I. General Information

1. Contact

If you have any questions or suggestions regarding this information or if you would like to contact us regarding the assertion of your rights, please send your request to

OWNR Deutschland GmbH
c/o EV Work Edition GmbH
Stadthausbrücke 5
20355 Hamburg

Phone: +49 40 69 63 2520

e-mail: contact@ownr.eu 

2. Legal Bases

The data protection term "personal data" refers to all information that relates to a specific or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the DSGVO and the BDSG. Data processing by us is only carried out on the basis of a legal permission. We process personal data only with your consent (Section 15 (3) TMG or Art. 6 (1) (a) DSGVO), for the performance of a contract to which you are a party or at your request for the implementation of pre-contractual measures (Art. 6 (1) (b) DSGVO), for the fulfilment of a legal obligation (Art. 6 para. 1 letter c DSGVO) or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms that require the protection of personal data outweigh these (Art. 6 para. 1 letter f DSGVO).

If you apply for an open position in our company, we will also process your personal data to decide on the establishment of an employment relationship (Art. 26 para. 1 p. 1 BDSG).

3. Duration of Storage

Unless otherwise stated in the following information, we only store the data for as long as is necessary to achieve the purpose of processing or to fulfil our contractual or legal obligations. Such legal storage obligations may result in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting data for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data relating to consents subject to proof and to claims for complaints and demands for the duration of the statutory limitation periods.

4. Categories of Recipients of the Data

We use contract processors to process your data. The processing operations carried out by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing activities or the destruction of files and data carriers. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Commissioned processors do not use the data for their own purposes but carry out the data processing exclusively for the data controller and are contractually obliged to ensure appropriate technical and organizational measures for data protection. In addition, we may transfer your personal data to entities such as postal and delivery services, house bank, tax advisor/auditor or the tax authorities.  Further recipients may result from the following information.

5. Data Transfer to Third Countries

Visiting our website may involve the transfer of certain personal data to third countries i.e., countries in which the DSGVO is not applicable law. Such a transfer is permissible if the European Commission has established that an adequate level of data protection is offered in such a third country. In the absence of such an adequacy finding by the European Commission, personal data will only be transferred to a third country if appropriate guarantees in accordance with Art. 46 DSGVO or if one of the conditions of Art. 49 DSGVO is met.

Unless otherwise stated below, we use as appropriate guarantees the EU standard contractual clauses for the transfer of personal data to processors in third countries: eur-lex.europa.eu/legal-content/DE/TXT/.

6. Processing in the Exercise of your Rights under Articles 15 to 22 DSGVO

If you exercise your rights under Articles 15 to 22 of the DPA, we process the personal data provided for the purpose of implementing these rights by us and to provide proof of this. We will process data stored for the purpose of providing information and preparing it only for this purpose as well as for the purposes of data protection control and otherwise restrict processing in accordance with Art. 18 DSGVO.

These processing operations are based on the legal basis of Art. 6 para. 1 letter. c DSGVO in conjunction with Art. 15 to 22 DSGVO and Art. 34 para. 2 BDSG.

7. Your Rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

• In accordance with Art. 15 DSGVO and § 34 BDSG, you have the right to demand information as to whether and, if so, to what extent we process personal data relating to your person or not.
• In accordance with Art. 16 DSGVO, you have the right to demand that we correct your data.
• You have the right to demand that we delete your personal data in accordance with Art. 17 DSGVO and § 35 BDSG.
• You have the right to have the processing of your personal data restricted in accordance with Art. 18 DSGVO.
• In accordance with Art. 20 DSGVO, you have the right to receive the personal data relating to you that you have provided us with in a structured, common and machine-readable format and to transfer this data to another person responsible.
• If you have given us separate consent for data processing, you may revoke this consent at any time in accordance with Art. 7 para. 3 DSGVO. Such revocation does not affect the lawfulness of the processing, which has been carried out until revocation based on the consent.
• If you are of the opinion that the processing of your personal data is in breach of the provisions of the DSGVO, you have the right to appeal to a supervisory authority in accordance with Art. 77 DSGVO.

8. Right of Objection

You have the right to object to processing operations based on the legal basis of Article 6(1)(e) or (f) of the DPA on grounds relating to your particular situation, in accordance with Article 21(1) of the DPA. If personal data relating to you is processed by us for the purpose of direct marketing, you may object to this processing in accordance with Art. 21 para. 2 and para. 3 DSGVO.

