Privacy policy

Status 27.11.2023

This data protection notice relates to the website www.hagedorn-realestate.com and our external online presences, namely our social media profiles and our mobile applications (hereinafter collectively referred to as websites) and informs you about the processing of your personal data on these pages. This data protection notice thus also fulfills the information obligations in accordance with the requirements of Art. 12 et seq. of the EU General Data Protection Regulation (hereinafter referred to as "GDPR"). It does not apply to websites to which this website links. When accessing the corresponding websites, the data processing guidelines of the respective operators apply.

Definitions

We want the data protection information to be easy for you to read and understand. Therefore, we will first explain the specific terms used in the GDPR as the relevant legal basis.

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "datasubject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as aname, an identification number, location data, an online identifier or to oneor more factors specific to the physical, physiological, genetic, mental,economic, cultural or social identity of that natural person.

Processing is any operation or set of operations which is performed on personaldata or on sets of personal data, whether or not by automated means (e.g.collection, recording, storage, alteration, disclosure, restriction, erasure,etc.). Restriction of processing is the marking of stored personal datain order to restrict processing in the future.

Profiling means any form of automated processing of personaldata consisting of the use of personal data to evaluate certain personalaspects relating to a natural person, in particular to analyze or predictaspects concerning that natural person's performance at work, economicsituation, health, personal preferences, interests, reliability, behavior,location or movements.

Pseudonymization is the processing of personal data in such a manner that the personaldata can no longer be attributed to a specific data subject without the use ofadditional information, provided that such additional information is keptseparately and is subject to technical and organizational measures to ensurethat the personal data are not attributed to an identified or identifiablenatural person.

The controller is the natural or legal person, publicauthority, agency or other body which, alone or jointly with others, determinesthe purposes and means of the processing of personal data.

Processor is the natural or legal person, public authority, agency or other bodywhich processes personal data on behalf of the controller.

The recipient is the natural or legal person, publicauthority, agency or other body to whom personal data is disclosed, whether ornot it is a third party.

Third party is the natural or legal person, public authority,agency or other body which, under the direct authority of the controller orprocessor, is authorized to process the personal data.

Consent of the data subject is any freely given, specific, informed andunambiguous indication of the data subject's wishes by which he or she, by astatement or by a clear affirmative action, signifies agreement to theprocessing of personal data relating to him or her.

A. Controller for the processing of your personal data

Responsible for the personal data processed during your visit to our website(s) is:

Hagedorn Real Estate GmbH & Co. KG
Werner-von-Siemens-Straße 18
33334 Gütersloh
Germany

E-Mail: info@fraeuleinfritzrealestate.com
‍Internet: www.hagedorn-realestate.com

The responsibility does not apply to the websites to which we link from our pages.

B. General information on data processing

When processing personal data, we comply with the GDPR and the relevant national data protection regulations.

I. Scope and purpose of processing and types of data collected

We process personal data of our users only if and to the extent that
‍
- this is necessary to provide a functional website or our content and services
- a legal basis exists or
- you have given your specific consent.

When you visit our website(s),the accessing computer automatically collects information. In the further course of using the services of the website, pseudonymous user profiles and any data entered by you on the website are used. Some services may require you to provide your personal data.

We use the data for the following purposes:
‍
- Provision of the website and associated services
- Functions and content for security measures
- if necessary, to respond to contact or contract enquiries
- for other communication with users for analysis
- to measure reach and for marketing purposes (own and third-party advertising/online advertising) and
- to provide the online offer.

Types of data that are automatically collected when the website is accessed may includeAccess/usage/meta/communication data (e.g. device information, internet service provider, websites visited, access times, IP address). Depending on your further use of the website and its services, inventory/user/address data (e.g. name, address),contact data (e.g. e-mail, telephone number) and content data provided by you may be processed.
‍
With regard to the cookies used, please refer to section C below and the explanations there.

II. Legal basis for processing

Possible legal bases for the processing of personal data by us as the controller are

- Art. 6 I lit. a GDPR for processing operations for which we obtain consent for a specific processing purpose;
- Art. 6(b) GDPR for processing operations necessary for the performance of a contract (e.g. provision of services) to which the data subject is party or in order to take steps prior to entering into a contract (e.g. responding to an inquiry about our products or services):
- Art. 6 I lit. c GDPR in the case of processing necessary for compliance with a legal obligation to which we are subject;
- Art. 6 I lit. d GDPR for processing operations which are necessary in order to protect the vital interests of the data subject or of another natural person;
- Art. 6 I lit. f GDPR for processing operations that are necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

