Information on Data Protection

1. Introduction

 

With the following information we want to provide you as data subject with an overview regarding our processing of your personal data as well as your rights based on relevant data protection law. In general, using our websites requires no input of any personal data. However, processing of personal data may be necessary should you wish to make use of any of our services provided by this website. In the event of there being a necessity to process your personal data without there being an explicit legal basis we will generally ask you for your consent to the processing.

 

Processing of personal data such as your name, your address or e-mail address will always be carried out within the scope of the General Data Protection Regulation (GDPR) as well as within the scope of any local laws and regulation to which the “Format Hausverwaltungen GmbH” is subject to. With this privacy statement we wish to inform you of the scope and purpose of personal data being collected, used and processed by us.

 

We as controllers have installed numerous technical and organisational measures in order to guarantee as much security as possible to the processing of personal data. Nevertheless, web based data transfers may become subject to security falls, thereby making absolute safety impossible. Therefore, you are at liberty to transfer your personal data to us using alternative methods such as via mail or telephone.

 

 

2. Controller

 

Controller as in Art. 4 GDPR is the:

 

format Hausverwaltungen GmbH

Uhlandstraße 28, 10719 Berlin, Germany

 

Telephone: +49 (0)30 889 269-0

 

Telefax: +49 (0)30 889 269-99

 

Representative of the controller: Andreas Schlesinger

 

 

3. Data Protection Officer

 

You may reach our data protection officer using the following way:

 

Naomi Bielicki

 

E-Mail: datenschutz@format-hv.de

 

You may always present your questions as well as any suggestions regarding data protection directly to our data protection agency.

 

 

4. Definitions

 

This privacy statement is based on definitions provided by the responsible European organ within the enactment of the General Data Protection Regulation (GDPR). This privacy statement was written with the intent of being easily readable and understandable. In order to guarantee this we wish to explain the following definitions.

 

Within this privacy statement we use the following words:

 

1. Personal data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

2. Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller as in this company.

 

3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

 

5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

 

6. Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

 

7. Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

 

8. Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

 

9. Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

 

10. Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

 

5. Legal basis of processing personal data

 

Art. 6 (1) lit. a GDPR in conjunction with § 15 III TMG is used by our company as legal basis for any processing to which we have been given consent towards a specific purpose of processing.

 

Should the processing be necessary to conduct a contract to which you are party of, such as within processing of data for shipment or provision of any other goods and services, the legal basis of such processing of personal data shall be Art. 6 (1) lit. b GDPR. The same is the case for any processing of personal data in order to take steps at the request of you the data subject prior to entering into a contract.

 

For any processing of personal data to which we are obliged by law, such as adherence towards tax regulations, the legal basis of such processing shall be Art. 6 (1) lit. c GDPR.

 

In rare cases processing of personal data may be necessary in order to protect the vital interests of the data subject or of another natural person. This may be the case if a visitor at our premises is injured and information such as name, age, insurance data and any other vital information has to be given to a doctor, hospital or any other third party. In this case, Art. 6 (1) lit. d GDPR shall be the legal basis of such processing.

 

Finally, processing of personal data may be based on Art. 6 (1) lit. f GDPR. This legal basis is used for any form of processing personal data which is not covered by any of the preceding legal norms. It is used in any case in which there are legitimate interests of our company or a third party which makes the processing necessary so long as the interests, fundamental rights or freedoms of the data subjects are not overridden. The execution of such processing is especially permitted in light of the European lawgiver explicitly naming said processing. In this sense he argued that a legitimate interest could be assumed the moment you become our company’s customer (recital 47 s. 2 GDPR).

 

 

6. Technical Details

 

6.1 SSL/TLS-Encryption

 

In order to ensure a maximum security of our personal data processing and to protect any transfer of personal information, such as orders, login-data or contact requests which you send, an SSL-/TLS-encryption will be used by this website.You can recognise an encrypted connection in your browsers address bar, in which you will se the line “https://“ instead of “http://“ as well as a lock-character to the left of the web address.