9. Data Protection Officer

You can reach our data protection officer at the following contact details:

e-mail: datenschutzbeauftragter@ownr.eu
⁠Herting Oberbeck Data Protection GmbH
⁠Hallerstr. 76, 20146 Hamburg

II. Data Processing on our Website

When using the website, we collect information that you provide yourself. In addition, certain information about your use of the Site is automatically collected during your visit to the Site. In data protection law, the IP address is also generally regarded as a personal date. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.

1. Processing of Server Log Files

In the case of purely informative use of our website, general information is initially stored automatically (i.e., not via registration), which your browser sends to our server. This includes by default: browser type/version, operating system used, page accessed, the page previously visited (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 letter f DSGVO. This processing serves the technical administration of the website. The stored data will not be permanently stored by us. We are therefore not in a position to identify you as a person concerned on the basis of the stored information.

For the hosting of our website, the storage services of Amazon Web Services (AWS) of Amazon Web Services, Inc. Box 81226, Seattle, WA 98108-1226, USA. The data is stored exclusively in a German data centre (Frankfurt/Main), which is certified according to ISO 27001, 27017 and 2018 as well as PCI DSS Level 1. At Amazon, a transfer of data to Amazon Web Services, Inc. in the USA cannot be excluded. Please refer to the notes in the section "Data transfer to third countries". Further information on data protection at Amazon can be found here: aws.amazon.com/de/compliance/data-privacy/

2. Cookies

We use cookies and similar technologies ("cookies") on our website. Cookies are small text files that are stored by your browser when you visit a website. They identify the browser you are using and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or for specific cases. For further information, please contact the Federal Office for Information Security: www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html

The use of cookies is in part technically necessary for the operation of our website and is therefore permitted without the user's consent. In addition, we may use cookies to offer special functions and contents as well as for analysis and marketing purposes. These may also include cookies from third parties (so-called third-party cookies). We only use such technically not necessary cookies with your consent according to § 15 para. 3 TMG or Art. 6 para. 1 letter a DSGVO. Information on the purposes, providers, technologies used, stored data and the storage period of individual cookies can be found in the settings of our Consent Management Tool.

3. Consent Management Tool

This website uses a consensus management banner to control cookies. The content banner enables users of our website to give their consent to certain data processing procedures or to revoke any consent given. By confirming the "OK" button or by saving individual cookie settings, you agree to the use of the associated cookies. The legal basis under data protection law is your consent within the meaning of Art. 6 para. 1 letter a) DSGVO.

The banner also helps us to provide proof of your consent. For this purpose, we process information on the declaration of consent and further protocol data on this declaration. Cookies are also used to collect this data.

The processing of this data is necessary to be able to prove a given consent. The legal basis results from our legal obligation to document your consent (Art. 6 Par. 1 Letter c) in connection with Art. 7 para. 1 DSGVO).

Here you can withdraw your consent for cookies:

4. Contact Possibilities and Inquiries

Our website contains a contact form where you can send us messages. The transfer of your data is encrypted. All data fields marked as mandatory fields are required to process your request. Failure to provide this information means that we will not be able to process your request. The provision of further data is voluntary. Alternatively, you can also send us a message via the contact e-mail. We process the data for the purpose of answering your request. If your inquiry is directed at the conclusion or implementation of a contract with us, Art. 6 para. 1 letter b DSGVO is the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in getting in contact with inquiring persons. The legal basis for data processing is then Art. 6 para. 1 letter f DSGVO.

5. Chatbot

We use a chatbot on our websites provided by Continually Ltd, based in the UK. The provider acts on our behalf. If you send us enquiries via the chat form, your enquiries from the form, including the personal data you provide there, will be stored by us. When you use the service, we ask for your name and email address.  In addition, general data such as IP address, country and city are collected. Depending on the course of the conversation, further personal data may be collected that you provide. We store and analyse your data when you use the chat. 

The legal basis for the use of this service and the analysis is your consent within the meaning of Art. 6 (1) a) DSGVO. You can revoke your consent at any time by notifying us, whereby all personal data will be deleted by us. Alternatively, you can send us a message at any time via our contact email address.
Technically necessary cookies are set to provide the chat function and to save your messages for your next visit to our website. These cookies are necessary for proper functioning and are not used for analytical or marketing purposes. The legal basis is § 15 para. 3 TMG.