III. Duration for which the personal data is stored or criteria for determining this duration

The duration of our processing of personal data depends on the necessity for achieving the purpose of storage, taking into account any statutory retention obligations (e.g. § 257 para. 1 HGB/ retention of commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc. (6 years)and § 147 para. 1 AO / retention of books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc. (10 years). If necessary, processing is restricted, i.e. the data is blocked and not processed for other purposes. The criteria for the duration of the storage of personal data are therefore in particular the necessity as well as the respective statutory retention period. If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

IV. Data transfers to third countries

If we process personal data in a country outside the European Union (EU) or the European Economic Area (EEA) - a so-called third country - or if this is done in the context of using a service provider or disclosing data to third parties, we only do so on the basis of a corresponding legal basis (see point II above). In addition, unless there is another effective and permissible contractual or relevant legal authorization, we will only process the data in such a third country if the requirements ofArt. 44 et seq. GDPR are met. In particular, there must either be a valid adequacy decision by the EU Commission, with which it has recognized and established the level of data protection as adequate, or there must be appropriate guarantees, in particular the conclusion of so-called standard contractual clauses.

Further information on points B I- IV can be found in section C below.

C. Description of data processing in detail

I. Website provision, log files

When you visit our website, certain technical information is automatically collected by our hosting service provider (see below) and stored in the server log files. This may include certain technical information such as Internet Protocol (IP) addresses, date/time of access to a website or function, browser information, installed fonts, mime types, browser language and time zone, installed plugins, HTTP headers and/or screen resolution. This technical information is de-identified, i.e. it is used for static purposes, security and analysis purposes and to optimize the website.
The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. Legitimate interests lie in the functionality of the website, the performance of security analyses and the prevention of threats.
As far as the duration of storage is concerned, the data or the IP addresses contained in the server log files are deleted as soon as they are no longer required to achieve the purpose for which they were collected.

II. Possible contact

As required by law, our website contains information on how you can contact us quickly by electronic means. In the event of such electronic contact, any data provided, your e-mail address, telephone number and your request will be transmitted to us - possibly via our service provider - and automatically stored. Such voluntarily transmitted personal data will be stored for the purpose of processing your request and contacting you. Depending on your request, your personal data may be processed with the help of service providers. If this is necessary to process your request, your personal data may be forwarded to third parties, such as cooperation partners.

The legal basis for the processing of data is
‍
- Art. 6 para. 1 lit. b GDPR, if the e-mail or direct contact is aimed at the conclusion of a contract, otherwise in any case
- Art. 6 lit f. GDPR. We have an interest in being in contact with the users of the website and answering any questions asked or sending information.

We generally delete the data aspart of our deletion routines when your request and any further communication with you in connection with it has ended. However, if the contact is aimed at the conclusion of a contract with us or you assert your rights as a data subject, then something else applies to the deletion. In this case, the data will be stored in accordance with the legal requirements
‍
- until the contractual and/orlegal obligations are fulfilled
- any warranty and limitationperiods have expired,
- the storage is also not required for the enforcement of or defense against claims and/or
- any statutory retention periodsno longer exist.

III. Cookies

Cookies are used on the website.Cookies are small text files that make it possible to store specificinformation relating to you on your device while you are visiting the website.If the corresponding website is called up again, the web browser sends back thecontent of the cookies and thus enables the user to be recognized.Cookies help us to determine thefrequency of use and the number of users of our website and to make ourservices as convenient and efficient as possible for you.

Types of Cookies
On the one hand, we use so-called session cookies. These are cookies that are only stored temporarily for the duration of your use of our website. They are used to optimize the website.They are also intended to ensure an undisturbed, convenient use of the website.When you close the browser, these cookies are automatically deleted.On the other hand, we use persistent cookies to store information about visitors who repeatedly access one of our websites. The purpose of using these cookies is to be able to offer you optimal user guidance, to "recognize" you and to be able topresent you with a website that is as varied as possible and new content in the event of repeated use. The content of a permanent cookie is limited to an identification number. Name, IP address etc. are not stored. An individual profile of your usage behavior is not created.A distinction must also be made between first-party cookies, which are set by us, and third-party cookies, which are mainly used by third parties.Finally, a further classification of cookies is (1) necessary cookies, i.e. those that are essential for the operation of the website, (2) performance cookies, i.e. those that are necessary to obtain information about the use of the website, (3) functional cookies to ensure essential functions of the website, (4) analysis cookies and marketing cookies to record the interaction of users with website content.

Revocation and objection
In general, depending on whether the processing is based on consent or our overriding legitimate interest, you have the option at any time either to withdraw your consent or to object to the use of your data by cookies. The objection can be declared via the corresponding setting in your browser. However, deactivating cookies may then limit the functionality of the website.

