DATA PROTECTION INFORMATION

BASIC PROCESSING SCOPE AND LEGAL BASES

Personal data will only be processed to the extent necessary for a given purpose, or if you expressly consent to such processing. Processing is principally based on the following legal bases:

Art. 6, Sec. 1, Lit. a, GDPR (consent of the data subject)
Art. 6, Sec. 1, Lit. b, GDPR (execution of a contractual relationship with the data subject, precontractual measures at the request of the data subject)
Art. 6, Sec. 1, Lit. c, GDPR (fulfilment of a legal obligation by our company)
Art. 6, Sec. 1, Lit. d, GDPR (protection of vital interests of the data subject or of another natural person)
Art. 6, Sec. 1, Lit. e, GDPR (performance of a task in the public interest or while exercising official authority)
Art. 6, Sec. 1, Lit. f, GDPR (protection of a legitimate interest of our company or of a third party, provided that the interests, fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail [balancing of interests]).

If consent constitutes the legal basis for processing personal data, you may revoke your consent at any time without stating your reasons. Revoking your consent would principally be effective for the future only. This means that revoking your declaration of consent will not render prior processing unlawful that preceded our receipt of the revocation of your consent.

For details on the relevant (or supplementary) legal bases in a given case, please see the subsequent sections of this Data Protection Statement. We are firmly committed to ensuring end-to-end protection of your personal data on this website. Despite all technical and organisational measures taken by us, security gaps can sadly never be ruled out completely during the electronic transmission of data via the Internet. That is why we always give you the option to submit the data we need from you alternatively by phone or postal mail.

DATA SUBJECT RIGHTS

To the extent that we process your personal data, you have the following rights in regard to the processing of your personal data vis-à vis the joint controllers, which you may assert against either one of the controllers at any time:

Right to Information, Erasure and Correction

Within the scope of the applicable legal provisions, you have the right to free information (Art. 15, GDPR) about your processed personal data and other disclosures pursuant to Art. 15, Sec. 1, Lit. a through h, GDPR, at any time. In addition, you may be entitled to the rectification (Art. 16, GDPR) or erasure (Art. 17, GDPR) of these data. The right to erasure may be restricted in cases specified in Art. 17, Sec. 3, GDPR (e.g. whenever the data are required for asserting, exercising or defending legal claims).

Right to Restriction of Processing

You have the right to demand that the processing (Art. 18, GDPR) of your personal data berestricted (or blocked). The right to restriction of processing exists in the cases specified in Art. 18, Sec. 1, Lit. a through d, GDPR. Once the processing of your personal data has been restricted, such data may—apart from being stored—only be processed with your consent or else to assert, exercise or defend legal claims, or to protect the rights of another natural person or legal entity, or for reasons of material public interest of the European Union or one of its member states.

Right to Data Portability

You have the right to receive personal data concerning you in a standard machine-readable format, assuming that you have provided us with the data yourself, that we process these data via automated procedures and that the processing is based on your consent or the fulfilment of a contract with you (Art. 20, GDPR).

Right to Object to the Processing of Your Data

To the extent that personal data are processed (including profiling, where applicable) on the basis of legitimate interests (Art. 6, Sec. 1, Lit. f, GDPR), you have the right to object to the processing of your personal data at any time for reasons arising from your specific circumstances (Art. 21, GDPR). In that case, we will cease to process your personal data for said purposes unless our legitimate interests prevail or unless the processing serves the assertion, exercise or defence of legal claims. Collecting data in order to make the website available and storing log files is imperative for the operation of the website. Without prejudice to this fact, you may object to the processing of your personal data for direct marketing purposes at any time without stating a reason. The same is true for possible profiling if it is connected to direct marketing of this type.

Right to Revoke Your Consent

If consent constitutes the legal basis for processing your personal data, you may revoke your consent at any time without stating your reasons (Art. 7, Sec. 3, GDPR). Revoking your consent will principally be effective for the future only. This means that the revocation of your consent will not affect the lawfulness of any processing done on the basis of your consent prior to its revocation.

Right to Lodge a Complaint with a Regulator

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a regulator, particularly in the member state of your habitual residence, place of work or place of the alleged violation (Art. 77, GDPR). The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy. To submit your inquiries regarding data subject rights, please use the following contact details:

Trei
 wohnen@treirealestate.com
+49 211 54011-000

Whenever data subject rights are asserted, personal data will be processed in this same context in order to respond to the request. Here, the processing of personal data is done to fulfil a legal obligation pursuant to Art. 6, Sec. 1, Lit. c, GDPR, or on the basis of our legitimate interest pursuant to Art. 6, Sec. 1, Lit. f, GDPR, to implement the data protection regulations that govern the rights of data subjects.