6. Registration

In order to use certain functions of the website (especially the management of your property requests), registration via the website is required. The required information can be found in the registration form. The provision of information marked as mandatory is mandatory in order to complete the registration. The data provided will be processed for the purpose of providing the service. The processing is based on the legal basis of article 6 paragraph 1 letter b) DSGVO.

If you register via our website, we use the service provider Salesforce to log in and display your user data in the personal area. With Salesforce, a transfer of data to Salesforce Inc. in the USA cannot be excluded. Please refer to the notes in the section "Data transfer to third countries". Salesforce uses Binding Corporate Rules for international data transfer and has also agreed standard EU contract clauses with customers. For more information, please visit https://www.salesforce.com/de/company/privacy/.

7. Leasing rate calculator

When using the "Leasing rate calculator" function, we process the information and data that you provide to us via the input mask. It is also necessary to provide an e-mail address. The provision of the data is necessary so that the function can be used. We store the data in our customer management system so that we can track your use of the "Leasing Rate Calculator" function. 
Legal basis for the storage and processing of the data provided Art. 6 para. 1 letter f DSGVO.

8. customer recommendation

Real estate agents can transmit information about interested parties and to us via the "Customer recommendation/referrals function" in order to receive certain benefits in return. For this purpose, certain information about real estate agents and customers must be provided. The provision of the data is necessary for the use of the function.
The following information about interested parties is transmitted to us:

• Salutation
• First name
• Surname
• E-mail address
• Telephone number
• If applicable, further message

We store this data in our customer management system and use it to track future enquiries from interested parties. This serves our legitimate interest in obtaining an overview of interested parties in our offer and to be able to grant real estate agents advantages within the framework of the "customer recommendation" function.
In relation to estate agents, the processing of the data provided is based on the legal basis of Art. 6 (1) b DSGVO. The legal basis vis-à-vis the interests concerned is Art. 6 para. 1 lit. f DSGVO.

9. Newsletter

     a. Logging in and out

On our website we offer the possibility to subscribe to various newsletters from us. After the registration we will inform you regularly about the latest news about our offers. A valid e-mail address is required to register for the newsletter. To verify the e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and your name on the basis of the consent you have given. The processing is based on the legal basis of article 6 paragraph 1 letter a DSGVO. You can revoke the consent you have given at any time with effect for the future, for example by clicking on the "unsubscribe" link in the newsletter or by contacting us via the above-mentioned channels. The legality of the data processing operations already performed remains unaffected by the revocation. When you register for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary to prove that you have given your consent. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 DSGVO).

     b. Analysis

We also analyse the reading behaviour and opening rates of our newsletter. For this purpose, we collect and process pseudonymized usage data which we do not merge with your e-mail address or IP address. The legal basis for the analysis of our newsletter is your consent in accordance with Art. 6 para. 1 letter a DSGVO, which you give us when you register for ours. You can revoke this consent at any time by unsubscribing from our newsletter.

     c. Service provider

We use the Salesforce Marketing Cloud of the provider Salesforce Inc. to manage the subscribers and to send the newsletter, so your email address will be transmitted to Salesforce by us. The processing is carried out on our behalf and is based on the legal basis of Art. 6 letter f DSGVO and serves our legitimate interest in the optimization and economic dispatch of our newsletter. If you do not want your data to be processed by Salesforce, you should not subscribe to the newsletter or unsubscribe from it. Salesforce uses Binding Corporate Rules for international data transfer and has agreed with customers on additional EU standard contract clauses. For more information, please visit www.salesforce.com/de/company/privacy/.

10. Object Inquiry and Credit Assessment

Using the function "Send request" you can directly send requests for the objects you have selected. For this purpose, the personal data provided by you during registration will be processed by us. Legal basis for the data processing: Art. 6 para. 1 b) DSGVO. All data fields marked as mandatory fields are required for the execution of the contract. Failure to provide the data will result in the contractual service not being able to be performed. The provision of further data is voluntary.

