At a glance

Data Privacy Policy

Thank you for visiting our website and for your interest in our company. The handling of your data is a matter of trust and we appreciate the confidence you place in us very much. Therefore, we feel obligated to handle your personal data carefully and protect your data from abuse in accordance with the legal requirements. In doing so, we act in compliance with the applicable legal regulations for the protection of personal data and data security.

With this information on data privacy, we would therefore like to inform you about when we store what kinds of data and how we use them. Our data protection complies with the European data protection standard and it is implemented specifically in observation of the General Data Protection Regulation (GDPR) and the current German Federal Data Protection Act (BDSG).

 

1. Name and contact details of the data controller (Art. 4 (7) GDPR):

Grundstücksgesellschaft Gateway Gardens GmbH
Geschäftsführung: Jens Hausmann, Jan Gumprecht, Jörg Guderian
Speicherstraße 55
60327 Frankfurt am Main
Tel.: +49 (0) 69 36 00 95-100
E-Mail: info(at)gateway-gardens.de

hereinafter referred to as the “we” or “us”.

 

2. Gathering and processing of personal data on retrieval of the website

You can generally visit our webpages without telling us who you are. Our web servers, however, automatically store technical information during your visit. This includes the type of web browser, the operating system you use, your IP address, your internet service provider, the website that has referred you to us, the webpages of our website that you call up and the date and length of the visit. The processing of these data in particular of your IP address and the other mentioned data is required to make the provision of the website possible in the first place. For this purpose, your IP address must remain stored for the duration of the session. We generally do not combine these data with other data from different sources. The legal basis for this data processing to enable the use of the webpages is Art. 6 (1) sent. 1 lit. f) GDPR, for which our legitimate interest is the provision of our offer.

For the rest, we store and analyse these data exclusively for statistical purposes and only in anonymised form, and we use them solely in this anonymised form, likewise on the basis of Art. 6 (1) sent. 1 lit. f) GDPR, for the analysis of the utilisation of our offer, its further development and optimisation. Our legitimate interest is the continuous improvement of our offer to make it as user-friendly as possible for you.

 

3. Kind and scope of the further data collecting and processing

In some cases, however, we need you to specify your personal data, notably:

• when performing our services, meaning in the development and marketing of the urban quarter Gateway Gardens and in all related transactions;
• when you contact us;
• if you have signed up for our newsletter to receive information free of charge from us or if you participate in opinion polls.

 

a) Performance of services and other contact requests

We collect or process personal data only if you provide this information voluntarily, e.g. in the context of a request. In that case, your information from the request including the contact details indicated there will be stored and used by us for the fulfilment of the purpose related to the transmission, e.g. for the processing of your enquiry and in the case of follow-up questions. The basis of this storing and use of this personal data is Art. 6 (1) sent. 1 lit. b) GDPR, insofar as you enter this personal data for the purpose of initiating a contractual relationship with us. This is the only case requiring the input of personal data in the definition of Art. 13 (2) lit. e) GDPR.

Otherwise, this storing and use takes place on the basis of Art. 6 (1) sent. 1 lit. f) GDPR, for which our legitimate interest rests in the diligent processing of your enquiry.

If you assign us with the performance of a service or if we use your services, we gather, store and use your personal data generally only to the extent it is necessary for the performance of the services or the execution of the contract. The legal basis for the related data processing is Art. 6 (1) sent. 1, lit. b) GDPR. For this purpose, it can also be necessary to transfer your personal data to companies that we engage for the performance of the service or the execution of the contract. These are, e.g. transport companies or other service providers. This transmission to the service providers engaged by us also takes place on the basis of Art. 6 (1) sent. 1 lit. b) GDPR.

In all cases in which the data processing, as described above, serves for the fulfilment of the contract, the provision of your personal data is required for the conclusion of the contract (cf. Art. 13 (2) lit. e) GDPR). Without your personal data, we are unable to execute the contract.

 

b) Dispatch and evaluation of the newsletter by using MailChimp

With your consent, we will gladly send you our newsletter. To do this, you must register for our newsletter. More details on the content of the newsletter in question are explained in the declaration of consent or on the registration page.