Consent Management Tool
Non-essential cookies are onlyset if and for as long as you consent to this. As part of consent management,we offer you the opportunity to decide on the setting of non-essential cookiesas part of our website via a cookie banner at the beginning of the website andthereby give your consent. You can change your settings at any time. You canrevoke any consent you have given, and you can grant consent that has not beengiven at a later date if you wish.

Cookie Settings
We use the Cookie First consent management tool from Digital Data Solutions B.V., Plantage Middenlaan 42a1018DH, Amsterdam (Cookie First) on our website. The tool enables you to give your consent to data processing via the website, in particular - but we also refer in this context to sections IV and V below - to the setting of cookies, and to make use of your right to withdraw consent you have already given.Cookie First stores information about the categories of cookies used by the website and whether you as a user have given or withdrawn your consent to the use of the individual categories. Cookie First uses cookies to store information. The cookie stores information such as the consent or rejection of cookies, the IP address, information about the browser and end device as well as the time of the user's visit to the site.

The legal basis for the afore mentioned data processing in relation to the Cookie First consent management tool is Art. 6 para. 1 lit. c GDPR, i.e. the data processing is carried out to fulfill a legal obligation.
Otherwise, the legal basis for the use of technically necessary cookies is generally our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, for the other cookies the legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

IV. Analysis, embedded content, plug-ins

We use the software and services listed below as described below, in each case on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR as the legal basis. For each tool listed below, we refer to the explanations above on the Consent Management Tool and in particular to the explanations there on cookies and the right of withdrawal. The software or service will therefore only be used if you have given your consent and have not withdrawn it.

1. Google Analytics
‍We use the software and services listed below as described below, in each case on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR as the legal basis. For each tool listed below, we refer to the explanations above on the Consent Management Tool and in particular to the explanations there on cookies and the right of withdrawal. The software or service will therefore only be used if you have given your consent and have not withdrawn it.The provider of this website usesGoogle Analytics, a service of Google Ireland Limited, Gordon House 4 BarrowST, Dublin, D04 ESWS, Ireland ("Google"). Google Analytics usescookies. The information generated by these cookies is usually transferred to aGoogle server and stored there, and data may be transferred to the USA. Googleis one of the listed companies that have submitted to the Privacy Framework.Ooogle uses the information on our behalf to analyze the use of the website, tocompile reports on it and to provide other services. Pseudonymous user profilesare created for the purpose of optimizing the user-friendliness of the website.If IP anonymization is activated, the IP address will be shortened by Googlewithin the member states of the EU or EEA beforehand, so that only inexceptional cases will the full IP address be transmitted to a Google server inthe USA and shortened there.  The datawill not be merged with other Google data. You have various options to preventdata processing, one of which is via
https://Tools.Google.vom/dipage/gaoptout?hl=de
Further information on the useof data by Google, setting and objection options can be found on the Googlewebsite at https://www.Google.com/inkl/de

2. Google Tag Manager
‍We also use Google Tag Manager from Google on our website. This service enables the management of Google tags via an interface. The Google Tag Manager itself does not use cookies, but tags and does not collect any personal data. The service triggers other tags, which may then collect data, but the Google Tag Manager does not access this data. If deactivation is carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
Further information on data protection can be found at
https://policies.Google.com/int/de
https://www.google.com/intl/de/tagmanager/fag.html
www.google.com/intl/de/tagmanager/use-policy.html

3. Microsoft Clarity
‍We use Microsoft Clarity on our website, the analytics software from Microsoft Cooperation, Microsoft IrelandOperations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland ("Microsoft Clarity"). This tool can be used to analyze usage behavior on the basis of data pseudonymized via a usageID. In particular, usage, meta, communication, location and movement data are processed. Data may be transferred to the USA. Microsoft has submitted to theEU-US Data Privacy Framework and also uses standard contractual clauses. You can find out more about data use at Microsoft at
‍https://privacy.Microsoft.vom/de-de/privacystatement

4. Vimeo
‍We also include videos from the provider Vimeo Inc, Attention: Legal Department, 555 West 18th Street New York,New York 10011, USA (Vimeo) on this website. We can show you videos on our website via a corresponding plug-in. If you - on the basis of the consent you have given (see above) - call up a page with a video offered by Vimeo, your browser connects to a Vimeo server. Data may be transferred to the USA. Vimeo uses so-called standard contractual clauses. Processed data types may include, in particular, IP address, browser information and usage data. If you are an active registered user of Vimeo, further data types may be added. Vimeo uses cookies. We refer to the above explanations and our Consent Management Tool. You can find more information on data processing at Vimeo at
https://vimeo.com/privacy

D. Who receives your data

Within our company, access toyour data is granted to those departments that require it to fulfill theafore mentioned purposes pursued with its processing. Service providers used by us -processors - e.g. data centers, providers, web hosts (see below), IT serviceproviders, evaluation services, may also receive your data on the basis of alegal permission (e.g. necessity for contract performance or to fulfill a legal obligation, your consent, our legitimate interest). Contracts for orderprocessing ensure that these service providers are bound by instructions, datasecurity and the confidential handling of your data. The order processor is commissioned on the basis of Art. 28 GDPR.