Our company regularly checks your creditworthiness before concluding a contract, especially in case of an inquiry for a leasing object. For this purpose, we work together with Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, from which we receive the necessary data. For this purpose, we transmit your name and contact details to Creditreform Boniversum GmbH. You can find a detailed description of the data processing at Creditreform Boniversum GmbH here: www.boniversum.de/eu-dsgvo/

11. Google Analytics

We use the service Google Analytics of Google Ireland Limited (Ireland/EU) for the demand-oriented design and continuous optimization of our website. The service uses cookies that enable an analysis of your use of our website. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about the interaction with our website are processed. Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the use of the Internet. The processed data can be used to create user profiles of the users, which we may link to data that we have received via our contact form. We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. We use the variant Google Universal Analytics. This enables us to assign interaction data from different devices and from different sessions to a unique user ID. This allows us to put individual user actions into context and analyse them.

Further information about this processing activity, the technologies used, stored data and storage duration can be found in the settings of our Consent Management Tool. The use of Google Marketing Services only takes place with your consent in accordance with § 15 paragraph 3 TMG or Art. 6 paragraph 1 letter a DSGVO. You can revoke your consent at any time via the settings of our Consent Management.

We use the Google Tag Manager of Google Ireland Limited (Ireland/EU). The Google Tag Manager is used to manage our website tags via an interface. The Google Tag Manager is a "cookie-free" domain that does not collect or store any personal data. The Google Tag Manager only triggers other tags that may collect data without accessing the data itself. If deactivation is made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.

For Google services, the possibility that data may be transferred to Google Inc. in the USA cannot be excluded. Please refer to the notes in the section "Transfer of data to third countries". Users can find further information on data protection at Google in Google's privacy policy: www.google.com/policies/privacy.

12 Google Marketing Services

We use the Google Ads Conversions marketing service provided by Google Ireland Limited (Ireland/EU). Google Ads allows us to place ads relevant to users on the Google advertising network (e.g. in search results, or on other websites), improve campaign performance reports and avoid serving ads to a user more than once. Each Ads client sets a different conversion cookie. These cookies cannot therefore be tracked across the websites of different Ads clients. A cookie ID is used to record which ads are played in which browser. In this way, multiple display of the same campaign can be prevented. In addition, cookie IDs can be used to track conversions, i.e. whether a user sees an ad and later visits the advertiser's website and makes a purchase. 

Remarketing allows us to target users who have already interacted with our website. In doing so, our ads are delivered when this target group visits a Google website or a website in the Google advertising network. For these purposes, a code is executed by Google when our website is called up and so-called (re)marketing tags are integrated into the website. With their help, an individual cookie is stored on the user's device. The cookies can be set by various domains, including google.com, doubleclick.net, googlesyndication.com or googleadservices.com. This file records which websites users have visited, what content they are interested in and which offers were used. In addition, technical information on the browser and operating system, referring websites, time of visit and other details on the use of the online offer are stored. All user data is processed only as pseudonymous data and does not contain any information with which we can personally identify users. The advertisements displayed are therefore not specifically displayed for a person, but for the owner of the cookie. 

Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. Google marketing services are only used with your consent in accordance with Section 15 (3) TMG or Art. 6 (1) a DSGVO.
In the case of Google services, the transmission of data to Google Inc. in the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Users can find further information on data protection at Google in Google's data protection information: www.google.com/policies/privacy.

13 Facebook Pixel

We use the Facebook Pixel, a Facebook business tool from Meta Platforms Ireland Limited (Ireland, EU), on our website. For information on Meta Platforms Ireland Limited's contact details and the contact details of Meta Platforms Ireland Limited's data protection officer, please refer to Meta Platforms Ireland Limited's data policy at https://www.facebook.com/policy.php
The Facebook pixel is a snippet of JavaScript code that allows us to track visitors' activity on our website. This tracking is called conversion tracking. The Facebook pixel collects and processes the following information (so-called event data) for this purpose:

• Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
• Specific pixel information such as the pixel ID and the Facebook cookie;
• Information about buttons clicked by visitors to the website;
• Information present in the HTTP header such as IP addresses, web browser information, page location and referrer;
• Information on the status of disabling/restricting ad tracking.