For the registration to our newsletter we use the so-called double opt-in procedure. After your registration, we will send you a message to the specified e-mail address with a link that you can click to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your details will not be used to send the newsletter and will be deleted after one month. To prove your registration for the newsletter, we store the time of registration and confirmation in each case, as well as your IP address at the respective time.

We also point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID. The data is collected exclusively pseudonymously, i.e. the IDs are not linked with further personal data from you. By evaluating this data, we can assess the general use of the newsletter and gain insights into which content and parts should be further improved and developed according to user habits. These also help us to tailor the newsletter to your individual needs and interests. You can prevent the evaluation via web beacons from the beginning by deactivating the display of images in your e-mail program. In this case, the newsletter will not be displayed to you in full and you may not be able to use all functions. In addition, your personal data may also be used for newsletters for market research purposes (e.g. sending surveys).

Since the newsletter is only sent and evaluated with your consent, the legal basis for the related data processing is Art. 6 (1) sent. 1 lit. a) GDPR. You can revoke your consent at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending a message to our contact details given at the beginning and in the imprint of our website.

The delivery of the newsletter and the usage analysis of the newsletter are carried out using MailChimp, a service of the provider The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (“MailChimp”). For these purposes, MailChimp receives and processes the aforementioned information on our behalf. Furthermore, according to its own information, MailChimp may use this data to optimize or improve its own services, e.g. to technically optimize the dispatch and display of the newsletters. For more information on how MailChimp handles your personal data, please visit: https://mailchimp.com/legal/privacy/.

MailChimp uses server locations in the USA that are not subject to an adequacy decision by the EU Commission. The transfer of data to the U.S. may pose additional risks, for example, it may be more difficult to enforce your rights to this data. For data transfers to the U.S., we have agreed with MailChimp on the standard data protection clauses of the EU Commission, which also specify the implementation of appropriate protective measures for the specific case. The data transfer to MailChimp servers in the USA is based on Art. 46 (2) lit. c) GDPR. The standard data protection clauses can be found at: https://mailchimp.com/legal/data-processing-addendum/.

 

4. Are personal data passed on to third parties?

Your personal data are usually only passed on to third parties with your explicit consent according to Art. 6 (1) sent. 1 lit. a) GDPR. The sole exceptions from this are transmissions to our service providers or cooperation partners that we require for the performance of our services or our online offer and whom we have contracted accordingly (for example, technical service providers, payment service providers). Accordingly, your data are transmitted to such service providers and cooperation partners for the purposes of the contract fulfilment according to Art. 6 (1) sent. 1 lit. b) GDPR. In these cases, we strictly observe the requirements of the GDPR in the same way as do our partners. Of course, we ensure before transferring your personal data that the service providers and cooperation partners have taken the required technical and organisational measures in the process to ensure an appropriate level of protection. The scope of the data transmission is limited to the respectively required minimum measure.

Your data will not be sold, hired or otherwise made available to third parties.

Personal data will only be transmitted to public institutions and authorities entitled to infor-mation within the scope of statutory duties to provide information or if we are obligated by a court order to provide the information. In that case, the transfer of your data is required by Art. 6 (1) sent. 1 lit. c) GDPR for the fulfilment of a legal obligation that is imposed on us.

 

5. Use of cookies

In some areas of our pages, we use so-called cookies. A cookie is a small text file that is stored by a website on your hard drive. Cookies do not cause any harm on your computer and do not contain any viruses. The cookies of our webpages do not gather any personal data. We use the information contained in the cookies to make using our pages easier for you and to customise them to your needs.

Most of the cookies used by us will be deleted automatically at the end of your visit (so-called session cookies). Other cookies remain stored with you beyond the session duration (so-called persistent cookies). These cookies enable us to recognise your browser again in your next visit. Persistent cookies used on this website are stored for a maximum period of 2 years.