TRANSFER TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

Unless stated otherwise in the following sections, it is not intended to transfer personal data to third countries or to international organisations.

AUTOMATED DECISION-MAKING AND PROFILING

We use neither profiling nor any other procedure for automated decision making.

WEBSITE VISITS & COOKIES

Visiting our website will cause personal data to be processed, among other data. This section will give you an overview of the data processed in this context as well as on the purpose of, and legal basis for, doing so.

For security reasons and in order to protect the transmission of confidential contents, e.g. requests you send to us as the operator of this website, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the character string in your browser’s address line changes from “http://” to “https://” and by the lock symbol in your browser line.

Enabling SSL or TLS encryption will, as a rule, make it impossible for third parties to read the data you transmit to us. Please note, however, that electronic data transmission (on the Internet or via e-mail) are always subject to the risk of security gaps despite any precaution taken. There is no way to provide end-to-end protection against third-party access. Whenever you visit our website our servers can generally access information, such as the IP address of your end device, but information may also be stored on your end device (e.g. in the form of cookies). To the extent that this is necessary to ensure an error-free and secure presentation of our website and the services associated with it, it is principally done on the basis of Art. 25, Sec. 2, Telecommunications and Telemedia Data Protection Act (TDDDG).

Alternatively, it is done on the basis of your consent pursuant to Art. 25, Sec. 1, TDDDG. Whenever the retrieval or storage of information involves the processing of personal data, such processing is usually done on the relevant legal basis pursuant to Art. 6, Sec. 1, GDPR. Even when visiting the Quartillion homepage purely for information purposes, meaning whenever you are not signed in or transmit information to us in some other way, your Internet browser will, for technical reasons, automatically transmit data to our web server at our hosting provider where they are temporarily stored whenever you access our website. Such data includes the date and time of your access, the URL of the referring website, the  file accessed, the quantity of data sent, your browser type and version, your operating system and your IP address.

So-called cookies may also be used when you visit our website. The term cookie is used for information that a web server sends to a browser, which the browser then returns to the same web server during subsequent visits (this being a so-called “browser cookie” or “session cookie”). Cookies make it possible to save information between web page requests, and allow a website server to recognise a given visitor’s browser and thus the visitor him- or herself or to remain recognised through the end of a session, in order to make the offer of our homepage technically flawless and user-friendly for visitors.

These purposes also constitute our legitimate interest in the processing of your data pursuant to Art. 6, Sec. 1, Lit. f, GDPR. Most of the cookies used by our website are so-called “session cookies.” These will automatically be deleted at the end of your visit. These data, too, are stored separately from other data that you enter while using our website. It is generally impossible for us to match these data with a specific person. In addition, our website uses optional cookies and third-party services of the service providers detailed below, and these cookies are placed only if you consent to them pursuant to Art. 6, Sec. 1, Lit. a, GDPR.

When seeking your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in a data-protection-compliant manner, we use the “Cookiebot” consent management tool. This technology is provided by Usercentrics A/S based in Copenhagen, Denmark. The activities of obtaining your consent and the associated setting of cookies as well as the processing of the corresponding personal data are all necessary to fulfil the legal obligation which we are subject to (Art. 6, Sec. 1, Sent. 1, Lit. c, GDPR). It cannot be guaranteed that the website is fully functional in a legally permissible manner without this kind of data processing. To ensure its proper functionality, the following personal data may be processed: Your IP address, consent status and values (date and time of consent, consent ID), geolocation, language, referrer URL. Your selection will be stored for 2 months, after which the consent banner will automatically re-open, prompting you to renew your consent. Your consent applies to the following domains: www.quartillion-wiesbaden.de You may change or retract your consent at any time by clicking on the relevant link below.

USE OF GOOGLE ANALYTICS

To the extent that you have granted your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC based in California, USA. Its provider for users in the European Union (EU)/the European Economic Area (EEA) is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Analytics enables the website operator to analyse the behaviour of its website visitors. The website operator receives various usage data, such as page views, dwell time, operating systems used and user origin. These data are summarised in a user ID and assigned to the respective endpoint of the website visitor. Moreover, we may use Google Analytics to record your mouse and scroll movements and clicks, among other aspects. In addition, Google Analytics uses various modelling techniques to supplement the collected data sets and employs machine-learning technologies to analyse the data.

Google Analytics uses technologies that permit user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about your use of this website will normally be transmitted to and stored by Google on servers in the United States.

In the case of Google Analytics 4, the anonymisation of IP addresses is enabled by default. IP anonymisation will cause your IP address to be truncated by Google within member states of the EU or in other EEA treaty states. Only in exceptional cases will your full IP address be transmitted to a Google server in the United States and truncated there.