 

6.2 Data collection whilst visiting our website

 

Should a visit of our website be solely informational, meaning that in every case in which you do not register anywhere and do not transfer any other personal data we only collect such data which your browser transfers to our servers in so called “server-logfites”. With each new visit to our page our website collects a multitude of general data and information using an automated system. This data is stored within the servers log files and may contain the following:

 

         1. browser type and version used,

         2. systems software used by the accessing system,

         3. the website from which our website is accessed (so called referrers),

         4. any sub-websites which are accessed via a system on our website

         5. date and time of the accessing of our website

         6. an internet-protocol adress (IP-adress)

         7. the internet service provider of the accessing system.

 

We do not draw any conclusions regarding yourself or your identity whilst processing this general data and information. Rather, this information is necessary to

 

         1. correctly provide this websites content,

         2. to optimise content and advertisement within this website

         3. to ensure a full-time functionality of technical and IT-systems of our website and

         4. in case of a cyber attack to provide the relevant authorities with information necessary to conduct legal action.

 

Therefore, this data and information is collected for statistical purpose as well as with the aim of improving data protection and data security within our company. This way, an optimal level of security regarding personal data processed by us can be ensured. Server-logfile data will at all times be separately processed from personal data provided to us by you as a data subject.

 

The legal basis for such data processing is provided to us by Art. 6 (1) lit. f GDPR with the aforesaid aims being our legitimate interest for data processing.

 

 

7. Cookies

 

7.1 General information regarding cookies

 

This website uses cookies. Cookies are small files which your browser automatically creates and which are saved on your IT-system (notebook, smartphone, tablet or similar) when you visit our website.

 

Cookies contain information in connection with the device you use. This does however not mean that we receive any knowledge of your identity.

 

The use of cookies is meant to improve your use of our website and its offers and to make it more comfortable. In this, we use so called session-cookies to recognise wether you have already visited some of our websites. These are automatically deleted as soon as you close the website.

 

On top of this, in order to optimise usability of our website we use temporal cookies which are saved on your device for a limited and named length of time. Should you visit our website again these automatically identify you as having visited this website and will save and enact any inputs and settings you have made in order to save you the process of having to do so again.

 

Finally we use cookies to collect statistical data in order to analyse our website as well as usage and to optimise our offer. These cookies allow us to automatically identify you as having visited our website and are automatically deleted after a specific amount of time.

 

 

8. Content of the website

 

8.1 Contact form/contacting

 

Should you contact us, personal data will be collected. The scope of data collected is defined by the type of contacting or contact form you use. This data is exclusively used for the purpose of contacting and answering your query as well as any technical administration connected to your contacting us. Legal basis is our legitimate interest to answer your query as stipulated in Art. 6 (1) lit. f GDPR. Should your contacting approach be made with the intent of starting a contract Art. 6 (1) lit. b GDPR shall serve as a further legal basis. Your data is deleted as soon as your query is satisfyingly answered. This shall be the case if and when the specific circumstances allow for the conclusion that the issue has been conclusively solved and there are no legal obligations to further store said data.

 

 

8.2 Job offers/application management

 

In order vor us to conduct application management we collect personal data from anyone applying at our company. This processing can also be conducted electronically. This is especially the case should applicants supply their application forms using electronic means such as e-mail or a web based form. In the case of a job contract being concluded transferred data is stored for the purpose of conducting the job relation within the cope of legal obligations. Should no contract be concluded, any transferred data will be automatically deleted within two months of communicating the rejection as long as there are no legitimate interests to the contrary. Legitimate interest can mean the burden of proof in any lawsuit based on the “General Act on Equal Treatment” (AGG).

 

Legal basis for this data processing is Art. 88 GDPR in connection with § 26 I BDSG.

 

 

9. Your rights as data subject

 

9.1 Right to confirmation

 

You have the right to receive a confirmation on wether we process personal data in connection to you.