 

Cookies can be distinguished in terms of their function as follows:

Necessary cookies: These cookies are technically mandatory in order to navigate the website, use basic functions and ensure the security of the website; they do not collect information for marketing purposes nor do they store which other websites you visit. Data processing in connection with necessary cookies is based on Art. 6 (1) sent. 1, lit. f) GDPR. Our legitimate interest is to provide you with a properly functioning website and to make the use of the website as pleasant and efficient as possible.In addition, so-called preference cookies, statistics cookies or marketing cookies may be used with your consent. Any use of these (technically not necessary) cookies takes place exclusively with your explicit, active and at any time freely revocable consent pursuant to Art. 6 (1) sent. 1 lit. a) GDPR. You can find more information about the functions of these cookies in our cookie banner (there you can also manage your consent) and in the following explanations of this Data Privacy Policy (in each case at the service that uses the cookies).

 

6. Google Analytics

This website uses Google Analytics with your consent. These are services of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies to track your interactions with the website (e.g. access to the website, views of subpages). We use Google Analytics in combination with the extension “anonymize_IP”, in order to ensure an anonymised gathering of IP addresses (so-called IP masking). By activation of this expansion for our website, your IP address will be truncated by Google inside of the European Economic Area before the transmission to a server of Google in the USA. The complete IP address will only be transmitted in exceptional cases to a server of Google in the USA and it will be truncated there.

Google will use this information on our behalf to analyse your usage of the website, compile reports about website activities, and perform additional services for us relating to the usage of the website and of the internet, such as the evaluation of the paths through which visitors arrive at our website. In addition, Google also processes the transmitted data for its own purposes. We have no influence on this further data processing by Google. Details on data protection at Google, in particular on the type, scope and purpose of data processing, can be found at https://policies.google.com/privacy and at https://support.google.com/analytics/answer/6004245?hl=de.

You can prevent the storage of cookies by selecting the appropriate settings on your browser software. The website remains usable even if you deactivate cookies from Google Analytics. In alternative, you can deactivate the use of cookies by third-party providers by calling up the deactivation page of the Network Advertising Initiative. In addition, you can prevent the gathering of the data generated by the cookie relating to your usage of the website (incl. your IP address) to be transmitted to Google, as well as the processing of these data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. Please note that you will need to reinstall the browser add-on to disable Google Analytics again if your browser or device is later deleted, formatted or reinstalled.

As we have already explained, there is no EU Commission adequacy decision for the USA and there is no consistently high level of data protection due to differing legal provisions. The transfer of data to servers used by Google in the U.S. may therefore give rise to additional risks, for example, it may be more difficult to enforce rights to this data. For data transfers to the U.S., we have agreed with Google on the standard data protection clauses of the EU Commission, which also stipulate the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the level of protection required. The transfer of data to Google servers in the USA is therefore based on Art. 46 (2) lit. c) GDPR.

We only activate Google Analytics if you consent to the processing of your data by the Google Analytics service. The legal basis for the data processing in connection with our use of Google Analytics is therefore Art. 6 (1) sent. 1 lit. a) GDPR. You can revoke an already granted consent for your respective end device in the settings of the cookie banner at any time with effect for the future.

To the cookie banner settings

 

7. Google Maps

Google Maps is also integrated on our website. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google Ltd.”), a company affiliated with Google.

When using the Google Maps functions, information about your use of our website, such as the IP address of your terminal device, may be transmitted to Google servers in the USA and processed there. Google processes this transmitted data for its own purposes. We have no influence on this further data processing by Google. Details on data protection at Google, in particular on the type, scope and purpose of data processing, can be found at https://policies.google.com/privacy.

As we have already explained, we have agreed with Google on the standard data protection clauses of the EU Commission for data transfers to the U.S. and have also stipulated in these clauses the implementation of appropriate protective measures for the specific case, which may also include data encryption depending on the level of protection required. The transfer of data to Google servers in the U.S. is therefore based on Art. 46 (2) lit. c) GDPR.

The legal basis for data processing in connection with the use of Google Maps is Art. 6 (1) sent. 1 lit. a) GDPR. Google Maps enables the visual display of geographical information and interactive maps and thus serves to provide a clear and informative presentation of the information on our website and to ensure the greatest possible user comfort by making it easy to find our locations, for example. You can revoke an already granted consent for your respective end device in the settings of the cookie banner at any time with effect for the future.

