Information on data protection about our processing of customer and prospect data in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
BNP PARIBAS REAL ESTATE GMBH
In accordance with the requirements of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of your personal data and the associated data protection rights. Which data is processed in detail and how it is used largely depends on the requested or agreed services. In order to ensure that you are fully informed about the processing of your personal data in the context of contract fulfillment or the implementation of pre-contractual measures, please note the information below.
1. Responsible body in terms of data protection law
BNP PARIBAS REAL ESTATE GMBH
60311 Frankfurt am Main
Managing Directors: Piotr Bienkowski, Marcus Zorn, Eva Desens, Andreas Völker
2. Purpose and legal basis of processing
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), insofar as these are necessary for the definition, implementation, fulfillment and implementation of pre-contractual measures. Insofar as personal data are required to establish or carry out a contractual relationship or as part of the implementation of pre-contractual measures, processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR lawful.
If you give us your express consent to the processing of personal data for certain purposes (e.g. disclosure to third parties, evaluation for marketing purposes or advertising by email), the processing is based on your consent in accordance with Art. 6 Para. 1 lit. . a GDPR. A given consent can be revoked at any time with future effect (see section 9 of this data protection information). If necessary and legally permissible, we process your data beyond the actual contractual purposes in order to meet legal obligations in accordance with Art. 6 Para. 1 lit. c GDPR. In addition, the processing is carried out, if necessary, to safeguard the legitimate interests of us or third parties and to defend and assert legal claims in accordance with Art. f GDPR. If necessary, we will inform you separately, stating the legitimate interest, if this is required by law.
3. Categories of personal data
We only process data relating to the conclusion of the contract or the pre-contractual measures. This can be general data about you or your company (name, address, contact details, etc.) as well as any other data that you provide to us under the contract.
4. Data source
We process personal data that we receive from you when you contact us or enter into a contractual relationship or as part of pre-contractual measures or which you provide via our contact forms.
5. Recipient of the data
We only pass on your personal data in our company to those areas and persons who need this data in order to fulfill their contractual and legal obligations or to implement our legitimate interest.
Otherwise, data will only be passed on to recipients outside the company, if this is legally permissible or required, the transmission for processing and thus for the fulfillment of the contract or at your request to carry out pre-contractual measures is necessary, we have your consent or are entitled to provide information. Under these conditions, recipients of personal data may e.g. B. be:
External tax advisor
Public bodies and institutions (e.g. public prosecutor, police, supervisory authorities, tax office) if there is a legal or official obligation.
6. Duration of data storage
If necessary, we process and store your personal data for the duration of our business relationship or for the fulfillment of contractual purposes. This includes a. also the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, which result from the Commercial Code (HGB) and the Tax Code (AO). The retention and documentation periods specified there are two to ten years.
Finally, the storage period is also based on the statutory limitation periods, e.g. B. §§ 195 ff. Of the Civil Code (BGB) usually three years, but in some cases up to thirty years.
7. Your rights
Every data subject has the right to information according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to deletion according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, the right to notification according to Art 19 GDPR and the right to data portability according to Art. 20 GDPR.
In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR if you believe that the processing of your personal data is not lawful. The right to file a complaint is without prejudice to other administrative or judicial remedies.
If the processing of the data is based on your consent, you are in accordance with Art. 7 GDPR to revoke your consent to the use of your personal data at any time. Please note that the cancellation only applies to the future. The processing before the revocation is not affected. Please also note that we may need to keep certain data for a certain period of time in order to meet the legal requirements (see section 6 of this data protection information).
To protect your rights, you can use the contact details given in section 1.
8. Necessity to provide personal data
The provision of personal data for the decision to conclude a contract, to fulfill the contract or to carry out pre-contractual measures is voluntary. However, we can only make a decision within the framework of contractual measures if you provide such personal data that is necessary for the conclusion of the contract, contract fulfillment or pre-contractual measures.
Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used.
What exactly are cookies?
Cookies store certain user data of you, e.g. B. Language or personal page settings. When you visit our website again, your browser transfers the “user-related” information back to our website. Thanks to cookies, our website knows who you are and offers you your usual default setting. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file. There are both first-party and third-party cookies. First-party cookies are created directly from our website, third-party cookies are created from partner websites (e.g. Google Analytics). Each cookie has to be evaluated individually because each cookie stores different data. The expiration time of a cookie also varies between a few minutes and a few years. Cookies are not software programs and do not contain viruses, Trojans or other “pests”. Cookies also cannot access information from your PC.