This service is used on the basis of your consent pursuant to Art. 6, Sec. 1. Lit. a, GDPR, and Art. 25, Sec. 1, TDDDG. The consent may be revoked at any time. You may revoke your consent with effect for the future at any time by visiting your cookie settings as discussed above in this statement, and by changing your selection there. Doing so will not affect the legitimacy of any processing done with your consent up to the time of your revocation.

On our behalf, Google will use this information for the purpose of analysing the use of our website, and of compiling reports on the website activities. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.

The data will be passed on within the Google group of companies, so that data processing by Google LLC will essentially be carried out in the United States. Please note that current EU data protection legislation classifies the United States as a socalled third country that is subject to different statutory data protection regulations, implying that the legally required level of data protection may be lower than that enforced in the EU. Data transfers to the United States are subject to the standard contractual clauses of the EU Commission. For details, go to (third-party link):

https://business.safety.google/adscontrollerterms/sccs/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF represents an agreement between the European Union and the United States whose purpose is to ensure that data processing in the United States complies with European data protection standards. Every company certified under the DPF undertakes to adhere to these data protection standards. More details on the subject are available from the provider under the (third-party) link below:

https://www.dataprivacyframework.gov/participant/5780

The data collected via this service are automatically deleted for us after 2 months at the latest. The data whose retention period has expired are automatically deleted once a month. For details on the terms of use of Google Analytics and on Google’s data protection policy, are available under the following third-party links: https://marketingplatform.google.com/about/analytics/terms/de/ and
https://policies.google.com/?hl=en.

USE OF GOOGLE MAPS

Our website uses the Google Maps service provided by Google LLC, California, USA. For users in the European Union (EU)/the European Economic Area (EEA), it is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). The service enables us to display interactive maps to you directly on our website and thus enables you to conveniently use the map functions to easily locate the sites identified on our website.

When using Google Maps, other Google services, such as e.g. Google Fonts, may be enabled which Google uses to optimise the way its map service is displayed and functions. Whenever you access Google Maps, your browser will load the required web fonts into your browser cache to ensure that texts and fonts are properly displayed. Use of Google Maps, and thus the processing of personal data by Google Maps, is not possible unless you have consented to it via the cookie settings on this page. Data processing is based exclusively Art. 6, Sec. 1. Lit. a, GDPR, and Art. 25, Sec. 1, TDDDG, to the extent that the consent covers the storage of cookies or the access to information on the user endpoint (e.g. device fingerprinting) within the meaning of the TDDDG.

You may revoke your consent with effect for the future at any time by visiting your cookie settings as discussed above in this statement, and by changing your selection there. Doing so will not affect the legitimacy of any processing done with your consent up to the time of your revocation.

As a result of using Google Maps, Google will receive information that the corresponding (sub)page of our website was called up while also receiving the associated IP address. This will happen regardless of whether Google provides a user account through which you are logged in or whether no such user account exists. If you are signed into a Google service, your data will (probably) be directly associated with your account. If you do not wish to be associated with your profile on Google, you should log out of your Google account before clicking the button. Google stores the data collected about you in the form of a user profile and uses it for advertising purposes, market research and/or the need-based design of its websites. The purpose of such an analysis is specifically to generate customised advertising (even for users not logged in). You have the right to object to the creation of such a user profile, but you will have to contact Google directly to exercise that right.

The aforesaid personal data will be transferred to the United States whenever Google Maps is used. Please note that, under current data protection legislation, the United States are rated as a so-called third country where statutory data protection regulations apply that deviate from those enforced in the European Union, and that the legally required level of data protection may therefore be lower than that of the European Union. However, the United States are subject to the adequacy decision by the European Commission regarding the EUUS Data Privacy Framework only if a given company has been certified accordingly. The US parent company of Google has been certified along these lines. More details on the subject are available under the third-party link below:

https://www.dataprivacyframework.gov/participant/5780

In addition, Google implements other EU standard contractual clauses to ensure an adequate level of data protection. For details, go to (third-party link):

https://business.safety.google/adscontrollerterms/sccs/.

For more information on the purpose and scope of the data collecting and processing done by the provider of Google Maps, please see the provider’s data protection statements. If you  do, Google will also provide more details about your rights and privacy settings (third party link):

www.google.com/policies/privacy.

COMMUNICATING WITH US

Details on how to get in touch with us are provided in various ways (e.g. on this homepage, on business cards or in e-mail signatures). In most cases, the point of disclosing our contact details is to make it easier for you to request information from us. Whenever you contact us, e.g. via e-mail or telephone, the personal data you submit out of your own free will (e.g. your e-mail address, your name or your phone number) will be processed by us in order to handle/answer your request for information. If the chosen means of communication offers additional options (e.g. video telephony), you are at liberty to enable or disable these at your discretion any time.

