contractual clauses with Google LLC, in the so-called “controller to controller” version.
You can find more information in the Data Protection Declaration of YouTube under www.google.de/intl/de/policies/privacy.
3.4.8.4 Xing
Our website also uses a function of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. If you click on the XING button (plug-in), you will be redirected to our offer on XING in a separate browser window and can follow us on XING – provided you are logged into your user account on XING. The plug-in establishes a direct connection between your browser and the XING server. XING thereby receives the information that you have visited our website with your IP address. We would like to point out that we have no knowledge of the content of the transmitted (personal) data or its use by XING. Further information on this can be found in XING’s privacy policy.
3.4.8.5 LinkedIn
We use the re-targeting tool LinkedIn Conversion Tracking of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). For this purpose, the LinkedIn Insight Tag is integrated on our website, which enables LinkedIn to collect statistical, pseudonymous data about your visit and use of our website and to provide us with corresponding aggregated statistics on this basis. In addition, this information is used to be able to show you interest-specific and relevant offers and recommendations after you have shown interest in certain products, information and offers on our website. This anonymous information is stored in a cookie. You can also find more information in the privacy policy of LinkedIn.
Our website also uses a function of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If you click on the button (plug-in) of LinkedIn, you will be redirected to our offer at LinkedIn in a separate browser window and can – if you are logged into your user account at LinkedIn – follow us at LinkedIn. The plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn thereby receives the information that you have visited our website with your IP address. In addition, it is then possible for LinkedIn to assign your visit to our website – provided you are logged into your user account at LinkedIn – to you and your user account. We point out that we have no knowledge of the content of the transmitted (personal) data and its use by LinkedIn. For more information, please refer to the privacy policy of LinkedIn.
3.5 Job advertisements / applicant data
From time to time, we post job openings on our website, on our social media channels or through dedicated application portals for you to apply.
We process the data you have sent us in connection with your application in order to assess your suitability for the job (or other open positions in our companies, if applicable) and to carry out the application process.
The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG or Article 6 (1) b) GDPR. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.
Should the data be required for legal prosecution after the conclusion of the application process, if applicable, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6 (1) f) GDPR. Our interest then consists in the assertion or defense of claims.
Your applicant data will be sifted by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers for the respective open position. The further procedure is then coordinated. In principle, only those persons in the company have access to your data who require it for the proper conduct of our application process.
In the event of a rejection, applicants’ data will be deleted after 6 months from receipt of the rejection.
In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years at the latest.
If you have been awarded a position during the application process, the data will be transferred from the applicant data system to our personnel information system.