For example, cookie data can look like this:
– Name: _ga
– Expiry time: 2 years
– Use: Differentiation of website visitors
– Example value: GA1.2.1326744211.152321163087
A browser should support the following minimum sizes:
– A cookie should contain at least 4096 bytes
– At least 50 cookies should be saved per domain
– A total of at least 3000 cookies should be saved.
What types of cookies are there?
The question of which cookies we use in particular depends on the services used and is explained in the following sections of the data protection declaration. At this point we would like to briefly explain the different types of HTTP cookies. There are four types of cookies:
Strictly necessary cookies
These cookies are necessary to ensure the basic functions of the website. These cookies are required, for example, if a user places a product in the shopping cart, then surfs to other sites and only checks out later. These cookies do not delete the shopping cart, even if the user closes his browser window.
These cookies collect information about user behavior and whether the user receives error messages. In addition, these cookies also measure the loading time and behavior of the website in different browsers.
These cookies make it easier to use. For example, entered storage locations, font sizes or form data are saved.
These cookies are also known as targeting cookies. They are used to deliver customized advertising to the user. This can be very practical, but also very annoying. When you visit a website for the first time, you will usually be asked which of these types of cookies you want to allow. And of course this decision is also saved in a cookie.
How can I delete cookies?
If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie should be set. With each individual cookie, you can decide whether you want to allow the cookie or not. The procedure differs depending on the browser. It is best to search Google for the instructions with the search terms “delete cookies Chrome” or “deactivate cookies Chrome” with a Chrome browser or replace the word “Chrome” with the name of your browser, e.g. Edge, Firefox, Safari off.
If you want to learn more about cookies and do not want to be afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, requesting comments from the Internet Engineering Task Force (IETF) with the name “HTTP State “Management mechanism”.
10. Analysis tools
We use the analysis tracking tool Google Analytics (GA) from the American company Google LLC (1600 Amphitheater Parkway Mountain View, CA 94043, USA) on our website. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is saved in a cookie and sent to Google Analytics. With the reports we receive from Google Analytics, we can better tailor our website and service to your needs. In the following we will take a closer look at the tracking tool and above all inform you about which data is stored and how you can prevent this.
Our goal with this website is clear: we want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal. The statistically evaluated data give us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our website so that interested parties can find it more easily on Google. On the other hand, the data help us to better understand you as a visitor. We therefore know exactly what we need to improve on our website in order to be able to offer you the best possible service. The data also help us to carry out our advertising and marketing measures more individually and more cost-effectively. After all, it only makes sense to show our products and services to interested parties. Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This is how Google Analytics recognizes you as a new user. The next time you visit our website, you will be recognized as a “returning” user. All collected data is saved together with this user ID. First of all, this makes it possible to evaluate pseudonymous user profiles. Your interactions on our website are measured using labels such as cookies and app instance IDs. Interactions are all types of actions that you take on our website. If you also use other Google systems (e.g. a Google account), data generated via Google Analytics can be linked to third-party cookies. Google does not share Google Analytics data unless we as the website operator approve it. Exceptions can occur if this is required by law.
Google Tag Manager
For our website we use the Google Tag Manager from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA). This tag manager is one of many helpful marketing products from Google. With Google Tag Manager, we can centrally install and manage sections of code using various tracking tools that we use on our website.
The Tag Manager itself is a domain that does not set cookies and does not save any data. It only acts as the “administrator” of the implemented tags. The data capture the individual tags of the various web analysis tools. The data is virtually forwarded to the individual tracking tools in Google Tag Manager and is not saved. However, the situation is completely different with the integrated tags of the various web analysis tools such as Google Analytics. Depending on the analysis tool, various data about your web behavior are usually collected, saved and processed using cookies. For this purpose, please read our data protection texts on the individual analysis and tracking tools that we use on our website. In the Tag Manager account settings, we allowed Google to allow Google to receive anonymized data from us. However, this is only about the use and use of our Tag Manager and not about your data that is stored via the code sections. We enable Google and others to receive selected data anonymously. We therefore consent to the anonymous disclosure of our website data. Despite extensive research, we could not find out exactly which summarized and anonymous data was forwarded. In any case, Google deletes all information that could identify our website. Google combines the data with hundreds of other anonymous website data and creates user trends as part of benchmarking measures. Benchmarking compares your own results with those of your competitors. Processes can be optimized based on the information collected.