Some of this event data is information that is stored in the device you are using. In addition, the Facebook pixel also uses cookies to store information on the end device you are using. Such storage of information by the Facebook pixel or access to information already stored in your end device only takes place with your consent.
Tracked conversions appear in the dashboard of our Facebook Ads Manager and Facebook Analytics. We may use the tracked conversions there to measure the effectiveness of our ads, to set Custom Audiences for ad targeting, for Dynamic Ads campaigns and to analyse the effectiveness of our website's conversion funnels. The features we use through the Facebook Pixel are described in more detail below.

a. Processing of event data for advertising purposes

Event data collected through the Facebook Pixel is used to target our ads and improve ad delivery, personalise features and content, and improve and secure Facebook products.
To do this, event data is collected on our website using the Facebook Pixel and transmitted to Meta Platforms Ireland Limited. This only takes place if you have previously given your consent to this. The legal basis for the collection and transmission of personal data by us to Meta Platforms Ireland Limited is therefore Art. 6 (1) a DSGVO.
This collection and transmission of event data is carried out by us and Meta Platforms Ireland Limited as joint controllers. We have entered into a joint controller agreement with Meta Platforms Ireland Limited which sets out the allocation of data protection obligations between us and Meta Platforms Ireland Limited. In this agreement, we and Meta Platforms Ireland Limited have agreed, among other things,

• that we are responsible for providing you with all information pursuant to Art. 13, 14 DSGVO about the joint processing of personal data;
• that Meta Platforms Ireland Limited is responsible for enabling data subjects' rights under Articles 15 to 20 of the GDPR in respect of personal data held by Facebook Ireland following the joint processing.You can access the agreement concluded between us and Facebook Ireland at https://www.facebook.com/legal/controller_addendum.

Meta Platforms Ireland Limited is the sole controller of the subsequent processing of the submitted event data. For more information on how Meta Platforms Ireland Limited processes personal data, including the legal basis on which Meta Platforms Ireland Limited relies and how you can exercise your rights against Meta Platforms Ireland Limited, please see Meta Platforms Ireland Limited's Data Policy at https://www.facebook.com/about/privacy. 

b. Processing of Event Data for Analytics Purposes

We have also engaged Meta Platforms Ireland Limited to report on the impact of our advertising campaigns and other online content based on the Event Data collected through the Facebook Pixel (Campaign Reports) and to provide analysis and insights about users and their use of our website, products and services (Analytics). We transfer personal data contained in the Event Data to Meta Platforms Ireland Limited for this purpose. The personal data submitted will be processed by Meta Platforms Ireland Limited as our processor to provide us with the campaign reports and analytics.
Personal data will only be processed to provide analytics and campaign reports if you have given your prior consent to do so. The legal basis for this processing of personal data is therefore Art. 6 (1) a DSGVO.
A transfer of data to Facebook Inc. in the USA cannot be ruled out. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries. Please note the information in the section "Data transfer to third countries". 

14. Hotjar

Our website uses a plugin from the provider Hotjar Ltd. (Malta/EU), through which we perform an analysis of movements on our website using so-called "heat maps". For example, we can see how far users scroll and which buttons users click on how often. The tool also allows us to obtain feedback directly from users of the website. In this way, we obtain valuable information to make our website even faster and more customer friendly.

With Hotjar, we can only track which buttons are clicked, the course of the mouse, how far it scrolls, the screen size of the device, device type and browser information. We also receive information about your geographic location (country) and the preferred language for displaying our website. Areas of the websites where personal data of you or third parties are displayed are automatically hidden by Hotjar and therefore cannot be traced by the tool at any time. You can find further information on Hotjar's data protection on the following website: www.hotjar.com/legal/policies/privacy

Hotjar is only used with your consent in accordance with § 15 paragraph 3 TMG or Art. 6 paragraph 1 letter a DSGVO. You can revoke your consent at any time via the settings of our Consent Management.

15. Google Fonts and reCAPTCHA

We use on our website the services Google Fonts and reCAPTCHA of Google Ireland Limited (Ireland/EU).  For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Google.

The integration of Google Fonts serves to display fonts and is done to protect our legitimate interests in the optimization and economic operation of our website. The legal basis is article 6 paragraph 1 letter f DSGVO.

The activation of reCAPTCHA is also only carried out with your consent in accordance with § 15 paragraph 3 TMG or Art. 6 paragraph 1 letter a DSGVO. You can revoke your consent at any time via the settings of our Consent Management.

In the case of Google services, a transfer of data to Google Inc. in the USA cannot be excluded. Please note the information in the section "Data transfer to third countries". Users can find further information on data protection at Google in the Google data protection notices: https://www.google.com/policies/privacy

III. Data Processing on our Social Media Pages

We are represented on several social media platforms with a corporate website. Through this we would like to offer further possibilities for information about our company and for exchange. Our company has company pages on the following social media platforms:

• Facebook
• Instagram
• LinkedIn
• Xing

When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also includes messages and statements made using the profile. In addition, during your visit to a social media profile, certain information about it is often automatically collected, which may also represent personal data.