To the cookie banner settings

 

8. Automated decision-making in individual cases

Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on our part.

 

9. No obligation to provide personal data

In principle, you are not legally or contractually obligated to provide us with your personal data. However, we may only be able to provide certain services to a limited extent or not at all if the necessary data is not provided (see section 3 (a) above).

 

10. Safety

We use suitable technical and organisational security measures according to Art. 32 GDPR to ensure an appropriate protection level for your data managed by us and in particular, to protect your data against accidental or intentional manipulations, loss, destruction or access by unauthorised persons. Our security measures are being continuously improved according to technological progress. We store information that is relevant for data protection exclusively on secured systems in Germany. Access to them is enabled only for a limited number of authorised persons, who are obligated for data secrecy and entrusted with the technical, administrative or editorial management of the data.

 

11. General storage duration and deletion

We store your personal data only for as long as required for the intended purpose (e.g. contract fulfilment, answering your query) or justified reasons in the definition of Art. 17 (3) GDPR, e.g. statutory retention periods require storage. For as long as statutory retention obligations, e.g. tax and commercial legal regulations oppose a deletion of your personal data, we restrict the processing of your data; your data will be deleted in subsequence in accordance with the legal regulations.

Data of job applicants will be deleted at the longest six months after the end of the application procedure, unless you have given us consent for the storing beyond this period or unless justified reasons on our end are opposed to deletion, e.g. defence of legal claims.

 

12. Your rights

You have the right at any time to obtain information from us free of charge and in writing or electronic form about the personal data relating to you that is stored by us, the purposes of the processing, the origin of the date, and about which transfers have been made to which recipients or categories of recipients, the storage duration and the rights of data subjects that are available to you.

In addition, you have the right to demand the correction of incorrect data, deletion of personal data stored about you, insofar as no justified reasons are opposed thereto and respectively the restriction of the processing. Insofar as such personal data are affected by this that are required for the performance of the service to you, the deletion or restriction of the processing of these data can follow only when you no longer use our services or our offer.

You have the right for reasons that arise in your particular situation to object at any time to data processing that is based on Art. 6 (1) sent. 1 lit. f) GDPR, unless we can prove compulsory reasons warranting protection that override your interest or unless the processing serves purposes of assertion, exercise or defence of legal claims. You can object to data processing for the purpose of direct marketing at any time without requiring any special reasons.

If you provide data relating to you and we process these data based on your consent or for the purpose of contract fulfilment, you can demand to receive these data from us in a structured, common and machine-readable format or that we transfer these data to another data controller, provided that this is technically possible (so-called right of data portability).

You can revoke all consents to the use of personal data declared by you at any time with effect for the future.

You can furthermore lodge a complaint against our data processing with a supervisory authority, if you believe the data processing violates legal regulations.

To assert the rights listed above, please contact us at the address specified above or write an email to us or our Data Protection Officer at info(at)gateway-gardens.de.

 

13. Scope of this Data Privacy Policy

Of course, this Data Privacy Policy can only apply to our offer and the data processing conducted on the servers that are used by us. It does not cover such contents and websites of third parties that are merely linked in our offer. This applies, for example, to social networks such as Facebook and Twitter. Your personal data is processed through these social networks by the respective operator of the network without us having any influence on this processing. This also applies with regard to your personal data that you share with us via such a platform, for example, by writing to our profile on the relevant social network. Please find information on the handling of your personal data and their protection on these platforms in the data privacy policies of the relevant platform.

However, if we store your personal data that you have shared with us via a social network or that we receive from a social network on our own servers and for the purpose of processing your request or enquiry or for other purposes, our statements in this Data Privacy Policy will of course apply to this end.

 

14. Revision of this Data Privacy Policy

We reserve reviewing and revising this Data Privacy Policy from time to time insofar as this is warranted, e.g. based on new technical developments or changes in the case law or in our business operation. It is therefore recommendable to read the provisions of this Data Privacy Policy occasionally to ensure that you know how we gather, process and use personal data.