If one of the legal permissions listed above applies, data may also be passed on to third parties, e.g.cooperation partners, as part of the data processing described under D.

Webflow

We host our website with Webflow,Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafterreferred to as Webflow). Webflow is a tool with which websites can be createdand hosted. Webflow provides websites via CDN from subcontracted third-party providers.
‍
Webflow stores cookies or similartechnologies that are required to display the page, to provide certain websitefunctions and to ensure security (necessary cookies). Please refer to thesection on cookies above. For further details, please also refer to Webflow'sprivacy policy:
https://webflow.com/legal/eu-privacy-policy

The legal basis for the use of Webflow is basically Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the (most) reliable presentation of the website. If a corresponding consent has been requested and, which is possible at any time, has not been revoked, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG.Data transfer to the USA is based on the Data Privacy Framework and standard contractual clauses of the EUCommission. Details on the use of data by Webflow can be found at
‍https://webflow.com/legal/eu-privacy-policy

E. Security

We take all necessary technical and organizational security measures to protect your personal data from loss and misuse. For example, your data is stored in a secure operating environment that is not accessible to the public. In certain cases, your personal data is encrypted during transmission using Secure Socket Layer technology (SSL). This means that communication between your computer and the servers used takes place using a recognized encryption method if your browser supports SSL.

F. Rights of the data subject

If you, as a natural person, areaffected by the processing of personal data, you have the following rightsunder the GDPR if the requirements are met:

Right of access: every data subject has the right to obtain from the controllerconfirmation as to whether or not personal data concerning him or her are beingprocessed, and, where that is the case, access to the personal data.

Right to rectification: The data subject shall have the right to obtain from the controllerwithout undue delay the rectification of inaccurate personal data concerninghim or her. Taking into account the purposes of the processing, the datasubject shall have the right to have incomplete personal data completed,including by means of providing a supplementary statement.

Right to erasure (right to be forgotten): The data subject shall have theright to obtain from the controller the erasure of personal data concerning himor her without undue delay where one of the envisaged grounds, such as cessationof necessity for the intended purpose, withdrawal of consent on which theprocessing was based, admissible objection, inaccuracy or unlawfulness of theprocessing, applies and none of the statutory grounds for exclusion applies.

Right to restriction of processing: The data subject has the rightto obtain from the controller restriction of processing where the prerequisitesfor this, such as inaccuracy, unlawfulness, limitation of necessity, e.g. forthe possible exercise or defense of legal claims, are met.

Right to data portability: The data subject shall have the right to receive the personal dataconcerning him or her, which he or she has provided to a controller, in astructured, commonly used and machine-readable format and have the right totransmit those data to another controller without hindrance from the controllerto which the personal data have been provided, where the processing is based onconsent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contractpursuant to Art. 6(1)(b) GDPR and the processing is carried out by automatedmeans, unless the processing is necessary for the performance of a task carriedout in the public interest or in the exercise of official authority vested inthe controller. Furthermore, in exercising their right to data portability, thedata subject has the right to have the personal data transmitted directly fromone controller to another, where technically feasible and provided that thisdoes not adversely affect the rights and freedoms of others.

Right to object: The data subject has the right to object, on grounds relating to his orher particular situation, at any time to processing of personal data concerninghim or her which is based on point (e) or (f) of Article 6(1) GDPR. This alsoapplies to any profiling based on these provisions. In the event of anobjection, the controller shall no longer process the personal data unless thecontroller demonstrates compelling legitimate grounds for the processing whichoverride the interests, rights and freedoms of the data subject or for theestablishment, exercise or defense of legal claims.

Right to withdraw consent under data protection law: The data subject has theright to withdraw consent to the processing of personal data at any time. Thewithdrawal of consent shall not affect the lawfulness of processing based onconsent before its withdrawal.

Right to lodge a complaint with the data protection supervisory authority: Without prejudice to any other administrative or judicial remedy, the datasubject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers thatthe processing of personal data relating to him or her infringes this Regulation.

G. Automated decision-making, profiling

We do not use automated decision-making or profiling.

H. Responsible data protection supervisory authority

We do not use automated decision-making or profiling. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
‍
Kavalleriestr. 2
40213 Düsseldorf
Telephone: +49 211/38424-0
Fax: +49 211/38424-10
E-mail: poststelle@ldi.nrw.de

I. Subject to change

We reserve the right to make changes to this privacy policy. These may be necessary, for example, due to further developments or changes to our website or our offer as well as legal or official requirements.