1. Visit of a Social Media Page

     a. Facebook and Instagram Page

When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The sole responsible party for this processing of personal data is Meta Platforms Ireland Limited (Ireland/EU - "Meta"). Further information about the processing of personal data by Meta can be found at www.facebook.com/privacy/explanation. Meta offers the opportunity to object to certain data processing; for information on this and opt-out options, please visit www.facebook.com/settings.

Meta provides us with anonymous statistics and insights for our Facebook and Instagram pages that help us understand the types of actions that people take on our site (known as "page insights"). These Page-Insights are created based on certain information about people who have visited our site. This processing of personal data is done by Meta and us as jointly responsible parties. The processing serves our legitimate interest in evaluating the types of actions performed on our site and improving our site based on this information. The legal basis for this processing is article 6 paragraph 1 letter f DSGVO. We cannot assign the information obtained via the Page Insights to individual Facebook or Instagram profiles that interact with our Facebook or Instagram Page. We have entered into an agreement with Meta on processing as jointly responsible party, which defines the distribution of the data protection obligations between us and Meta. For details on the processing of personal data to create Page Insights and the agreement concluded between us and Meta, please visit www.facebook.com/legal/terms/information_about_page_insights_data. With regard to these data processing activities, you have the opportunity to assert your rights as a data subject (see "Your rights") also against Meta. Further information on this can be found in Meta's privacy policy at www.facebook.com/privacy/explanation.

Please note that according to the Meta data protection regulations, user data is also processed in the USA or other third countries. Meta only transfers user data to countries for which an adequacy decision of the European Commission has been made in accordance with Art. 45 DSGVO or on the basis of appropriate guarantees in accordance with Art. 46 DSGVO.

     b. LinkedIn Corporate Site

In principle, LinkedIn Ireland Unlimited Company (Ireland/EU - "LinkedIn") is solely responsible for the processing of personal data when visiting our LinkedIn site. For more information about LinkedIn's processing of personal data, please visit www.linkedin.com/legal/privacy-policy.

When you visit, follow or interact with our LinkedIn company site, LinkedIn processes personal information to provide us with statistics and insights in an anonymous form. This provides us with information about the types of actions that people take on our site (known as site insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn through the information in your profile, such as information on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn business site, such as whether you are a follower of our LinkedIn business site. LinkedIn does not provide us with any personal information about you through the Site Insights. We only have access to the summarized Page-Insights. It is also not possible for us to draw conclusions about individual members from the information contained in Page-Insights. This processing of personal data within the scope of the Seiten-Insights is carried out by LinkedIn and us as jointly responsible parties. The processing serves our legitimate interest in evaluating the types of actions performed on our LinkedIn corporate site and improving our corporate site based on these insights. The legal basis for this processing is article 6 paragraph 1 letter f DSGVO. We have entered into an agreement with LinkedIn on processing as jointly responsible party, in which the distribution of data protection obligations between us and LinkedIn is laid down. The agreement is available at: legal.linkedin.com/pages-joint-controller-addendum. Afterwards the following applies:

- LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the DSGVO. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or you can contact LinkedIn via the contact details in the Privacy Policy. You can contact the Privacy Officer at LinkedIn Ireland by clicking on the following link: www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at our contact details to exercise your rights in relation to the processing of personal data in the context of the Site Insigts. In such a case we will forward your request to LinkedIn.

- LinkedIn and we have agreed that the Irish Data Protection Commission will be the lead regulatory authority overseeing the processing for Seiten-Insights. You always have the right to file a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other regulatory body.

Please note that in accordance with LinkedIn's privacy policy, LinkedIn may also process personal information in the United States or other third countries. LinkedIn only transfers personal data to countries for which an adequacy decision by the European Commission under Art. 45 DSGVO has been issued or on the basis of appropriate guarantees under Art. 46 DSGVO.

     c. Xing

In principle, New Work SE (Germany/EU) is solely responsible for processing personal data when visiting our Xing profile. Further information on the processing of personal data by New Work SE can be found at https://privacy.xing.com/de/datenschutzerklaerung.