 

9.2 Right to access, Art. 15 GDPR

 

You have at any time the right to receive notification on any stored personal data regarding your person free of charge as well as to receive a copy of said data within legal norms.

"Where personal data is processed you have the right to access to said personal data as well as to receive the following information:

 

1. the purposes of the processing,


2. the categories of personal data concerned,


3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,


4. where possible, the predicted period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,


5. the existence of further rights mentioned by the GDPR or other sources containing data protection regulations,


6. where the personal data are not collected from the data subject, any available information as to their source,


7. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.”

 

9.3 Right to rectification, Art. 16 GDPR

 

You have the right to demand any rectification of incorrect personal data regarding your person. Further, you have the right to within the scope of processing have incomplete data be completed.

 

9.4 Right to erasure, Art. 17 GDPR

 

You have the right to demand the erasure of any personal data regarding your person without undue delay should any legal norm be applicable and should storage of said data not be necessary.

 

9.5 Right to restriction of processing, Art. 18 GDPR

 

You have the right, should any legal norm be applicable, to demand the restriction of any processing.

 

9.6 Right to data portability, Art. 20 GDPR

 

You have the right to receive the personal data concerning you, which you provided to us, in a structured, commonly used and machine-readable format. You further have the right to transmit those data to another controller without hindrance from us where data is processed on the basis of consent pursuant to Art. 6 (1) lit. a GDPR  or Art. 9 (2) lit. a GDPR or is based on a contract pursuant to Art. 6 (1) lit. a GDPR, the processing is done using automated means and processing is not done with the aim of adhering to tasks conducted in the public interest or within public authority transferred to us.

 

Within using your right to data portability pursuant to Art. 20 GDPR you further have the right to effect the transfer of personal data from one controller to another so long as technical feasibility is given and no rights and freedoms of another person are confronted.

 

9.7 Right to object, Art. 21 GDPR

 

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6 (1) GDPR, including profiling based on those provisions.

 

In case of you objecting we will no longer process your personal data so long as we cannot provide necessary legitimate grounds to process said data in which your interests, rights and freedoms do not predominate or in which processing is necessary to prove, exercise or defend legal claims.

 

In singular cases we process personal data in order to conduct direct advertisement. You can at any time object to said processing. This is also the case where profiling is conducted in relation to direct mail. Should you object we shall no longer process personal data for the purpose of direct advertisement.

 

You further have the right to, on grounds relating to your particular situation, object to personal data processing which is processed on the basis of scientific or historic research or to statistical purposes as long as there is no necessity to processing out of duties relating to public interest

 

Within use of services provided by the information society you are at liberty to, regardless of rule 2002/58/EG, exercise your right to object using automated means in which no technical specifications are used.

 

9.8 Right to withdraw consent

 

At any time you have the right to withdraw any given consent regarding processing of personal data. This shall take effect for any future processing but shall not effect the lawfulness of processing conducted prior to your withdrawing of consent.

 

9.9 Right to lodge a complaint with a supervisory authority

 

You have at any time the right to lodge a complaint with a supervisory authority regarding any of our processing of personal data.

 

 

19. Routine saving, deleting and suspension of personal data

 

We only process and store your personal data for the duration necessary to achieve the purpose of said storage or where it is necessary due to legal obligations.

 

Should the purpose not apply anymore or should the legal obligation expire, personal data is routinely and within legal regulations suspended or deleted.

 

 

11. Duration of storage of personal data

 

Criteria for the duration of storage of personal data is the applicable legal period of storage. With expiration of this period the affected data is routinely deleted so long as it is not necessary to conduct a contract or to take steps prior to entering a contract.

 

 

12. Timeliness and changes to our privacy statement

 

This privacy statement is valid and has been last updated in March 2021.

 

Through developing this website as well as our offers, due to changes in legal norms or due to guidelines set up by the relevant authority this privacy statement is subject to change. Our up-to-date privacy statement can be at any times visited and printed at “https://format-hv.de/de/privacy-statement.html”.