Only persons who need these personal data for the lawful purpose of processing them in the relevant context will have access to the personal data you disclosed while communicating with us. Personal data that we received in the context of communicating with you will be shared with third parties only if doing so is either technically necessary (e.g. telecommunications providers or IT service providers) or required for properly completing a given transaction (e.g. cloud, postal or parcel service providers) or if you gave us permission to do so. Third-party service providers are selected and contracted in consideration of internal minimum data protection standards and of the relevant legal requirements (e.g. the conclusion of applicable contracts pursuant to Art. 28, GDPR, for commissioned data processors, to the extent necessary).

Any personal data you submitted while communicating with us will be processed on the legal basis of Art. 6, Sec. 1, Lit. b, GDPR, if your inquiry relates to the fulfilment of a contract or is required for conducting pre-contractual measures. In addition, data processing is based on our legitimate interest to efficiently process inquiries submitted to us (Art. 6, Sec. 1, Lit. f, GDPR) or else is based on your consent (Art. 6, Sec. 1, Lit. a, GDPR) if your consent was requested. You may revoke your consent at any time with effect to the future.

The data you disclosed to us within the scope of our mutual communications will be stored until you ask us to delete them, until you revoke your consent to their storage or until the purpose of storing your data ceases to apply (e.g. once your request has been fully processed) unless there are legitimate reasons to the contrary, such as statutory retention periods or a legitimate interest pursuant to Art. 6, Sec. 1, Lit. f, GDPR (e.g. the processing of queries or the examination, assertion, exercise or defence of legal claims).

TENANT LEAD FORM

We will process any personal data that you submit via the form on the basis of your consent pursuant to Art. 6, Sec. 1, Sent. 1, Lit. a, GDPR, for the purpose of notifying you about the start and progress of our letting process for the residential project in question. Your data will not be used for any other purpose.

You may revoke your consent with effect for the future by sending an informal e-mail to  wohnen@treirealestate.com at any time.

Your revocation will not affect the legitimacy of any data processing done prior to the revocation. Once you revoked your consent, you will receive no further information about this project.

DISCLOSURE TO THIRD PARTIES

Your data may be processed by associates of the joint controllers as well as by third-party service providers whenever you visit this website and whenever you try to contact us. Relevant entities in this context include, for example, IT service providers or other service companies. Agreements to ensure confidentiality and compliance with our data protection requirements have been signed with all of our partner companies.

DELETION OF YOUR PERSONAL DATA

As a matter of principle, we process personal data only for the period of time required for the processing purpose, and will delete such data after the purpose has been fulfilled, unless the deletion is prevented by legal obligations to provide supporting evidence or to retain data, or unless legal claims relevant in this respect are asserted.

INFORMATION ON JOINT CONTROLLERSHIP PURSUANT TO ART. 26, SEC. 2, SENT. 2, GDPR

The member companies of the Trei Group practice division of labour (e.g. as property companies and service companies), combining the specific competences of each company in order to achieve optimal outcomes for the respective companies, business partners and tenants, too. For instance, a property asset holding company normally acts as landlord whereas Trei Real Estate GmbH, being the central service company, handles the administrative and operational implementation of the administration and management activities involving the properties and tenancies. To perform their task, the various companies will, as a rule, jointly define the purposes of processing and the means to achieve them, and will constantly exchange information during the collaborative performance of their services. Accordingly, the companies process personal data as “joint controllers” within the meaning of Art. 26, GDPR.

What are the implications for data subjects within the meaning of the GDPR?

Notwithstanding the fact that joint controllership is in place, we shall fulfil our obligations under data protection law according to our respective competences for each of the relevant processing activities. In addition, the following has been agreed:

- We shall make the information required pursuant to Articles 13 and 14, GDPR, available to data subjects free of charge in a precise, transparent, comprehensible and easily accessible form and in plain and simple language, this Data Protection Statement being part of the effort. Each company will provide all information that is needed in this context to the other company.
- We will promptly notify each other about legal positions asserted by data subjects, and will make all information that is necessary to answer requests for information, or to process the request, available to the company that was contacted by the data subject.
- Each company involved may be approached for the purpose of asserting data subject rights. In this context, Trei Real Estate GmbH will act as central contact point, and its contact details are listed at the top of this Data Protection Statement.
- All controllers have appointed one and the same data protection officer. You will find the contact details in a previous section of this Data Protection Statement as well. If you would like to have more information on the joint controllership you are welcome to contact us or else the data protection officer.