2. Comments and Direct Messages

We also process information that you have made available to us via our company site on the respective social media platform. Such information may be the username used, contact information or a message to us. We process this information as the sole responsible party. We process this data because of our legitimate interest in getting in contact with requesting persons. The legal basis for data processing is Art. 6 Par. 1 letter f DSGVO. Further data processing may be carried out if you have given your consent (Art. 6 para. 1 letter a DSGVO) or if this is necessary to fulfil a legal obligation (Art. 6 para. 1 letter c DSGVO)

IV. Further Data Processing Using The Broker Mobile App

When using the Broker Mobile App, we collect information that you provide yourself. In addition, during the use of the app, certain information about the use is automatically collected by us.

1. Downloading the app

When downloading the app, certain required information is transmitted to the app store selected by you (e.g. Google Play or Apple App Store), in particular the user name, the e-mail address, the customer number of your account, the time of the download, as well as the individual device number can be processed. The processing of this data is carried out exclusively by the provider of the respective app store and is outside our sphere of influence.

2. Automatic data processing when using the app

Within the scope of the use of the app, we process certain data automatically insofar as this is necessary for the provision and use of the app. This may include in particular the internal device ID, the version of the operating system used, the time of access and the assigned IP address.
This data is automatically processed by us in order to make the app and its functions available and to detect and prevent misuse and malfunctions of the app. We have a legitimate interest in ensuring the functionality and error-free operation of the app. Insofar as personal data are also processed in this context, this is based on the legal basis of Art. 6 (1) f DSGVO.

3 Processing of data via OWNR partners

As a user of the app, you have the option of saving certain data about yourself directly in the app. Data saved in this way no longer need to be entered separately when continuing to use the other functions of the app. The data entered can be changed at any time. The data is stored locally on the end device used and is not transmitted to us. The storage of the data is voluntary and not necessary for the use of the app.
The legal basis for the storage and processing of the data provided is Art. 6 para. 1 letter f DSGVO.

4. processing of data in the leasing rate calculator function

When using the "Leasing Rate Calculator" function, we process the information and data that you provide to us via the input mask. It is also necessary to provide an e-mail address. The provision of the data is necessary so that the function can be used. We store the data in our customer management system so that we can track your use of the "Leasing Rate Calculator" function. 
Legal basis for the storage and processing of the data provided Art. 6 para. 1 letter f DSGVO.

5. processing of data for the customer recommendation/referrals function

Real estate agents can use the "Customer recommendation/referrals function" to transmit information about interested parties and to us in order to receive certain benefits in return. The following information about interested parties is transmitted to us:

• Salutation
• First name
• Surname
• E-mail address
• Telephone number
• If applicable, further message

We store this data in our customer management system and use it to track future enquiries from interested parties. This serves our legitimate interest in obtaining an overview of interested parties in our offer and to be able to grant real estate agents advantages within the framework of the "customer recommendation" function.
The legal basis vis-à-vis the interests concerned is Art. 6 para. 1 lit. f DSGVO. 

V. Further Data Processing

1. Contact by E-mail

If you send us a message via the specified contact e-mail, we will process the data transmitted for the purpose of answering your inquiry. We process this data because of our legitimate interest in getting in contact with inquiring persons. The legal basis for data processing is Art. 6 Par. 1 letter f DSGVO.

2. Use of the E-mail Address for Marketing Purposes

We may use the e-mail address you provide during registration or ordering to inform you about similar products and services offered by us. The legal basis is article 6 paragraph 1 letter f DSGVO in conjunction with § 7 paragraph 3 UWG. You may object to this at any time without incurring any costs other than the transmission costs according to the basic rates. To do so, you can unsubscribe by clicking on the unsubscribe link included in each mailing or by sending an e-mail to contact@ownr.eu.

3. Applications

If you apply to our company, we process your application data exclusively for purposes related to your interest in a current or future employment with us and the processing of your application. Your application will only be processed and acknowledged by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you provide for up to six months after any rejection for the purpose of answering questions in connection with your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage. The legal basis for data processing is § 26 para. 1 p. 1 BDSG. Should we store your applicant data beyond a period of six months, and you have expressly consented to this, we point out that this consent can be freely revoked at any time in accordance with Art. 7 Para. 3 DSGVO. Such a revocation will ensure the lawfulness of the processing, which is subject to the consent given until revocation.

Status: April 2021